./mage -v ci:teste2e go: downloading github.com/go-git/go-git/v5 v5.16.5 go: downloading github.com/tektoncd/pipeline v1.9.0 go: downloading github.com/onsi/ginkgo/v2 v2.28.1 go: downloading github.com/onsi/gomega v1.39.1 go: downloading github.com/konflux-ci/application-api v0.0.0-20260205151641-c691ffebedf8 go: downloading golang.org/x/tools v0.42.0 go: downloading github.com/konflux-ci/release-service v0.0.0-20260210131902-c65c513fe63e go: downloading github.com/konflux-ci/integration-service v0.0.0-20260116151929-fade912467b4 go: downloading golang.org/x/term v0.40.0 go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2 go: downloading golang.org/x/crypto v0.48.0 go: downloading golang.org/x/net v0.50.0 go: downloading k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 go: downloading golang.org/x/sys v0.41.0 go: downloading golang.org/x/text v0.34.0 go: downloading golang.org/x/exp v0.0.0-20260209203927-2842357ff358 go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 go: downloading github.com/cloudflare/circl v1.6.3 go: downloading go.opentelemetry.io/otel/trace v1.40.0 go: downloading go.opentelemetry.io/otel v1.40.0 go: downloading golang.org/x/mod v0.33.0 go: downloading github.com/google/cel-go v0.27.0 go: downloading google.golang.org/api v0.265.0 go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 Running target: CI:TestE2E I0210 21:50:56.357448 28155 magefile.go:529] setting up new custom bundle for testing... I0210 21:50:56.687662 28155 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760256-gjst -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: docker-build to image I0210 21:50:58.034550 28155 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760256-gjst: quay.io/redhat-appstudio-qe/test-images@sha256:1a9ea27ce0f274b6606a34d67289c892307572904eb7c60764d1caf5b1e60484 I0210 21:50:58.034579 28155 magefile.go:535] To use the custom docker bundle locally, run below cmd: export CUSTOM_DOCKER_BUILD_PIPELINE_BUNDLE=quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760256-gjst I0210 21:50:58.034606 28155 e2e_repo.go:347] checking if repository is e2e-tests I0210 21:50:58.034610 28155 e2e_repo.go:335] multi-platform tests and require sprayproxy registering are set to TRUE exec: git "diff" "--name-status" "upstream/main..HEAD" I0210 21:50:58.037518 28155 util.go:451] The following files, go.mod, go.sum, were changed! exec: go "install" "-mod=mod" "github.com/onsi/ginkgo/v2/ginkgo" go: downloading github.com/go-task/slim-sprig/v3 v3.0.0 go: downloading github.com/google/pprof v0.0.0-20260202012954-cb029daf43ef I0210 21:51:03.144575 28155 install.go:188] cloning 'https://github.com/redhat-appstudio/infra-deployments' with git ref 'refs/heads/main' Enumerating objects: 73854, done. Counting objects: 0% (1/130) Counting objects: 1% (2/130) Counting objects: 2% (3/130) Counting objects: 3% (4/130) Counting objects: 4% (6/130) Counting objects: 5% (7/130) Counting objects: 6% (8/130) Counting objects: 7% (10/130) Counting objects: 8% (11/130) Counting objects: 9% (12/130) Counting objects: 10% (13/130) Counting objects: 11% (15/130) Counting objects: 12% (16/130) Counting objects: 13% (17/130) Counting objects: 14% (19/130) Counting objects: 15% (20/130) Counting objects: 16% (21/130) Counting objects: 17% (23/130) Counting objects: 18% (24/130) Counting objects: 19% (25/130) Counting objects: 20% (26/130) Counting objects: 21% (28/130) Counting objects: 22% (29/130) Counting objects: 23% (30/130) Counting objects: 24% (32/130) Counting objects: 25% (33/130) Counting objects: 26% (34/130) Counting objects: 27% (36/130) Counting objects: 28% (37/130) Counting objects: 29% (38/130) Counting objects: 30% (39/130) Counting objects: 31% (41/130) Counting objects: 32% (42/130) Counting objects: 33% (43/130) Counting objects: 34% (45/130) Counting objects: 35% (46/130) Counting objects: 36% (47/130) Counting objects: 37% (49/130) Counting objects: 38% (50/130) Counting objects: 39% (51/130) Counting objects: 40% (52/130) Counting objects: 41% (54/130) Counting objects: 42% (55/130) Counting objects: 43% (56/130) Counting objects: 44% (58/130) Counting objects: 45% (59/130) Counting objects: 46% (60/130) Counting objects: 47% (62/130) Counting objects: 48% (63/130) Counting objects: 49% (64/130) Counting objects: 50% (65/130) Counting objects: 51% (67/130) Counting objects: 52% (68/130) Counting objects: 53% (69/130) Counting objects: 54% (71/130) Counting objects: 55% (72/130) Counting objects: 56% (73/130) Counting objects: 57% (75/130) Counting objects: 58% (76/130) Counting objects: 59% (77/130) Counting objects: 60% (78/130) Counting objects: 61% (80/130) Counting objects: 62% (81/130) Counting objects: 63% (82/130) Counting objects: 64% (84/130) Counting objects: 65% (85/130) Counting objects: 66% (86/130) Counting objects: 67% (88/130) Counting objects: 68% (89/130) Counting objects: 69% (90/130) Counting objects: 70% (91/130) Counting objects: 71% (93/130) Counting objects: 72% (94/130) Counting objects: 73% (95/130) Counting objects: 74% (97/130) Counting objects: 75% (98/130) Counting objects: 76% (99/130) Counting objects: 77% (101/130) Counting objects: 78% (102/130) Counting objects: 79% (103/130) Counting objects: 80% (104/130) Counting objects: 81% (106/130) Counting objects: 82% (107/130) Counting objects: 83% (108/130) Counting objects: 84% (110/130) Counting objects: 85% (111/130) Counting objects: 86% (112/130) Counting objects: 87% (114/130) Counting objects: 88% (115/130) Counting objects: 89% (116/130) Counting objects: 90% (117/130) Counting objects: 91% (119/130) Counting objects: 92% (120/130) Counting objects: 93% (121/130) Counting objects: 94% (123/130) Counting objects: 95% (124/130) Counting objects: 96% (125/130) Counting objects: 97% (127/130) Counting objects: 98% (128/130) Counting objects: 99% (129/130) Counting objects: 100% (130/130) Counting objects: 100% (130/130), done. Compressing objects: 0% (1/108) Compressing objects: 1% (2/108) Compressing objects: 2% (3/108) Compressing objects: 3% (4/108) Compressing objects: 4% (5/108) Compressing objects: 5% (6/108) Compressing objects: 6% (7/108) Compressing objects: 7% (8/108) Compressing objects: 8% (9/108) Compressing objects: 9% (10/108) Compressing objects: 10% (11/108) Compressing objects: 11% (12/108) Compressing objects: 12% (13/108) Compressing objects: 13% (15/108) Compressing objects: 14% (16/108) Compressing objects: 15% (17/108) Compressing objects: 16% (18/108) Compressing objects: 17% (19/108) Compressing objects: 18% (20/108) Compressing objects: 19% (21/108) Compressing objects: 20% (22/108) Compressing objects: 21% (23/108) Compressing objects: 22% (24/108) Compressing objects: 23% (25/108) Compressing objects: 24% (26/108) Compressing objects: 25% (27/108) Compressing objects: 26% (29/108) Compressing objects: 27% (30/108) Compressing objects: 28% (31/108) Compressing objects: 29% (32/108) Compressing objects: 30% (33/108) Compressing objects: 31% (34/108) Compressing objects: 32% (35/108) Compressing objects: 33% (36/108) Compressing objects: 34% (37/108) Compressing objects: 35% (38/108) Compressing objects: 36% (39/108) Compressing objects: 37% (40/108) Compressing objects: 38% (42/108) Compressing objects: 39% (43/108) Compressing objects: 40% (44/108) Compressing objects: 41% (45/108) Compressing objects: 42% (46/108) Compressing objects: 43% (47/108) Compressing objects: 44% (48/108) Compressing objects: 45% (49/108) Compressing objects: 46% (50/108) Compressing objects: 47% (51/108) Compressing objects: 48% (52/108) Compressing objects: 49% (53/108) Compressing objects: 50% (54/108) Compressing objects: 51% (56/108) Compressing objects: 52% (57/108) Compressing objects: 53% (58/108) Compressing objects: 54% (59/108) Compressing objects: 55% (60/108) Compressing objects: 56% (61/108) Compressing objects: 57% (62/108) Compressing objects: 58% (63/108) Compressing objects: 59% (64/108) Compressing objects: 60% (65/108) Compressing objects: 61% (66/108) Compressing objects: 62% (67/108) Compressing objects: 63% (69/108) Compressing objects: 64% (70/108) Compressing objects: 65% (71/108) Compressing objects: 66% (72/108) Compressing objects: 67% (73/108) Compressing objects: 68% (74/108) Compressing objects: 69% (75/108) Compressing objects: 70% (76/108) Compressing objects: 71% (77/108) Compressing objects: 72% (78/108) Compressing objects: 73% (79/108) Compressing objects: 74% (80/108) Compressing objects: 75% (81/108) Compressing objects: 76% (83/108) Compressing objects: 77% (84/108) Compressing objects: 78% (85/108) Compressing objects: 79% (86/108) Compressing objects: 80% (87/108) Compressing objects: 81% (88/108) Compressing objects: 82% (89/108) Compressing objects: 83% (90/108) Compressing objects: 84% (91/108) Compressing objects: 85% (92/108) Compressing objects: 86% (93/108) Compressing objects: 87% (94/108) Compressing objects: 88% (96/108) Compressing objects: 89% (97/108) Compressing objects: 90% (98/108) Compressing objects: 91% (99/108) Compressing objects: 92% (100/108) Compressing objects: 93% (101/108) Compressing objects: 94% (102/108) Compressing objects: 95% (103/108) Compressing objects: 96% (104/108) Compressing objects: 97% (105/108) Compressing objects: 98% (106/108) Compressing objects: 99% (107/108) Compressing objects: 100% (108/108) Compressing objects: 100% (108/108), done. Total 73854 (delta 68), reused 30 (delta 22), pack-reused 73724 (from 4) From https://github.com/redhat-appstudio/infra-deployments * branch main -> FETCH_HEAD Already up to date. Installing the OpenShift GitOps operator subscription: clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrole.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-application-controller created clusterrolebinding.rbac.authorization.k8s.io/appstudio-openshift-gitops-argocd-server created subscription.operators.coreos.com/openshift-gitops-operator created Waiting for default project (and namespace) to exist: ......................................OK Waiting for OpenShift GitOps Route: OK argocd.argoproj.io/openshift-gitops patched argocd.argoproj.io/openshift-gitops patched Switch the Route to use re-encryption argocd.argoproj.io/openshift-gitops patched Restarting ArgoCD Server pod "openshift-gitops-server-78868c5878-zhfcf" deleted Allow any authenticated users to be admin on the Argo CD instance argocd.argoproj.io/openshift-gitops patched Mark Pending PVC as Healthy, workaround for WaitForFirstConsumer StorageClasses. Warning: unknown field "spec.resourceCustomizations" argocd.argoproj.io/openshift-gitops patched (no change) Setting kustomize build options argocd.argoproj.io/openshift-gitops patched Setting ignore Aggregated Roles argocd.argoproj.io/openshift-gitops patched Setting ArgoCD tracking method to annotation argocd.argoproj.io/openshift-gitops patched Restarting GitOps server deployment.apps/openshift-gitops-server restarted ========================================================================= Argo CD URL is: https://openshift-gitops-server-openshift-gitops.apps.rosa.kx-7d55e80135.2omw.p3.openshiftapps.com (NOTE: It may take a few moments for the route to become available) Waiting for the route: .........OK Login/password uses your OpenShift credentials ('Login with OpenShift' button) Setting secrets for Quality Dashboard namespace/quality-dashboard created secret/quality-dashboard-secrets created Creating secret for CI Helper App namespace/ci-helper-app created secret/ci-helper-app-secrets created Setting secrets for pipeline-service tekton-results namespace already exists, skipping creation tekton-logging namespace already exists, skipping creation namespace/product-kubearchive-logging created Creating DB secret secret/tekton-results-database created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config secret/minio-storage-configuration created Creating S3 secret secret/tekton-results-s3 created Creating MinIO config MinIO config already exists, skipping creation Creating Postgres TLS certs .+....+...+...+...........+.+..+.+..+.......+..+.........+.+......+..+............+.+..................+..+...+............+...+....+...+.....+.........+...+...+....+........+.+............+...+......+...+......+.....+......+.+++++++++++++++++++++++++++++++++++++++*.......+...+.......+......+............+............+.....+.+.....+......+.+...+.........+........+....+...+++++++++++++++++++++++++++++++++++++++*............+......+...+.......+.....+.+.....+............+.+.........+..+...++++++ .+++++++++++++++++++++++++++++++++++++++*.....+++++++++++++++++++++++++++++++++++++++*...........+...+..+...............+.+..+....+......+..+...+...+..........+............+...+...........+......+...++++++ ----- Certificate request self-signature ok subject=CN=cluster.local ..+......+....+.....+...+...+..........+++++++++++++++++++++++++++++++++++++++*.+.....+.+..+......+.+......+++++++++++++++++++++++++++++++++++++++*....+..........+..+....+.........+...+...+...........+...+......+....+......+.....+.+......+...+..............+...+.........+..........+...+........+.............+...........+......+............+.+..+....+......+........+.++++++ ...+......+.+...+..+......+.......+........+.......+............+......+..+.............+...+............+........+....+...+........+.......+++++++++++++++++++++++++++++++++++++++*.+........+++++++++++++++++++++++++++++++++++++++*....+..++++++ ----- Certificate request self-signature ok subject=CN=postgres-postgresql.tekton-results.svc.cluster.local secret/postgresql-tls created configmap/rds-root-crt created namespace/application-service created Creating a has secret from legacy token secret/has-github-token created Creating a secret with a token for Image Controller namespace/image-controller created secret/quaytoken created Configuring the cluster with a pull secret for Docker Hub Saved credentials for docker.io into /tmp/tmp.jwN9qpwT07 secret/pull-secret data updated Saved credentials for docker.io into /tmp/tmp.jwN9qpwT07 secret/docker-io-pull created Setting secrets for Dora metrics exporter namespace/dora-metrics created secret/exporters-secret created Setting Cluster Mode: preview Switched to a new branch 'preview-main-opsa' labeling node/ip-10-0-128-206.ec2.internal... node/ip-10-0-128-206.ec2.internal labeled successfully labeled node/ip-10-0-128-206.ec2.internal labeling node/ip-10-0-144-143.ec2.internal... node/ip-10-0-144-143.ec2.internal labeled successfully labeled node/ip-10-0-144-143.ec2.internal labeling node/ip-10-0-165-1.ec2.internal... node/ip-10-0-165-1.ec2.internal labeled successfully labeled node/ip-10-0-165-1.ec2.internal verifying labels... all nodes labeled successfully. Detected OCP minor version: 17 Changing AppStudio Gitlab Org to "redhat-appstudio-qe" [preview-main-opsa e9761b2e5] Preview mode, do not merge into main 6 files changed, 12 insertions(+), 18 deletions(-) remote: remote: Create a pull request for 'preview-main-opsa' on GitHub by visiting: remote: https://github.com/redhat-appstudio-qe/infra-deployments/pull/new/preview-main-opsa remote: To https://github.com/redhat-appstudio-qe/infra-deployments.git * [new branch] preview-main-opsa -> preview-main-opsa branch 'preview-main-opsa' set up to track 'qe/preview-main-opsa'. application.argoproj.io/all-application-sets created Waiting for sync of all-application-sets argoCD app Waiting for sync of all-application-sets argoCD app Waiting for sync of all-application-sets argoCD app application.argoproj.io/policies-in-cluster-local patched application.argoproj.io/build-service-in-cluster-local patched application.argoproj.io/tracing-workload-tracing-in-cluster-local patched application.argoproj.io/monitoring-workload-grafana-in-cluster-local patched application.argoproj.io/konflux-kite-in-cluster-local patched application.argoproj.io/disable-csvcopy-in-cluster-local patched application.argoproj.io/image-rbac-proxy-in-cluster-local patched application.argoproj.io/integration-in-cluster-local patched application.argoproj.io/kubearchive-in-cluster-local patched application.argoproj.io/perf-team-prometheus-reader-in-cluster-local patched application.argoproj.io/application-api-in-cluster-local patched application.argoproj.io/image-controller-in-cluster-local patched application.argoproj.io/monitoring-workload-prometheus-in-cluster-local patched application.argoproj.io/tracing-workload-otel-collector-in-cluster-local patched application.argoproj.io/all-application-sets patched application.argoproj.io/dora-metrics-in-cluster-local patched application.argoproj.io/kyverno-in-cluster-local patched application.argoproj.io/knative-eventing-in-cluster-local patched application.argoproj.io/tempo-in-cluster-local patched application.argoproj.io/cert-manager-in-cluster-local patched application.argoproj.io/pipeline-service-in-cluster-local patched application.argoproj.io/multi-platform-controller-in-cluster-local patched application.argoproj.io/build-templates-in-cluster-local patched application.argoproj.io/crossplane-control-plane-in-cluster-local patched application.argoproj.io/internal-services-in-cluster-local patched application.argoproj.io/kueue-in-cluster-local patched application.argoproj.io/vector-kubearchive-log-collector-in-cluster-local patched (no change) application.argoproj.io/vector-tekton-logs-collector-in-cluster-local patched application.argoproj.io/repository-validator-in-cluster-local patched application.argoproj.io/mintmaker-in-cluster-local patched application.argoproj.io/trust-manager-in-cluster-local patched application.argoproj.io/project-controller-in-cluster-local patched application.argoproj.io/enterprise-contract-in-cluster-local patched application.argoproj.io/monitoring-registry-in-cluster-local patched application.argoproj.io/squid-in-cluster-local patched application.argoproj.io/has-in-cluster-local patched application.argoproj.io/konflux-rbac-in-cluster-local patched application.argoproj.io/release-in-cluster-local patched build-service-in-cluster-local Synced Progressing enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy kyverno-in-cluster-local OutOfSync Missing monitoring-registry-in-cluster-local OutOfSync Healthy monitoring-workload-grafana-in-cluster-local OutOfSync Healthy multi-platform-controller-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing policies-in-cluster-local OutOfSync Healthy trust-manager-in-cluster-local OutOfSync Missing vector-kubearchive-log-collector-in-cluster-local OutOfSync Healthy Waiting 10 seconds for application sync build-service-in-cluster-local Synced Progressing enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy kyverno-in-cluster-local OutOfSync Missing monitoring-workload-grafana-in-cluster-local OutOfSync Healthy multi-platform-controller-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing policies-in-cluster-local OutOfSync Healthy trust-manager-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync build-service-in-cluster-local Synced Progressing enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy kyverno-in-cluster-local OutOfSync Missing monitoring-workload-grafana-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync build-service-in-cluster-local Synced Progressing enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy kyverno-in-cluster-local OutOfSync Missing monitoring-workload-grafana-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync build-service-in-cluster-local Synced Progressing enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing kueue-in-cluster-local OutOfSync Healthy pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync enterprise-contract-in-cluster-local OutOfSync Missing pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync pipeline-service-in-cluster-local OutOfSync Missing Waiting 10 seconds for application sync All Applications are synced and Healthy All required tekton resources are installed and ready Tekton CRDs are ready Setup Pac with existing QE sprayproxy and github App namespace/openshift-pipelines configured namespace/build-service configured namespace/integration-service configured secret/pipelines-as-code-secret created secret/pipelines-as-code-secret created secret/pipelines-as-code-secret created secret/pipelines-as-code-secret created Configured pipelines-as-code-secret secret in openshift-pipelines namespace Switched to branch 'main' Your branch is up to date with 'upstream/main'. [controller-runtime] log.SetLogger(...) was never called; logs will not be displayed. Detected at: > goroutine 28 [running]: > runtime/debug.Stack() > /usr/lib/golang/src/runtime/debug/stack.go:26 +0x5e > sigs.k8s.io/controller-runtime/pkg/log.eventuallyFulfillRoot() > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/log.go:60 +0xcd > sigs.k8s.io/controller-runtime/pkg/log.(*delegatingLogSink).WithName(0xc000658700, {0x3739102, 0x14}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/log/deleg.go:147 +0x3e > github.com/go-logr/logr.Logger.WithName({{0x3fb1bc0, 0xc000658700}, 0x0}, {0x3739102?, 0x0?}) > /opt/app-root/src/go/pkg/mod/github.com/go-logr/logr@v1.4.3/logr.go:345 +0x36 > sigs.k8s.io/controller-runtime/pkg/client.newClient(0x1?, {0x0, 0xc000902230, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:118 +0xdb > sigs.k8s.io/controller-runtime/pkg/client.New(0xc0004c3688?, {0x0, 0xc000902230, {0x0, 0x0}, 0x0, 0x0}) > /opt/app-root/src/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.20.2/pkg/client/client.go:98 +0x4d > github.com/konflux-ci/e2e-tests/pkg/clients/kubernetes.NewAdminKubernetesClient() > /tmp/tmp.EaIZ2fdreL/pkg/clients/kubernetes/client.go:157 +0x8f > github.com/konflux-ci/e2e-tests/pkg/clients/sprayproxy.GetPaCHost() > /tmp/tmp.EaIZ2fdreL/pkg/clients/sprayproxy/sprayproxy.go:93 +0x1c > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.registerPacServer() > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/repos/common.go:426 +0x78 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine/repos.init.func8(0xc000334f08?) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/repos/common.go:378 +0x25 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.ActionFunc.Execute(0xc?, 0x3710ac7?) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:279 +0x19 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Apply(...) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:315 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x60ec840, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:348 +0xb3 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x60e4b80?, 0xc001c0fbd8?, 0x2417ed9?}, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Check(0x60ec900, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:340 +0x2b > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.All.Check({0x60ee580?, 0xe0?, 0x0?}, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:245 +0x4f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*Rule).Eval(...) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:308 > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).runLoadedCatalog(0x61250c8, {0xc000666a08?, 0xc000d51e60?, 0x47?}, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:129 +0x11f > github.com/konflux-ci/e2e-tests/magefiles/rulesengine.(*RuleEngine).RunRulesOfCategory(0x61250c8, {0x370aae2, 0x2}, 0xc000334f08) > /tmp/tmp.EaIZ2fdreL/magefiles/rulesengine/types.go:121 +0x1b4 > main.CI.TestE2E({}) > /tmp/tmp.EaIZ2fdreL/magefiles/magefile.go:330 +0x18a > main.main.func19({0xc00054c1b8?, 0xc0006ae2e8?}) > /tmp/tmp.EaIZ2fdreL/magefiles/mage_output_file.go:838 +0xf > main.main.func12.1() > /tmp/tmp.EaIZ2fdreL/magefiles/mage_output_file.go:303 +0x5b > created by main.main.func12 in goroutine 1 > /tmp/tmp.EaIZ2fdreL/magefiles/mage_output_file.go:298 +0xbe I0210 22:00:43.764757 28155 common.go:434] Registered PaC server: https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-7d55e80135.2omw.p3.openshiftapps.com I0210 22:00:43.827491 28155 common.go:459] The PaC servers registered in Sprayproxy: https://pipelines-as-code-controller-openshift-pipelines.apps.konflux-4-17-us-west-2-hjh7p.konflux-qe.devcluster.openshift.com, https://pipelines-as-code-controller-openshift-pipelines.apps.konflux-4-17-us-west-2-62n79.konflux-qe.devcluster.openshift.com, https://pipelines-as-code-controller-openshift-pipelines.apps.rosa.kx-7d55e80135.2omw.p3.openshiftapps.com, https://pipelines-as-code-controller-openshift-pipelines.apps.konflux-4-17-us-west-2-bdvx9.konflux-qe.devcluster.openshift.com I0210 22:00:43.827525 28155 common.go:475] going to create new Tekton bundle remote-build for the purpose of testing multi-platform-controller PR I0210 22:00:44.262222 28155 common.go:516] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.8@sha256:6f7f1eebc54e8ddfe4172b6494ffc558c32ec0eade72d5766147a0efe4df5b9e I0210 22:00:44.264620 28155 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760843-zywx -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0210 22:00:45.925902 28155 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760843-zywx: quay.io/redhat-appstudio-qe/test-images@sha256:78e13b3b8cd3d43d5652beea9a45c88c288e63d86bd4bdb848a66bbb82193688 I0210 22:00:45.925936 28155 common.go:542] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_ARM64 to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760843-zywx I0210 22:00:46.168946 28155 common.go:516] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.8@sha256:6f7f1eebc54e8ddfe4172b6494ffc558c32ec0eade72d5766147a0efe4df5b9e I0210 22:00:46.170873 28155 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760845-hlty -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0210 22:00:48.172170 28155 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760845-hlty: quay.io/redhat-appstudio-qe/test-images@sha256:43df3603eb3f3740cbbd94ae4a016e2ee0ac2460a6fe6176c1c275736cf25405 I0210 22:00:48.172194 28155 common.go:542] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_S390X to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760845-hlty I0210 22:00:48.402760 28155 common.go:516] Found current task ref quay.io/konflux-ci/tekton-catalog/task-buildah:0.8@sha256:6f7f1eebc54e8ddfe4172b6494ffc558c32ec0eade72d5766147a0efe4df5b9e I0210 22:00:48.405602 28155 util.go:512] found credentials for image ref quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760848-zukr -> user: redhat-appstudio-qe+redhat_appstudio_quality Creating Tekton Bundle: - Added Pipeline: buildah-remote-pipeline to image I0210 22:00:50.130529 28155 bundle.go:57] image digest for a new tekton bundle quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760848-zukr: quay.io/redhat-appstudio-qe/test-images@sha256:d33b8d852d862d17c7d6fcdf76c4741e1c800f53c192a9fe300d5b9b96d12b5a I0210 22:00:50.130553 28155 common.go:542] SETTING ENV VAR CUSTOM_BUILDAH_REMOTE_PIPELINE_BUILD_BUNDLE_PPC64LE to value quay.io/redhat-appstudio-qe/test-images:pipeline-bundle-1770760848-zukr exec: ginkgo "--seed=1770760256" "--timeout=1h30m0s" "--grace-period=30s" "--output-interceptor-mode=none" "--no-color" "--json-report=e2e-report.json" "--junit-report=e2e-report.xml" "--procs=20" "--nodes=20" "--p" "--output-dir=/workspace/artifact-dir" "./cmd" "--" go: downloading github.com/konflux-ci/build-service v0.0.0-20240611083846-2dee6cfe6fe4 go: downloading github.com/IBM/go-sdk-core/v5 v5.15.3 go: downloading github.com/IBM/vpc-go-sdk v0.48.0 go: downloading github.com/aws/aws-sdk-go-v2 v1.38.1 go: downloading github.com/aws/aws-sdk-go-v2/service/ec2 v1.135.0 go: downloading github.com/aws/aws-sdk-go-v2/config v1.31.3 go: downloading github.com/go-playground/validator/v10 v10.17.0 go: downloading github.com/go-openapi/strfmt v0.23.0 go: downloading github.com/google/go-github/v45 v45.2.0 go: downloading github.com/mitchellh/mapstructure v1.5.1-0.20231216201459-8508981c8b6c go: downloading github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 go: downloading github.com/go-openapi/errors v0.22.2 go: downloading go.mongodb.org/mongo-driver v1.17.4 go: downloading github.com/oklog/ulid v1.3.1 go: downloading github.com/leodido/go-urn v1.3.0 go: downloading github.com/go-playground/universal-translator v0.18.1 go: downloading github.com/gabriel-vasile/mimetype v1.4.3 go: downloading github.com/aws/smithy-go v1.22.5 go: downloading github.com/aws/aws-sdk-go-v2/credentials v1.18.7 go: downloading github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.4 go: downloading github.com/aws/aws-sdk-go-v2/service/ssooidc v1.34.0 go: downloading github.com/aws/aws-sdk-go-v2/service/sts v1.38.0 go: downloading github.com/aws/aws-sdk-go-v2/service/sso v1.28.2 go: downloading github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 go: downloading github.com/go-playground/locales v0.14.1 go: downloading github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.4 go: downloading github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.4 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.0 go: downloading github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.4 Running Suite: Red Hat App Studio E2E tests - /tmp/tmp.EaIZ2fdreL/cmd ===================================================================== Random Seed: 1770760256 Will run 201 of 275 specs Running in parallel across 20 processes ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR is created for the Snapshot [release-pipelines, rh-push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_external_registry.go:215 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context points to a file [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:188 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles from specific context [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:199 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification verifies a release PipelineRun is started and succeeded in managed namespace [release-pipelines, rh-push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_external_registry.go:226 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params when context is the root directory [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:209 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when context points to a file and a directory [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:218 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params creates Tekton bundles when using negation [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:228 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validate the result of task create-pyxis-image contains image ids [release-pipelines, rh-push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_external_registry.go:233 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification tests that Release CR has completed [release-pipelines, rh-push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_external_registry.go:248 ------------------------------ P [PENDING] [release-pipelines-suite [HACBS-1571]test-release-e2e-push-image-to-pyxis] Post-release verification validates that imageIds from task create-pyxis-image exist in Pyxis. [release-pipelines, rh-push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_external_registry.go:265 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding HOME environment variable [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:238 ------------------------------ P [PENDING] [task-suite tkn bundle task] creates Tekton bundles with different params allows overriding STEP image [build-templates] /tmp/tmp.EaIZ2fdreL/tests/build/tkn-bundle.go:247 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:123 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:128 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:132 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHappyPath] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:136 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:178 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:183 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:187 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC Staged Index Post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcStagedIndex] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:191 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:233 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-host-pool] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:120 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if release CR is created [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/release_to_github.go:138 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-host-pool] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:124 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:238 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies the release pipelinerun is running and succeeds [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/release_to_github.go:148 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release CR should have been created in the dev namespace [release-pipelines, push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/push_to_external_registry.go:157 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-host-pool] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:127 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:242 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the release CR is created [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/multiarch_advisories.go:112 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that Release PipelineRun should eventually succeed [release-pipelines, push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/push_to_external_registry.go:164 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-host-pool] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:148 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/release_to_github.go:181 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC hotfix process FBC hotfix post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcHotfix] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:246 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the multiarch release pipelinerun is running and succeeds [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/multiarch_advisories.go:122 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws host-pool allocation when the Component with multi-platform-build is created test that cleanup happened successfully [multi-platform, aws-host-pool] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:152 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for release-to-github pipeline] Release-to-github happy path Post-release verification verifies if the Release exists in github repo [release-pipelines, release-to-github, releaseToGithub] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/release_to_github.go:192 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification tests if the image was pushed to quay [release-pipelines, push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/push_to_external_registry.go:168 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification creates component from git source https://github.com/redhat-appstudio-qe/fbc-sample-repo-test [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:286 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, aws-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:251 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/multiarch_advisories.go:152 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification Creates a push snapshot for a release [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:291 ------------------------------ P [PENDING] [release-pipelines-suite Push to external registry] Post-release verification verifies that a Release is marked as succeeded. [release-pipelines, push-to-external-registry] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/push_to_external_registry.go:175 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the release CR is created [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_registry_redhat_io.go:108 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, aws-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:255 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/multiarch_advisories.go:163 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies the fbc release pipelinerun is running and succeeds [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:295 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies the rhio release pipelinerun is running and succeeds [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_registry_redhat_io.go:118 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, aws-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:259 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_registry_redhat_io.go:148 ------------------------------ P [PENDING] [release-pipelines-suite FBC e2e-tests] with FBC pre-GA process FBC pre-GA post-release verification verifies release CR completed and set succeeded. [release-pipelines, fbc-release, fbcPreGA] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/fbc_release.go:299 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, aws-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:263 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-push-to-redhat-io pipeline] Rh-push-to-redhat-io happy path Post-release verification verifies if the MR URL is valid [release-pipelines, rh-push-to-registry-redhat-io, PushToRedhatIO] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_push_to_registry_redhat_io.go:159 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] aws dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, aws-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:267 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmz-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:341 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if release CR is created [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_advisories.go:117 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmz-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:345 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies the advs release pipelinerun is running and succeeds [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_advisories.go:127 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmz-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:349 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_advisories.go:157 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmz-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:353 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rh-advisories pipeline] Rh-advisories happy path Post-release verification verifies if the repository URL is valid [release-pipelines, rh-advisories, rhAdvisories] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rh_advisories.go:168 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm system z dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmz-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:357 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created a PipelineRun is triggered [multi-platform, ibmp-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:432 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the release CR is created [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rhtap_service_push.go:150 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created the build-container task from component pipelinerun is buildah-remote [multi-platform, ibmp-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:436 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created The multi platform secret is populated [multi-platform, ibmp-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:440 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies the rhtap release pipelinerun is running and succeeds [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rhtap_service_push.go:160 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies release CR completed and set succeeded. [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rhtap_service_push.go:190 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created that PipelineRun completes successfully [multi-platform, ibmp-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:444 ------------------------------ P [PENDING] [release-pipelines-suite e2e tests for rhtap-service-push pipeline] Rhtap-service-push happy path Post-release verification verifies if the PR in infra-deployments repo is created/updated [release-pipelines, rhtap-service-push, RhtapServicePush] /tmp/tmp.EaIZ2fdreL/tests/release/pipelines/rhtap_service_push.go:200 ------------------------------ P [PENDING] [multi-platform-build-service-suite Multi Platform Controller E2E tests] ibm power pc dynamic allocation when the Component with multi-platform-build is created check cleanup happened successfully [multi-platform, ibmp-dynamic] /tmp/tmp.EaIZ2fdreL/tests/build/multi-platform.go:448 ------------------------------ • [PANICKED] [1.414 seconds] [upgrade-suite Create users and check their state] [It] Verify AppStudioProvisionedUser [upgrade-verify] /tmp/tmp.EaIZ2fdreL/tests/upgrade/verifyWorkload.go:20 Timeline >> "msg"="Observed a panic" "error"=null "panic"="runtime error: invalid memory address or nil pointer dereference" "panicGoValue"="\"invalid memory address or nil pointer dereference\"" "stacktrace"="goroutine 110 [running]:\nk8s.io/apimachinery/pkg/util/runtime.logPanic({0x3f84f20, 0xc0016e4060}, {0x31d1cc0, 0x5fceb90})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:132 +0xbc\nk8s.io/apimachinery/pkg/util/runtime.handleCrash({0x3f84fc8, 0xc0006b0620}, {0x31d1cc0, 0x5fceb90}, {0x0, 0x0, 0x447080?})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:107 +0x116\nk8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x3f84fc8, 0xc0006b0620}, {0x0, 0x0, 0x0})\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a\npanic({0x31d1cc0?, 0x5fceb90?})\n\t/usr/lib/golang/src/runtime/panic.go:783 +0x132\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1()\n\t/tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:319 +0x35\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc0006b0701?, 0xc000cd3c18?})\n\t/tmp/tmp.EaIZ2fdreL/pkg/utils/util.go:129 +0x13\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x3f84fc8?, 0xc0006b0620?}, 0x3f84fc8?)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62\nk8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x3f84fc8, 0xc0006b0620}, {0x3f72630, 0xc00105c4c0}, 0x1, 0x0, 0xc000cd3d90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115\nk8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x3f84e78?, 0x608f8a0?}, 0xee6b2800, 0x41d745?, 0x1, 0xc000cd3d90)\n\t/opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5\ngithub.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc000cd3dd8?, 0x1?)\n\t/tmp/tmp.EaIZ2fdreL/pkg/utils/util.go:129 +0x45\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x38ae677?, {0x38ae677?, 0x38ab0cb?}, 0x8?)\n\t/tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:318 +0x72\ngithub.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x38ae677, 0x9})\n\t/tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:314 +0x4b\ngithub.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?)\n\t/tmp/tmp.EaIZ2fdreL/tests/upgrade/verify/verifyUsers.go:14 +0x25\ngithub.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2()\n\t/tmp/tmp.EaIZ2fdreL/tests/upgrade/verifyWorkload.go:21 +0x1a\ngithub.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0x41d701?, 0xc00101cff0?})\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.1/internal/node.go:585 +0x13\ngithub.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3()\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.1/internal/suite.go:946 +0x393\ncreated by github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 105\n\t/opt/app-root/src/go/pkg/mod/github.com/onsi/ginkgo/v2@v2.28.1/internal/suite.go:911 +0xd90\n" [PANICKED] in [It] - /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 02/10/26 22:02:55.3 << Timeline [PANICKED] Test Panicked In [It] at: /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 @ 02/10/26 22:02:55.3 runtime error: invalid memory address or nil pointer dereference Full Stack Trace k8s.io/apimachinery/pkg/util/runtime.handleCrash({0x3f84fc8, 0xc0006b0620}, {0x31d1cc0, 0x5fceb90}, {0x0, 0x0, 0x447080?}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 +0x1a9 k8s.io/apimachinery/pkg/util/runtime.HandleCrashWithContext({0x3f84fc8, 0xc0006b0620}, {0x0, 0x0, 0x0}) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:78 +0x5a panic({0x31d1cc0?, 0x5fceb90?}) /usr/lib/golang/src/runtime/panic.go:783 +0x132 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp.func1() /tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:319 +0x35 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval.func1({0xc0006b0701?, 0xc000cd3c18?}) /tmp/tmp.EaIZ2fdreL/pkg/utils/util.go:129 +0x13 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext.func1({0x3f84fc8?, 0xc0006b0620?}, 0x3f84fc8?) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:53 +0x62 k8s.io/apimachinery/pkg/util/wait.loopConditionUntilContext({0x3f84fc8, 0xc0006b0620}, {0x3f72630, 0xc00105c4c0}, 0x1, 0x0, 0xc001213d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/loop.go:54 +0x115 k8s.io/apimachinery/pkg/util/wait.PollUntilContextTimeout({0x3f84e78?, 0x608f8a0?}, 0xee6b2800, 0x41d745?, 0x1, 0xc000cd3d90) /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/wait/poll.go:48 +0xa5 github.com/konflux-ci/e2e-tests/pkg/utils.WaitUntilWithInterval(0xa?, 0xc000cd3dd8?, 0x1?) /tmp/tmp.EaIZ2fdreL/pkg/utils/util.go:129 +0x45 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreatedWithSignUp(0x38ae677?, {0x38ae677?, 0x38ab0cb?}, 0x8?) /tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:318 +0x72 github.com/konflux-ci/e2e-tests/pkg/sandbox.(*SandboxController).CheckUserCreated(0x0, {0x38ae677, 0x9}) /tmp/tmp.EaIZ2fdreL/pkg/sandbox/sandbox.go:314 +0x4b github.com/konflux-ci/e2e-tests/tests/upgrade/verify.VerifyAppStudioProvisionedUser(0x0?) /tmp/tmp.EaIZ2fdreL/tests/upgrade/verify/verifyUsers.go:14 +0x25 github.com/konflux-ci/e2e-tests/tests/upgrade.init.func1.2() /tmp/tmp.EaIZ2fdreL/tests/upgrade/verifyWorkload.go:21 +0x1a ------------------------------ SS•••• ------------------------------ • [FAILED] [36.932 seconds] [integration-service-suite Gitlab Status Reporting of Integration tests] Gitlab with status reporting of Integration tests in the assosiated merge request [BeforeAll] when a new Component with specified custom branch is created triggers a Build PipelineRun [integration-service, gitlab-status-reporting, custom-branch] [BeforeAll] /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:46 [It] /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:124 Timeline >> [FAILED] in [BeforeAll] - /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:62 @ 02/10/26 22:03:30.465 [FAILED] in [AfterAll] - /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:91 @ 02/10/26 22:03:30.67 << Timeline [FAILED] Unexpected error: <*errors.StatusError | 0xc0003765a0>: admission webhook "dintegrationtestscenario.kb.io" denied the request: could not find application 'integ-app-ggpn' in namespace 'gitlab-rep-jaog' { ErrStatus: { TypeMeta: {Kind: "", APIVersion: ""}, ListMeta: { SelfLink: "", ResourceVersion: "", Continue: "", RemainingItemCount: nil, }, Status: "Failure", Message: "admission webhook \"dintegrationtestscenario.kb.io\" denied the request: could not find application 'integ-app-ggpn' in namespace 'gitlab-rep-jaog'", Reason: "Forbidden", Details: nil, Code: 403, }, } occurred In [BeforeAll] at: /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:62 @ 02/10/26 22:03:30.465 There were additional failures detected. To view them in detail run ginkgo -vv ------------------------------ SSSSSSSSSSSSSSSSSSSS•••••••••••••••••••••••••••••••••••••••••••••• ------------------------------ • [FAILED] [422.277 seconds] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.EaIZ2fdreL/tests/integration-service/status-reporting-to-pullrequest.go:142 Timeline >> PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: PipelineRunStopping PipelineRun test-component-pac-gvbnat-on-pull-request-ddhjs reason: Failed [FAILED] in [It] - /tmp/tmp.EaIZ2fdreL/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 02/10/26 22:11:28.56 << Timeline [FAILED] build pipelinerun fails for NameSpace/Application/Component stat-rep-jcar/integ-app-uohk/test-component-pac-gvbnat with logs: Pipelinerun 'test-component-pac-gvbnat-on-pull-request-ddhjs' didn't succeed Expected success, but got an error: <*errors.errorString | 0xc0006a4140>: Pipelinerun 'test-component-pac-gvbnat-on-pull-request-ddhjs' didn't succeed { s: "Pipelinerun 'test-component-pac-gvbnat-on-pull-request-ddhjs' didn't succeed\n", } In [It] at: /tmp/tmp.EaIZ2fdreL/tests/integration-service/status-reporting-to-pullrequest.go:144 @ 02/10/26 22:11:28.56 ------------------------------ SSSSSSSSSSSSSSSSSSS•• ------------------------------ • [FAILED] [656.367 seconds] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e, source-build-e2e] /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:350 Timeline >> PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Running PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-x46qf reason: Failed attempt 1/3: PipelineRun "test-comp-bakp-on-pull-request-x46qf" failed: pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | init container: prepare 2026/02/10 22:07:30 Entrypoint initialization pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | init container: place-scripts 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-0-5b7d9 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-1-jlp78 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-2-dvznt 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-3-4j698 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-4-zp6qb 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-5-lcch6 pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Auth json written to "/auth/auth.json". pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-set-skip-for-bundles: 2026/02/10 22:08:37 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-app-check: time="2026-02-10T22:08:37Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:08:38Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 for platform amd64" time="2026-02-10T22:08:38Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32" time="2026-02-10T22:08:43Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-1787537301/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1787537301/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1787537301/fs/var/lib/rpm/Packages: no such file or directory" time="2026-02-10T22:08:43Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:08:43Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:08:43Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:08:43Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-1787537301/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1787537301/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1787537301/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-02-10T22:08:43Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-02-10T22:08:43Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-02-10T22:08:43Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-02-10T22:08:43Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-02-10T22:08:46Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:08:47Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-02-10T22:08:47Z" level=info msg="This image's tag on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 will be paired with digest sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3768, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 139, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-02-10T22:08:47Z" level=info msg="Preflight result: FAILED" pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1770761328","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 pod: test-comp-bakp-on-pull-requ78481e8d71abeea11260b07933f9f863-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1770761328","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-bakp-on-pull-request-x46qf-apply-tags-pod | init container: prepare 2026/02/10 22:07:29 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:07:56Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32" time="2026-02-10T22:07:56Z" level=info msg="[param] Image digest: sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e" time="2026-02-10T22:07:56Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:07:56Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | init container: prepare 2026/02/10 22:05:22 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | init container: place-scripts 2026/02/10 22:05:22 Decoded script /tekton/scripts/script-0-pntcl 2026/02/10 22:05:22 Decoded script /tekton/scripts/script-1-8dlsv 2026/02/10 22:05:22 Decoded script /tekton/scripts/script-2-dcls6 2026/02/10 22:05:22 Decoded script /tekton/scripts/script-3-wj2zj 2026/02/10 22:05:22 Decoded script /tekton/scripts/script-4-5htgf pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | container step-build: [2026-02-10T22:06:03,158559279+00:00] Validate context path [2026-02-10T22:06:03,161831693+00:00] Update CA trust [2026-02-10T22:06:03,162914227+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:06:05,154983333+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:06:05,160762726+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:06:32,779942605+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-02-10T22:06:35,406057211+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "6f33fd23794058da297e0d7e8a1008ebaed6af32", "org.opencontainers.image.revision": "6f33fd23794058da297e0d7e8a1008ebaed6af32", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-02-10T22:06:32Z", "org.opencontainers.image.created": "2026-02-10T22:06:32Z", "io.buildah.version": "1.42.2" } [2026-02-10T22:06:35,454950565+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:06:35,459247094+00:00] Add secrets [2026-02-10T22:06:35,467601809+00:00] Run buildah build [2026-02-10T22:06:35,468904222+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=6f33fd23794058da297e0d7e8a1008ebaed6af32 --label org.opencontainers.image.revision=6f33fd23794058da297e0d7e8a1008ebaed6af32 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-02-10T22:06:32Z --label org.opencontainers.image.created=2026-02-10T22:06:32Z --annotation org.opencontainers.image.revision=6f33fd23794058da297e0d7e8a1008ebaed6af32 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-02-10T22:06:32Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.2Dn9m7 -t quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 17.2 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.5-py3-none-any.whl (225 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 225.0/225.0 kB 81.9 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 124.2 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.1-py3-none-any.whl (108 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 108.3/108.3 kB 90.7 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.5 click-8.3.1 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.0.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="6f33fd23794058da297e0d7e8a1008ebaed6af32" "org.opencontainers.image.revision"="6f33fd23794058da297e0d7e8a1008ebaed6af32" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-02-10T22:06:32Z" "org.opencontainers.image.created"="2026-02-10T22:06:32Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 --> c60fed24b41e Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 c60fed24b41e020634884c1dd557abd687d035c9ee949cd74e746e7c44cfd915 [2026-02-10T22:06:40,008685518+00:00] Unsetting proxy [2026-02-10T22:06:40,009859825+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:32863600a498e14c3c4f9802eb33a27b715e331d74486a12d3ca6f12af4e83a0 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying config sha256:c60fed24b41e020634884c1dd557abd687d035c9ee949cd74e746e7c44cfd915 Writing manifest to image destination [2026-02-10T22:06:41,581731522+00:00] End build pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | container step-push: [2026-02-10T22:06:42,266822668+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:06:44,359645897+00:00] Convert image [2026-02-10T22:06:44,360697052+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-x46qf-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-x46qf-build-container Getting image source signatures Copying blob sha256:32863600a498e14c3c4f9802eb33a27b715e331d74486a12d3ca6f12af4e83a0 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:c60fed24b41e020634884c1dd557abd687d035c9ee949cd74e746e7c44cfd915 Writing manifest to image destination [2026-02-10T22:07:05,420805849+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Getting image source signatures Copying blob sha256:32863600a498e14c3c4f9802eb33a27b715e331d74486a12d3ca6f12af4e83a0 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying config sha256:c60fed24b41e020634884c1dd557abd687d035c9ee949cd74e746e7c44cfd915 Writing manifest to image destination sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0equay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 [2026-02-10T22:07:07,038270003+00:00] End push pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:07:07,385443953+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:07:12,165165027+00:00] End sbom-syft-generate pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | container step-prepare-sboms: [2026-02-10T22:07:12,736777532+00:00] Prepare SBOM [2026-02-10T22:07:12,741231946+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:07:13,882 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:07:13,977 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-02-10 22:07:15,293 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:07:15,293 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:07:15,293 [INFO] mobster.log: Contextual workflow completed in 1.33s 2026-02-10 22:07:15,326 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:07:15,403581385+00:00] End prepare-sboms pod: test-comp-bakp-on-pull-request-x46qf-build-container-pod | container step-upload-sbom: [2026-02-10T22:07:16,331980660+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:30ac1fbb4bdb3a70446fa9cb9a69d1b0cacc2cb911844333c65f8d0504dd1aaf [2026-02-10T22:07:18,549575152+00:00] End upload-sbom pod: test-comp-bakp-on-pull-request-x46qf-build-image-index-pod | init container: prepare 2026/02/10 22:07:20 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-build-image-index-pod | init container: place-scripts 2026/02/10 22:07:20 Decoded script /tekton/scripts/script-0-lvr9c 2026/02/10 22:07:20 Decoded script /tekton/scripts/script-1-xscd9 2026/02/10 22:07:20 Decoded script /tekton/scripts/script-2-7cjmc pod: test-comp-bakp-on-pull-request-x46qf-build-image-index-pod | container step-build: [2026-02-10T22:07:23,864487833+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 29b1fab4630455268021fbe0c1b82c887fea35b3f889b572e2fba3c1d18a9dd0 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e. pod: test-comp-bakp-on-pull-request-x46qf-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-bakp-on-pull-request-x46qf-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:07:26,079211407+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | init container: prepare 2026/02/10 22:07:29 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | init container: place-scripts 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-0-mkblq 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-1-g8wsh 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-2-lxbzh 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-3-bfbq6 pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e. pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:11:02Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"}] 2026-02-10T22:11:02Z INF libvuln initialized component=libvuln/New 2026-02-10T22:11:04Z INF registered configured scanners component=libindex/New 2026-02-10T22:11:04Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:11:04Z INF index request start component=libindex/Libindex.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e 2026-02-10T22:11:04Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e 2026-02-10T22:11:04Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=CheckManifest 2026-02-10T22:11:04Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=FetchLayers 2026-02-10T22:11:05Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=FetchLayers 2026-02-10T22:11:05Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=FetchLayers 2026-02-10T22:11:05Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=ScanLayers 2026-02-10T22:11:06Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=ScanLayers 2026-02-10T22:11:06Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=IndexManifest 2026-02-10T22:11:06Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=IndexFinished 2026-02-10T22:11:06Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e state=IndexFinished 2026-02-10T22:11:06Z INF index request done component=libindex/Libindex.Index manifest=sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e { "manifest_hash": "sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3XsqGfTFjY5lWf0VTh588Q==": { "id": "3XsqGfTFjY5lWf0VTh588Q==", "name": "werkzeug", "version": "3.1.5", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.5.0.0.0.0.0.0", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Vo1mnwlrbhO3Gx1QVEhKkA==": { "id": "Vo1mnwlrbhO3Gx1QVEhKkA==", "name": "click", "version": "8.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.1.0.0.0.0.0.0", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "f89f11a6-352b-4453-a716-aabec0d92404": { "id": "f89f11a6-352b-4453-a716-aabec0d92404", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "fde8b633-0ebb-40e2-8f7a-4f818639b9bd": { "id": "fde8b633-0ebb-40e2-8f7a-4f818639b9bd", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "3XsqGfTFjY5lWf0VTh588Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "Vo1mnwlrbhO3Gx1QVEhKkA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:5046f45a4faf9c53750dea7742fa8f4430d393818391de34d1d99d691398372b", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "fde8b633-0ebb-40e2-8f7a-4f818639b9bd" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "f89f11a6-352b-4453-a716-aabec0d92404", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "C8YeM0XyMbxM6QnHcnbRtQ==": { "id": "C8YeM0XyMbxM6QnHcnbRtQ==", "updater": "debian/updater", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-52099", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GEZVVbmUXjlQj+79Swj7fA==": { "id": "GEZVVbmUXjlQj+79Swj7fA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "JcoADkxFeYBET6x6TWfsjg==": { "id": "JcoADkxFeYBET6x6TWfsjg==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "rvhjGf5pyhsfm1iFFyudCA==": { "id": "rvhjGf5pyhsfm1iFFyudCA==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "DfxJWBpJUY1aHu0ZUSilDg==", "U3JbUhrT2SqWNuYU5d13cQ==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "6jg3v7lJ92IZCQpZydR2sA==", "MdrEi+/OrLlW3zDrheID2Q==", "o75dmeL6883s7llfbkU+PA==", "Ud6njM/DPIrfSPiFct82Lw==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "IJPGr43VMeLym6tW3EWgdg==", "KZ3Jt7zkiM272dGLstI4XA==", "pmcR65l6CQ+6Qdh99gUtFQ==", "IvA5abshk33BAuuBar/pVQ==", "/7UJLAHsMPxTtTxvuPgrzA==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "mnGTl6DWEAI0reOCEqb0jw==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==", "CaLsKNvkpKlxKVBlUnje9Q==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "KaoEuixR8E5nnpGZ1pG25w==", "rvhjGf5pyhsfm1iFFyudCA==", "g44foSnimIkShQZtpEhjbQ==", "fUdim7gaWpwZtynNz5GiKg==", "ZbWtFXr0WyByV4kCb3M6FA==", "HuTBrVHKx7uaMtQjiqifKQ==", "3cBlPR7Tm4BIC/+wflldAg==", "bBymk1eoEM+tVYB+/Crz+g==", "qDLWFSo6NpfxWPhSeAS8zQ==", "kgqUyyy6Fd5CUNREC3t1jg==", "XtT5+z5+yMbpdsyfkLItzA==", "9sNDKQtqg7Z3gJr//JQlvg==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "27BVJE6xR0Z84LzifDnFYA==", "VzolVkOS5HseGzVTLzDMfA==", "EYo03ICovWfCjw2cKpwx4Q==", "WWnQMI7f7f75SgC9Dcl+QQ==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MXRm//dBCnWFem5zffvqmA==", "MDmWztEMrTY+VyVp5c+Fvw==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "ce9B0jxjyNiCfG4VtZhnVw==", "7DtFnnE8FjIpCQKunutpeg==", "k82HOcJqNkts86KJ0glvow==", "JcoADkxFeYBET6x6TWfsjg==", "brAAPyN4siIQT5bxa9xu4g==", "AvPdNumiwGnBie+lo1du3A==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==", "ZrZi02myDWWW0L5oPQj/cg==", "uEg5UAxE9NNjF71OxdO7uQ==", "oeIf5WAd0bERBmJCeLsqIg==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "F0zkrLGlbsix59P9mqoAOg==", "ANq7+l7+5U6IDt9eU02u5w==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "BxMnseA9J6OW2RWxSrlbyQ==", "tjx9raP+v/Zzj6SBJct3WA==", "C8YeM0XyMbxM6QnHcnbRtQ==", "dUTZP+bcDNUqytJV02E1dQ==", "tBbOIOCaKVlwik7hH/baMQ==", "fharKhY7OXyx+gXJAwiegw==", "DRKFIYYNzLumACBV1CW/rw==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-bakp-on-pull-request-x46qf-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), libapt-pkg6.0-2.2.4 (CVE-2011-3374), mount-2.36.1-8+deb11u1 (CVE-2022-0563), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563), libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563), libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-52099), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libstdc++6-10.2.1-6 (CVE-2023-4039), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236), apt-2.2.4 (CVE-2011-3374), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563), gcc-9-base-9.3.0-22 (CVE-2023-4039), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libgcc-s1-10.2.1-6 (CVE-2023-4039), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), gcc-10-base-10.2.1-6 (CVE-2023-4039), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 82 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libgnutls30-3.7.1-5+deb11u2 (CVE-2025-9820), perl-base-5.32.1-4+deb11u2 (CVE-2025-40909), dpkg-1.20.12 (CVE-2025-6297), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libsqlite3-0-3.34.1-3 (CVE-2025-6965), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), libgcrypt20-1.8.7-6 (CVE-2021-33560), bash-5.1-2+deb11u1 (CVE-2022-3715), libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), login-1:4.8.1-1 (CVE-2024-56433), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853), passwd-1:4.8.1-1 (CVE-2024-56433), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 36 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":82,"unknown":36}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32", "digests": ["sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:11:12+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-x46qf-clamav-scan-pod | init container: prepare 2026/02/10 22:07:29 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-clamav-scan-pod | init container: place-scripts 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-0-7l67d 2026/02/10 22:07:30 Decoded script /tekton/scripts/script-1-8kh5h pod: test-comp-bakp-on-pull-request-x46qf-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 10.407 sec (0 m 10 s) Start Date: 2026:02:10 22:08:13 End Date: 2026:02:10 22:08:23 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761303","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761303","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761303","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32", "digests": ["sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e"]}} pod: test-comp-bakp-on-pull-request-x46qf-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 2865af03c588 clamscan-ec-test-amd64.json Uploading 3c80e709030b clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 2865af03c588 clamscan-ec-test-amd64.json Uploaded 3c80e709030b clamscan-result-amd64.log Uploading f92dd3a9f7b9 application/vnd.oci.image.manifest.v1+json Uploaded f92dd3a9f7b9 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e Digest: sha256:f92dd3a9f7b9bb282114f01260b4fb21607ce10577b1c5fbf13bdae6ae0a764b pod: test-comp-bakp-on-pull-request-x46qf-clone-repository-pod | init container: prepare 2026/02/10 22:05:01 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-clone-repository-pod | init container: place-scripts 2026/02/10 22:05:02 Decoded script /tekton/scripts/script-0-8p2dj 2026/02/10 22:05:02 Decoded script /tekton/scripts/script-1-2lxss pod: test-comp-bakp-on-pull-request-x46qf-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761105.5287302,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761105.7180126,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 6f33fd23794058da297e0d7e8a1008ebaed6af32 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761105.7180655,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761105.7435172,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 6f33fd23794058da297e0d7e8a1008ebaed6af32 directly. pod: test-comp-bakp-on-pull-request-x46qf-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-bakp-on-pull-request-x46qf-init-pod | init container: prepare 2026/02/10 22:04:31 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-init-pod | init container: place-scripts 2026/02/10 22:04:32 Decoded script /tekton/scripts/script-0-fx7df pod: test-comp-bakp-on-pull-request-x46qf-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: test-comp-bakp-on-pull-request-x46qf-prefetch-dependencies-pod | init container: prepare 2026/02/10 22:05:14 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-prefetch-dependencies-pod | init container: place-scripts 2026/02/10 22:05:15 Decoded script /tekton/scripts/script-0-w65wp 2026/02/10 22:05:15 Decoded script /tekton/scripts/script-1-zh2dr pod: test-comp-bakp-on-pull-request-x46qf-prefetch-dependencies-pod | container step-sanitize-config-file-with-yq: pod: test-comp-bakp-on-pull-request-x46qf-prefetch-dependencies-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: test-comp-bakp-on-pull-request-x46qf-push-dockerfile-pod | init container: prepare 2026/02/10 22:07:34 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:07:36 Decoded script /tekton/scripts/script-0-vwlbh pod: test-comp-bakp-on-pull-request-x46qf-push-dockerfile-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-x46qf-push-dockerfile-pod | container step-push: [2026-02-10T22:07:56,987115196+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.MyOwUqNGyy --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:sha256-0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e.dockerfile Dockerfile pod: test-comp-bakp-on-pull-request-x46qf-sast-shell-check-pod | init container: prepare 2026/02/10 22:07:36 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:07:37 Decoded script /tekton/scripts/script-0-jxrdw 2026/02/10 22:07:37 Decoded script /tekton/scripts/script-1-cqvbn pod: test-comp-bakp-on-pull-request-x46qf-sast-shell-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-x46qf-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-119.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-123.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-88.json ./shellcheck-results/sc-97.json ./shellcheck-results/sc-98.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:08:57+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-x46qf-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Uploading 3b606a9dd3a1 shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 3b606a9dd3a1 shellcheck-results.sarif Uploading de3dbdfa268c application/vnd.oci.image.manifest.v1+json Uploaded de3dbdfa268c application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e Digest: sha256:de3dbdfa268cf96a9dc38e162d6a7853568742f5880991048a1f871e5a5a59fe No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-x46qf-sast-snyk-check-pod | init container: prepare 2026/02/10 22:07:36 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:07:37 Decoded script /tekton/scripts/script-0-5kcgr 2026/02/10 22:07:37 Decoded script /tekton/scripts/script-1-28gdc pod: test-comp-bakp-on-pull-request-x46qf-sast-snyk-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-x46qf-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-bakp INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:08:57+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-x46qf-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-x46qf-sast-unicode-check-pod | init container: prepare 2026/02/10 22:07:35 Entrypoint initialization pod: test-comp-bakp-on-pull-request-x46qf-sast-unicode-check-pod | init container: place-scripts 2026/02/10 22:07:36 Decoded script /tekton/scripts/script-0-z4nrj 2026/02/10 22:07:36 Decoded script /tekton/scripts/script-1-9xrbk pod: test-comp-bakp-on-pull-request-x46qf-sast-unicode-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-x46qf-sast-unicode-check-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:08:59+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-x46qf-sast-unicode-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 1da9b99b8b41 sast_unicode_check_out.sarif Uploaded 1da9b99b8b41 sast_unicode_check_out.sarif Uploading baa04596d9a8 application/vnd.oci.image.manifest.v1+json Uploaded baa04596d9a8 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-6f33fd23794058da297e0d7e8a1008ebaed6af32@sha256:0e3963791e8ccb855a308a9b929e92078a1a4f9123480af5753bc9365e008f0e Digest: sha256:baa04596d9a8165dc61961eed77f1ca40ee13d24e86619537cdcf763e9a72864 No excluded-findings.json exists. Skipping upload. PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: ResolvingTaskRef PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Running PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-6h2jw reason: Failed attempt 2/3: PipelineRun "test-comp-bakp-on-pull-request-6h2jw" failed: pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | init container: prepare 2026/02/10 22:12:51 Entrypoint initialization pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | init container: place-scripts 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-0-w87ml 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-1-dlfnj 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-2-lc84w 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-3-vr97x 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-4-tlmvn 2026/02/10 22:12:52 Decoded script /tekton/scripts/script-5-dsrld pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Auth json written to "/auth/auth.json". pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-set-skip-for-bundles: 2026/02/10 22:12:57 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-app-check: time="2026-02-10T22:12:57Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:12:57Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb for platform amd64" time="2026-02-10T22:12:57Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb" time="2026-02-10T22:13:02Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-1899338900/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1899338900/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1899338900/fs/var/lib/rpm/Packages: no such file or directory" time="2026-02-10T22:13:02Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:13:02Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:13:02Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:13:02Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-1899338900/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1899338900/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-1899338900/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-02-10T22:13:02Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-02-10T22:13:02Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-02-10T22:13:02Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-02-10T22:13:02Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-02-10T22:13:05Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:13:05Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-02-10T22:13:05Z" level=info msg="This image's tag on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb will be paired with digest sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3614, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 222, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-02-10T22:13:06Z" level=info msg="Preflight result: FAILED" pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1770761586","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb pod: test-comp-bakp-on-pull-requ9ff045eedfd2d5c7c0006aa4b1c826a7-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1770761586","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-bakp-on-pull-request-6h2jw-apply-tags-pod | init container: prepare 2026/02/10 22:12:52 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:12:55Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb" time="2026-02-10T22:12:55Z" level=info msg="[param] Image digest: sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45" time="2026-02-10T22:12:55Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:12:56Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | init container: prepare 2026/02/10 22:12:06 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | init container: place-scripts 2026/02/10 22:12:06 Decoded script /tekton/scripts/script-0-nbl55 2026/02/10 22:12:06 Decoded script /tekton/scripts/script-1-chpcr 2026/02/10 22:12:06 Decoded script /tekton/scripts/script-2-xjf8f 2026/02/10 22:12:06 Decoded script /tekton/scripts/script-3-b4z5g 2026/02/10 22:12:06 Decoded script /tekton/scripts/script-4-zdkm2 pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | container step-build: [2026-02-10T22:12:11,283513605+00:00] Validate context path [2026-02-10T22:12:11,286912967+00:00] Update CA trust [2026-02-10T22:12:11,287970480+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:12:13,251644766+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:12:13,257677787+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:12:13,375972327+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-02-10T22:12:15,586972802+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "ae7ac22f3b6d89826989b104a04eeb7274ef58cb", "org.opencontainers.image.revision": "ae7ac22f3b6d89826989b104a04eeb7274ef58cb", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-02-10T22:12:13Z", "org.opencontainers.image.created": "2026-02-10T22:12:13Z", "io.buildah.version": "1.42.2" } [2026-02-10T22:12:15,637251324+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:12:15,640502280+00:00] Add secrets [2026-02-10T22:12:15,647856699+00:00] Run buildah build [2026-02-10T22:12:15,648937173+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=ae7ac22f3b6d89826989b104a04eeb7274ef58cb --label org.opencontainers.image.revision=ae7ac22f3b6d89826989b104a04eeb7274ef58cb --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-02-10T22:12:13Z --label org.opencontainers.image.created=2026-02-10T22:12:13Z --annotation org.opencontainers.image.revision=ae7ac22f3b6d89826989b104a04eeb7274ef58cb --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-02-10T22:12:13Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.E6LOcb -t quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 23.4 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.5-py3-none-any.whl (225 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 225.0/225.0 kB 83.1 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 122.8 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.1-py3-none-any.whl (108 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 108.3/108.3 kB 112.7 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.5 click-8.3.1 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.0.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="ae7ac22f3b6d89826989b104a04eeb7274ef58cb" "org.opencontainers.image.revision"="ae7ac22f3b6d89826989b104a04eeb7274ef58cb" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-02-10T22:12:13Z" "org.opencontainers.image.created"="2026-02-10T22:12:13Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb --> 670d99eaf98f Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb 670d99eaf98f6013afc3cbcac94716c2d781422e8c54c0c7f60866b2f0a3bbc2 [2026-02-10T22:12:19,204066310+00:00] Unsetting proxy [2026-02-10T22:12:19,205307506+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:5947d9579c82fe304741210ebd0cf1ac634aef1063611ca402952665fb63bd79 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:670d99eaf98f6013afc3cbcac94716c2d781422e8c54c0c7f60866b2f0a3bbc2 Writing manifest to image destination [2026-02-10T22:12:19,775914738+00:00] End build pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | container step-push: [2026-02-10T22:12:20,405652069+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:12:22,373051623+00:00] Convert image [2026-02-10T22:12:22,374107600+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-6h2jw-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-6h2jw-build-container Getting image source signatures Copying blob sha256:5947d9579c82fe304741210ebd0cf1ac634aef1063611ca402952665fb63bd79 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying config sha256:670d99eaf98f6013afc3cbcac94716c2d781422e8c54c0c7f60866b2f0a3bbc2 Writing manifest to image destination [2026-02-10T22:12:25,961349623+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Getting image source signatures Copying blob sha256:5947d9579c82fe304741210ebd0cf1ac634aef1063611ca402952665fb63bd79 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:670d99eaf98f6013afc3cbcac94716c2d781422e8c54c0c7f60866b2f0a3bbc2 Writing manifest to image destination sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb [2026-02-10T22:12:26,897325040+00:00] End push pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:12:27,508710186+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:12:32,016433688+00:00] End sbom-syft-generate pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | container step-prepare-sboms: [2026-02-10T22:12:32,610772568+00:00] Prepare SBOM [2026-02-10T22:12:32,614463834+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:12:33,673 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:12:33,753 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-02-10 22:12:35,290 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:12:35,290 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:12:35,290 [INFO] mobster.log: Contextual workflow completed in 1.55s 2026-02-10 22:12:35,313 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:12:35,371751729+00:00] End prepare-sboms pod: test-comp-bakp-on-pull-request-6h2jw-build-container-pod | container step-upload-sbom: [2026-02-10T22:12:35,703328235+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:6bde2020897bdc4283796051ee5807e1c55cc68aaf250da709b44426f4a69bbc [2026-02-10T22:12:38,144073254+00:00] End upload-sbom pod: test-comp-bakp-on-pull-request-6h2jw-build-image-index-pod | init container: prepare 2026/02/10 22:12:41 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-build-image-index-pod | init container: place-scripts 2026/02/10 22:12:42 Decoded script /tekton/scripts/script-0-wx5cd 2026/02/10 22:12:42 Decoded script /tekton/scripts/script-1-twpdg 2026/02/10 22:12:42 Decoded script /tekton/scripts/script-2-hl9c5 pod: test-comp-bakp-on-pull-request-6h2jw-build-image-index-pod | container step-build: [2026-02-10T22:12:45,506089725+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 6c5a4275c412af36803ba8ae064614b77d01893373df865254ea041c3de101f6 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45. pod: test-comp-bakp-on-pull-request-6h2jw-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-bakp-on-pull-request-6h2jw-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:12:47,700975391+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | init container: prepare 2026/02/10 22:12:51 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | init container: place-scripts 2026/02/10 22:12:51 Decoded script /tekton/scripts/script-0-zrgmj 2026/02/10 22:12:51 Decoded script /tekton/scripts/script-1-cxtnd 2026/02/10 22:12:51 Decoded script /tekton/scripts/script-2-r8n5n 2026/02/10 22:12:51 Decoded script /tekton/scripts/script-3-jt69l pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45. pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:12:58Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:12:58Z INF libvuln initialized component=libvuln/New 2026-02-10T22:12:59Z INF registered configured scanners component=libindex/New 2026-02-10T22:12:59Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:12:59Z INF index request start component=libindex/Libindex.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 2026-02-10T22:12:59Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 2026-02-10T22:12:59Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=CheckManifest 2026-02-10T22:12:59Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=FetchLayers 2026-02-10T22:13:01Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=FetchLayers 2026-02-10T22:13:01Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=FetchLayers 2026-02-10T22:13:01Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=ScanLayers 2026-02-10T22:13:01Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=ScanLayers 2026-02-10T22:13:01Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=IndexManifest 2026-02-10T22:13:01Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=IndexFinished 2026-02-10T22:13:01Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 state=IndexFinished 2026-02-10T22:13:01Z INF index request done component=libindex/Libindex.Index manifest=sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 { "manifest_hash": "sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3XsqGfTFjY5lWf0VTh588Q==": { "id": "3XsqGfTFjY5lWf0VTh588Q==", "name": "werkzeug", "version": "3.1.5", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.5.0.0.0.0.0.0", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Vo1mnwlrbhO3Gx1QVEhKkA==": { "id": "Vo1mnwlrbhO3Gx1QVEhKkA==", "name": "click", "version": "8.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.1.0.0.0.0.0.0", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "b8363d06-0c09-447b-bb31-ce0cea81a200": { "id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e": { "id": "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "3XsqGfTFjY5lWf0VTh588Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "Vo1mnwlrbhO3Gx1QVEhKkA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:00ac0b36501eae45e8d2a859bd9cdb2e85bbc73450ed641fc842e3a227ef9d79", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "72f1c2ae-f01d-41db-bf9e-a39dccf24e8e" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "b8363d06-0c09-447b-bb31-ce0cea81a200", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "C8YeM0XyMbxM6QnHcnbRtQ==": { "id": "C8YeM0XyMbxM6QnHcnbRtQ==", "updater": "debian/updater", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-52099", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GEZVVbmUXjlQj+79Swj7fA==": { "id": "GEZVVbmUXjlQj+79Swj7fA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "JcoADkxFeYBET6x6TWfsjg==": { "id": "JcoADkxFeYBET6x6TWfsjg==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "rvhjGf5pyhsfm1iFFyudCA==": { "id": "rvhjGf5pyhsfm1iFFyudCA==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "DfxJWBpJUY1aHu0ZUSilDg==", "U3JbUhrT2SqWNuYU5d13cQ==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "6jg3v7lJ92IZCQpZydR2sA==", "MdrEi+/OrLlW3zDrheID2Q==", "o75dmeL6883s7llfbkU+PA==", "Ud6njM/DPIrfSPiFct82Lw==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "IJPGr43VMeLym6tW3EWgdg==", "KZ3Jt7zkiM272dGLstI4XA==", "pmcR65l6CQ+6Qdh99gUtFQ==", "IvA5abshk33BAuuBar/pVQ==", "/7UJLAHsMPxTtTxvuPgrzA==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "mnGTl6DWEAI0reOCEqb0jw==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==", "CaLsKNvkpKlxKVBlUnje9Q==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "KaoEuixR8E5nnpGZ1pG25w==", "rvhjGf5pyhsfm1iFFyudCA==", "g44foSnimIkShQZtpEhjbQ==", "fUdim7gaWpwZtynNz5GiKg==", "ZbWtFXr0WyByV4kCb3M6FA==", "HuTBrVHKx7uaMtQjiqifKQ==", "3cBlPR7Tm4BIC/+wflldAg==", "bBymk1eoEM+tVYB+/Crz+g==", "qDLWFSo6NpfxWPhSeAS8zQ==", "kgqUyyy6Fd5CUNREC3t1jg==", "XtT5+z5+yMbpdsyfkLItzA==", "9sNDKQtqg7Z3gJr//JQlvg==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "27BVJE6xR0Z84LzifDnFYA==", "VzolVkOS5HseGzVTLzDMfA==", "EYo03ICovWfCjw2cKpwx4Q==", "WWnQMI7f7f75SgC9Dcl+QQ==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MXRm//dBCnWFem5zffvqmA==", "MDmWztEMrTY+VyVp5c+Fvw==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "ce9B0jxjyNiCfG4VtZhnVw==", "7DtFnnE8FjIpCQKunutpeg==", "k82HOcJqNkts86KJ0glvow==", "JcoADkxFeYBET6x6TWfsjg==", "brAAPyN4siIQT5bxa9xu4g==", "AvPdNumiwGnBie+lo1du3A==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==", "ZrZi02myDWWW0L5oPQj/cg==", "uEg5UAxE9NNjF71OxdO7uQ==", "oeIf5WAd0bERBmJCeLsqIg==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "F0zkrLGlbsix59P9mqoAOg==", "ANq7+l7+5U6IDt9eU02u5w==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "BxMnseA9J6OW2RWxSrlbyQ==", "tjx9raP+v/Zzj6SBJct3WA==", "C8YeM0XyMbxM6QnHcnbRtQ==", "dUTZP+bcDNUqytJV02E1dQ==", "tBbOIOCaKVlwik7hH/baMQ==", "fharKhY7OXyx+gXJAwiegw==", "DRKFIYYNzLumACBV1CW/rw==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-bakp-on-pull-request-6h2jw-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), libgcc-s1-10.2.1-6 (CVE-2023-4039), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), gcc-9-base-9.3.0-22 (CVE-2023-4039), libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), gcc-10-base-10.2.1-6 (CVE-2023-4039), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563), libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563), mount-2.36.1-8+deb11u1 (CVE-2022-0563), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236), libstdc++6-10.2.1-6 (CVE-2023-4039), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libapt-pkg6.0-2.2.4 (CVE-2011-3374), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-52099), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486), apt-2.2.4 (CVE-2011-3374), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 82 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), login-1:4.8.1-1 (CVE-2024-56433), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), passwd-1:4.8.1-1 (CVE-2024-56433), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457), libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libgnutls30-3.7.1-5+deb11u2 (CVE-2025-9820), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375), libgcrypt20-1.8.7-6 (CVE-2021-33560), dpkg-1.20.12 (CVE-2025-6297), bash-5.1-2+deb11u1 (CVE-2022-3715), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libsqlite3-0-3.34.1-3 (CVE-2025-6965), perl-base-5.32.1-4+deb11u2 (CVE-2025-40909), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 36 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":82,"unknown":36}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb", "digests": ["sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-6h2jw-clamav-scan-pod | init container: prepare 2026/02/10 22:12:53 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-clamav-scan-pod | init container: place-scripts 2026/02/10 22:12:53 Decoded script /tekton/scripts/script-0-ddzwg 2026/02/10 22:12:53 Decoded script /tekton/scripts/script-1-lk45p pod: test-comp-bakp-on-pull-request-6h2jw-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 7.649 sec (0 m 7 s) Start Date: 2026:02:10 22:13:08 End Date: 2026:02:10 22:13:16 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761596","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761596","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761596","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb", "digests": ["sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45"]}} pod: test-comp-bakp-on-pull-request-6h2jw-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading ff2114ac9aee clamscan-result-amd64.log Uploading ec4dbddad888 clamscan-ec-test-amd64.json Uploaded ec4dbddad888 clamscan-ec-test-amd64.json Uploaded ff2114ac9aee clamscan-result-amd64.log Uploading f203f99fca1a application/vnd.oci.image.manifest.v1+json Uploaded f203f99fca1a application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 Digest: sha256:f203f99fca1a95b195698b59c7c101d4df68819ac0775c6066b04ba5a4d4529c pod: test-comp-bakp-on-pull-request-6h2jw-clone-repository-pod | init container: prepare 2026/02/10 22:11:49 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-clone-repository-pod | init container: place-scripts 2026/02/10 22:11:50 Decoded script /tekton/scripts/script-0-zq2nq 2026/02/10 22:11:50 Decoded script /tekton/scripts/script-1-5t8bn pod: test-comp-bakp-on-pull-request-6h2jw-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761514.178717,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761514.3753262,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ ae7ac22f3b6d89826989b104a04eeb7274ef58cb (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761514.3753903,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761514.4016545,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision ae7ac22f3b6d89826989b104a04eeb7274ef58cb directly. pod: test-comp-bakp-on-pull-request-6h2jw-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-bakp-on-pull-request-6h2jw-init-pod | init container: prepare 2026/02/10 22:11:37 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-init-pod | init container: place-scripts 2026/02/10 22:11:38 Decoded script /tekton/scripts/script-0-4mp66 pod: test-comp-bakp-on-pull-request-6h2jw-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: test-comp-bakp-on-pull-request-6h2jw-prefetch-dependencies-pod | init container: prepare 2026/02/10 22:11:58 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-prefetch-dependencies-pod | init container: place-scripts 2026/02/10 22:11:59 Decoded script /tekton/scripts/script-0-bnnkj 2026/02/10 22:11:59 Decoded script /tekton/scripts/script-1-bdvb5 pod: test-comp-bakp-on-pull-request-6h2jw-prefetch-dependencies-pod | container step-sanitize-config-file-with-yq: pod: test-comp-bakp-on-pull-request-6h2jw-prefetch-dependencies-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: test-comp-bakp-on-pull-request-6h2jw-push-dockerfile-pod | init container: prepare 2026/02/10 22:13:01 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-0-4vwbg pod: test-comp-bakp-on-pull-request-6h2jw-push-dockerfile-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-6h2jw-push-dockerfile-pod | container step-push: [2026-02-10T22:13:07,721739450+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.0qFvrhdE9H --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:sha256-19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45.dockerfile Dockerfile pod: test-comp-bakp-on-pull-request-6h2jw-sast-shell-check-pod | init container: prepare 2026/02/10 22:13:01 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-0-6zvcg 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-1-sh542 pod: test-comp-bakp-on-pull-request-6h2jw-sast-shell-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-6h2jw-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-105.json ./shellcheck-results/sc-118.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-128.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-81.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:13:08+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-6h2jw-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading f1a7ea342fb6 application/vnd.oci.image.manifest.v1+json Uploaded f1a7ea342fb6 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 Digest: sha256:f1a7ea342fb680f80e133af5a70cc1cb88e775028e53b1a2cd397f5bbdfc1112 No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-6h2jw-sast-snyk-check-pod | init container: prepare 2026/02/10 22:13:01 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-0-mhnnj 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-1-tz22d pod: test-comp-bakp-on-pull-request-6h2jw-sast-snyk-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-6h2jw-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-bakp INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:13:08+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-6h2jw-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-6h2jw-sast-unicode-check-pod | init container: prepare 2026/02/10 22:13:02 Entrypoint initialization pod: test-comp-bakp-on-pull-request-6h2jw-sast-unicode-check-pod | init container: place-scripts 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-0-khvnc 2026/02/10 22:13:02 Decoded script /tekton/scripts/script-1-mmd9w pod: test-comp-bakp-on-pull-request-6h2jw-sast-unicode-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-6h2jw-sast-unicode-check-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:13:07+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:13:07+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-6h2jw-sast-unicode-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 684f1ff17123 application/vnd.oci.image.manifest.v1+json Uploaded 684f1ff17123 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-ae7ac22f3b6d89826989b104a04eeb7274ef58cb@sha256:19c42280284e05df6d7a5c668c5fd23881bcbbf4952a22d6be7b06db05b6ff45 Digest: sha256:684f1ff17123b3439cbef9ecef3b9ebacf758487b4c30bdb4ea36f6a6823c69d No excluded-findings.json exists. Skipping upload. PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Running PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: PipelineRunStopping PipelineRun test-comp-bakp-on-pull-request-dnv54 reason: Failed attempt 3/3: PipelineRun "test-comp-bakp-on-pull-request-dnv54" failed: pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: place-scripts 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-0-hgxcx 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-1-j2zbg 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-2-tsh7w 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-3-hcdf2 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-4-dqnrx 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-5-rzc6t pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Auth json written to "/auth/auth.json". pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-set-skip-for-bundles: 2026/02/10 22:15:11 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-app-check: time="2026-02-10T22:15:11Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:15:12Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 for platform amd64" time="2026-02-10T22:15:12Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" time="2026-02-10T22:15:16Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory" time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-02-10T22:15:16Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-02-10T22:15:16Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-02-10T22:15:16Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-02-10T22:15:20Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:15:20Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-02-10T22:15:20Z" level=info msg="This image's tag on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 will be paired with digest sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3467, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 152, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-02-10T22:15:20Z" level=info msg="Preflight result: FAILED" pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1770761721","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1770761721","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-apply-tags-pod | init container: prepare 2026/02/10 22:15:05 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:15:08Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" time="2026-02-10T22:15:08Z" level=info msg="[param] Image digest: sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31" time="2026-02-10T22:15:08Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:15:08Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: prepare 2026/02/10 22:14:17 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: place-scripts 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-0-7zzl2 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-1-lpfsv 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-2-9sqbc 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-3-t7d2f 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-4-6pdgz pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-build: [2026-02-10T22:14:22,324265443+00:00] Validate context path [2026-02-10T22:14:22,327603027+00:00] Update CA trust [2026-02-10T22:14:22,328656091+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:14:24,317591716+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:14:24,323305759+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:14:24,559865087+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-02-10T22:14:27,012017084+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "org.opencontainers.image.revision": "41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-02-10T22:14:24Z", "org.opencontainers.image.created": "2026-02-10T22:14:24Z", "io.buildah.version": "1.42.2" } [2026-02-10T22:14:27,053656708+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:14:27,056834847+00:00] Add secrets [2026-02-10T22:14:27,064316001+00:00] Run buildah build [2026-02-10T22:14:27,065363359+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --label org.opencontainers.image.revision=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-02-10T22:14:24Z --label org.opencontainers.image.created=2026-02-10T22:14:24Z --annotation org.opencontainers.image.revision=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-02-10T22:14:24Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.WHigQ8 -t quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 30.2 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.5-py3-none-any.whl (225 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 225.0/225.0 kB 91.4 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 129.4 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.1-py3-none-any.whl (108 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 108.3/108.3 kB 114.1 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.5 click-8.3.1 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.0.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" "org.opencontainers.image.revision"="41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-02-10T22:14:24Z" "org.opencontainers.image.created"="2026-02-10T22:14:24Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --> 7fe8b4854cd3 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 [2026-02-10T22:14:30,203990282+00:00] Unsetting proxy [2026-02-10T22:14:30,205212872+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination [2026-02-10T22:14:30,836873332+00:00] End build pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-push: [2026-02-10T22:14:31,476585085+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:14:33,447960009+00:00] Convert image [2026-02-10T22:14:33,448979567+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-dnv54-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-dnv54-build-container Getting image source signatures Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination [2026-02-10T22:14:37,201960260+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Getting image source signatures Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 [2026-02-10T22:14:37,957838060+00:00] End push pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:14:38,579636729+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:14:42,987855463+00:00] End sbom-syft-generate pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-prepare-sboms: [2026-02-10T22:14:43,690204994+00:00] Prepare SBOM [2026-02-10T22:14:43,693998075+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:14:44,749 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:14:44,829 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-02-10 22:14:46,154 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:14:46,154 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:14:46,155 [INFO] mobster.log: Contextual workflow completed in 1.34s 2026-02-10 22:14:46,177 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:14:46,237126711+00:00] End prepare-sboms pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-upload-sbom: [2026-02-10T22:14:46,797821395+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0dc2eb2d98012462a36b121ddf47eb41fb2a2ffe9d9efc9f7d99f55d6906a7ae [2026-02-10T22:14:49,608800771+00:00] End upload-sbom pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | init container: prepare 2026/02/10 22:14:53 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | init container: place-scripts 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-0-nbkkm 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-1-mssgd 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-2-m7284 pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-build: [2026-02-10T22:14:58,625180528+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' fa8979e2f8cf07f8316ed007c9b1b10483d09fa06bfc0e6b9c039ad6d1637a3e Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:15:00,873890424+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | init container: place-scripts 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-0-6vlhh 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-1-j44fv 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-2-zh5j9 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-3-l8hrd pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:15:14Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"}] 2026-02-10T22:15:14Z INF libvuln initialized component=libvuln/New 2026-02-10T22:15:14Z INF registered configured scanners component=libindex/New 2026-02-10T22:15:14Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:15:14Z INF index request start component=libindex/Libindex.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 2026-02-10T22:15:14Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 2026-02-10T22:15:14Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=CheckManifest 2026-02-10T22:15:14Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=ScanLayers 2026-02-10T22:15:16Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=ScanLayers 2026-02-10T22:15:16Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexManifest 2026-02-10T22:15:16Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexFinished 2026-02-10T22:15:16Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexFinished 2026-02-10T22:15:16Z INF index request done component=libindex/Libindex.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 { "manifest_hash": "sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3XsqGfTFjY5lWf0VTh588Q==": { "id": "3XsqGfTFjY5lWf0VTh588Q==", "name": "werkzeug", "version": "3.1.5", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.5.0.0.0.0.0.0", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Vo1mnwlrbhO3Gx1QVEhKkA==": { "id": "Vo1mnwlrbhO3Gx1QVEhKkA==", "name": "click", "version": "8.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.1.0.0.0.0.0.0", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "6df3d1d2-5dab-46de-b77e-dd03af431473": { "id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "dc34882b-f4cd-49f0-9252-33484877db9a": { "id": "dc34882b-f4cd-49f0-9252-33484877db9a", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "3XsqGfTFjY5lWf0VTh588Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Vo1mnwlrbhO3Gx1QVEhKkA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "C8YeM0XyMbxM6QnHcnbRtQ==": { "id": "C8YeM0XyMbxM6QnHcnbRtQ==", "updater": "debian/updater", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-52099", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GEZVVbmUXjlQj+79Swj7fA==": { "id": "GEZVVbmUXjlQj+79Swj7fA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "JcoADkxFeYBET6x6TWfsjg==": { "id": "JcoADkxFeYBET6x6TWfsjg==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "rvhjGf5pyhsfm1iFFyudCA==": { "id": "rvhjGf5pyhsfm1iFFyudCA==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "DfxJWBpJUY1aHu0ZUSilDg==", "U3JbUhrT2SqWNuYU5d13cQ==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "6jg3v7lJ92IZCQpZydR2sA==", "MdrEi+/OrLlW3zDrheID2Q==", "o75dmeL6883s7llfbkU+PA==", "Ud6njM/DPIrfSPiFct82Lw==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "IJPGr43VMeLym6tW3EWgdg==", "KZ3Jt7zkiM272dGLstI4XA==", "pmcR65l6CQ+6Qdh99gUtFQ==", "IvA5abshk33BAuuBar/pVQ==", "/7UJLAHsMPxTtTxvuPgrzA==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "mnGTl6DWEAI0reOCEqb0jw==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==", "CaLsKNvkpKlxKVBlUnje9Q==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "KaoEuixR8E5nnpGZ1pG25w==", "rvhjGf5pyhsfm1iFFyudCA==", "g44foSnimIkShQZtpEhjbQ==", "fUdim7gaWpwZtynNz5GiKg==", "ZbWtFXr0WyByV4kCb3M6FA==", "HuTBrVHKx7uaMtQjiqifKQ==", "3cBlPR7Tm4BIC/+wflldAg==", "bBymk1eoEM+tVYB+/Crz+g==", "qDLWFSo6NpfxWPhSeAS8zQ==", "kgqUyyy6Fd5CUNREC3t1jg==", "XtT5+z5+yMbpdsyfkLItzA==", "9sNDKQtqg7Z3gJr//JQlvg==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "27BVJE6xR0Z84LzifDnFYA==", "VzolVkOS5HseGzVTLzDMfA==", "EYo03ICovWfCjw2cKpwx4Q==", "WWnQMI7f7f75SgC9Dcl+QQ==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MXRm//dBCnWFem5zffvqmA==", "MDmWztEMrTY+VyVp5c+Fvw==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "ce9B0jxjyNiCfG4VtZhnVw==", "7DtFnnE8FjIpCQKunutpeg==", "k82HOcJqNkts86KJ0glvow==", "JcoADkxFeYBET6x6TWfsjg==", "brAAPyN4siIQT5bxa9xu4g==", "AvPdNumiwGnBie+lo1du3A==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==", "ZrZi02myDWWW0L5oPQj/cg==", "uEg5UAxE9NNjF71OxdO7uQ==", "oeIf5WAd0bERBmJCeLsqIg==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "F0zkrLGlbsix59P9mqoAOg==", "ANq7+l7+5U6IDt9eU02u5w==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "BxMnseA9J6OW2RWxSrlbyQ==", "tjx9raP+v/Zzj6SBJct3WA==", "C8YeM0XyMbxM6QnHcnbRtQ==", "dUTZP+bcDNUqytJV02E1dQ==", "tBbOIOCaKVlwik7hH/baMQ==", "fharKhY7OXyx+gXJAwiegw==", "DRKFIYYNzLumACBV1CW/rw==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: mount-2.36.1-8+deb11u1 (CVE-2022-0563), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), gcc-9-base-9.3.0-22 (CVE-2023-4039), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-52099), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), apt-2.2.4 (CVE-2011-3374), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563), libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), libgcc-s1-10.2.1-6 (CVE-2023-4039), libapt-pkg6.0-2.2.4 (CVE-2011-3374), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), gcc-10-base-10.2.1-6 (CVE-2023-4039), libstdc++6-10.2.1-6 (CVE-2023-4039), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 82 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), bash-5.1-2+deb11u1 (CVE-2022-3715), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libsqlite3-0-3.34.1-3 (CVE-2025-6965), libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375), libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libgnutls30-3.7.1-5+deb11u2 (CVE-2025-9820), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), login-1:4.8.1-1 (CVE-2024-56433), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), dpkg-1.20.12 (CVE-2025-6297), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libgcrypt20-1.8.7-6 (CVE-2021-33560), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), passwd-1:4.8.1-1 (CVE-2024-56433), perl-base-5.32.1-4+deb11u2 (CVE-2025-40909)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 36 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":82,"unknown":36}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "digests": ["sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:15:23+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | init container: place-scripts 2026/02/10 22:15:04 Decoded script /tekton/scripts/script-0-qh87s 2026/02/10 22:15:04 Decoded script /tekton/scripts/script-1-9svkc pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 8.479 sec (0 m 8 s) Start Date: 2026:02:10 22:15:21 End Date: 2026:02:10 22:15:29 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "digests": ["sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31"]}} pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 089de8836b0e clamscan-result-amd64.log Uploading c87f3e2155b0 clamscan-ec-test-amd64.json Uploaded c87f3e2155b0 clamscan-ec-test-amd64.json Uploaded 089de8836b0e clamscan-result-amd64.log Uploading 163583910603 application/vnd.oci.image.manifest.v1+json Uploaded 163583910603 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:1635839106032307304473d855b6159078895b3fb4a845ed03db36414d587c33 pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | init container: prepare 2026/02/10 22:14:02 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | init container: place-scripts 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-0-2wbz5 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-1-5zdl4 pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761647.1679096,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761647.3595345,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761647.3595753,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761647.3830407,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 directly. pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-bakp-on-pull-request-dnv54-init-pod | init container: prepare 2026/02/10 22:13:44 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-init-pod | init container: place-scripts 2026/02/10 22:13:44 Decoded script /tekton/scripts/script-0-vc6mj pod: test-comp-bakp-on-pull-request-dnv54-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | init container: prepare 2026/02/10 22:14:10 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | init container: place-scripts 2026/02/10 22:14:11 Decoded script /tekton/scripts/script-0-rpjdp 2026/02/10 22:14:11 Decoded script /tekton/scripts/script-1-vzgng pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | container step-sanitize-config-file-with-yq: pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-0-4nkrh pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | container step-push: [2026-02-10T22:15:20,314635966+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.lbYNoJNQw1 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:sha256-e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31.dockerfile Dockerfile pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:15:15 Decoded script /tekton/scripts/script-0-xnkvc 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-1-tmlsd pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-100.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-112.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-132.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-85.json ./shellcheck-results/sc-92.json ./shellcheck-results/sc-96.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:15:21+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' {"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 6dee4a2897b1 application/vnd.oci.image.manifest.v1+json Uploaded 6dee4a2897b1 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:6dee4a2897b1de0e8a308ccf115916f8753c906f09c24ad6b7139cb282f0bf91 No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-0-wtnp8 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-1-h4dbh pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-bakp INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: place-scripts 2026/02/10 22:15:17 Decoded script /tekton/scripts/script-0-2fnhm 2026/02/10 22:15:17 Decoded script /tekton/scripts/script-1-qtx7q pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:15:22+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 9f1a4673ef8d application/vnd.oci.image.manifest.v1+json Uploaded 9f1a4673ef8d application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:9f1a4673ef8d9c99931c516cc3846229b0876c8ed539079fb74c08b479188fb3 No excluded-findings.json exists. Skipping upload. [FAILED] in [It] - /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:354 @ 02/10/26 22:15:40.236 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc001c681b0>: pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: place-scripts 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-0-hgxcx 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-1-j2zbg 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-2-tsh7w 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-3-hcdf2 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-4-dqnrx 2026/02/10 22:15:06 Decoded script /tekton/scripts/script-5-rzc6t pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 The media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Auth json written to "/auth/auth.json". pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-set-skip-for-bundles: 2026/02/10 22:15:11 INFO Step was skipped due to when expressions were evaluated to false. pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-app-check: time="2026-02-10T22:15:11Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:15:12Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 for platform amd64" time="2026-02-10T22:15:12Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" time="2026-02-10T22:15:16Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory" time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2026-02-10T22:15:16Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2026-02-10T22:15:16Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2026-02-10T22:15:16Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2026-02-10T22:15:20Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:15:20Z" level=info msg="check completed" check=BasedOnUbi result=FAILED time="2026-02-10T22:15:20Z" level=info msg="This image's tag on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 will be paired with digest sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 3467, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "BasedOnUbi", "elapsed_time": 152, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)", "help": "Check BasedOnUbi encountered an error. Please review the preflight.log file for more information.", "suggestion": "Change the FROM directive in your Dockerfile or Containerfile, for the latest list of images and details refer to: https://catalog.redhat.com/software/base-images", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } time="2026-02-10T22:15:20Z" level=info msg="Preflight result: FAILED" pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1770761721","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1770761721","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":3,"failures":4,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-apply-tags-pod | init container: prepare 2026/02/10 22:15:05 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:15:08Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" time="2026-02-10T22:15:08Z" level=info msg="[param] Image digest: sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31" time="2026-02-10T22:15:08Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:15:08Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: prepare 2026/02/10 22:14:17 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: place-scripts 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-0-7zzl2 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-1-lpfsv 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-2-9sqbc 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-3-t7d2f 2026/02/10 22:14:18 Decoded script /tekton/scripts/script-4-6pdgz pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-build: [2026-02-10T22:14:22,324265443+00:00] Validate context path [2026-02-10T22:14:22,327603027+00:00] Update CA trust [2026-02-10T22:14:22,328656091+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:14:24,317591716+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:14:24,323305759+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:14:24,559865087+00:00] Setup prefetched Trying to pull quay.io/devfile/python:slim... Getting image source signatures Copying blob sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61 Copying blob sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a Copying blob sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb Copying blob sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec Copying blob sha256:30fb943195a7f7cee90a9c67461c338d1d76a7004d2f94792b774ef71d875a02 Copying config sha256:04f51101c1b979fb8a45a5332bfa8ed2c60f613ea396c3edd40f3d91702b24ef Writing manifest to image destination [2026-02-10T22:14:27,012017084+00:00] Unsetting proxy { "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "org.opencontainers.image.revision": "41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-python-basic", "quay.expires-after": "6h", "build-date": "2026-02-10T22:14:24Z", "org.opencontainers.image.created": "2026-02-10T22:14:24Z", "io.buildah.version": "1.42.2" } [2026-02-10T22:14:27,053656708+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:14:27,056834847+00:00] Add secrets [2026-02-10T22:14:27,064316001+00:00] Run buildah build [2026-02-10T22:14:27,065363359+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --label org.opencontainers.image.revision=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --label quay.expires-after=6h --label build-date=2026-02-10T22:14:24Z --label org.opencontainers.image.created=2026-02-10T22:14:24Z --annotation org.opencontainers.image.revision=41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-python-basic --annotation org.opencontainers.image.created=2026-02-10T22:14:24Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.WHigQ8 -t quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 . STEP 1/11: FROM quay.io/devfile/python:slim STEP 2/11: EXPOSE 8081/tcp STEP 3/11: ENV FLASK_PORT=8081 STEP 4/11: WORKDIR /projects STEP 5/11: COPY requirements.txt . STEP 6/11: RUN pip install -r requirements.txt Collecting Flask==2.1.0 Downloading Flask-2.1.0-py3-none-any.whl (95 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 95.2/95.2 kB 30.2 MB/s eta 0:00:00 Collecting Werkzeug>=2.0 Downloading werkzeug-3.1.5-py3-none-any.whl (225 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 225.0/225.0 kB 91.4 MB/s eta 0:00:00 Collecting Jinja2>=3.0 Downloading jinja2-3.1.6-py3-none-any.whl (134 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 134.9/134.9 kB 129.4 MB/s eta 0:00:00 Collecting itsdangerous>=2.0 Downloading itsdangerous-2.2.0-py3-none-any.whl (16 kB) Collecting click>=8.0 Downloading click-8.3.1-py3-none-any.whl (108 kB) ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 108.3/108.3 kB 114.1 MB/s eta 0:00:00 Collecting MarkupSafe>=2.0 Downloading markupsafe-3.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl (22 kB) Installing collected packages: MarkupSafe, itsdangerous, click, Werkzeug, Jinja2, Flask Successfully installed Flask-2.1.0 Jinja2-3.1.6 MarkupSafe-3.0.3 Werkzeug-3.1.5 click-8.3.1 itsdangerous-2.2.0 WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv [notice] A new release of pip available: 22.3.1 -> 26.0.1 [notice] To update, run: pip install --upgrade pip STEP 7/11: COPY . . STEP 8/11: CMD [ "python", "./app.py" ] STEP 9/11: COPY labels.json /usr/share/buildinfo/labels.json STEP 10/11: COPY labels.json /root/buildinfo/labels.json STEP 11/11: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" "org.opencontainers.image.revision"="41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-python-basic" "quay.expires-after"="6h" "build-date"="2026-02-10T22:14:24Z" "org.opencontainers.image.created"="2026-02-10T22:14:24Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 --> 7fe8b4854cd3 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 [2026-02-10T22:14:30,203990282+00:00] Unsetting proxy [2026-02-10T22:14:30,205212872+00:00] Add metadata Recording base image digests used quay.io/devfile/python:slim quay.io/devfile/python:slim@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c Getting image source signatures Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination [2026-02-10T22:14:30,836873332+00:00] End build pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-push: [2026-02-10T22:14:31,476585085+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:14:33,447960009+00:00] Convert image [2026-02-10T22:14:33,448979567+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-dnv54-build-container [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:test-comp-bakp-on-pull-request-dnv54-build-container Getting image source signatures Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination [2026-02-10T22:14:37,201960260+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 [retry] executing: buildah push --format=oci --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Getting image source signatures Copying blob sha256:a031d4c2c835e339c9b57e669fd2201261c70751fd1f60798c06ade77b80dcd5 Copying blob sha256:0a7eaca7a2e7e116a5658c409ea2ceb98226b7481a3b0f90c8d94d9f230fe238 Copying blob sha256:d326469892d974408d96f1e02d64dce10d20f88613688af11e99e3e22523beeb Copying blob sha256:d9892173749de078dfb702835e9e3858aff86e7447fb11c5a2f2c6bb10f882f6 Copying blob sha256:b5ebffba54d3e3f7fd80435fcdc34c4a96fdb2ecab0f0a298fe08f74c2f69d29 Copying blob sha256:609bcd29c7943a6667e3204bfa5b86a07d255f78ebc26d4c4e8981b335ac3b9a Copying config sha256:7fe8b4854cd38633f408a645f3249d4784aa966787415765e734d95f3037e478 Writing manifest to image destination sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 [2026-02-10T22:14:37,957838060+00:00] End push pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:14:38,579636729+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:14:42,987855463+00:00] End sbom-syft-generate pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-prepare-sboms: [2026-02-10T22:14:43,690204994+00:00] Prepare SBOM [2026-02-10T22:14:43,693998075+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:14:44,749 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:14:44,829 [INFO] mobster.oci: Fetching manifest for quay.io/devfile/python@sha256:54924a2ee4a2ef17028ae076ce38e59b3f4054353a5c9f9318dfaee60377532c 2026-02-10 22:14:46,154 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:14:46,154 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:14:46,155 [INFO] mobster.log: Contextual workflow completed in 1.34s 2026-02-10 22:14:46,177 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:14:46,237126711+00:00] End prepare-sboms pod: test-comp-bakp-on-pull-request-dnv54-build-container-pod | container step-upload-sbom: [2026-02-10T22:14:46,797821395+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:0dc2eb2d98012462a36b121ddf47eb41fb2a2ffe9d9efc9f7d99f55d6906a7ae [2026-02-10T22:14:49,608800771+00:00] End upload-sbom pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | init container: prepare 2026/02/10 22:14:53 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | init container: place-scripts 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-0-nbkkm 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-1-mssgd 2026/02/10 22:14:54 Decoded script /tekton/scripts/script-2-m7284 pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-build: [2026-02-10T22:14:58,625180528+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' fa8979e2f8cf07f8316ed007c9b1b10483d09fa06bfc0e6b9c039ad6d1637a3e Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: test-comp-bakp-on-pull-request-dnv54-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:15:00,873890424+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | init container: place-scripts 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-0-6vlhh 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-1-j44fv 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-2-zh5j9 2026/02/10 22:15:05 Decoded script /tekton/scripts/script-3-l8hrd pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:15:14Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"}] 2026-02-10T22:15:14Z INF libvuln initialized component=libvuln/New 2026-02-10T22:15:14Z INF registered configured scanners component=libindex/New 2026-02-10T22:15:14Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:15:14Z INF index request start component=libindex/Libindex.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 2026-02-10T22:15:14Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 2026-02-10T22:15:14Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=CheckManifest 2026-02-10T22:15:14Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=FetchLayers 2026-02-10T22:15:16Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=ScanLayers 2026-02-10T22:15:16Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=ScanLayers 2026-02-10T22:15:16Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexManifest 2026-02-10T22:15:16Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexFinished 2026-02-10T22:15:16Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 state=IndexFinished 2026-02-10T22:15:16Z INF index request done component=libindex/Libindex.Index manifest=sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 { "manifest_hash": "sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31", "packages": { "+GDQTbek1zYvATiVR/wBCA==": { "id": "+GDQTbek1zYvATiVR/wBCA==", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.10-4+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "+aaqENN9U+Kuxcb1tQ8Utg==": { "id": "+aaqENN9U+Kuxcb1tQ8Utg==", "name": "netbase", "version": "6.3", "kind": "binary", "source": { "id": "", "name": "netbase", "version": "6.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "+ol9cHiNc+RWiD7Kw3TLCg==": { "id": "+ol9cHiNc+RWiD7Kw3TLCg==", "name": "libcom-err2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "05vApGRmP6ko1S0ji87IIQ==": { "id": "05vApGRmP6ko1S0ji87IIQ==", "name": "libunistring2", "version": "0.9.10-4", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "0jMyX7UCIuSpntMN1r7Ofg==": { "id": "0jMyX7UCIuSpntMN1r7Ofg==", "name": "libzstd1", "version": "1.4.8+dfsg-2.1", "kind": "binary", "source": { "id": "", "name": "libzstd", "version": "1.4.8+dfsg-2.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "1jyJPCL93kiEbfmNKeyz3g==": { "id": "1jyJPCL93kiEbfmNKeyz3g==", "name": "jinja2", "version": "3.1.6", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.6.0.0.0.0.0.0", "cpe": "" }, "2MObxiEVNllmUEzdVZM5qw==": { "id": "2MObxiEVNllmUEzdVZM5qw==", "name": "apt", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "3XsqGfTFjY5lWf0VTh588Q==": { "id": "3XsqGfTFjY5lWf0VTh588Q==", "name": "werkzeug", "version": "3.1.5", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.1.5.0.0.0.0.0.0", "cpe": "" }, "3f992oeEQfSQxRA0nlq8Wg==": { "id": "3f992oeEQfSQxRA0nlq8Wg==", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "binary", "source": { "id": "", "name": "libgcrypt20", "version": "1.8.7-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4672uZtn8TnHDEzWVyhfjw==": { "id": "4672uZtn8TnHDEzWVyhfjw==", "name": "base-files", "version": "11.1+deb11u5", "kind": "binary", "source": { "id": "", "name": "base-files", "version": "11.1+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "4jCPzhS6OWt4agz9d/cfTw==": { "id": "4jCPzhS6OWt4agz9d/cfTw==", "name": "ncurses-base", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "5zxxTA220k9gPCegfDHkag==": { "id": "5zxxTA220k9gPCegfDHkag==", "name": "libgmp10", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "2:6.2.1+dfsg-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "7a3yla6TRFZrhmAreU7f8Q==": { "id": "7a3yla6TRFZrhmAreU7f8Q==", "name": "libexpat1", "version": "2.2.10-2+deb11u5", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.2.10-2+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "8alfBYUr5uWbAyB5PrY8Hg==": { "id": "8alfBYUr5uWbAyB5PrY8Hg==", "name": "libudev1", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "9snKXrH4dQy2IXHQ01Lg0A==": { "id": "9snKXrH4dQy2IXHQ01Lg0A==", "name": "libaudit1", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Akbft1KN+9FKNhh1tM25eA==": { "id": "Akbft1KN+9FKNhh1tM25eA==", "name": "mount", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "BJL42acLPAR8bEnmM1Z3mg==": { "id": "BJL42acLPAR8bEnmM1Z3mg==", "name": "libblkid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "CBzoMmlXBcyP54HOnauO0g==": { "id": "CBzoMmlXBcyP54HOnauO0g==", "name": "libpam-runtime", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "CpILSbg3p6D7Gsp8sCW1Rg==": { "id": "CpILSbg3p6D7Gsp8sCW1Rg==", "name": "libsemanage1", "version": "3.1-1+b2", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "D0G6c/ML9XX4eoGHgx1jeQ==": { "id": "D0G6c/ML9XX4eoGHgx1jeQ==", "name": "libc6", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "DY5Co0gkGtbgwDlkjfJLWA==": { "id": "DY5Co0gkGtbgwDlkjfJLWA==", "name": "markupsafe", "version": "3.0.3", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.3.0.3.0.0.0.0.0.0", "cpe": "" }, "DtMxcnDA8Je9vAHjmzagaA==": { "id": "DtMxcnDA8Je9vAHjmzagaA==", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "EVGnnBfWyiVHhoIR4vEpgg==": { "id": "EVGnnBfWyiVHhoIR4vEpgg==", "name": "libbz2-1.0", "version": "1.0.8-4", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ExYxXcgoIRjAjUObwDE4jA==": { "id": "ExYxXcgoIRjAjUObwDE4jA==", "name": "libk5crypto3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FJIijlwFNqvdoVBcfTF/pg==": { "id": "FJIijlwFNqvdoVBcfTF/pg==", "name": "login", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FOAAB3KiNsLyi03hQsjRTA==": { "id": "FOAAB3KiNsLyi03hQsjRTA==", "name": "libcrypt1", "version": "1:4.4.18-4", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "1:4.4.18-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "FrUy4mOCaHm5aGT53as3JQ==": { "id": "FrUy4mOCaHm5aGT53as3JQ==", "name": "diffutils", "version": "1:3.7-5", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "1:3.7-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "G/7q+D+DsqYAVnohcyuzgQ==": { "id": "G/7q+D+DsqYAVnohcyuzgQ==", "name": "libssl1.1", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "GGaavnLgXX31qx9chfhdOQ==": { "id": "GGaavnLgXX31qx9chfhdOQ==", "name": "libaudit-common", "version": "1:3.0-2", "kind": "binary", "source": { "id": "", "name": "audit", "version": "1:3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Gm6VA87iOnaQ0rWR6oO9eA==": { "id": "Gm6VA87iOnaQ0rWR6oO9eA==", "name": "libpcre2-8-0", "version": "10.36-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.36-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "HFwGHerHwgvY8vkjr3x1Pg==": { "id": "HFwGHerHwgvY8vkjr3x1Pg==", "name": "itsdangerous", "version": "2.2.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.2.0.0.0.0.0.0.0", "cpe": "" }, "IQfQp74RcAWE7jHtQsMLHg==": { "id": "IQfQp74RcAWE7jHtQsMLHg==", "name": "bsdutils", "version": "1:2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "IiJKm8T4olfm6rhuKayFOw==": { "id": "IiJKm8T4olfm6rhuKayFOw==", "name": "lsb-base", "version": "11.1.0", "kind": "binary", "source": { "id": "", "name": "lsb", "version": "11.1.0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "Jg2vDvx1JxyPDIrUzzR9NQ==": { "id": "Jg2vDvx1JxyPDIrUzzR9NQ==", "name": "grep", "version": "3.6-1", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LOfpAnA/2f7zE4SFJCrxVg==": { "id": "LOfpAnA/2f7zE4SFJCrxVg==", "name": "zlib1g", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1:1.2.11.dfsg-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "LVHVhWoZgWwWvOspyUwb1w==": { "id": "LVHVhWoZgWwWvOspyUwb1w==", "name": "libreadline8", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "MvKvHHnD0jaLaWpyHvkhgQ==": { "id": "MvKvHHnD0jaLaWpyHvkhgQ==", "name": "passwd", "version": "1:4.8.1-1", "kind": "binary", "source": { "id": "", "name": "shadow", "version": "1:4.8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "NA4G2YrIZ73fsX7d5r5rGw==": { "id": "NA4G2YrIZ73fsX7d5r5rGw==", "name": "debconf", "version": "1.5.77", "kind": "binary", "source": { "id": "", "name": "debconf", "version": "1.5.77", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "NzkVb7F31E+Vxxz3PCS6tg==": { "id": "NzkVb7F31E+Vxxz3PCS6tg==", "name": "libkrb5support0", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "OgJFdUXRfF1Ls8u1+eOivw==": { "id": "OgJFdUXRfF1Ls8u1+eOivw==", "name": "libgpg-error0", "version": "1.38-2", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.38-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PaaRbD/FkW3JARtSKQgRcQ==": { "id": "PaaRbD/FkW3JARtSKQgRcQ==", "name": "libattr1", "version": "1:2.4.48-6", "kind": "binary", "source": { "id": "", "name": "attr", "version": "1:2.4.48-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "PgPY5hWnihXRN45byvzY0g==": { "id": "PgPY5hWnihXRN45byvzY0g==", "name": "libncursesw6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "R1TkRM71ql+JWgz0VF5ESQ==": { "id": "R1TkRM71ql+JWgz0VF5ESQ==", "name": "libsepol1", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RAMuXEdVU4AJ/z4aiK/NNg==": { "id": "RAMuXEdVU4AJ/z4aiK/NNg==", "name": "setuptools", "version": "65.5.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.65.5.0.0.0.0.0.0.0", "cpe": "" }, "RYsqO4ROpGMzzCO5WaTrlw==": { "id": "RYsqO4ROpGMzzCO5WaTrlw==", "name": "dpkg", "version": "1.20.12", "kind": "binary", "source": { "id": "", "name": "dpkg", "version": "1.20.12", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "RgdwX+VC70nXZ2E527PXaA==": { "id": "RgdwX+VC70nXZ2E527PXaA==", "name": "logsave", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "SWnjL4fWu+WMpxhSCWLhZQ==": { "id": "SWnjL4fWu+WMpxhSCWLhZQ==", "name": "base-passwd", "version": "3.5.51", "kind": "binary", "source": { "id": "", "name": "base-passwd", "version": "3.5.51", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "T5NuX1yinNyGoZNN2r9u4Q==": { "id": "T5NuX1yinNyGoZNN2r9u4Q==", "name": "ca-certificates", "version": "20210119", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "20210119", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "VVXsYlCxogg17Ti1iR03Mw==": { "id": "VVXsYlCxogg17Ti1iR03Mw==", "name": "libseccomp2", "version": "2.5.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "VbNyM3GfR5vEmJdFAiKqrA==": { "id": "VbNyM3GfR5vEmJdFAiKqrA==", "name": "gcc-9-base", "version": "9.3.0-22", "kind": "binary", "source": { "id": "", "name": "gcc-9", "version": "9.3.0-22", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "Vo1mnwlrbhO3Gx1QVEhKkA==": { "id": "Vo1mnwlrbhO3Gx1QVEhKkA==", "name": "click", "version": "8.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.8.3.1.0.0.0.0.0.0", "cpe": "" }, "Wi4oa03apqVdR6okNeZiNA==": { "id": "Wi4oa03apqVdR6okNeZiNA==", "name": "libgnutls30", "version": "3.7.1-5+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnutls28", "version": "3.7.1-5+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "ZPlAztePXX+uFLVDX2lgNQ==": { "id": "ZPlAztePXX+uFLVDX2lgNQ==", "name": "libsemanage-common", "version": "3.1-1", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ZWeYh81MRCu1nh3mOyptIA==": { "id": "ZWeYh81MRCu1nh3mOyptIA==", "name": "libmount1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bGWj1aSf0wvrecU/pdTv5A==": { "id": "bGWj1aSf0wvrecU/pdTv5A==", "name": "gcc-10-base", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bHkSxcl6e1quNxLGb6uX8A==": { "id": "bHkSxcl6e1quNxLGb6uX8A==", "name": "coreutils", "version": "8.32-4+b1", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "bTSLWiizipO2axtmvXFuVg==": { "id": "bTSLWiizipO2axtmvXFuVg==", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "binary", "source": { "id": "", "name": "libtasn1-6", "version": "4.16.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "be3s5y0dx4bgsQboIoDduw==": { "id": "be3s5y0dx4bgsQboIoDduw==", "name": "libp11-kit0", "version": "0.23.22-1", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "brvvAQ6V7yp7QbUuk+W5Hg==": { "id": "brvvAQ6V7yp7QbUuk+W5Hg==", "name": "libext2fs2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "d4b/e0nx+/vPWuPB7oDzPw==": { "id": "d4b/e0nx+/vPWuPB7oDzPw==", "name": "libc-bin", "version": "2.31-13+deb11u5", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.31-13+deb11u5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dRfu6Up2F2Ze+gJ21oSeug==": { "id": "dRfu6Up2F2Ze+gJ21oSeug==", "name": "libgdbm6", "version": "1.19-2", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dUT53gagQO5Ac9Bdlu5dAw==": { "id": "dUT53gagQO5Ac9Bdlu5dAw==", "name": "sysvinit-utils", "version": "2.96-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "sysvinit", "version": "2.96-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dXglURzzdbLnOf14mab1Hg==": { "id": "dXglURzzdbLnOf14mab1Hg==", "name": "tar", "version": "1.34+dfsg-1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34+dfsg-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dobmrwm7aq9puvFHwNgXxw==": { "id": "dobmrwm7aq9puvFHwNgXxw==", "name": "libstdc++6", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "dv3AlW8tBL4D0mEPW7/Z2Q==": { "id": "dv3AlW8tBL4D0mEPW7/Z2Q==", "name": "libpam-modules-bin", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "eF2QIdrTmJlWmjQTkhntow==": { "id": "eF2QIdrTmJlWmjQTkhntow==", "name": "wheel", "version": "0.38.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.0.38.4.0.0.0.0.0.0", "cpe": "" }, "elSR7m8uLWd/kMl2jxTm/A==": { "id": "elSR7m8uLWd/kMl2jxTm/A==", "name": "libpam-modules", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "evNF5YpSAxyFV7iWv3lSVw==": { "id": "evNF5YpSAxyFV7iWv3lSVw==", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1n-0+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fCmdLCR2Ix0ldnZL1Fa52A==": { "id": "fCmdLCR2Ix0ldnZL1Fa52A==", "name": "bash", "version": "5.1-2+deb11u1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1-2+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fqwKjkzVNvsxh6040zt05g==": { "id": "fqwKjkzVNvsxh6040zt05g==", "name": "hostname", "version": "3.23", "kind": "binary", "source": { "id": "", "name": "hostname", "version": "3.23", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "fyM9Y65kt8cTfJv4LKF7bg==": { "id": "fyM9Y65kt8cTfJv4LKF7bg==", "name": "libcap-ng0", "version": "0.7.9-2.2+b1", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.9-2.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "gP9HgvZWct50Kw/hM7BCKg==": { "id": "gP9HgvZWct50Kw/hM7BCKg==", "name": "libtirpc-common", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "gv6x84VyNacZgvJrC59jbQ==": { "id": "gv6x84VyNacZgvJrC59jbQ==", "name": "libffi7", "version": "3.3-6", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.3-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "hdNUjYIlrdEAtBWAggakAw==": { "id": "hdNUjYIlrdEAtBWAggakAw==", "name": "perl-base", "version": "5.32.1-4+deb11u2", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-4+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "i4JkQ9JgSpZVyPFWOY5Bxw==": { "id": "i4JkQ9JgSpZVyPFWOY5Bxw==", "name": "liblz4-1", "version": "1.9.3-2", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "iWqdRZmp08/Tx22qEtmjJg==": { "id": "iWqdRZmp08/Tx22qEtmjJg==", "name": "libpcre3", "version": "2:8.39-13", "kind": "binary", "source": { "id": "", "name": "pcre3", "version": "2:8.39-13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jErhz6PtXvAy/EPWJ425rA==": { "id": "jErhz6PtXvAy/EPWJ425rA==", "name": "libuuid1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "jKa8Us2cqGejhOc2/n5DDA==": { "id": "jKa8Us2cqGejhOc2/n5DDA==", "name": "libsmartcols1", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "kq4lGEwi4agkgAJAkDs9Ng==": { "id": "kq4lGEwi4agkgAJAkDs9Ng==", "name": "flask", "version": "2.1.0", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.2.1.0.0.0.0.0.0.0", "cpe": "" }, "krch6TQqNWzRi5F/dDkF+Q==": { "id": "krch6TQqNWzRi5F/dDkF+Q==", "name": "ncurses-bin", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "l5lCPjtOmPM8/LLh9+NjeQ==": { "id": "l5lCPjtOmPM8/LLh9+NjeQ==", "name": "gpgv", "version": "2.2.27-2+deb11u2", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.27-2+deb11u2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lCjIskl1HulEHShaXtgmwQ==": { "id": "lCjIskl1HulEHShaXtgmwQ==", "name": "libtinfo6", "version": "6.2+20201114-2", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2+20201114-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "lvz5sq0NbU6sy/F1tg9uiQ==": { "id": "lvz5sq0NbU6sy/F1tg9uiQ==", "name": "libkeyutils1", "version": "1.6.1-2", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "mlFDx1iAC2OWpmYHut2JHw==": { "id": "mlFDx1iAC2OWpmYHut2JHw==", "name": "libnettle8", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nV87o429QBKIpM8DyOv4wg==": { "id": "nV87o429QBKIpM8DyOv4wg==", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "binary", "source": { "id": "", "name": "debian-archive-keyring", "version": "2021.1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ngOu/a+sfrdDkZtETF1mgg==": { "id": "ngOu/a+sfrdDkZtETF1mgg==", "name": "libselinux1", "version": "3.1-3", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nmd/xrCD27AKRWAzA5JZCA==": { "id": "nmd/xrCD27AKRWAzA5JZCA==", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "binary", "source": { "id": "", "name": "mawk", "version": "1.3.4.20200120-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "npX4tBmidkxp2QJN/c3Ktw==": { "id": "npX4tBmidkxp2QJN/c3Ktw==", "name": "libdebconfclient0", "version": "0.260", "kind": "binary", "source": { "id": "", "name": "cdebconf", "version": "0.260", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "nwapLKtbHTjy1u8+aA0X+Q==": { "id": "nwapLKtbHTjy1u8+aA0X+Q==", "name": "pip", "version": "22.3.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "pep440:0.22.3.1.0.0.0.0.0.0", "cpe": "" }, "oH9T0w9ZyXDCGJ6Np6n1Iw==": { "id": "oH9T0w9ZyXDCGJ6Np6n1Iw==", "name": "init-system-helpers", "version": "1.60", "kind": "binary", "source": { "id": "", "name": "init-system-helpers", "version": "1.60", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "ozJ983JkaV259+RUbqutzw==": { "id": "ozJ983JkaV259+RUbqutzw==", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "binary", "source": { "id": "", "name": "dash", "version": "0.5.11+git20200708+dd9ef66-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "p+J9YgA22NC8PDODpTSxgw==": { "id": "p+J9YgA22NC8PDODpTSxgw==", "name": "libidn2-0", "version": "2.3.0-5", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "pHAWej2qVWZtoCQ5DGoRcQ==": { "id": "pHAWej2qVWZtoCQ5DGoRcQ==", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2021a-1+deb11u8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "pZoLgWqHDgjhYQPevrtwdg==": { "id": "pZoLgWqHDgjhYQPevrtwdg==", "name": "libss2", "version": "1.46.2-2", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.2-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "q78XIEiJs5tQHLZtjoU3Fg==": { "id": "q78XIEiJs5tQHLZtjoU3Fg==", "name": "adduser", "version": "3.118", "kind": "binary", "source": { "id": "", "name": "adduser", "version": "3.118", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "qN2BSWBeEFRJnExMNJ1S0A==": { "id": "qN2BSWBeEFRJnExMNJ1S0A==", "name": "libsqlite3-0", "version": "3.34.1-3", "kind": "binary", "source": { "id": "", "name": "sqlite3", "version": "3.34.1-3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "qrPZzwjmppjOiQbrGk5IQA==": { "id": "qrPZzwjmppjOiQbrGk5IQA==", "name": "libgssapi-krb5-2", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rJ4UB7yOdBPwgrk5WLwIQw==": { "id": "rJ4UB7yOdBPwgrk5WLwIQw==", "name": "libhogweed6", "version": "3.7.3-1", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.7.3-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "rUyBCRoo9C2erJrGUkvuDQ==": { "id": "rUyBCRoo9C2erJrGUkvuDQ==", "name": "libtirpc3", "version": "1.3.1-1+deb11u1", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.1-1+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "s66OGd0F2Pbemhmyrg2R9w==": { "id": "s66OGd0F2Pbemhmyrg2R9w==", "name": "libsystemd0", "version": "247.3-7+deb11u1", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "247.3-7+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sU05gaIadSYQd4+DxTnInw==": { "id": "sU05gaIadSYQd4+DxTnInw==", "name": "libacl1", "version": "2.2.53-10", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "sXwy5mmgqLM9WC30BdKwTA==": { "id": "sXwy5mmgqLM9WC30BdKwTA==", "name": "readline-common", "version": "8.1-1", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "all", "cpe": "" }, "tNSJ6slY9zv+TZ6de2MVDQ==": { "id": "tNSJ6slY9zv+TZ6de2MVDQ==", "name": "liblzma5", "version": "5.2.5-2.1~deb11u1", "kind": "binary", "source": { "id": "", "name": "xz-utils", "version": "5.2.5-2.1~deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "tYADP/V07/lE8Qno1R/hhg==": { "id": "tYADP/V07/lE8Qno1R/hhg==", "name": "libgcc-s1", "version": "10.2.1-6", "kind": "binary", "source": { "id": "", "name": "gcc-10", "version": "10.2.1-6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "uXsuLx/plg6mDddGlE/9EA==": { "id": "uXsuLx/plg6mDddGlE/9EA==", "name": "libxxhash0", "version": "0.8.0-2", "kind": "binary", "source": { "id": "", "name": "xxhash", "version": "0.8.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "vqKK+x/7cGHNjLr4L7x4uQ==": { "id": "vqKK+x/7cGHNjLr4L7x4uQ==", "name": "libdb5.3", "version": "5.3.28+dfsg1-0.8", "kind": "binary", "source": { "id": "", "name": "db5.3", "version": "5.3.28+dfsg1-0.8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "wkuBBC4B84P3b4K0fGF0OQ==": { "id": "wkuBBC4B84P3b4K0fGF0OQ==", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.36.1-8+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "xaMEpa2lawXi7R9jqzX8hA==": { "id": "xaMEpa2lawXi7R9jqzX8hA==", "name": "findutils", "version": "4.8.0-1", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "yYcMjCGhY/mc+KraTEHSJg==": { "id": "yYcMjCGhY/mc+KraTEHSJg==", "name": "libkrb5-3", "version": "1.18.3-6+deb11u3", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.3-6+deb11u3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zL6jHnohFUDkhEaUeTlPOQ==": { "id": "zL6jHnohFUDkhEaUeTlPOQ==", "name": "sed", "version": "4.7-1", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.7-1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zQ8wKwnOqSw7e/gsx76vLQ==": { "id": "zQ8wKwnOqSw7e/gsx76vLQ==", "name": "debianutils", "version": "4.11.2", "kind": "binary", "source": { "id": "", "name": "debianutils", "version": "4.11.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zRv/Q67g6qJWTz0qqj4+BA==": { "id": "zRv/Q67g6qJWTz0qqj4+BA==", "name": "libnsl2", "version": "1.3.0-2", "kind": "binary", "source": { "id": "", "name": "libnsl", "version": "1.3.0-2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zV4ikAKeqBYFSvXnkFMYgg==": { "id": "zV4ikAKeqBYFSvXnkFMYgg==", "name": "libpam0g", "version": "1.4.0-9+deb11u1", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.4.0-9+deb11u1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" }, "zw9OGAXs3mWkBkmfKzbfqg==": { "id": "zw9OGAXs3mWkBkmfKzbfqg==", "name": "libapt-pkg6.0", "version": "2.2.4", "kind": "binary", "source": { "id": "", "name": "apt", "version": "2.2.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "amd64", "cpe": "" } }, "distributions": { "6df3d1d2-5dab-46de-b77e-dd03af431473": { "id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" } }, "repository": { "dc34882b-f4cd-49f0-9252-33484877db9a": { "id": "dc34882b-f4cd-49f0-9252-33484877db9a", "name": "pypi", "uri": "https://pypi.org/simple", "cpe": "" } }, "environments": { "+GDQTbek1zYvATiVR/wBCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "+aaqENN9U+Kuxcb1tQ8Utg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "+ol9cHiNc+RWiD7Kw3TLCg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "05vApGRmP6ko1S0ji87IIQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "0jMyX7UCIuSpntMN1r7Ofg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "1jyJPCL93kiEbfmNKeyz3g==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "2MObxiEVNllmUEzdVZM5qw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "3XsqGfTFjY5lWf0VTh588Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "3f992oeEQfSQxRA0nlq8Wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "4672uZtn8TnHDEzWVyhfjw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "4jCPzhS6OWt4agz9d/cfTw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "5zxxTA220k9gPCegfDHkag==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "7a3yla6TRFZrhmAreU7f8Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "8alfBYUr5uWbAyB5PrY8Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "9snKXrH4dQy2IXHQ01Lg0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Akbft1KN+9FKNhh1tM25eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "BJL42acLPAR8bEnmM1Z3mg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "CBzoMmlXBcyP54HOnauO0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "CpILSbg3p6D7Gsp8sCW1Rg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "DY5Co0gkGtbgwDlkjfJLWA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "DtMxcnDA8Je9vAHjmzagaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "EVGnnBfWyiVHhoIR4vEpgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ExYxXcgoIRjAjUObwDE4jA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FJIijlwFNqvdoVBcfTF/pg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FOAAB3KiNsLyi03hQsjRTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "FrUy4mOCaHm5aGT53as3JQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "G/7q+D+DsqYAVnohcyuzgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "GGaavnLgXX31qx9chfhdOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "HFwGHerHwgvY8vkjr3x1Pg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "IQfQp74RcAWE7jHtQsMLHg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "IiJKm8T4olfm6rhuKayFOw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Jg2vDvx1JxyPDIrUzzR9NQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "LOfpAnA/2f7zE4SFJCrxVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "LVHVhWoZgWwWvOspyUwb1w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "NA4G2YrIZ73fsX7d5r5rGw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "NzkVb7F31E+Vxxz3PCS6tg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "OgJFdUXRfF1Ls8u1+eOivw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "PaaRbD/FkW3JARtSKQgRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "PgPY5hWnihXRN45byvzY0g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "R1TkRM71ql+JWgz0VF5ESQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "RYsqO4ROpGMzzCO5WaTrlw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "RgdwX+VC70nXZ2E527PXaA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "SWnjL4fWu+WMpxhSCWLhZQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "T5NuX1yinNyGoZNN2r9u4Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "VVXsYlCxogg17Ti1iR03Mw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "VbNyM3GfR5vEmJdFAiKqrA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "Vo1mnwlrbhO3Gx1QVEhKkA==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "Wi4oa03apqVdR6okNeZiNA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ZPlAztePXX+uFLVDX2lgNQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ZWeYh81MRCu1nh3mOyptIA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bGWj1aSf0wvrecU/pdTv5A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bHkSxcl6e1quNxLGb6uX8A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "bTSLWiizipO2axtmvXFuVg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "be3s5y0dx4bgsQboIoDduw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "d4b/e0nx+/vPWuPB7oDzPw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dRfu6Up2F2Ze+gJ21oSeug==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dUT53gagQO5Ac9Bdlu5dAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dXglURzzdbLnOf14mab1Hg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dobmrwm7aq9puvFHwNgXxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "eF2QIdrTmJlWmjQTkhntow==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "elSR7m8uLWd/kMl2jxTm/A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "evNF5YpSAxyFV7iWv3lSVw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:778656c04542093db6d3b6e07bffbcf6ec4b24709276be7cdf177fcb3666663a", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fqwKjkzVNvsxh6040zt05g==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "fyM9Y65kt8cTfJv4LKF7bg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "gP9HgvZWct50Kw/hM7BCKg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "gv6x84VyNacZgvJrC59jbQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "hdNUjYIlrdEAtBWAggakAw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "i4JkQ9JgSpZVyPFWOY5Bxw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "iWqdRZmp08/Tx22qEtmjJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "jErhz6PtXvAy/EPWJ425rA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "jKa8Us2cqGejhOc2/n5DDA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "kq4lGEwi4agkgAJAkDs9Ng==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:ceba6edba268245a8e21a15978f16b3635a6d1e4c79b4fa71a57033de6694858", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "krch6TQqNWzRi5F/dDkF+Q==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "lCjIskl1HulEHShaXtgmwQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "lvz5sq0NbU6sy/F1tg9uiQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "mlFDx1iAC2OWpmYHut2JHw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nV87o429QBKIpM8DyOv4wg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ngOu/a+sfrdDkZtETF1mgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nmd/xrCD27AKRWAzA5JZCA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "npX4tBmidkxp2QJN/c3Ktw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "nwapLKtbHTjy1u8+aA0X+Q==": [ { "package_db": "python:usr/local/lib/python3.11/site-packages", "introduced_in": "sha256:0f372def914e585a52a46de64d0ed00b960c02f5f81a307d673e73b404203d61", "distribution_id": "", "repository_ids": [ "dc34882b-f4cd-49f0-9252-33484877db9a" ] } ], "oH9T0w9ZyXDCGJ6Np6n1Iw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "ozJ983JkaV259+RUbqutzw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "p+J9YgA22NC8PDODpTSxgw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "pHAWej2qVWZtoCQ5DGoRcQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "pZoLgWqHDgjhYQPevrtwdg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "q78XIEiJs5tQHLZtjoU3Fg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "qN2BSWBeEFRJnExMNJ1S0A==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "qrPZzwjmppjOiQbrGk5IQA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "rJ4UB7yOdBPwgrk5WLwIQw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "rUyBCRoo9C2erJrGUkvuDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "s66OGd0F2Pbemhmyrg2R9w==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "sU05gaIadSYQd4+DxTnInw==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "sXwy5mmgqLM9WC30BdKwTA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:2f9c09f7c02f4403f9ec5313e53e63eafe6cd43993457b810ce1b9642812daec", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "tNSJ6slY9zv+TZ6de2MVDQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "tYADP/V07/lE8Qno1R/hhg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "uXsuLx/plg6mDddGlE/9EA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "wkuBBC4B84P3b4K0fGF0OQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "xaMEpa2lawXi7R9jqzX8hA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "yYcMjCGhY/mc+KraTEHSJg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zL6jHnohFUDkhEaUeTlPOQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zQ8wKwnOqSw7e/gsx76vLQ==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zRv/Q67g6qJWTz0qqj4+BA==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zV4ikAKeqBYFSvXnkFMYgg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ], "zw9OGAXs3mWkBkmfKzbfqg==": [ { "package_db": "var/lib/dpkg/status", "introduced_in": "sha256:025c56f98b679f70b7a54241917e56da7b59ab9d2defecc6ebdb0bf2750484bb", "distribution_id": "6df3d1d2-5dab-46de-b77e-dd03af431473", "repository_ids": null } ] }, "vulnerabilities": { "+N61/5529gFt7RkD8ooeKQ==": { "id": "+N61/5529gFt7RkD8ooeKQ==", "updater": "debian/updater", "name": "CVE-2023-0465", "description": "Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0465", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "+x9OyXfXk9PrekfsnPKwlg==": { "id": "+x9OyXfXk9PrekfsnPKwlg==", "updater": "debian/updater", "name": "CVE-2020-13529", "description": "An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-13529", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "/7UJLAHsMPxTtTxvuPgrzA==": { "id": "/7UJLAHsMPxTtTxvuPgrzA==", "updater": "debian/updater", "name": "CVE-2024-45491", "description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "/YwO4YLRGgF2uWU55V6+MQ==": { "id": "/YwO4YLRGgF2uWU55V6+MQ==", "updater": "debian/updater", "name": "CVE-2019-1010022", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010022", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "08pa4udz9bnA9IOsE208DA==": { "id": "08pa4udz9bnA9IOsE208DA==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-10", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "0H/7BkE/Q7YVSZhEABXg6w==": { "id": "0H/7BkE/Q7YVSZhEABXg6w==", "updater": "debian/updater", "name": "CVE-2024-26458", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26458", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "1U/zi3CEao+52y8LKU0uvw==": { "id": "1U/zi3CEao+52y8LKU0uvw==", "updater": "debian/updater", "name": "CVE-2021-36084", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __cil_verify_classpermission and __cil_pre_verify_helper).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36084", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "1dwwvWkARnFe67yAAGVglQ==": { "id": "1dwwvWkARnFe67yAAGVglQ==", "updater": "debian/updater", "name": "CVE-2023-31438", "description": "An issue was discovered in systemd 253. An attacker can truncate a sealed log file and then resume log sealing such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31438", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "27BVJE6xR0Z84LzifDnFYA==": { "id": "27BVJE6xR0Z84LzifDnFYA==", "updater": "debian/updater", "name": "CVE-2022-48303", "description": "GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-48303", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "3cBlPR7Tm4BIC/+wflldAg==": { "id": "3cBlPR7Tm4BIC/+wflldAg==", "updater": "debian/updater", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12243", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u7" }, "59rfj7X7Q9O1jyg5L5a5zQ==": { "id": "59rfj7X7Q9O1jyg5L5a5zQ==", "updater": "debian/updater", "name": "CVE-2024-37370", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37370", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "5Cmp5KJXv+nVwwcs5/Kz7w==": { "id": "5Cmp5KJXv+nVwwcs5/Kz7w==", "updater": "debian/updater", "name": "CVE-2024-50602", "description": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-50602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u7" }, "6j23t/n6B77cQMxfCeLKzA==": { "id": "6j23t/n6B77cQMxfCeLKzA==", "updater": "debian/updater", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-12133", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u2" }, "6jg3v7lJ92IZCQpZydR2sA==": { "id": "6jg3v7lJ92IZCQpZydR2sA==", "updater": "debian/updater", "name": "CVE-2024-28757", "description": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28757", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "7DtFnnE8FjIpCQKunutpeg==": { "id": "7DtFnnE8FjIpCQKunutpeg==", "updater": "debian/updater", "name": "CVE-2020-16156", "description": "CPAN 2.28 allows Signature Verification Bypass.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2020-16156", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "9JIazCQjSvYhpG9KE6d7Pg==": { "id": "9JIazCQjSvYhpG9KE6d7Pg==", "updater": "debian/updater", "name": "CVE-2025-8058", "description": "The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8058", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "9sNDKQtqg7Z3gJr//JQlvg==": { "id": "9sNDKQtqg7Z3gJr//JQlvg==", "updater": "debian/updater", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32990", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ANq7+l7+5U6IDt9eU02u5w==": { "id": "ANq7+l7+5U6IDt9eU02u5w==", "updater": "debian/updater", "name": "CVE-2022-3219", "description": "GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3219", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ASrdm9EROwWp9Ip2w7HH5w==": { "id": "ASrdm9EROwWp9Ip2w7HH5w==", "updater": "debian/updater", "name": "CVE-2022-3821", "description": "An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3821", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "AvPdNumiwGnBie+lo1du3A==": { "id": "AvPdNumiwGnBie+lo1du3A==", "updater": "debian/updater", "name": "CVE-2023-31486", "description": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31486", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ba+eHoq0U7aq9Kxwg98r8Q==": { "id": "Ba+eHoq0U7aq9Kxwg98r8Q==", "updater": "debian/updater", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-8941", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "BxMnseA9J6OW2RWxSrlbyQ==": { "id": "BxMnseA9J6OW2RWxSrlbyQ==", "updater": "debian/updater", "name": "CVE-2021-36690", "description": "A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36690", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "C8YeM0XyMbxM6QnHcnbRtQ==": { "id": "C8YeM0XyMbxM6QnHcnbRtQ==", "updater": "debian/updater", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-52099", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "CaLsKNvkpKlxKVBlUnje9Q==": { "id": "CaLsKNvkpKlxKVBlUnje9Q==", "updater": "debian/updater", "name": "CVE-2021-36087", "description": "The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). This occurs because there is sometimes a lack of checks for invalid statements in an optional block.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36087", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "CtYegggqGbMfg16G/qfITQ==": { "id": "CtYegggqGbMfg16G/qfITQ==", "updater": "debian/updater", "name": "CVE-2013-4235", "description": "shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4235", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DJOf0vCfrT4GvRr/tBJhbg==": { "id": "DJOf0vCfrT4GvRr/tBJhbg==", "updater": "debian/updater", "name": "CVE-2024-33601", "description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33601", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "DRKFIYYNzLumACBV1CW/rw==": { "id": "DRKFIYYNzLumACBV1CW/rw==", "updater": "debian/updater", "name": "CVE-2022-35737", "description": "SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-35737", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "DfxJWBpJUY1aHu0ZUSilDg==": { "id": "DfxJWBpJUY1aHu0ZUSilDg==", "updater": "debian/updater", "name": "CVE-2018-6829", "description": "cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-6829", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EYo03ICovWfCjw2cKpwx4Q==": { "id": "EYo03ICovWfCjw2cKpwx4Q==", "updater": "debian/updater", "name": "CVE-2005-2541", "description": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2005-2541", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "EajCJi704nU1+LqESNMC1w==": { "id": "EajCJi704nU1+LqESNMC1w==", "updater": "debian/updater", "name": "CVE-2024-0727", "description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0727", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "EvarhwbaAMrD3meGYFByGg==": { "id": "EvarhwbaAMrD3meGYFByGg==", "updater": "debian/updater", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50495", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "F0zkrLGlbsix59P9mqoAOg==": { "id": "F0zkrLGlbsix59P9mqoAOg==", "updater": "debian/updater", "name": "CVE-2025-30258", "description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-30258", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "G45dR+E8Wb+bEhCdwuqUDg==": { "id": "G45dR+E8Wb+bEhCdwuqUDg==", "updater": "debian/updater", "name": "CVE-2019-20838", "description": "libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \\X or \\R has more than one fixed quantifier, a related issue to CVE-2019-20454.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-20838", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GEZVVbmUXjlQj+79Swj7fA==": { "id": "GEZVVbmUXjlQj+79Swj7fA==", "updater": "debian/updater", "name": "CVE-2025-24528", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-24528", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u6" }, "GPLYq884jQKVksfMc+b7OQ==": { "id": "GPLYq884jQKVksfMc+b7OQ==", "updater": "debian/updater", "name": "CVE-2022-1304", "description": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-1304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "e2fsprogs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.46.2-2+deb11u1" }, "GRlufCZFwHNK64OQNCFIcg==": { "id": "GRlufCZFwHNK64OQNCFIcg==", "updater": "debian/updater", "name": "CVE-2013-4392", "description": "systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-4392", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GezxxUl3QPWUTitg/VHmlQ==": { "id": "GezxxUl3QPWUTitg/VHmlQ==", "updater": "debian/updater", "name": "CVE-2019-1010024", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010024", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "GmBi7n85v8sX6ItoMSgvlQ==": { "id": "GmBi7n85v8sX6ItoMSgvlQ==", "updater": "debian/updater", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9230", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u4" }, "HuTBrVHKx7uaMtQjiqifKQ==": { "id": "HuTBrVHKx7uaMtQjiqifKQ==", "updater": "debian/updater", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0567", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "IJPGr43VMeLym6tW3EWgdg==": { "id": "IJPGr43VMeLym6tW3EWgdg==", "updater": "debian/updater", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-8176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "IvA5abshk33BAuuBar/pVQ==": { "id": "IvA5abshk33BAuuBar/pVQ==", "updater": "debian/updater", "name": "CVE-2024-45492", "description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45492", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "JcoADkxFeYBET6x6TWfsjg==": { "id": "JcoADkxFeYBET6x6TWfsjg==", "updater": "debian/updater", "name": "CVE-2025-40909", "description": "Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-40909", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Jl0PQIP9L3ufSvQ2j71iww==": { "id": "Jl0PQIP9L3ufSvQ2j71iww==", "updater": "osv/pypi", "name": "GHSA-r9hx-vwmv-q579", "description": "pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)", "issued": "2022-12-23T00:30:23Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2022-40897 https://github.com/pypa/setuptools/issues/3659 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://setuptools.pypa.io/en/latest https://security.netapp.com/advisory/ntap-20240621-0006 https://security.netapp.com/advisory/ntap-20230214-0001 https://pyup.io/vulnerabilities/CVE-2022-40897/52495 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNA2BAH2ACBZ4TVJZKFLCR7L23BG5C3H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ADES3NLOE5QJKBLGNZNI2RGVOSQXA37R https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://github.com/pypa/setuptools https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2022-43012.yaml", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "KLrAiYCJHdmWQ2RaqUywlA==": { "id": "KLrAiYCJHdmWQ2RaqUywlA==", "updater": "debian/updater", "name": "CVE-2022-4304", "description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4304", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "KZ3Jt7zkiM272dGLstI4XA==": { "id": "KZ3Jt7zkiM272dGLstI4XA==", "updater": "debian/updater", "name": "CVE-2013-0340", "description": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2013-0340", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KaoEuixR8E5nnpGZ1pG25w==": { "id": "KaoEuixR8E5nnpGZ1pG25w==", "updater": "debian/updater", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-0553", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u5" }, "KvTZOL1MGCoBHaXdBx1RcA==": { "id": "KvTZOL1MGCoBHaXdBx1RcA==", "updater": "debian/updater", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-10041", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "KwgIGMm765S+zvIBAwM9+g==": { "id": "KwgIGMm765S+zvIBAwM9+g==", "updater": "debian/updater", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4899", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libzstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "LD4zPH3rZZkbSPN5ojHClA==": { "id": "LD4zPH3rZZkbSPN5ojHClA==", "updater": "debian/updater", "name": "TEMP-0628843-DBAD28", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MDmWztEMrTY+VyVp5c+Fvw==": { "id": "MDmWztEMrTY+VyVp5c+Fvw==", "updater": "debian/updater", "name": "TEMP-0841856-B18BAF", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MXRm//dBCnWFem5zffvqmA==": { "id": "MXRm//dBCnWFem5zffvqmA==", "updater": "debian/updater", "name": "CVE-2022-3715", "description": "A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-3715", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "bash", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "MYYkxlB4Ank1zsdIh41apg==": { "id": "MYYkxlB4Ank1zsdIh41apg==", "updater": "debian/updater", "name": "CVE-2024-2961", "description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2961", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u9" }, "MdrEi+/OrLlW3zDrheID2Q==": { "id": "MdrEi+/OrLlW3zDrheID2Q==", "updater": "debian/updater", "name": "CVE-2025-59375", "description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-59375", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Mxv06g47iCk7QIqi7Xbojw==": { "id": "Mxv06g47iCk7QIqi7Xbojw==", "updater": "debian/updater", "name": "CVE-2023-45853", "description": "MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-45853", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "zlib", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "NYWveHKKsIYIKl+vE8UEhw==": { "id": "NYWveHKKsIYIKl+vE8UEhw==", "updater": "debian/updater", "name": "TEMP-0517018-A83CE6", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sysvinit", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ns8JH9Yqo6xZiGzihN4B3g==": { "id": "Ns8JH9Yqo6xZiGzihN4B3g==", "updater": "debian/updater", "name": "CVE-2024-22365", "description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-22365", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "Nzgd66Rt/zG5Z8ZfbjecYA==": { "id": "Nzgd66Rt/zG5Z8ZfbjecYA==", "updater": "debian/updater", "name": "CVE-2024-26461", "description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-26461", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "OB48XTRaksNPWPm0dVHJmQ==": { "id": "OB48XTRaksNPWPm0dVHJmQ==", "updater": "debian/updater", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-3576", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u7" }, "P4mYk7npVU6t91mlbAb8QA==": { "id": "P4mYk7npVU6t91mlbAb8QA==", "updater": "debian/updater", "name": "CVE-2024-2511", "description": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2511", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "PJI8cpGpF5+qVan9H5W87Q==": { "id": "PJI8cpGpF5+qVan9H5W87Q==", "updater": "debian/updater", "name": "CVE-2024-28085", "description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.36.1-8+deb11u2" }, "Pj9V3uC2c9o+P6lTpzzGeA==": { "id": "Pj9V3uC2c9o+P6lTpzzGeA==", "updater": "osv/pypi", "name": "PYSEC-2025-49", "description": "", "issued": "2025-05-17T16:15:19Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "QGq5D5QwQKPerzYOBVoSsg==": { "id": "QGq5D5QwQKPerzYOBVoSsg==", "updater": "osv/pypi", "name": "GHSA-cx63-2mw6-8hw5", "description": "setuptools vulnerable to Command Injection via package URL", "issued": "2024-07-15T03:30:57Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/pull/4332 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://github.com/pypa/setuptools https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=70.0.0" }, "Qd2XnJZ3qaQ3AbyDXUaR2A==": { "id": "Qd2XnJZ3qaQ3AbyDXUaR2A==", "updater": "osv/pypi", "name": "PYSEC-2022-43012", "description": "", "issued": "2022-12-23T00:15:00Z", "links": "https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200 https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/ https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1 https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be https://pyup.io/vulnerabilities/CVE-2022-40897/52495/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=65.5.1" }, "QopvyNp/5Ata9NdAUhFygw==": { "id": "QopvyNp/5Ata9NdAUhFygw==", "updater": "debian/updater", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-5278", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "T2SiDOPpMK0bU0Y0qkOm1A==": { "id": "T2SiDOPpMK0bU0Y0qkOm1A==", "updater": "debian/updater", "name": "CVE-2019-1010025", "description": "GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is \"ASLR bypass itself is not a vulnerability.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010025", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Tcuyjettc5LT9G5wj3mSxw==": { "id": "Tcuyjettc5LT9G5wj3mSxw==", "updater": "debian/updater", "name": "CVE-2022-4450", "description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4450", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "TgHh5yPuwUnIt8v9WawGYw==": { "id": "TgHh5yPuwUnIt8v9WawGYw==", "updater": "debian/updater", "name": "CVE-2025-6141", "description": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6141", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "U3JbUhrT2SqWNuYU5d13cQ==": { "id": "U3JbUhrT2SqWNuYU5d13cQ==", "updater": "debian/updater", "name": "CVE-2021-33560", "description": "Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-33560", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "Ud6njM/DPIrfSPiFct82Lw==": { "id": "Ud6njM/DPIrfSPiFct82Lw==", "updater": "debian/updater", "name": "CVE-2023-52426", "description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52426", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "VzolVkOS5HseGzVTLzDMfA==": { "id": "VzolVkOS5HseGzVTLzDMfA==", "updater": "debian/updater", "name": "CVE-2023-39804", "description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-39804", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.34+dfsg-1+deb11u1" }, "WCGqond4znYKCRcm4xyPrg==": { "id": "WCGqond4znYKCRcm4xyPrg==", "updater": "debian/updater", "name": "CVE-2007-5686", "description": "initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging failed authentication attempts by remote attackers.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2007-5686", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WG/hQnqUufOh6/5/mlRi/Q==": { "id": "WG/hQnqUufOh6/5/mlRi/Q==", "updater": "debian/updater", "name": "CVE-2023-31439", "description": "An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31439", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WHvU12ysgz1Ai1y1KSOiLA==": { "id": "WHvU12ysgz1Ai1y1KSOiLA==", "updater": "debian/updater", "name": "CVE-2024-33599", "description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33599", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "WWnQMI7f7f75SgC9Dcl+QQ==": { "id": "WWnQMI7f7f75SgC9Dcl+QQ==", "updater": "debian/updater", "name": "TEMP-0290435-0B57B5", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "WcYPrwv9PSVoVoof5MRsxQ==": { "id": "WcYPrwv9PSVoVoof5MRsxQ==", "updater": "osv/pypi", "name": "PYSEC-2023-228", "description": "", "issued": "2023-10-25T18:17:00Z", "links": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/ https://github.com/pypa/pip/pull/12306", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "Xce4H7xsVfrtYV2aXED7xA==": { "id": "Xce4H7xsVfrtYV2aXED7xA==", "updater": "debian/updater", "name": "CVE-2017-18018", "description": "In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX \"-R -L\" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-18018", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "XtT5+z5+yMbpdsyfkLItzA==": { "id": "XtT5+z5+yMbpdsyfkLItzA==", "updater": "debian/updater", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "ZbWtFXr0WyByV4kCb3M6FA==": { "id": "ZbWtFXr0WyByV4kCb3M6FA==", "updater": "debian/updater", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5981", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u4" }, "ZdGgPSEZdeQ3XJo0+ZpAXQ==": { "id": "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "updater": "debian/updater", "name": "CVE-2019-1010023", "description": "GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate \"this is being treated as a non-security bug and no real threat.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-1010023", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZrZi02myDWWW0L5oPQj/cg==": { "id": "ZrZi02myDWWW0L5oPQj/cg==", "updater": "debian/updater", "name": "CVE-2017-11164", "description": "In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-11164", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ZxTVeoHgmvhWXsV+xLzphA==": { "id": "ZxTVeoHgmvhWXsV+xLzphA==", "updater": "debian/updater", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4813", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aWm6E1ULjtuw0ydmFnsI4A==": { "id": "aWm6E1ULjtuw0ydmFnsI4A==", "updater": "debian/updater", "name": "CVE-2025-6297", "description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6297", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "dpkg", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "aqMHDRnPT+3QNU/8tSwsog==": { "id": "aqMHDRnPT+3QNU/8tSwsog==", "updater": "debian/updater", "name": "CVE-2019-9192", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\\\\1\\\\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-9192", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "b2D8D2g8yPwuRhswdqF0Rw==": { "id": "b2D8D2g8yPwuRhswdqF0Rw==", "updater": "debian/updater", "name": "CVE-2023-3446", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3446", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "bBymk1eoEM+tVYB+/Crz+g==": { "id": "bBymk1eoEM+tVYB+/Crz+g==", "updater": "debian/updater", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28835", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "bNvH54V1y9cXsGaCXVwFVw==": { "id": "bNvH54V1y9cXsGaCXVwFVw==", "updater": "osv/pypi", "name": "GHSA-5rjg-fvgr-3xxf", "description": "setuptools has a path traversal vulnerability in PackageIndex.download that leads to Arbitrary File Write", "issued": "2025-05-19T16:52:43Z", "links": "https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf https://nvd.nist.gov/vuln/detail/CVE-2025-47273 https://github.com/pypa/setuptools/issues/4946 https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b https://github.com/pypa/advisory-database/tree/main/vulns/setuptools/PYSEC-2025-49.yaml https://github.com/pypa/setuptools https://github.com/pypa/setuptools/blob/6ead555c5fb29bc57fe6105b1bffc163f56fd558/setuptools/package_index.py#L810C1-L825C88 https://lists.debian.org/debian-lts-announce/2025/05/msg00035.html", "severity": "HIGH", "normalized_severity": "High", "package": { "id": "", "name": "setuptools", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=78.1.1" }, "bZ2m6J3EIvmTdjYJprlOKA==": { "id": "bZ2m6J3EIvmTdjYJprlOKA==", "updater": "debian/updater", "name": "CVE-2021-36085", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36085", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "brAAPyN4siIQT5bxa9xu4g==": { "id": "brAAPyN4siIQT5bxa9xu4g==", "updater": "debian/updater", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-47038", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u3" }, "cHpKoxiUOXPYUJX1ihMLDg==": { "id": "cHpKoxiUOXPYUJX1ihMLDg==", "updater": "debian/updater", "name": "CVE-2018-5709", "description": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable \"dbentry-\u003en_key_data\" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a \"u4\" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-5709", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "cZD87tDO2q60EFy3BAZ33g==": { "id": "cZD87tDO2q60EFy3BAZ33g==", "updater": "debian/updater", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0464", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "ce9B0jxjyNiCfG4VtZhnVw==": { "id": "ce9B0jxjyNiCfG4VtZhnVw==", "updater": "debian/updater", "name": "CVE-2011-4116", "description": "_is_safe in the File::Temp module for Perl does not properly handle symlinks.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-4116", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "d1D8ilhRqv7A6eAzRE4Ojw==": { "id": "d1D8ilhRqv7A6eAzRE4Ojw==", "updater": "debian/updater", "name": "CVE-2023-29491", "description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29491", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u2" }, "dFbvYO8avXWxbjXnm5ACqQ==": { "id": "dFbvYO8avXWxbjXnm5ACqQ==", "updater": "debian/updater", "name": "CVE-2023-36054", "description": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-36054", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u4" }, "dUTZP+bcDNUqytJV02E1dQ==": { "id": "dUTZP+bcDNUqytJV02E1dQ==", "updater": "debian/updater", "name": "CVE-2025-6965", "description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6965", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "dZ/H1sYv9QSX9VO93tlGLw==": { "id": "dZ/H1sYv9QSX9VO93tlGLw==", "updater": "osv/pypi", "name": "GHSA-4xh5-x5gv-qwph", "description": "pip's fallback tar extraction doesn't check symbolic links point to extraction directory", "issued": "2025-09-24T15:31:14Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2025-8869 https://github.com/pypa/pip/pull/13550 https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN https://pip.pypa.io/en/stable/news/#v25-2", "severity": "MODERATE", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=25.3" }, "eietxU2AL+GdeSQwh6n6XA==": { "id": "eietxU2AL+GdeSQwh6n6XA==", "updater": "debian/updater", "name": "CVE-2023-0215", "description": "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0215", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "epkSU4TSX3BVrueh1mbRzg==": { "id": "epkSU4TSX3BVrueh1mbRzg==", "updater": "debian/updater", "name": "CVE-2024-13176", "description": "Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-13176", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u3" }, "f6s0c0I4Eo7U1vb/8R9ATg==": { "id": "f6s0c0I4Eo7U1vb/8R9ATg==", "updater": "debian/updater", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-6020", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "pam", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.4.0-9+deb11u2" }, "fUdim7gaWpwZtynNz5GiKg==": { "id": "fUdim7gaWpwZtynNz5GiKg==", "updater": "debian/updater", "name": "CVE-2023-0361", "description": "A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0361", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u3" }, "fXJD4KsFmfzjgWJPYHqTrQ==": { "id": "fXJD4KsFmfzjgWJPYHqTrQ==", "updater": "debian/updater", "name": "CVE-2019-8457", "description": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2019-8457", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "db5.3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "fharKhY7OXyx+gXJAwiegw==": { "id": "fharKhY7OXyx+gXJAwiegw==", "updater": "debian/updater", "name": "CVE-2025-29088", "description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-29088", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "g44foSnimIkShQZtpEhjbQ==": { "id": "g44foSnimIkShQZtpEhjbQ==", "updater": "debian/updater", "name": "CVE-2011-3389", "description": "The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a \"BEAST\" attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3389", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "gMRlXKqXSfP5n8UiPW430Q==": { "id": "gMRlXKqXSfP5n8UiPW430Q==", "updater": "debian/updater", "name": "CVE-2024-33602", "description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33602", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "h7Lhy275V3QLvnBLGAulbw==": { "id": "h7Lhy275V3QLvnBLGAulbw==", "updater": "osv/pypi", "name": "PYSEC-2023-62", "description": "", "issued": "2023-05-02T18:15:00Z", "links": "https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "jJNc2KwFwVg03DlaNN1nbA==": { "id": "jJNc2KwFwVg03DlaNN1nbA==", "updater": "debian/updater", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4806", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "jS/WQ+ua63nFUvjSzoQw1g==": { "id": "jS/WQ+ua63nFUvjSzoQw1g==", "updater": "debian/updater", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-2236", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "libgcrypt20", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k6VTDL+fxGnbqAk/IPGlnQ==": { "id": "k6VTDL+fxGnbqAk/IPGlnQ==", "updater": "debian/updater", "name": "CVE-2023-29383", "description": "In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-29383", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "k6fjQGJuJ+9NXMFLa5+CgA==": { "id": "k6fjQGJuJ+9NXMFLa5+CgA==", "updater": "debian/updater", "name": "CVE-2016-2781", "description": "chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2016-2781", "severity": "low", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "k82HOcJqNkts86KJ0glvow==": { "id": "k82HOcJqNkts86KJ0glvow==", "updater": "debian/updater", "name": "CVE-2023-31484", "description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31484", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "perl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "5.32.1-4+deb11u4" }, "kgqUyyy6Fd5CUNREC3t1jg==": { "id": "kgqUyyy6Fd5CUNREC3t1jg==", "updater": "debian/updater", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-32988", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u8" }, "khiBNMMi17UID6UagXI8LA==": { "id": "khiBNMMi17UID6UagXI8LA==", "updater": "debian/updater", "name": "CVE-2021-36086", "description": "The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-36086", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libsepol", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.1-1+deb11u1" }, "kwKUYCnvi/GndNgicLw/RQ==": { "id": "kwKUYCnvi/GndNgicLw/RQ==", "updater": "debian/updater", "name": "CVE-2023-0466", "description": "The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0466", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "l6iyFrb04z9eZxh35gAtVA==": { "id": "l6iyFrb04z9eZxh35gAtVA==", "updater": "debian/updater", "name": "CVE-2025-0395", "description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-0395", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u12" }, "l8HSGkC4gSxCEUDns7KKfQ==": { "id": "l8HSGkC4gSxCEUDns7KKfQ==", "updater": "debian/updater", "name": "CVE-2011-3374", "description": "It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2011-3374", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "apt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lAYsMZ/1tV9arAE2k+zsAQ==": { "id": "lAYsMZ/1tV9arAE2k+zsAQ==", "updater": "debian/updater", "name": "CVE-2023-31437", "description": "An issue was discovered in systemd 253. An attacker can modify a sealed log file such that, in some views, not all existing and sealed log messages are displayed. NOTE: the vendor reportedly sent \"a reply denying that any of the finding was a security vulnerability.\"", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-31437", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "lShmgiPGgmUIO0VwzhSBRA==": { "id": "lShmgiPGgmUIO0VwzhSBRA==", "updater": "debian/updater", "name": "CVE-2023-2650", "description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with 'n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer's certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-2650", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u5" }, "lnMcIzRPoETIbrbgdDGINA==": { "id": "lnMcIzRPoETIbrbgdDGINA==", "updater": "debian/updater", "name": "CVE-2021-46848", "description": "GNU Libtasn1 before 4.19.0 has an ETYPE_OK off-by-one array size check that affects asn1_encode_simple_der.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-46848", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "libtasn1-6", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "4.16.0-2+deb11u1" }, "m619DfZfUke+jaTAnoZ2Xw==": { "id": "m619DfZfUke+jaTAnoZ2Xw==", "updater": "debian/updater", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7008", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "mJA9Uto8Hh0tElNp2qoYaA==": { "id": "mJA9Uto8Hh0tElNp2qoYaA==", "updater": "debian/updater", "name": "CVE-2017-7245", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7245", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "meQYB1JR+XE3En/RrDfPvA==": { "id": "meQYB1JR+XE3En/RrDfPvA==", "updater": "debian/updater", "name": "CVE-2022-4415", "description": "A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-4415", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u2" }, "mj6UKCnVoHnC6YBWJGf/Ug==": { "id": "mj6UKCnVoHnC6YBWJGf/Ug==", "updater": "osv/pypi", "name": "GHSA-mq26-g339-26xf", "description": "Command Injection in pip when used with Mercurial", "issued": "2023-10-25T18:32:26Z", "links": "https://nvd.nist.gov/vuln/detail/CVE-2023-5752 https://github.com/pypa/pip/pull/12306 https://github.com/pypa/pip/commit/389cb799d0da9a840749fcd14878928467ed49b4 https://github.com/pypa/advisory-database/tree/main/vulns/pip/PYSEC-2023-228.yaml https://github.com/pypa/pip https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pip", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=23.3" }, "mnGTl6DWEAI0reOCEqb0jw==": { "id": "mnGTl6DWEAI0reOCEqb0jw==", "updater": "debian/updater", "name": "CVE-2022-0563", "description": "A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-0563", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "util-linux", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "n+1p0npJfBZ4vUpG1OFi6w==": { "id": "n+1p0npJfBZ4vUpG1OFi6w==", "updater": "debian/updater", "name": "CVE-2023-50868", "description": "The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the \"NSEC3\" issue. The RFC 5155 specification implies that an algorithm must perform thousands of iterations of a hash function in certain situations.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50868", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "o75dmeL6883s7llfbkU+PA==": { "id": "o75dmeL6883s7llfbkU+PA==", "updater": "debian/updater", "name": "CVE-2024-45490", "description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-45490", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "oeIf5WAd0bERBmJCeLsqIg==": { "id": "oeIf5WAd0bERBmJCeLsqIg==", "updater": "debian/updater", "name": "CVE-2017-7246", "description": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-7246", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pa+2016jZIT5xycgFHsAsQ==": { "id": "pa+2016jZIT5xycgFHsAsQ==", "updater": "debian/updater", "name": "CVE-2018-20796", "description": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2018-20796", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "pmcR65l6CQ+6Qdh99gUtFQ==": { "id": "pmcR65l6CQ+6Qdh99gUtFQ==", "updater": "debian/updater", "name": "CVE-2023-52425", "description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-52425", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.2.10-2+deb11u6" }, "pu8XvxoOXeKAI0tvpRRucg==": { "id": "pu8XvxoOXeKAI0tvpRRucg==", "updater": "debian/updater", "name": "CVE-2023-5678", "description": "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-5678", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "qDLWFSo6NpfxWPhSeAS8zQ==": { "id": "qDLWFSo6NpfxWPhSeAS8zQ==", "updater": "debian/updater", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-28834", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.7.1-5+deb11u6" }, "qhu8cH6U47vSCL4GXDHHtA==": { "id": "qhu8cH6U47vSCL4GXDHHtA==", "updater": "debian/updater", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4641", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1:4.8.1-1+deb11u1" }, "rvhjGf5pyhsfm1iFFyudCA==": { "id": "rvhjGf5pyhsfm1iFFyudCA==", "updater": "debian/updater", "name": "CVE-2025-9820", "description": "", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-9820", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "gnutls28", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "s55QOTlka9E4jTdGv0d/FA==": { "id": "s55QOTlka9E4jTdGv0d/FA==", "updater": "debian/updater", "name": "CVE-2025-4802", "description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4802", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u13" }, "srcIw8ffB6famHHqmqImEw==": { "id": "srcIw8ffB6famHHqmqImEw==", "updater": "debian/updater", "name": "CVE-2023-3817", "description": "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the \"-check\" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-3817", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1v-0~deb11u1" }, "svo9ZP0wOZ7IXZp//n2f7g==": { "id": "svo9ZP0wOZ7IXZp//n2f7g==", "updater": "osv/pypi", "name": "GHSA-m2qf-hxjv-5gpq", "description": "Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header", "issued": "2023-05-01T19:22:20Z", "links": "https://github.com/pallets/flask/security/advisories/GHSA-m2qf-hxjv-5gpq https://nvd.nist.gov/vuln/detail/CVE-2023-30861 https://github.com/pallets/flask/commit/70f906c51ce49c485f1d355703e9cc3386b1cc2b https://github.com/pallets/flask/commit/afd63b16170b7c047f5758eb910c416511e9c965 https://github.com/pallets/flask https://github.com/pallets/flask/releases/tag/2.2.5 https://github.com/pallets/flask/releases/tag/2.3.2 https://github.com/pypa/advisory-database/tree/main/vulns/flask/PYSEC-2023-62.yaml https://lists.debian.org/debian-lts-announce/2023/08/msg00024.html https://security.netapp.com/advisory/ntap-20230818-0006 https://www.debian.org/security/2023/dsa-5442", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "flask", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "pypi", "uri": "https://pypi.org/", "cpe": "" }, "fixed_in_version": "fixed=2.2.5" }, "swQXHeTg1VEUQHser/6eEQ==": { "id": "swQXHeTg1VEUQHser/6eEQ==", "updater": "debian/updater", "name": "CVE-2023-50387", "description": "Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the \"KeyTrap\" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-50387", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u6" }, "t3CEDp5fZQ6D+aOizMiuSg==": { "id": "t3CEDp5fZQ6D+aOizMiuSg==", "updater": "debian/updater", "name": "CVE-2023-0286", "description": "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-0286", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "tBbOIOCaKVlwik7hH/baMQ==": { "id": "tBbOIOCaKVlwik7hH/baMQ==", "updater": "debian/updater", "name": "CVE-2021-45346", "description": "A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information. NOTE: The developer disputes this as a vulnerability stating that If you give SQLite a corrupted database file and submit a query against the database, it might read parts of the database that you did not intend or expect.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2021-45346", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "tjx9raP+v/Zzj6SBJct3WA==": { "id": "tjx9raP+v/Zzj6SBJct3WA==", "updater": "debian/updater", "name": "CVE-2023-7104", "description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-7104", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "sqlite3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "3.34.1-3+deb11u1" }, "tne7uZ2E+Ev6QI7ctt3PxA==": { "id": "tne7uZ2E+Ev6QI7ctt3PxA==", "updater": "debian/updater", "name": "CVE-2024-33600", "description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-33600", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u10" }, "u+ya+p/mAtLPAYAgbSPTTw==": { "id": "u+ya+p/mAtLPAYAgbSPTTw==", "updater": "debian/updater", "name": "CVE-2022-41409", "description": "Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-41409", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uEg5UAxE9NNjF71OxdO7uQ==": { "id": "uEg5UAxE9NNjF71OxdO7uQ==", "updater": "debian/updater", "name": "CVE-2017-16231", "description": "In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash overflow in the function match() in pcre_exec.c because of a self-recursive call. NOTE: third parties dispute the relevance of this report, noting that there are options that can be used to limit the amount of stack that is used", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2017-16231", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "pcre3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "uTSYWROavw8Bf2n+4djlMg==": { "id": "uTSYWROavw8Bf2n+4djlMg==", "updater": "debian/updater", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-4598", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "247.3-7+deb11u7" }, "ugZgSJOxFzPCX6LQaJzM3A==": { "id": "ugZgSJOxFzPCX6LQaJzM3A==", "updater": "debian/updater", "name": "CVE-2024-5535", "description": "Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. The OpenSSL API function SSL_select_next_proto is typically used by TLS applications that support ALPN (Application Layer Protocol Negotiation) or NPN (Next Protocol Negotiation). NPN is older, was never standardised and is deprecated in favour of ALPN. We believe that ALPN is significantly more widely deployed than NPN. The SSL_select_next_proto function accepts a list of protocols from the server and a list of protocols from the client and returns the first protocol that appears in the server list that also appears in the client list. In the case of no overlap between the two lists it returns the first item in the client list. In either case it will signal whether an overlap between the two lists was found. In the case where SSL_select_next_proto is called with a zero length client list it fails to notice this condition and returns the memory immediately following the client list pointer (and reports that there was no overlap in the lists). This function is typically called from a server side application callback for ALPN or a client side application callback for NPN. In the case of ALPN the list of protocols supplied by the client is guaranteed by libssl to never be zero in length. The list of server protocols comes from the application and should never normally be expected to be of zero length. In this case if the SSL_select_next_proto function has been called as expected (with the list supplied by the client passed in the client/client_len parameters), then the application will not be vulnerable to this issue. If the application has accidentally been configured with a zero length server list, and has accidentally passed that zero length server list in the client/client_len parameters, and has additionally failed to correctly handle a \"no overlap\" response (which would normally result in a handshake failure in ALPN) then it will be vulnerable to this problem. In the case of NPN, the protocol permits the client to opportunistically select a protocol when there is no overlap. OpenSSL returns the first client protocol in the no overlap case in support of this. The list of client protocols comes from the application and should never normally be expected to be of zero length. However if the SSL_select_next_proto function is accidentally called with a client_len of 0 then an invalid memory pointer will be returned instead. If the application uses this output as the opportunistic protocol then the loss of confidentiality will occur. This issue has been assessed as Low severity because applications are most likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not widely used. It also requires an application configuration or programming error. Finally, this issue would not typically be under attacker control making active exploitation unlikely. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. Due to the low severity of this issue we are not issuing new releases of OpenSSL at this time. The fix will be included in the next releases when they become available.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-5535", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "vcYYj1nbYwczzoLG255iZQ==": { "id": "vcYYj1nbYwczzoLG255iZQ==", "updater": "debian/updater", "name": "CVE-2023-4039", "description": "**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4039", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "gcc-9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "vmet9boOEsf+RUsh5rJnEw==": { "id": "vmet9boOEsf+RUsh5rJnEw==", "updater": "debian/updater", "name": "CVE-2024-4741", "description": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications. The SSL_free_buffers function is used to free the internal OpenSSL buffer used when processing an incoming record from the network. The call is only expected to succeed if the buffer is not currently in use. However, two scenarios have been identified where the buffer is freed even when still in use. The first scenario occurs where a record header has been received from the network and processed by OpenSSL, but the full record body has not yet arrived. In this case calling SSL_free_buffers will succeed even though a record has only been partially processed and the buffer is still in use. The second scenario occurs where a full record containing application data has been received and processed by OpenSSL but the application has only read part of this data. Again a call to SSL_free_buffers will succeed even though the buffer is still in use. While these scenarios could occur accidentally during normal operation a malicious attacker could attempt to engineer a stituation where this occurs. We are not aware of this issue being actively exploited. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-4741", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "w4Wr213OT8TRxlHAy3MwPQ==": { "id": "w4Wr213OT8TRxlHAy3MwPQ==", "updater": "debian/updater", "name": "CVE-2010-4756", "description": "The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2010-4756", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "wFMwqYmfC1KjDKz8vyBr4A==": { "id": "wFMwqYmfC1KjDKz8vyBr4A==", "updater": "debian/updater", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2023-4911", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "glibc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "2.31-13+deb11u7" }, "wzv81XuYHOFtlrLHaamjZg==": { "id": "wzv81XuYHOFtlrLHaamjZg==", "updater": "debian/updater", "name": "CVE-2024-37371", "description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-37371", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "krb5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.18.3-6+deb11u5" }, "x3SWTcEL2lgEvouAhmt6fQ==": { "id": "x3SWTcEL2lgEvouAhmt6fQ==", "updater": "debian/updater", "name": "CVE-2025-27587", "description": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2025-27587", "severity": "unimportant", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "xZI5XEFq7Cuk3Mu3KyTdmg==": { "id": "xZI5XEFq7Cuk3Mu3KyTdmg==", "updater": "debian/updater", "name": "CVE-2024-56433", "description": "shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-56433", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "shadow", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "" }, "ySGl3ADUS8EeTeweiO86Aw==": { "id": "ySGl3ADUS8EeTeweiO86Aw==", "updater": "debian/updater", "name": "CVE-2024-9143", "description": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit values for the field polynomial can lead to out-of-bounds memory reads or writes. Impact summary: Out of bound memory writes can lead to an application crash or even a possibility of a remote code execution, however, in all the protocols involving Elliptic Curve Cryptography that we're aware of, either only \"named curves\" are supported, or, if explicit curve parameters are supported, they specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent problematic input values. Thus the likelihood of existence of a vulnerable application is low. In particular, the X9.62 encoding is used for ECC keys in X.509 certificates, so problematic inputs cannot occur in the context of processing X.509 certificates. Any problematic use-cases would have to be using an \"exotic\" curve encoding. The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(), and various supporting BN_GF2m_*() functions. Applications working with \"exotic\" explicit binary (GF(2^m)) curve parameters, that make it possible to represent invalid field polynomials with a zero constant term, via the above or similar APIs, may terminate abruptly as a result of reading or writing outside of array bounds. Remote code execution cannot easily be ruled out. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2024-9143", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1w-0+deb11u2" }, "yyhzQNC9UPFT5NwvhGsvqg==": { "id": "yyhzQNC9UPFT5NwvhGsvqg==", "updater": "debian/updater", "name": "CVE-2022-2097", "description": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-2097", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "1.1.1n-0+deb11u4" }, "zL8eGifGE7B+wAjTOBjRgQ==": { "id": "zL8eGifGE7B+wAjTOBjRgQ==", "updater": "debian/updater", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "0001-01-01T00:00:00Z", "links": "https://security-tracker.debian.org/tracker/CVE-2022-29458", "severity": "not yet assigned", "normalized_severity": "Unknown", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "debian", "name": "Debian GNU/Linux", "version": "11 (bullseye)", "version_code_name": "bullseye", "version_id": "11", "arch": "", "cpe": "", "pretty_name": "Debian GNU/Linux 11 (bullseye)" }, "repository": { "cpe": "" }, "fixed_in_version": "6.2+20201114-2+deb11u1" } }, "package_vulnerabilities": { "+ol9cHiNc+RWiD7Kw3TLCg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "0jMyX7UCIuSpntMN1r7Ofg==": [ "KwgIGMm765S+zvIBAwM9+g==" ], "2MObxiEVNllmUEzdVZM5qw==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ], "3f992oeEQfSQxRA0nlq8Wg==": [ "DfxJWBpJUY1aHu0ZUSilDg==", "U3JbUhrT2SqWNuYU5d13cQ==", "jS/WQ+ua63nFUvjSzoQw1g==" ], "4jCPzhS6OWt4agz9d/cfTw==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "7a3yla6TRFZrhmAreU7f8Q==": [ "6jg3v7lJ92IZCQpZydR2sA==", "MdrEi+/OrLlW3zDrheID2Q==", "o75dmeL6883s7llfbkU+PA==", "Ud6njM/DPIrfSPiFct82Lw==", "5Cmp5KJXv+nVwwcs5/Kz7w==", "IJPGr43VMeLym6tW3EWgdg==", "KZ3Jt7zkiM272dGLstI4XA==", "pmcR65l6CQ+6Qdh99gUtFQ==", "IvA5abshk33BAuuBar/pVQ==", "/7UJLAHsMPxTtTxvuPgrzA==" ], "8alfBYUr5uWbAyB5PrY8Hg==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "Akbft1KN+9FKNhh1tM25eA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "BJL42acLPAR8bEnmM1Z3mg==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "CBzoMmlXBcyP54HOnauO0g==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "D0G6c/ML9XX4eoGHgx1jeQ==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "DtMxcnDA8Je9vAHjmzagaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "ExYxXcgoIRjAjUObwDE4jA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "FJIijlwFNqvdoVBcfTF/pg==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "G/7q+D+DsqYAVnohcyuzgQ==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "Gm6VA87iOnaQ0rWR6oO9eA==": [ "u+ya+p/mAtLPAYAgbSPTTw==" ], "IQfQp74RcAWE7jHtQsMLHg==": [ "mnGTl6DWEAI0reOCEqb0jw==" ], "LOfpAnA/2f7zE4SFJCrxVg==": [ "Mxv06g47iCk7QIqi7Xbojw==" ], "MvKvHHnD0jaLaWpyHvkhgQ==": [ "WCGqond4znYKCRcm4xyPrg==", "xZI5XEFq7Cuk3Mu3KyTdmg==", "CtYegggqGbMfg16G/qfITQ==", "qhu8cH6U47vSCL4GXDHHtA==", "k6VTDL+fxGnbqAk/IPGlnQ==", "LD4zPH3rZZkbSPN5ojHClA==" ], "NzkVb7F31E+Vxxz3PCS6tg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "PgPY5hWnihXRN45byvzY0g==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "R1TkRM71ql+JWgz0VF5ESQ==": [ "1U/zi3CEao+52y8LKU0uvw==", "bZ2m6J3EIvmTdjYJprlOKA==", "khiBNMMi17UID6UagXI8LA==", "CaLsKNvkpKlxKVBlUnje9Q==" ], "RAMuXEdVU4AJ/z4aiK/NNg==": [ "bNvH54V1y9cXsGaCXVwFVw==", "QGq5D5QwQKPerzYOBVoSsg==", "Jl0PQIP9L3ufSvQ2j71iww==", "Qd2XnJZ3qaQ3AbyDXUaR2A==", "Pj9V3uC2c9o+P6lTpzzGeA==" ], "RYsqO4ROpGMzzCO5WaTrlw==": [ "aWm6E1ULjtuw0ydmFnsI4A==" ], "RgdwX+VC70nXZ2E527PXaA==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "VbNyM3GfR5vEmJdFAiKqrA==": [ "vcYYj1nbYwczzoLG255iZQ==" ], "Wi4oa03apqVdR6okNeZiNA==": [ "KaoEuixR8E5nnpGZ1pG25w==", "rvhjGf5pyhsfm1iFFyudCA==", "g44foSnimIkShQZtpEhjbQ==", "fUdim7gaWpwZtynNz5GiKg==", "ZbWtFXr0WyByV4kCb3M6FA==", "HuTBrVHKx7uaMtQjiqifKQ==", "3cBlPR7Tm4BIC/+wflldAg==", "bBymk1eoEM+tVYB+/Crz+g==", "qDLWFSo6NpfxWPhSeAS8zQ==", "kgqUyyy6Fd5CUNREC3t1jg==", "XtT5+z5+yMbpdsyfkLItzA==", "9sNDKQtqg7Z3gJr//JQlvg==" ], "ZWeYh81MRCu1nh3mOyptIA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "bGWj1aSf0wvrecU/pdTv5A==": [ "08pa4udz9bnA9IOsE208DA==" ], "bHkSxcl6e1quNxLGb6uX8A==": [ "Xce4H7xsVfrtYV2aXED7xA==", "QopvyNp/5Ata9NdAUhFygw==", "k6fjQGJuJ+9NXMFLa5+CgA==" ], "bTSLWiizipO2axtmvXFuVg==": [ "lnMcIzRPoETIbrbgdDGINA==", "6j23t/n6B77cQMxfCeLKzA==" ], "brvvAQ6V7yp7QbUuk+W5Hg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "d4b/e0nx+/vPWuPB7oDzPw==": [ "/YwO4YLRGgF2uWU55V6+MQ==", "ZdGgPSEZdeQ3XJo0+ZpAXQ==", "9JIazCQjSvYhpG9KE6d7Pg==", "jJNc2KwFwVg03DlaNN1nbA==", "DJOf0vCfrT4GvRr/tBJhbg==", "MYYkxlB4Ank1zsdIh41apg==", "GezxxUl3QPWUTitg/VHmlQ==", "gMRlXKqXSfP5n8UiPW430Q==", "wFMwqYmfC1KjDKz8vyBr4A==", "WHvU12ysgz1Ai1y1KSOiLA==", "tne7uZ2E+Ev6QI7ctt3PxA==", "l6iyFrb04z9eZxh35gAtVA==", "pa+2016jZIT5xycgFHsAsQ==", "T2SiDOPpMK0bU0Y0qkOm1A==", "aqMHDRnPT+3QNU/8tSwsog==", "ZxTVeoHgmvhWXsV+xLzphA==", "s55QOTlka9E4jTdGv0d/FA==", "w4Wr213OT8TRxlHAy3MwPQ==" ], "dUT53gagQO5Ac9Bdlu5dAw==": [ "NYWveHKKsIYIKl+vE8UEhw==" ], "dXglURzzdbLnOf14mab1Hg==": [ "27BVJE6xR0Z84LzifDnFYA==", "VzolVkOS5HseGzVTLzDMfA==", "EYo03ICovWfCjw2cKpwx4Q==", "WWnQMI7f7f75SgC9Dcl+QQ==" ], "dobmrwm7aq9puvFHwNgXxw==": [ "08pa4udz9bnA9IOsE208DA==" ], "dv3AlW8tBL4D0mEPW7/Z2Q==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "elSR7m8uLWd/kMl2jxTm/A==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "evNF5YpSAxyFV7iWv3lSVw==": [ "t3CEDp5fZQ6D+aOizMiuSg==", "vmet9boOEsf+RUsh5rJnEw==", "kwKUYCnvi/GndNgicLw/RQ==", "GmBi7n85v8sX6ItoMSgvlQ==", "P4mYk7npVU6t91mlbAb8QA==", "yyhzQNC9UPFT5NwvhGsvqg==", "srcIw8ffB6famHHqmqImEw==", "Tcuyjettc5LT9G5wj3mSxw==", "lShmgiPGgmUIO0VwzhSBRA==", "epkSU4TSX3BVrueh1mbRzg==", "EajCJi704nU1+LqESNMC1w==", "x3SWTcEL2lgEvouAhmt6fQ==", "b2D8D2g8yPwuRhswdqF0Rw==", "ugZgSJOxFzPCX6LQaJzM3A==", "+N61/5529gFt7RkD8ooeKQ==", "ySGl3ADUS8EeTeweiO86Aw==", "cZD87tDO2q60EFy3BAZ33g==", "eietxU2AL+GdeSQwh6n6XA==", "KLrAiYCJHdmWQ2RaqUywlA==", "pu8XvxoOXeKAI0tvpRRucg==" ], "fCmdLCR2Ix0ldnZL1Fa52A==": [ "MXRm//dBCnWFem5zffvqmA==", "MDmWztEMrTY+VyVp5c+Fvw==" ], "hdNUjYIlrdEAtBWAggakAw==": [ "ce9B0jxjyNiCfG4VtZhnVw==", "7DtFnnE8FjIpCQKunutpeg==", "k82HOcJqNkts86KJ0glvow==", "JcoADkxFeYBET6x6TWfsjg==", "brAAPyN4siIQT5bxa9xu4g==", "AvPdNumiwGnBie+lo1du3A==" ], "iWqdRZmp08/Tx22qEtmjJg==": [ "G45dR+E8Wb+bEhCdwuqUDg==", "mJA9Uto8Hh0tElNp2qoYaA==", "ZrZi02myDWWW0L5oPQj/cg==", "uEg5UAxE9NNjF71OxdO7uQ==", "oeIf5WAd0bERBmJCeLsqIg==" ], "jErhz6PtXvAy/EPWJ425rA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "jKa8Us2cqGejhOc2/n5DDA==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "kq4lGEwi4agkgAJAkDs9Ng==": [ "svo9ZP0wOZ7IXZp//n2f7g==", "h7Lhy275V3QLvnBLGAulbw==" ], "krch6TQqNWzRi5F/dDkF+Q==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "l5lCPjtOmPM8/LLh9+NjeQ==": [ "F0zkrLGlbsix59P9mqoAOg==", "ANq7+l7+5U6IDt9eU02u5w==" ], "lCjIskl1HulEHShaXtgmwQ==": [ "zL8eGifGE7B+wAjTOBjRgQ==", "TgHh5yPuwUnIt8v9WawGYw==", "d1D8ilhRqv7A6eAzRE4Ojw==", "EvarhwbaAMrD3meGYFByGg==" ], "nwapLKtbHTjy1u8+aA0X+Q==": [ "dZ/H1sYv9QSX9VO93tlGLw==", "mj6UKCnVoHnC6YBWJGf/Ug==", "WcYPrwv9PSVoVoof5MRsxQ==" ], "pZoLgWqHDgjhYQPevrtwdg==": [ "GPLYq884jQKVksfMc+b7OQ==" ], "qN2BSWBeEFRJnExMNJ1S0A==": [ "BxMnseA9J6OW2RWxSrlbyQ==", "tjx9raP+v/Zzj6SBJct3WA==", "C8YeM0XyMbxM6QnHcnbRtQ==", "dUTZP+bcDNUqytJV02E1dQ==", "tBbOIOCaKVlwik7hH/baMQ==", "fharKhY7OXyx+gXJAwiegw==", "DRKFIYYNzLumACBV1CW/rw==" ], "qrPZzwjmppjOiQbrGk5IQA==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "s66OGd0F2Pbemhmyrg2R9w==": [ "+x9OyXfXk9PrekfsnPKwlg==", "swQXHeTg1VEUQHser/6eEQ==", "GRlufCZFwHNK64OQNCFIcg==", "1dwwvWkARnFe67yAAGVglQ==", "meQYB1JR+XE3En/RrDfPvA==", "lAYsMZ/1tV9arAE2k+zsAQ==", "WG/hQnqUufOh6/5/mlRi/Q==", "n+1p0npJfBZ4vUpG1OFi6w==", "ASrdm9EROwWp9Ip2w7HH5w==", "uTSYWROavw8Bf2n+4djlMg==", "m619DfZfUke+jaTAnoZ2Xw==" ], "tYADP/V07/lE8Qno1R/hhg==": [ "08pa4udz9bnA9IOsE208DA==" ], "vqKK+x/7cGHNjLr4L7x4uQ==": [ "fXJD4KsFmfzjgWJPYHqTrQ==" ], "wkuBBC4B84P3b4K0fGF0OQ==": [ "mnGTl6DWEAI0reOCEqb0jw==", "PJI8cpGpF5+qVan9H5W87Q==" ], "yYcMjCGhY/mc+KraTEHSJg==": [ "OB48XTRaksNPWPm0dVHJmQ==", "cHpKoxiUOXPYUJX1ihMLDg==", "0H/7BkE/Q7YVSZhEABXg6w==", "Nzgd66Rt/zG5Z8ZfbjecYA==", "GEZVVbmUXjlQj+79Swj7fA==", "dFbvYO8avXWxbjXnm5ACqQ==", "wzv81XuYHOFtlrLHaamjZg==", "59rfj7X7Q9O1jyg5L5a5zQ==" ], "zV4ikAKeqBYFSvXnkFMYgg==": [ "Ns8JH9Yqo6xZiGzihN4B3g==", "KvTZOL1MGCoBHaXdBx1RcA==", "f6s0c0I4Eo7U1vb/8R9ATg==", "Ba+eHoq0U7aq9Kxwg98r8Q==" ], "zw9OGAXs3mWkBkmfKzbfqg==": [ "l8HSGkC4gSxCEUDns7KKfQ==" ] }, "enrichments": {} } pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-comp-bakp-on-pull-request-dnv54-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 7, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: coreutils-8.32-4+b1 (CVE-2016-2781)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: mount-2.36.1-8+deb11u1 (CVE-2022-0563), bash-5.1-2+deb11u1 (TEMP-0841856-B18BAF), libpcre2-8-0-10.36-2+deb11u1 (CVE-2022-41409), gcc-9-base-9.3.0-22 (CVE-2023-4039), bsdutils-1:2.36.1-8+deb11u1 (CVE-2022-0563), libpcre3-2:8.39-13 (CVE-2017-11164, CVE-2017-16231, CVE-2017-7245, CVE-2017-7246, CVE-2019-20838), libsqlite3-0-3.34.1-3 (CVE-2021-45346, CVE-2022-35737, CVE-2025-29088, CVE-2025-52099), libk5crypto3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), libexpat1-2.2.10-2+deb11u5 (CVE-2013-0340, CVE-2023-52426, CVE-2024-28757), libc-bin-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), libsystemd0-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libsmartcols1-2.36.1-8+deb11u1 (CVE-2022-0563), libgssapi-krb5-2-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), coreutils-8.32-4+b1 (CVE-2017-18018, CVE-2025-5278), apt-2.2.4 (CVE-2011-3374), libblkid1-2.36.1-8+deb11u1 (CVE-2022-0563), libgnutls30-3.7.1-5+deb11u2 (CVE-2011-3389), libgcc-s1-10.2.1-6 (CVE-2023-4039), libapt-pkg6.0-2.2.4 (CVE-2011-3374), login-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), gcc-10-base-10.2.1-6 (CVE-2023-4039), libstdc++6-10.2.1-6 (CVE-2023-4039), libuuid1-2.36.1-8+deb11u1 (CVE-2022-0563), util-linux-2.36.1-8+deb11u1 (CVE-2022-0563), libssl1.1-1.1.1n-0+deb11u3 (CVE-2025-27587), libudev1-247.3-7+deb11u1 (CVE-2013-4392, CVE-2020-13529, CVE-2023-31437, CVE-2023-31438, CVE-2023-31439), libmount1-2.36.1-8+deb11u1 (CVE-2022-0563), libgcrypt20-1.8.7-6 (CVE-2018-6829, CVE-2024-2236), libkrb5support0-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), sysvinit-utils-2.96-7+deb11u1 (TEMP-0517018-A83CE6), gpgv-2.2.27-2+deb11u2 (CVE-2022-3219), libc6-2.31-13+deb11u5 (CVE-2010-4756, CVE-2018-20796, CVE-2019-1010022, CVE-2019-1010023, CVE-2019-1010024, CVE-2019-1010025, CVE-2019-9192), tar-1.34+dfsg-1 (CVE-2005-2541, TEMP-0290435-0B57B5), libkrb5-3-1.18.3-6+deb11u3 (CVE-2018-5709, CVE-2024-26458, CVE-2024-26461), passwd-1:4.8.1-1 (CVE-2007-5686, CVE-2013-4235, TEMP-0628843-DBAD28), openssl-1.1.1n-0+deb11u3 (CVE-2025-27587), perl-base-5.32.1-4+deb11u2 (CVE-2011-4116, CVE-2023-31486)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 82 } }, { "msg": "Found packages with unpatched unknown vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libpam-modules-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), bash-5.1-2+deb11u1 (CVE-2022-3715), libncursesw6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libpam0g-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libsqlite3-0-3.34.1-3 (CVE-2025-6965), libexpat1-2.2.10-2+deb11u5 (CVE-2024-8176, CVE-2025-59375), libc-bin-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), libdb5.3-5.3.28+dfsg1-0.8 (CVE-2019-8457), libpam-modules-bin-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libgnutls30-3.7.1-5+deb11u2 (CVE-2025-9820), zlib1g-1:1.2.11.dfsg-2+deb11u2 (CVE-2023-45853), ncurses-bin-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), login-1:4.8.1-1 (CVE-2024-56433), ncurses-base-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), dpkg-1.20.12 (CVE-2025-6297), libpam-runtime-1.4.0-9+deb11u1 (CVE-2024-10041, CVE-2025-8941), libgcrypt20-1.8.7-6 (CVE-2021-33560), gpgv-2.2.27-2+deb11u2 (CVE-2025-30258), libzstd1-1.4.8+dfsg-2.1 (CVE-2022-4899), libtinfo6-6.2+20201114-2 (CVE-2023-50495, CVE-2025-6141), libc6-2.31-13+deb11u5 (CVE-2023-4806, CVE-2023-4813, CVE-2025-8058), passwd-1:4.8.1-1 (CVE-2024-56433), perl-base-5.32.1-4+deb11u2 (CVE-2025-40909)", "name": "clair_unpatched_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 36 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":1,"low":82,"unknown":36}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "digests": ["sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:15:23+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | init container: prepare 2026/02/10 22:15:04 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | init container: place-scripts 2026/02/10 22:15:04 Decoded script /tekton/scripts/script-0-qh87s 2026/02/10 22:15:04 Decoded script /tekton/scripts/script-1-9svkc pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 8.479 sec (0 m 8 s) Start Date: 2026:02:10 22:15:21 End Date: 2026:02:10 22:15:29 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761729","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0", "digests": ["sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31"]}} pod: test-comp-bakp-on-pull-request-dnv54-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 089de8836b0e clamscan-result-amd64.log Uploading c87f3e2155b0 clamscan-ec-test-amd64.json Uploaded c87f3e2155b0 clamscan-ec-test-amd64.json Uploaded 089de8836b0e clamscan-result-amd64.log Uploading 163583910603 application/vnd.oci.image.manifest.v1+json Uploaded 163583910603 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:1635839106032307304473d855b6159078895b3fb4a845ed03db36414d587c33 pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | init container: prepare 2026/02/10 22:14:02 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | init container: place-scripts 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-0-2wbz5 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-1-5zdl4 pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761647.1679096,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761647.3595345,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-python-basic @ 41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761647.3595753,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761647.3830407,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 directly. pod: test-comp-bakp-on-pull-request-dnv54-clone-repository-pod | container step-symlink-check: Running symlink check pod: test-comp-bakp-on-pull-request-dnv54-init-pod | init container: prepare 2026/02/10 22:13:44 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-init-pod | init container: place-scripts 2026/02/10 22:13:44 Decoded script /tekton/scripts/script-0-vc6mj pod: test-comp-bakp-on-pull-request-dnv54-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | init container: prepare 2026/02/10 22:14:10 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | init container: place-scripts 2026/02/10 22:14:11 Decoded script /tekton/scripts/script-0-rpjdp 2026/02/10 22:14:11 Decoded script /tekton/scripts/script-1-vzgng pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | container step-sanitize-config-file-with-yq: pod: test-comp-bakp-on-pull-request-dnv54-prefetch-dependencies-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-0-4nkrh pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-push-dockerfile-pod | container step-push: [2026-02-10T22:15:20,314635966+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.lbYNoJNQw1 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:sha256-e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31.dockerfile Dockerfile pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:15:15 Decoded script /tekton/scripts/script-0-xnkvc 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-1-tmlsd pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-100.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-112.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-132.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-85.json ./shellcheck-results/sc-92.json ./shellcheck-results/sc-96.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:15:21+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' {"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-dnv54-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 6dee4a2897b1 application/vnd.oci.image.manifest.v1+json Uploaded 6dee4a2897b1 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:6dee4a2897b1de0e8a308ccf115916f8753c906f09c24ad6b7139cb282f0bf91 No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-0-wtnp8 2026/02/10 22:15:16 Decoded script /tekton/scripts/script-1-h4dbh pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-comp-bakp INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:15:21+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-comp-bakp-on-pull-request-dnv54-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: prepare 2026/02/10 22:15:15 Entrypoint initialization pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: place-scripts 2026/02/10 22:15:17 Decoded script /tekton/scripts/script-0-2fnhm 2026/02/10 22:15:17 Decoded script /tekton/scripts/script-1-qtx7q pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | init container: working-dir-initializer pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=test-comp-bakp + echo 'INFO: The PROJECT_NAME used is: test-comp-bakp' INFO: The PROJECT_NAME used is: test-comp-bakp + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:15:22+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:15:22+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: test-comp-bakp-on-pull-request-dnv54-sast-unicode-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp Attaching to quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 9f1a4673ef8d application/vnd.oci.image.manifest.v1+json Uploaded 9f1a4673ef8d application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0@sha256:e090ae5c018f2128415ecf6a7c2b0b09265bc62f5b1503c53bb5f8294856de31 Digest: sha256:9f1a4673ef8d9c99931c516cc3846229b0876c8ed539079fb74c08b479188fb3 No excluded-findings.json exists. Skipping upload. { s: "\n pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: prepare\n2026/02/10 22:15:04 Entrypoint initialization\n\n pod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | init container: place-scripts\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-0-hgxcx\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-1-j2zbg\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-2-tsh7w\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-3-hcdf2\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-4-dqnrx\n2026/02/10 22:15:06 Decoded script /tekton/scripts/script-5-rzc6t\n\npod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-introspect: \nArtifact type will be determined by introspection.\nChecking the media type of the OCI artifact...\nExecuting: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0\nThe media type of the OCI artifact is application/vnd.oci.image.manifest.v1+json.\nLooking for image labels that indicate this might be an operator bundle...\nExecuting: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0\nFound 0 matching labels.\nExpecting 3 or more to identify this image as an operator bundle.\nIntrospection concludes that this artifact is of type \"application\".\n\npod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-generate-container-auth: \nSelecting auth for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0\nUsing token for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp\nAuth json written to \"/auth/auth.json\".\n\npod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-set-skip-for-bundles: \n2026/02/10 22:15:11 INFO Step was skipped due to when expressions were evaluated to false.\n\npod: test-comp-bakp-on-pull-requa67c4f0a6b2732986af6fdb08038af3d-pod | container step-app-check: \ntime=\"2026-02-10T22:15:11Z\" level=info msg=\"certification library version\" version=\"1.16.0 \"\ntime=\"2026-02-10T22:15:12Z\" level=info msg=\"running checks for quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0 for platform amd64\"\ntime=\"2026-02-10T22:15:12Z\" level=info msg=\"target image\" image=\"quay.io/redhat-appstudio-qe/build-e2e-kvrq/test-comp-bakp:on-pr-41d715a651ccbf9b592ddfcf3b2bb8ca08680ed0\"\ntime=\"2026-02-10T22:15:16Z\" level=error msg=\"could not get rpm list, continuing without it\" error=\"could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory\"\ntime=\"2026-02-10T22:15:16Z\" level=info msg=\"check completed\" check=HasLicense result=FAILED\ntime=\"2026-02-10T22:15:16Z\" level=info msg=\"check completed\" check=HasUniqueTag result=PASSED\ntime=\"2026-02-10T22:15:16Z\" level=info msg=\"check completed\" check=LayerCountAcceptable result=PASSED\ntime=\"2026-02-10T22:15:16Z\" level=info msg=\"check completed\" check=HasNoProhibitedPackages err=\"unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-3873054302/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\\nstat /tmp/preflight-3873054302/fs/var/lib/rpm/Packages: no such file or directory\" result=ERROR\ntime=\"2026-02-10T22:15:16Z\" level=info msg=\"check completed\" check=HasRequiredLabel result=FAILED\n... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:354 @ 02/10/26 22:15:40.236 ------------------------------ SSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:489 ------------------------------ SSSSSSSSSS ------------------------------ P [PENDING] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci when Pipeline Results are stored for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build-oci-ta should have Pipeline Logs [build, build-templates, HACBS, pipeline-service, pipeline] /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:489 ------------------------------ SSSSS ------------------------------ • [FAILED] [847.986 seconds] [integration-service-suite Integration Service E2E tests] with happy path for general flow of Integration service when a new Component is created [It] waits for build PipelineRun to succeed [integration-service] /tmp/tmp.EaIZ2fdreL/tests/integration-service/integration.go:101 Timeline >> PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: ResolvingTaskRef PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: ResolvingTaskRef PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: ResolvingTaskRef PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: ResolvingTaskRef PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: ResolvingTaskRef PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-v7ppp reason: Failed attempt 1/3: PipelineRun "test-component-pac-xmjyvu-on-pull-request-v7ppp" failed: pod: test-component-pac-xmjyvu-o017294eb020ce1e63af07032151523d7-pod | init container: prepare 2026/02/10 22:08:07 Entrypoint initialization pod: test-component-pac-xmjyvu-o017294eb020ce1e63af07032151523d7-pod | init container: place-scripts 2026/02/10 22:08:53 Decoded script /tekton/scripts/script-0-khwfh pod: test-component-pac-xmjyvu-o017294eb020ce1e63af07032151523d7-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o017294eb020ce1e63af07032151523d7-pod | container step-push: [2026-02-10T22:09:00,792206086+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.lKsfWKWzxC --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:sha256-f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb.dockerfile Dockerfile pod: test-component-pac-xmjyvu-o9acbe68249d580045117c23d3dd5f22f-pod | init container: prepare 2026/02/10 22:08:07 Entrypoint initialization pod: test-component-pac-xmjyvu-o9acbe68249d580045117c23d3dd5f22f-pod | init container: place-scripts 2026/02/10 22:08:37 Decoded script /tekton/scripts/script-0-vdxjj 2026/02/10 22:08:37 Decoded script /tekton/scripts/script-1-mr7gm pod: test-component-pac-xmjyvu-o9acbe68249d580045117c23d3dd5f22f-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o9acbe68249d580045117c23d3dd5f22f-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-component-pac-xmjyvu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:08:59+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-o9acbe68249d580045117c23d3dd5f22f-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | init container: prepare 2026/02/10 22:05:19 Entrypoint initialization pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | init container: place-scripts 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-0-b5nzm 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-1-5fw45 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-2-w4hst 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-3-z2npg 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-4-kqktd pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | container step-build: [2026-02-10T22:06:03,160320058+00:00] Validate context path [2026-02-10T22:06:03,163619809+00:00] Update CA trust [2026-02-10T22:06:03,164699108+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:06:05,160801694+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:06:05,166497701+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:06:32,780200615+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:06:39,053010932+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:06:32Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:06:32Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "2fc3442b7a98e76f688df98e9c5c7ef301377f7e", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "2fc3442b7a98e76f688df98e9c5c7ef301377f7e", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-02-10T22:06:39,096020671+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:06:39,099263202+00:00] Add secrets [2026-02-10T22:06:39,106995111+00:00] Run buildah build [2026-02-10T22:06:39,108134533+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=2fc3442b7a98e76f688df98e9c5c7ef301377f7e --label org.opencontainers.image.revision=2fc3442b7a98e76f688df98e9c5c7ef301377f7e --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-02-10T22:06:32Z --label org.opencontainers.image.created=2026-02-10T22:06:32Z --annotation org.opencontainers.image.revision=2fc3442b7a98e76f688df98e9c5c7ef301377f7e --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-02-10T22:06:32Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.qDzyXN -t quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 840 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 512 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 517 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 573 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 595 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 279 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 590 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 708 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 877 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 345 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.5/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 781 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 951 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 497 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 701 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/3.6 kB Progress (2): 3.6 kB | 3.6 kB Progress (3): 3.6 kB | 3.6 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 63 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 36 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 47 kB/s) Progress (1): 2.3/7.1 kB Progress (1): 5.0/7.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 20 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 293 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/13 kB Progress (2): 2.3/13 kB | 4.1/226 kB Progress (2): 2.3/13 kB | 7.7/226 kB Progress (2): 6.4/13 kB | 7.7/226 kB Progress (2): 6.4/13 kB | 12/226 kB Progress (2): 6.4/13 kB | 16/226 kB Progress (2): 10/13 kB | 16/226 kB Progress (2): 13 kB | 16/226 kB Progress (2): 13 kB | 20/226 kB Progress (2): 13 kB | 24/226 kB Progress (2): 13 kB | 28/226 kB Progress (2): 13 kB | 32/226 kB Progress (2): 13 kB | 36/226 kB Progress (2): 13 kB | 41/226 kB Progress (2): 13 kB | 45/226 kB Progress (2): 13 kB | 49/226 kB Progress (2): 13 kB | 53/226 kB Progress (2): 13 kB | 57/226 kB Progress (2): 13 kB | 61/226 kB Progress (2): 13 kB | 65/226 kB Progress (2): 13 kB | 69/226 kB Progress (2): 13 kB | 73/226 kB Progress (2): 13 kB | 77/226 kB Progress (2): 13 kB | 81/226 kB Progress (2): 13 kB | 86/226 kB Progress (2): 13 kB | 90/226 kB Progress (2): 13 kB | 94/226 kB Progress (2): 13 kB | 98/226 kB Progress (2): 13 kB | 102/226 kB Progress (2): 13 kB | 106/226 kB Progress (2): 13 kB | 110/226 kB Progress (2): 13 kB | 114/226 kB Progress (2): 13 kB | 118/226 kB Progress (2): 13 kB | 122/226 kB Progress (2): 13 kB | 127/226 kB Progress (2): 13 kB | 131/226 kB Progress (2): 13 kB | 135/226 kB Progress (2): 13 kB | 139/226 kB Progress (2): 13 kB | 143/226 kB Progress (2): 13 kB | 147/226 kB Progress (2): 13 kB | 151/226 kB Progress (2): 13 kB | 155/226 kB Progress (2): 13 kB | 159/226 kB Progress (2): 13 kB | 163/226 kB Progress (2): 13 kB | 167/226 kB Progress (2): 13 kB | 172/226 kB Progress (2): 13 kB | 176/226 kB Progress (2): 13 kB | 180/226 kB Progress (2): 13 kB | 184/226 kB Progress (2): 13 kB | 188/226 kB Progress (2): 13 kB | 192/226 kB Progress (2): 13 kB | 196/226 kB Progress (2): 13 kB | 200/226 kB Progress (2): 13 kB | 204/226 kB Progress (2): 13 kB | 208/226 kB Progress (2): 13 kB | 213/226 kB Progress (2): 13 kB | 217/226 kB Progress (2): 13 kB | 221/226 kB Progress (2): 13 kB | 225/226 kB Progress (2): 13 kB | 226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 226 kB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 133 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 163 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 7.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 322 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 303 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.3/29 kB Progress (1): 5.0/29 kB Progress (1): 7.8/29 kB Progress (1): 11/29 kB Progress (1): 13/29 kB Progress (1): 16/29 kB Progress (1): 19/29 kB Progress (1): 21/29 kB Progress (1): 24/29 kB Progress (1): 27/29 kB Progress (1): 29 kB Progress (2): 29 kB | 2.3/57 kB Progress (2): 29 kB | 5.0/57 kB Progress (2): 29 kB | 7.8/57 kB Progress (2): 29 kB | 11/57 kB Progress (2): 29 kB | 13/57 kB Progress (2): 29 kB | 16/57 kB Progress (3): 29 kB | 16/57 kB | 4.1/116 kB Progress (3): 29 kB | 19/57 kB | 4.1/116 kB Progress (3): 29 kB | 19/57 kB | 7.7/116 kB Progress (3): 29 kB | 21/57 kB | 7.7/116 kB Progress (3): 29 kB | 21/57 kB | 12/116 kB Progress (3): 29 kB | 21/57 kB | 16/116 kB Progress (3): 29 kB | 24/57 kB | 16/116 kB Progress (3): 29 kB | 27/57 kB | 16/116 kB Progress (3): 29 kB | 30/57 kB | 16/116 kB Progress (3): 29 kB | 30/57 kB | 20/116 kB Progress (3): 29 kB | 32/57 kB | 20/116 kB Progress (3): 29 kB | 32/57 kB | 24/116 kB Progress (3): 29 kB | 32/57 kB | 28/116 kB Progress (3): 29 kB | 32/57 kB | 32/116 kB Progress (3): 29 kB | 35/57 kB | 32/116 kB Progress (3): 29 kB | 38/57 kB | 32/116 kB Progress (3): 29 kB | 41/57 kB | 32/116 kB Progress (3): 29 kB | 41/57 kB | 36/116 kB Progress (3): 29 kB | 43/57 kB | 36/116 kB Progress (3): 29 kB | 43/57 kB | 41/116 kB Progress (3): 29 kB | 43/57 kB | 45/116 kB Progress (3): 29 kB | 46/57 kB | 45/116 kB Progress (3): 29 kB | 46/57 kB | 49/116 kB Progress (3): 29 kB | 49/57 kB | 49/116 kB Progress (3): 29 kB | 49/57 kB | 53/116 kB Progress (3): 29 kB | 49/57 kB | 57/116 kB Progress (3): 29 kB | 53/57 kB | 57/116 kB Progress (3): 29 kB | 53/57 kB | 61/116 kB Progress (3): 29 kB | 53/57 kB | 65/116 kB Progress (3): 29 kB | 57 kB | 65/116 kB Progress (3): 29 kB | 57 kB | 69/116 kB Progress (3): 29 kB | 57 kB | 73/116 kB Progress (3): 29 kB | 57 kB | 77/116 kB Progress (3): 29 kB | 57 kB | 81/116 kB Progress (4): 29 kB | 57 kB | 81/116 kB | 4.1/35 kB Progress (4): 29 kB | 57 kB | 81/116 kB | 7.7/35 kB Progress (4): 29 kB | 57 kB | 81/116 kB | 12/35 kB Progress (4): 29 kB | 57 kB | 81/116 kB | 16/35 kB Progress (4): 29 kB | 57 kB | 86/116 kB | 16/35 kB Progress (4): 29 kB | 57 kB | 90/116 kB | 16/35 kB Progress (4): 29 kB | 57 kB | 94/116 kB | 16/35 kB Progress (4): 29 kB | 57 kB | 98/116 kB | 16/35 kB Progress (4): 29 kB | 57 kB | 98/116 kB | 20/35 kB Progress (4): 29 kB | 57 kB | 98/116 kB | 24/35 kB Progress (4): 29 kB | 57 kB | 98/116 kB | 28/35 kB Progress (4): 29 kB | 57 kB | 98/116 kB | 32/35 kB Progress (4): 29 kB | 57 kB | 102/116 kB | 32/35 kB Progress (4): 29 kB | 57 kB | 106/116 kB | 32/35 kB Progress (4): 29 kB | 57 kB | 106/116 kB | 35 kB Progress (4): 29 kB | 57 kB | 110/116 kB | 35 kB Progress (4): 29 kB | 57 kB | 114/116 kB | 35 kB Progress (4): 29 kB | 57 kB | 116 kB | 35 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 2.3/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 5.0/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 7.8/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 11/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 13/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 16/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 19/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 21/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 24/152 kB Progress (5): 29 kB | 57 kB | 116 kB | 35 kB | 27/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 689 kB/s) Progress (4): 57 kB | 116 kB | 35 kB | 30/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Progress (4): 57 kB | 116 kB | 35 kB | 32/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 35/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 38/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 41/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 43/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 46/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 49/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 52/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 54/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 58/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 62/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 67/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 71/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 75/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 79/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 81/152 kB Progress (4): 57 kB | 116 kB | 35 kB | 85/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.2 MB/s) Progress (3): 116 kB | 35 kB | 89/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (3): 116 kB | 35 kB | 93/152 kB Progress (3): 116 kB | 35 kB | 97/152 kB Progress (3): 116 kB | 35 kB | 101/152 kB Progress (3): 116 kB | 35 kB | 106/152 kB Progress (3): 116 kB | 35 kB | 110/152 kB Progress (3): 116 kB | 35 kB | 114/152 kB Progress (3): 116 kB | 35 kB | 118/152 kB Progress (3): 116 kB | 35 kB | 122/152 kB Progress (3): 116 kB | 35 kB | 126/152 kB Progress (3): 116 kB | 35 kB | 130/152 kB Progress (3): 116 kB | 35 kB | 134/152 kB Progress (3): 116 kB | 35 kB | 138/152 kB Progress (3): 116 kB | 35 kB | 142/152 kB Progress (3): 116 kB | 35 kB | 147/152 kB Progress (3): 116 kB | 35 kB | 151/152 kB Progress (3): 116 kB | 35 kB | 152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 691 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 152 kB | 2.3/21 kB Progress (2): 152 kB | 5.0/21 kB Progress (2): 152 kB | 7.8/21 kB Progress (2): 152 kB | 11/21 kB Progress (2): 152 kB | 13/21 kB Progress (2): 152 kB | 16/21 kB Progress (2): 152 kB | 19/21 kB Progress (2): 152 kB | 21 kB Progress (3): 152 kB | 21 kB | 3.8/9.9 kB Progress (3): 152 kB | 21 kB | 7.9/9.9 kB Progress (3): 152 kB | 21 kB | 9.9 kB Progress (4): 152 kB | 21 kB | 9.9 kB | 4.1/5.9 kB Progress (4): 152 kB | 21 kB | 9.9 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (4): 21 kB | 9.9 kB | 5.9 kB | 4.1/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 7.7/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 12/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 16/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 20/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (2): 24 kB | 3.8/14 kB Progress (2): 24 kB | 7.9/14 kB Progress (2): 24 kB | 12/14 kB Progress (2): 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 252 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (2): 14 kB | 3.8/30 kB Progress (2): 14 kB | 7.9/30 kB Progress (2): 14 kB | 12/30 kB Progress (2): 14 kB | 16/30 kB Progress (2): 14 kB | 20/30 kB Progress (2): 14 kB | 24/30 kB Progress (2): 14 kB | 28/30 kB Progress (2): 14 kB | 30 kB Progress (3): 14 kB | 30 kB | 4.1/13 kB Progress (3): 14 kB | 30 kB | 7.7/13 kB Progress (3): 14 kB | 30 kB | 12/13 kB Progress (3): 14 kB | 30 kB | 13 kB Progress (4): 14 kB | 30 kB | 13 kB | 3.8/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 7.9/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 12/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 16/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 20/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 24/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 28/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 32/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 37/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (4): 30 kB | 13 kB | 37 kB | 4.1/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 7.7/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 12/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 16/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 20/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 24/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 28/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 32/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 36/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 290 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Progress (2): 38 kB | 3.8/87 kB Progress (2): 38 kB | 7.9/87 kB Progress (2): 38 kB | 12/87 kB Progress (2): 38 kB | 16/87 kB Progress (2): 38 kB | 20/87 kB Progress (2): 38 kB | 24/87 kB Progress (2): 38 kB | 28/87 kB Progress (2): 38 kB | 32/87 kB Progress (2): 38 kB | 37/87 kB Progress (2): 38 kB | 41/87 kB Progress (2): 38 kB | 45/87 kB Progress (2): 38 kB | 49/87 kB Progress (2): 38 kB | 53/87 kB Progress (2): 38 kB | 57/87 kB Progress (2): 38 kB | 61/87 kB Progress (2): 38 kB | 65/87 kB Progress (2): 38 kB | 69/87 kB Progress (2): 38 kB | 73/87 kB Progress (2): 38 kB | 77/87 kB Progress (2): 38 kB | 81/87 kB Progress (2): 38 kB | 86/87 kB Progress (2): 38 kB | 87 kB Progress (3): 38 kB | 87 kB | 4.1/49 kB Progress (3): 38 kB | 87 kB | 7.7/49 kB Progress (3): 38 kB | 87 kB | 12/49 kB Progress (3): 38 kB | 87 kB | 16/49 kB Progress (3): 38 kB | 87 kB | 20/49 kB Progress (3): 38 kB | 87 kB | 24/49 kB Progress (3): 38 kB | 87 kB | 28/49 kB Progress (3): 38 kB | 87 kB | 32/49 kB Progress (3): 38 kB | 87 kB | 36/49 kB Progress (3): 38 kB | 87 kB | 41/49 kB Progress (3): 38 kB | 87 kB | 45/49 kB Progress (3): 38 kB | 87 kB | 49/49 kB Progress (3): 38 kB | 87 kB | 49 kB Progress (4): 38 kB | 87 kB | 49 kB | 3.8/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 7.9/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 12/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 16/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 20/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 24/86 kB Progress (4): 38 kB | 87 kB | 49 kB | 28/86 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (3): 87 kB | 49 kB | 32/86 kB Progress (3): 87 kB | 49 kB | 36/86 kB Progress (3): 87 kB | 49 kB | 41/86 kB Progress (3): 87 kB | 49 kB | 45/86 kB Progress (3): 87 kB | 49 kB | 49/86 kB Progress (3): 87 kB | 49 kB | 53/86 kB Progress (3): 87 kB | 49 kB | 57/86 kB Progress (3): 87 kB | 49 kB | 61/86 kB Progress (3): 87 kB | 49 kB | 65/86 kB Progress (4): 87 kB | 49 kB | 65/86 kB | 3.8/10 kB Progress (4): 87 kB | 49 kB | 69/86 kB | 3.8/10 kB Progress (4): 87 kB | 49 kB | 69/86 kB | 7.9/10 kB Progress (4): 87 kB | 49 kB | 73/86 kB | 7.9/10 kB Progress (4): 87 kB | 49 kB | 73/86 kB | 10 kB Progress (4): 87 kB | 49 kB | 77/86 kB | 10 kB Progress (4): 87 kB | 49 kB | 81/86 kB | 10 kB Progress (4): 87 kB | 49 kB | 86/86 kB | 10 kB Progress (4): 87 kB | 49 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 549 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 303 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (2): 86 kB | 4.1/121 kB Progress (2): 86 kB | 7.7/121 kB Progress (3): 86 kB | 7.7/121 kB | 4.1/194 kB Progress (3): 86 kB | 12/121 kB | 4.1/194 kB Progress (3): 86 kB | 12/121 kB | 7.7/194 kB Progress (3): 86 kB | 16/121 kB | 7.7/194 kB Progress (3): 86 kB | 16/121 kB | 12/194 kB Progress (3): 86 kB | 16/121 kB | 16/194 kB Progress (3): 86 kB | 20/121 kB | 16/194 kB Progress (3): 86 kB | 20/121 kB | 20/194 kB Progress (3): 86 kB | 24/121 kB | 20/194 kB Progress (3): 86 kB | 24/121 kB | 24/194 kB Progress (3): 86 kB | 24/121 kB | 28/194 kB Progress (3): 86 kB | 24/121 kB | 32/194 kB Progress (3): 86 kB | 24/121 kB | 36/194 kB Progress (3): 86 kB | 24/121 kB | 41/194 kB Progress (3): 86 kB | 24/121 kB | 45/194 kB Progress (3): 86 kB | 24/121 kB | 49/194 kB Progress (3): 86 kB | 28/121 kB | 49/194 kB Progress (3): 86 kB | 32/121 kB | 49/194 kB Progress (3): 86 kB | 36/121 kB | 49/194 kB Progress (3): 86 kB | 41/121 kB | 49/194 kB Progress (3): 86 kB | 41/121 kB | 53/194 kB Progress (3): 86 kB | 41/121 kB | 57/194 kB Progress (3): 86 kB | 41/121 kB | 61/194 kB Progress (3): 86 kB | 41/121 kB | 65/194 kB Progress (3): 86 kB | 45/121 kB | 65/194 kB Progress (3): 86 kB | 49/121 kB | 65/194 kB Progress (3): 86 kB | 49/121 kB | 69/194 kB Progress (3): 86 kB | 53/121 kB | 69/194 kB Progress (3): 86 kB | 53/121 kB | 73/194 kB Progress (3): 86 kB | 57/121 kB | 73/194 kB Progress (3): 86 kB | 57/121 kB | 77/194 kB Progress (3): 86 kB | 57/121 kB | 81/194 kB Progress (3): 86 kB | 57/121 kB | 86/194 kB Progress (3): 86 kB | 57/121 kB | 90/194 kB Progress (3): 86 kB | 57/121 kB | 94/194 kB Progress (3): 86 kB | 57/121 kB | 98/194 kB Progress (3): 86 kB | 61/121 kB | 98/194 kB Progress (3): 86 kB | 65/121 kB | 98/194 kB Progress (3): 86 kB | 69/121 kB | 98/194 kB Progress (3): 86 kB | 73/121 kB | 98/194 kB Progress (3): 86 kB | 73/121 kB | 102/194 kB Progress (3): 86 kB | 73/121 kB | 106/194 kB Progress (3): 86 kB | 73/121 kB | 110/194 kB Progress (3): 86 kB | 73/121 kB | 114/194 kB Progress (3): 86 kB | 77/121 kB | 114/194 kB Progress (3): 86 kB | 77/121 kB | 118/194 kB Progress (3): 86 kB | 81/121 kB | 118/194 kB Progress (3): 86 kB | 86/121 kB | 118/194 kB Progress (3): 86 kB | 86/121 kB | 122/194 kB Progress (3): 86 kB | 90/121 kB | 122/194 kB Progress (3): 86 kB | 90/121 kB | 127/194 kB Progress (3): 86 kB | 90/121 kB | 131/194 kB Progress (3): 86 kB | 94/121 kB | 131/194 kB Progress (3): 86 kB | 98/121 kB | 131/194 kB Progress (3): 86 kB | 102/121 kB | 131/194 kB Progress (3): 86 kB | 102/121 kB | 135/194 kB Progress (3): 86 kB | 106/121 kB | 135/194 kB Progress (3): 86 kB | 106/121 kB | 139/194 kB Progress (3): 86 kB | 106/121 kB | 143/194 kB Progress (3): 86 kB | 106/121 kB | 147/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 475 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (2): 110/121 kB | 147/194 kB Progress (2): 114/121 kB | 147/194 kB Progress (2): 118/121 kB | 147/194 kB Progress (2): 121 kB | 147/194 kB Progress (2): 121 kB | 151/194 kB Progress (2): 121 kB | 155/194 kB Progress (2): 121 kB | 159/194 kB Progress (2): 121 kB | 163/194 kB Progress (2): 121 kB | 167/194 kB Progress (2): 121 kB | 172/194 kB Progress (2): 121 kB | 176/194 kB Progress (2): 121 kB | 180/194 kB Progress (2): 121 kB | 184/194 kB Progress (2): 121 kB | 188/194 kB Progress (2): 121 kB | 192/194 kB Progress (2): 121 kB | 194 kB Progress (3): 121 kB | 194 kB | 4.1/223 kB Progress (3): 121 kB | 194 kB | 7.7/223 kB Progress (3): 121 kB | 194 kB | 12/223 kB Progress (3): 121 kB | 194 kB | 16/223 kB Progress (3): 121 kB | 194 kB | 20/223 kB Progress (3): 121 kB | 194 kB | 24/223 kB Progress (3): 121 kB | 194 kB | 28/223 kB Progress (3): 121 kB | 194 kB | 32/223 kB Progress (3): 121 kB | 194 kB | 36/223 kB Progress (3): 121 kB | 194 kB | 41/223 kB Progress (3): 121 kB | 194 kB | 45/223 kB Progress (3): 121 kB | 194 kB | 49/223 kB Progress (3): 121 kB | 194 kB | 53/223 kB Progress (3): 121 kB | 194 kB | 57/223 kB Progress (3): 121 kB | 194 kB | 61/223 kB Progress (3): 121 kB | 194 kB | 65/223 kB Progress (3): 121 kB | 194 kB | 69/223 kB Progress (3): 121 kB | 194 kB | 73/223 kB Progress (3): 121 kB | 194 kB | 77/223 kB Progress (3): 121 kB | 194 kB | 81/223 kB Progress (3): 121 kB | 194 kB | 86/223 kB Progress (3): 121 kB | 194 kB | 90/223 kB Progress (3): 121 kB | 194 kB | 94/223 kB Progress (3): 121 kB | 194 kB | 98/223 kB Progress (3): 121 kB | 194 kB | 102/223 kB Progress (3): 121 kB | 194 kB | 106/223 kB Progress (3): 121 kB | 194 kB | 110/223 kB Progress (3): 121 kB | 194 kB | 114/223 kB Progress (3): 121 kB | 194 kB | 118/223 kB Progress (3): 121 kB | 194 kB | 122/223 kB Progress (3): 121 kB | 194 kB | 127/223 kB Progress (3): 121 kB | 194 kB | 131/223 kB Progress (3): 121 kB | 194 kB | 135/223 kB Progress (3): 121 kB | 194 kB | 139/223 kB Progress (3): 121 kB | 194 kB | 143/223 kB Progress (3): 121 kB | 194 kB | 147/223 kB Progress (3): 121 kB | 194 kB | 151/223 kB Progress (3): 121 kB | 194 kB | 155/223 kB Progress (3): 121 kB | 194 kB | 159/223 kB Progress (3): 121 kB | 194 kB | 163/223 kB Progress (3): 121 kB | 194 kB | 167/223 kB Progress (3): 121 kB | 194 kB | 172/223 kB Progress (3): 121 kB | 194 kB | 176/223 kB Progress (3): 121 kB | 194 kB | 180/223 kB Progress (3): 121 kB | 194 kB | 184/223 kB Progress (3): 121 kB | 194 kB | 188/223 kB Progress (3): 121 kB | 194 kB | 192/223 kB Progress (3): 121 kB | 194 kB | 196/223 kB Progress (3): 121 kB | 194 kB | 200/223 kB Progress (3): 121 kB | 194 kB | 204/223 kB Progress (3): 121 kB | 194 kB | 208/223 kB Progress (3): 121 kB | 194 kB | 213/223 kB Progress (3): 121 kB | 194 kB | 217/223 kB Progress (3): 121 kB | 194 kB | 221/223 kB Progress (3): 121 kB | 194 kB | 223 kB Progress (4): 121 kB | 194 kB | 223 kB | 3.8/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 7.9/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 12/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 16/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 20/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 24/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 28/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 32/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 37/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 41/43 kB Progress (4): 121 kB | 194 kB | 223 kB | 43 kB Progress (5): 121 kB | 194 kB | 223 kB | 43 kB | 4.1/6.8 kB Progress (5): 121 kB | 194 kB | 223 kB | 43 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 588 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 929 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 1.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 203 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 32 kB/s) Progress (1): 3.8/61 kB Progress (1): 7.8/61 kB Progress (1): 12/61 kB Progress (1): 16/61 kB Progress (1): 20/61 kB Progress (1): 24/61 kB Progress (1): 28/61 kB Progress (1): 32/61 kB Progress (1): 36/61 kB Progress (1): 41/61 kB Progress (1): 45/61 kB Progress (1): 49/61 kB Progress (1): 53/61 kB Progress (1): 57/61 kB Progress (1): 61/61 kB Progress (1): 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 247 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 430 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 561 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 195 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 177 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 831 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 284 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 193 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 191 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 143 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 509 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 584 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 271 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 507 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 403 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 3.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 41/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (2): 49/49 kB | 4.1/89 kB Progress (2): 49 kB | 4.1/89 kB Progress (3): 49 kB | 4.1/89 kB | 3.8/211 kB Progress (3): 49 kB | 7.7/89 kB | 3.8/211 kB Progress (3): 49 kB | 7.7/89 kB | 7.9/211 kB Progress (3): 49 kB | 12/89 kB | 7.9/211 kB Progress (3): 49 kB | 12/89 kB | 12/211 kB Progress (3): 49 kB | 16/89 kB | 12/211 kB Progress (3): 49 kB | 16/89 kB | 16/211 kB Progress (4): 49 kB | 16/89 kB | 16/211 kB | 4.1/13 kB Progress (4): 49 kB | 16/89 kB | 20/211 kB | 4.1/13 kB Progress (4): 49 kB | 20/89 kB | 20/211 kB | 4.1/13 kB Progress (4): 49 kB | 20/89 kB | 24/211 kB | 4.1/13 kB Progress (4): 49 kB | 24/89 kB | 24/211 kB | 4.1/13 kB Progress (4): 49 kB | 24/89 kB | 24/211 kB | 7.7/13 kB Progress (4): 49 kB | 28/89 kB | 24/211 kB | 7.7/13 kB Progress (4): 49 kB | 28/89 kB | 28/211 kB | 7.7/13 kB Progress (4): 49 kB | 32/89 kB | 28/211 kB | 7.7/13 kB Progress (4): 49 kB | 32/89 kB | 28/211 kB | 12/13 kB Progress (4): 49 kB | 32/89 kB | 32/211 kB | 12/13 kB Progress (4): 49 kB | 32/89 kB | 32/211 kB | 13 kB Progress (4): 49 kB | 36/89 kB | 32/211 kB | 13 kB Progress (4): 49 kB | 41/89 kB | 32/211 kB | 13 kB Progress (4): 49 kB | 41/89 kB | 37/211 kB | 13 kB Progress (4): 49 kB | 45/89 kB | 37/211 kB | 13 kB Progress (4): 49 kB | 45/89 kB | 41/211 kB | 13 kB Progress (4): 49 kB | 49/89 kB | 41/211 kB | 13 kB Progress (4): 49 kB | 49/89 kB | 45/211 kB | 13 kB Progress (4): 49 kB | 49/89 kB | 49/211 kB | 13 kB Progress (4): 49 kB | 53/89 kB | 49/211 kB | 13 kB Progress (4): 49 kB | 57/89 kB | 49/211 kB | 13 kB Progress (4): 49 kB | 57/89 kB | 53/211 kB | 13 kB Progress (4): 49 kB | 61/89 kB | 53/211 kB | 13 kB Progress (4): 49 kB | 61/89 kB | 57/211 kB | 13 kB Progress (4): 49 kB | 65/89 kB | 57/211 kB | 13 kB Progress (4): 49 kB | 65/89 kB | 61/211 kB | 13 kB Progress (4): 49 kB | 69/89 kB | 61/211 kB | 13 kB Progress (4): 49 kB | 69/89 kB | 65/211 kB | 13 kB Progress (4): 49 kB | 73/89 kB | 65/211 kB | 13 kB Progress (4): 49 kB | 77/89 kB | 65/211 kB | 13 kB Progress (4): 49 kB | 81/89 kB | 65/211 kB | 13 kB Progress (4): 49 kB | 81/89 kB | 69/211 kB | 13 kB Progress (4): 49 kB | 81/89 kB | 73/211 kB | 13 kB Progress (4): 49 kB | 86/89 kB | 73/211 kB | 13 kB Progress (4): 49 kB | 86/89 kB | 78/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 78/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 82/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 86/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 90/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 94/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 98/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 102/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 106/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 110/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 114/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 118/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 123/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 127/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 131/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 135/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 139/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 143/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 147/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 151/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 155/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 159/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 164/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 168/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 172/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 176/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 180/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 184/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 188/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 192/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 196/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 200/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 204/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 209/211 kB | 13 kB Progress (4): 49 kB | 89 kB | 211 kB | 13 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 4.1/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 7.7/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 12/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 16/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 20/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 24/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 28/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 32/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 36/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 41/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 45/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 49/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 53/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 57/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 61/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 65/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 69/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 73/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 77/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 81/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 85/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 89/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 94/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 98/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 102/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 106/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 110/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 114/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 118/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 122/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 126/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 130/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 134/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 139/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 143/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 147/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 151/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 155/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 159/160 kB Progress (5): 49 kB | 89 kB | 211 kB | 13 kB | 160 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 322 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 4.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Progress (2): 160 kB | 4.1/35 kB Progress (2): 160 kB | 7.7/35 kB Progress (2): 160 kB | 12/35 kB Progress (2): 160 kB | 16/35 kB Progress (2): 160 kB | 20/35 kB Progress (2): 160 kB | 24/35 kB Progress (2): 160 kB | 28/35 kB Progress (2): 160 kB | 32/35 kB Progress (2): 160 kB | 35 kB Progress (3): 160 kB | 35 kB | 3.4/87 kB Progress (3): 160 kB | 35 kB | 7.5/87 kB Progress (3): 160 kB | 35 kB | 12/87 kB Progress (3): 160 kB | 35 kB | 16/87 kB Progress (3): 160 kB | 35 kB | 20/87 kB Progress (3): 160 kB | 35 kB | 24/87 kB Progress (3): 160 kB | 35 kB | 28/87 kB Progress (3): 160 kB | 35 kB | 32/87 kB Progress (3): 160 kB | 35 kB | 36/87 kB Progress (3): 160 kB | 35 kB | 40/87 kB Progress (3): 160 kB | 35 kB | 44/87 kB Progress (3): 160 kB | 35 kB | 48/87 kB Progress (3): 160 kB | 35 kB | 53/87 kB Progress (3): 160 kB | 35 kB | 57/87 kB Progress (3): 160 kB | 35 kB | 61/87 kB Progress (3): 160 kB | 35 kB | 65/87 kB Progress (3): 160 kB | 35 kB | 69/87 kB Progress (3): 160 kB | 35 kB | 73/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 2.7 MB/s) Progress (2): 35 kB | 77/87 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (2): 35 kB | 81/87 kB Progress (2): 35 kB | 85/87 kB Progress (2): 35 kB | 87 kB Progress (3): 35 kB | 87 kB | 4.1/21 kB Progress (3): 35 kB | 87 kB | 7.7/21 kB Progress (3): 35 kB | 87 kB | 12/21 kB Progress (3): 35 kB | 87 kB | 16/21 kB Progress (3): 35 kB | 87 kB | 20/21 kB Progress (3): 35 kB | 87 kB | 21 kB Progress (4): 35 kB | 87 kB | 21 kB | 4.1/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 7.7/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 12/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 16/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 20/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 24/25 kB Progress (4): 35 kB | 87 kB | 21 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 478 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (4): 87 kB | 21 kB | 25 kB | 4.1/14 kB Progress (4): 87 kB | 21 kB | 25 kB | 7.5/14 kB Progress (4): 87 kB | 21 kB | 25 kB | 12/14 kB Progress (4): 87 kB | 21 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 303 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 252 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (1): 4.1/122 kB Progress (1): 7.7/122 kB Progress (2): 7.7/122 kB | 4.1/29 kB Progress (2): 12/122 kB | 4.1/29 kB Progress (2): 16/122 kB | 4.1/29 kB Progress (2): 16/122 kB | 7.7/29 kB Progress (2): 16/122 kB | 12/29 kB Progress (2): 16/122 kB | 16/29 kB Progress (2): 20/122 kB | 16/29 kB Progress (2): 24/122 kB | 16/29 kB Progress (2): 28/122 kB | 16/29 kB Progress (2): 28/122 kB | 20/29 kB Progress (2): 32/122 kB | 20/29 kB Progress (2): 32/122 kB | 24/29 kB Progress (2): 32/122 kB | 28/29 kB Progress (2): 32/122 kB | 29 kB Progress (2): 36/122 kB | 29 kB Progress (2): 41/122 kB | 29 kB Progress (2): 45/122 kB | 29 kB Progress (2): 49/122 kB | 29 kB Progress (2): 53/122 kB | 29 kB Progress (2): 57/122 kB | 29 kB Progress (2): 61/122 kB | 29 kB Progress (2): 65/122 kB | 29 kB Progress (2): 69/122 kB | 29 kB Progress (2): 73/122 kB | 29 kB Progress (2): 77/122 kB | 29 kB Progress (2): 81/122 kB | 29 kB Progress (2): 86/122 kB | 29 kB Progress (2): 90/122 kB | 29 kB Progress (2): 94/122 kB | 29 kB Progress (2): 98/122 kB | 29 kB Progress (2): 102/122 kB | 29 kB Progress (2): 106/122 kB | 29 kB Progress (2): 110/122 kB | 29 kB Progress (2): 114/122 kB | 29 kB Progress (2): 118/122 kB | 29 kB Progress (3): 118/122 kB | 29 kB | 4.1/37 kB Progress (3): 122 kB | 29 kB | 4.1/37 kB Progress (3): 122 kB | 29 kB | 7.7/37 kB Progress (3): 122 kB | 29 kB | 12/37 kB Progress (3): 122 kB | 29 kB | 16/37 kB Progress (3): 122 kB | 29 kB | 20/37 kB Progress (3): 122 kB | 29 kB | 24/37 kB Progress (3): 122 kB | 29 kB | 28/37 kB Progress (3): 122 kB | 29 kB | 32/37 kB Progress (3): 122 kB | 29 kB | 36/37 kB Progress (3): 122 kB | 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (2): 37 kB | 4.1/58 kB Progress (2): 37 kB | 7.7/58 kB Progress (2): 37 kB | 12/58 kB Progress (2): 37 kB | 16/58 kB Progress (2): 37 kB | 20/58 kB Progress (2): 37 kB | 24/58 kB Progress (2): 37 kB | 28/58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (1): 32/58 kB Progress (1): 36/58 kB Progress (1): 40/58 kB Progress (1): 44/58 kB Progress (1): 48/58 kB Progress (1): 53/58 kB Progress (1): 57/58 kB Progress (1): 58 kB Progress (2): 58 kB | 4.1/33 kB Progress (2): 58 kB | 7.7/33 kB Progress (2): 58 kB | 12/33 kB Progress (2): 58 kB | 16/33 kB Progress (2): 58 kB | 20/33 kB Progress (2): 58 kB | 24/33 kB Progress (2): 58 kB | 28/33 kB Progress (2): 58 kB | 32/33 kB Progress (2): 58 kB | 33 kB Progress (3): 58 kB | 33 kB | 4.1/155 kB Progress (3): 58 kB | 33 kB | 7.7/155 kB Progress (3): 58 kB | 33 kB | 12/155 kB Progress (3): 58 kB | 33 kB | 16/155 kB Progress (3): 58 kB | 33 kB | 20/155 kB Progress (3): 58 kB | 33 kB | 24/155 kB Progress (3): 58 kB | 33 kB | 28/155 kB Progress (3): 58 kB | 33 kB | 32/155 kB Progress (3): 58 kB | 33 kB | 36/155 kB Progress (3): 58 kB | 33 kB | 41/155 kB Progress (3): 58 kB | 33 kB | 45/155 kB Progress (3): 58 kB | 33 kB | 49/155 kB Progress (3): 58 kB | 33 kB | 53/155 kB Progress (3): 58 kB | 33 kB | 57/155 kB Progress (3): 58 kB | 33 kB | 61/155 kB Progress (3): 58 kB | 33 kB | 65/155 kB Progress (3): 58 kB | 33 kB | 69/155 kB Progress (3): 58 kB | 33 kB | 73/155 kB Progress (3): 58 kB | 33 kB | 77/155 kB Progress (3): 58 kB | 33 kB | 81/155 kB Progress (3): 58 kB | 33 kB | 86/155 kB Progress (3): 58 kB | 33 kB | 90/155 kB Progress (3): 58 kB | 33 kB | 94/155 kB Progress (3): 58 kB | 33 kB | 98/155 kB Progress (3): 58 kB | 33 kB | 102/155 kB Progress (3): 58 kB | 33 kB | 106/155 kB Progress (3): 58 kB | 33 kB | 110/155 kB Progress (3): 58 kB | 33 kB | 114/155 kB Progress (3): 58 kB | 33 kB | 118/155 kB Progress (3): 58 kB | 33 kB | 122/155 kB Progress (3): 58 kB | 33 kB | 127/155 kB Progress (3): 58 kB | 33 kB | 131/155 kB Progress (3): 58 kB | 33 kB | 135/155 kB Progress (3): 58 kB | 33 kB | 139/155 kB Progress (3): 58 kB | 33 kB | 143/155 kB Progress (3): 58 kB | 33 kB | 147/155 kB Progress (3): 58 kB | 33 kB | 151/155 kB Progress (3): 58 kB | 33 kB | 155 kB Progress (4): 58 kB | 33 kB | 155 kB | 4.1/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 7.7/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 12/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 16/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 20/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 24/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 28/32 kB Progress (4): 58 kB | 33 kB | 155 kB | 32 kB Progress (5): 58 kB | 33 kB | 155 kB | 32 kB | 4.1/10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 396 kB/s) Progress (4): 33 kB | 155 kB | 32 kB | 7.7/10 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (4): 33 kB | 155 kB | 32 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (3): 155 kB | 10 kB | 4.1/14 kB Progress (3): 155 kB | 10 kB | 7.7/14 kB Progress (3): 155 kB | 10 kB | 12/14 kB Progress (3): 155 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 936 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (3): 10 kB | 14 kB | 4.1/4.2 kB Progress (3): 10 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (2): 4.2 kB | 4.1/25 kB Progress (2): 4.2 kB | 7.7/25 kB Progress (2): 4.2 kB | 12/25 kB Progress (2): 4.2 kB | 16/25 kB Progress (2): 4.2 kB | 20/25 kB Progress (2): 4.2 kB | 24/25 kB Progress (2): 4.2 kB | 25 kB Progress (3): 4.2 kB | 25 kB | 4.1/4.6 kB Progress (3): 4.2 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (2): 25 kB | 4.1/217 kB Progress (2): 25 kB | 7.7/217 kB Progress (2): 25 kB | 12/217 kB Progress (2): 25 kB | 16/217 kB Progress (2): 25 kB | 20/217 kB Progress (2): 25 kB | 24/217 kB Progress (2): 25 kB | 28/217 kB Progress (2): 25 kB | 32/217 kB Progress (2): 25 kB | 36/217 kB Progress (2): 25 kB | 41/217 kB Progress (2): 25 kB | 45/217 kB Progress (2): 25 kB | 49/217 kB Progress (2): 25 kB | 53/217 kB Progress (2): 25 kB | 57/217 kB Progress (2): 25 kB | 61/217 kB Progress (2): 25 kB | 65/217 kB Progress (2): 25 kB | 69/217 kB Progress (2): 25 kB | 73/217 kB Progress (2): 25 kB | 77/217 kB Progress (2): 25 kB | 81/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (1): 86/217 kB Progress (1): 90/217 kB Progress (1): 94/217 kB Progress (1): 98/217 kB Progress (1): 102/217 kB Progress (1): 106/217 kB Progress (1): 110/217 kB Progress (1): 114/217 kB Progress (1): 118/217 kB Progress (1): 122/217 kB Progress (1): 127/217 kB Progress (1): 131/217 kB Progress (1): 135/217 kB Progress (1): 139/217 kB Progress (1): 143/217 kB Progress (1): 147/217 kB Progress (1): 151/217 kB Progress (1): 155/217 kB Progress (1): 159/217 kB Progress (1): 163/217 kB Progress (1): 167/217 kB Progress (1): 172/217 kB Progress (1): 176/217 kB Progress (1): 180/217 kB Progress (1): 184/217 kB Progress (1): 188/217 kB Progress (1): 192/217 kB Progress (1): 196/217 kB Progress (1): 200/217 kB Progress (1): 204/217 kB Progress (1): 208/217 kB Progress (1): 213/217 kB Progress (1): 217/217 kB Progress (1): 217 kB Progress (2): 217 kB | 4.1/19 kB Progress (2): 217 kB | 7.7/19 kB Progress (2): 217 kB | 12/19 kB Progress (2): 217 kB | 16/19 kB Progress (2): 217 kB | 19 kB Progress (3): 217 kB | 19 kB | 4.1/46 kB Progress (3): 217 kB | 19 kB | 7.7/46 kB Progress (3): 217 kB | 19 kB | 12/46 kB Progress (3): 217 kB | 19 kB | 16/46 kB Progress (3): 217 kB | 19 kB | 20/46 kB Progress (3): 217 kB | 19 kB | 24/46 kB Progress (3): 217 kB | 19 kB | 28/46 kB Progress (3): 217 kB | 19 kB | 32/46 kB Progress (3): 217 kB | 19 kB | 36/46 kB Progress (3): 217 kB | 19 kB | 41/46 kB Progress (3): 217 kB | 19 kB | 45/46 kB Progress (3): 217 kB | 19 kB | 46 kB Progress (4): 217 kB | 19 kB | 46 kB | 4.1/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 8.2/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 12/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 16/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 20/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 25/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 29/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 33/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 37/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 41/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 45/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 49/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 53/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 57/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 61/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 66/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 70/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 74/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 78/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 82/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 86/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 90/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 94/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 98/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 102/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 106/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 111/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 115/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 119/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 123/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 127/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 131/134 kB Progress (4): 217 kB | 19 kB | 46 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (4): 217 kB | 19 kB | 134 kB | 4.1/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 7.7/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 12/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 16/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 20/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 24/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 28/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 32/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 36/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 41/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 45/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 49/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 53/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 57/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 61/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 65/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 69/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 73/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 77/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 81/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 86/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 90/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 94/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 98/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 102/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 106/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 110/358 kB Progress (4): 217 kB | 19 kB | 134 kB | 114/358 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 217 kB | 134 kB | 118/358 kB Progress (3): 217 kB | 134 kB | 122/358 kB Progress (3): 217 kB | 134 kB | 127/358 kB Progress (3): 217 kB | 134 kB | 131/358 kB Progress (3): 217 kB | 134 kB | 135/358 kB Progress (3): 217 kB | 134 kB | 139/358 kB Progress (3): 217 kB | 134 kB | 143/358 kB Progress (3): 217 kB | 134 kB | 147/358 kB Progress (3): 217 kB | 134 kB | 151/358 kB Progress (3): 217 kB | 134 kB | 155/358 kB Progress (3): 217 kB | 134 kB | 159/358 kB Progress (3): 217 kB | 134 kB | 163/358 kB Progress (3): 217 kB | 134 kB | 167/358 kB Progress (3): 217 kB | 134 kB | 172/358 kB Progress (3): 217 kB | 134 kB | 176/358 kB Progress (3): 217 kB | 134 kB | 180/358 kB Progress (3): 217 kB | 134 kB | 184/358 kB Progress (3): 217 kB | 134 kB | 188/358 kB Progress (3): 217 kB | 134 kB | 192/358 kB Progress (3): 217 kB | 134 kB | 196/358 kB Progress (3): 217 kB | 134 kB | 200/358 kB Progress (3): 217 kB | 134 kB | 204/358 kB Progress (3): 217 kB | 134 kB | 208/358 kB Progress (3): 217 kB | 134 kB | 213/358 kB Progress (3): 217 kB | 134 kB | 217/358 kB Progress (3): 217 kB | 134 kB | 221/358 kB Progress (3): 217 kB | 134 kB | 225/358 kB Progress (3): 217 kB | 134 kB | 229/358 kB Progress (3): 217 kB | 134 kB | 232/358 kB Progress (3): 217 kB | 134 kB | 236/358 kB Progress (3): 217 kB | 134 kB | 240/358 kB Progress (3): 217 kB | 134 kB | 244/358 kB Progress (3): 217 kB | 134 kB | 248/358 kB Progress (3): 217 kB | 134 kB | 253/358 kB Progress (3): 217 kB | 134 kB | 257/358 kB Progress (3): 217 kB | 134 kB | 261/358 kB Progress (3): 217 kB | 134 kB | 265/358 kB Progress (3): 217 kB | 134 kB | 269/358 kB Progress (3): 217 kB | 134 kB | 273/358 kB Progress (3): 217 kB | 134 kB | 277/358 kB Progress (3): 217 kB | 134 kB | 281/358 kB Progress (3): 217 kB | 134 kB | 285/358 kB Progress (3): 217 kB | 134 kB | 289/358 kB Progress (3): 217 kB | 134 kB | 294/358 kB Progress (3): 217 kB | 134 kB | 298/358 kB Progress (3): 217 kB | 134 kB | 302/358 kB Progress (3): 217 kB | 134 kB | 306/358 kB Progress (3): 217 kB | 134 kB | 310/358 kB Progress (3): 217 kB | 134 kB | 314/358 kB Progress (3): 217 kB | 134 kB | 318/358 kB Progress (3): 217 kB | 134 kB | 322/358 kB Progress (3): 217 kB | 134 kB | 326/358 kB Progress (3): 217 kB | 134 kB | 330/358 kB Progress (3): 217 kB | 134 kB | 334/358 kB Progress (3): 217 kB | 134 kB | 339/358 kB Progress (3): 217 kB | 134 kB | 343/358 kB Progress (3): 217 kB | 134 kB | 347/358 kB Progress (3): 217 kB | 134 kB | 351/358 kB Progress (3): 217 kB | 134 kB | 355/358 kB Progress (3): 217 kB | 134 kB | 358 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 560 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 895 kB/s) Progress (2): 358 kB | 4.1/45 kB Progress (2): 358 kB | 7.7/45 kB Progress (2): 358 kB | 12/45 kB Progress (2): 358 kB | 16/45 kB Progress (2): 358 kB | 20/45 kB Progress (2): 358 kB | 24/45 kB Progress (2): 358 kB | 28/45 kB Progress (2): 358 kB | 32/45 kB Progress (2): 358 kB | 36/45 kB Progress (2): 358 kB | 41/45 kB Progress (2): 358 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.4 MB/s) Progress (2): 45 kB | 4.1/121 kB Progress (2): 45 kB | 7.7/121 kB Progress (2): 45 kB | 12/121 kB Progress (2): 45 kB | 16/121 kB Progress (2): 45 kB | 20/121 kB Progress (2): 45 kB | 24/121 kB Progress (2): 45 kB | 28/121 kB Progress (3): 45 kB | 28/121 kB | 4.1/640 kB Progress (3): 45 kB | 32/121 kB | 4.1/640 kB Progress (3): 45 kB | 32/121 kB | 7.7/640 kB Progress (3): 45 kB | 32/121 kB | 12/640 kB Progress (3): 45 kB | 32/121 kB | 16/640 kB Progress (3): 45 kB | 36/121 kB | 16/640 kB Progress (3): 45 kB | 40/121 kB | 16/640 kB Progress (3): 45 kB | 44/121 kB | 16/640 kB Progress (3): 45 kB | 44/121 kB | 20/640 kB Progress (3): 45 kB | 48/121 kB | 20/640 kB Progress (3): 45 kB | 48/121 kB | 24/640 kB Progress (3): 45 kB | 48/121 kB | 28/640 kB Progress (3): 45 kB | 48/121 kB | 32/640 kB Progress (3): 45 kB | 53/121 kB | 32/640 kB Progress (3): 45 kB | 57/121 kB | 32/640 kB Progress (3): 45 kB | 61/121 kB | 32/640 kB Progress (3): 45 kB | 61/121 kB | 36/640 kB Progress (3): 45 kB | 65/121 kB | 36/640 kB Progress (3): 45 kB | 65/121 kB | 41/640 kB Progress (3): 45 kB | 65/121 kB | 45/640 kB Progress (3): 45 kB | 65/121 kB | 49/640 kB Progress (3): 45 kB | 69/121 kB | 49/640 kB Progress (3): 45 kB | 73/121 kB | 49/640 kB Progress (3): 45 kB | 77/121 kB | 49/640 kB Progress (3): 45 kB | 77/121 kB | 53/640 kB Progress (3): 45 kB | 81/121 kB | 53/640 kB Progress (3): 45 kB | 81/121 kB | 57/640 kB Progress (3): 45 kB | 81/121 kB | 61/640 kB Progress (3): 45 kB | 81/121 kB | 65/640 kB Progress (3): 45 kB | 85/121 kB | 65/640 kB Progress (3): 45 kB | 89/121 kB | 65/640 kB Progress (3): 45 kB | 94/121 kB | 65/640 kB Progress (3): 45 kB | 98/121 kB | 65/640 kB Progress (3): 45 kB | 98/121 kB | 69/640 kB Progress (3): 45 kB | 98/121 kB | 73/640 kB Progress (3): 45 kB | 98/121 kB | 77/640 kB Progress (3): 45 kB | 102/121 kB | 77/640 kB Progress (3): 45 kB | 102/121 kB | 81/640 kB Progress (3): 45 kB | 106/121 kB | 81/640 kB Progress (3): 45 kB | 110/121 kB | 81/640 kB Progress (3): 45 kB | 114/121 kB | 81/640 kB Progress (3): 45 kB | 114/121 kB | 86/640 kB Progress (3): 45 kB | 118/121 kB | 86/640 kB Progress (3): 45 kB | 118/121 kB | 90/640 kB Progress (3): 45 kB | 121 kB | 90/640 kB Progress (3): 45 kB | 121 kB | 94/640 kB Progress (3): 45 kB | 121 kB | 98/640 kB Progress (3): 45 kB | 121 kB | 102/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 171 kB/s) Progress (2): 121 kB | 106/640 kB Progress (2): 121 kB | 110/640 kB Progress (2): 121 kB | 114/640 kB Progress (2): 121 kB | 118/640 kB Progress (2): 121 kB | 122/640 kB Progress (2): 121 kB | 127/640 kB Progress (2): 121 kB | 130/640 kB Progress (2): 121 kB | 134/640 kB Progress (2): 121 kB | 139/640 kB Progress (2): 121 kB | 143/640 kB Progress (2): 121 kB | 147/640 kB Progress (2): 121 kB | 151/640 kB Progress (2): 121 kB | 155/640 kB Progress (2): 121 kB | 159/640 kB Progress (2): 121 kB | 163/640 kB Progress (2): 121 kB | 167/640 kB Progress (2): 121 kB | 171/640 kB Progress (2): 121 kB | 175/640 kB Progress (2): 121 kB | 180/640 kB Progress (2): 121 kB | 184/640 kB Progress (2): 121 kB | 188/640 kB Progress (2): 121 kB | 192/640 kB Progress (2): 121 kB | 196/640 kB Progress (2): 121 kB | 200/640 kB Progress (2): 121 kB | 204/640 kB Progress (2): 121 kB | 208/640 kB Progress (2): 121 kB | 212/640 kB Progress (2): 121 kB | 216/640 kB Progress (2): 121 kB | 220/640 kB Progress (2): 121 kB | 225/640 kB Progress (2): 121 kB | 229/640 kB Progress (2): 121 kB | 233/640 kB Progress (2): 121 kB | 237/640 kB Progress (2): 121 kB | 241/640 kB Progress (2): 121 kB | 245/640 kB Progress (2): 121 kB | 249/640 kB Progress (2): 121 kB | 253/640 kB Progress (2): 121 kB | 257/640 kB Progress (2): 121 kB | 261/640 kB Progress (2): 121 kB | 266/640 kB Progress (2): 121 kB | 270/640 kB Progress (2): 121 kB | 274/640 kB Progress (2): 121 kB | 278/640 kB Progress (2): 121 kB | 282/640 kB Progress (2): 121 kB | 286/640 kB Progress (2): 121 kB | 290/640 kB Progress (2): 121 kB | 294/640 kB Progress (2): 121 kB | 298/640 kB Progress (2): 121 kB | 302/640 kB Progress (2): 121 kB | 307/640 kB Progress (2): 121 kB | 311/640 kB Progress (2): 121 kB | 315/640 kB Progress (2): 121 kB | 319/640 kB Progress (2): 121 kB | 323/640 kB Progress (2): 121 kB | 327/640 kB Progress (2): 121 kB | 331/640 kB Progress (2): 121 kB | 335/640 kB Progress (2): 121 kB | 339/640 kB Progress (2): 121 kB | 342/640 kB Progress (2): 121 kB | 346/640 kB Progress (2): 121 kB | 350/640 kB Progress (2): 121 kB | 354/640 kB Progress (2): 121 kB | 359/640 kB Progress (2): 121 kB | 363/640 kB Progress (2): 121 kB | 367/640 kB Progress (2): 121 kB | 371/640 kB Progress (2): 121 kB | 375/640 kB Progress (2): 121 kB | 379/640 kB Progress (2): 121 kB | 383/640 kB Progress (2): 121 kB | 387/640 kB Progress (2): 121 kB | 391/640 kB Progress (2): 121 kB | 395/640 kB Progress (2): 121 kB | 399/640 kB Progress (2): 121 kB | 404/640 kB Progress (2): 121 kB | 408/640 kB Progress (2): 121 kB | 412/640 kB Progress (2): 121 kB | 416/640 kB Progress (2): 121 kB | 420/640 kB Progress (2): 121 kB | 424/640 kB Progress (2): 121 kB | 428/640 kB Progress (2): 121 kB | 432/640 kB Progress (2): 121 kB | 436/640 kB Progress (2): 121 kB | 440/640 kB Progress (2): 121 kB | 445/640 kB Progress (2): 121 kB | 449/640 kB Progress (2): 121 kB | 453/640 kB Progress (2): 121 kB | 457/640 kB Progress (2): 121 kB | 461/640 kB Progress (2): 121 kB | 465/640 kB Progress (2): 121 kB | 469/640 kB Progress (2): 121 kB | 473/640 kB Progress (2): 121 kB | 477/640 kB Progress (2): 121 kB | 481/640 kB Progress (2): 121 kB | 486/640 kB Progress (2): 121 kB | 490/640 kB Progress (2): 121 kB | 494/640 kB Progress (2): 121 kB | 498/640 kB Progress (2): 121 kB | 502/640 kB Progress (2): 121 kB | 506/640 kB Progress (2): 121 kB | 510/640 kB Progress (2): 121 kB | 514/640 kB Progress (2): 121 kB | 518/640 kB Progress (2): 121 kB | 522/640 kB Progress (2): 121 kB | 526/640 kB Progress (2): 121 kB | 531/640 kB Progress (2): 121 kB | 535/640 kB Progress (2): 121 kB | 539/640 kB Progress (2): 121 kB | 543/640 kB Progress (2): 121 kB | 547/640 kB Progress (2): 121 kB | 551/640 kB Progress (2): 121 kB | 555/640 kB Progress (2): 121 kB | 559/640 kB Progress (2): 121 kB | 563/640 kB Progress (2): 121 kB | 567/640 kB Progress (2): 121 kB | 572/640 kB Progress (2): 121 kB | 576/640 kB Progress (2): 121 kB | 580/640 kB Progress (2): 121 kB | 584/640 kB Progress (2): 121 kB | 588/640 kB Progress (2): 121 kB | 592/640 kB Progress (2): 121 kB | 596/640 kB Progress (2): 121 kB | 600/640 kB Progress (2): 121 kB | 604/640 kB Progress (2): 121 kB | 608/640 kB Progress (2): 121 kB | 612/640 kB Progress (2): 121 kB | 617/640 kB Progress (2): 121 kB | 621/640 kB Progress (2): 121 kB | 625/640 kB Progress (2): 121 kB | 629/640 kB Progress (2): 121 kB | 633/640 kB Progress (2): 121 kB | 637/640 kB Progress (2): 121 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 434 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.2 MB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 317 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 665 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 427 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/118 kB Progress (1): 7.7/118 kB Progress (1): 12/118 kB Progress (1): 16/118 kB Progress (1): 20/118 kB Progress (1): 24/118 kB Progress (1): 28/118 kB Progress (1): 32/118 kB Progress (1): 36/118 kB Progress (1): 41/118 kB Progress (1): 45/118 kB Progress (1): 49/118 kB Progress (1): 53/118 kB Progress (1): 57/118 kB Progress (1): 61/118 kB Progress (1): 65/118 kB Progress (1): 69/118 kB Progress (1): 73/118 kB Progress (1): 77/118 kB Progress (1): 81/118 kB Progress (1): 86/118 kB Progress (1): 90/118 kB Progress (1): 94/118 kB Progress (1): 98/118 kB Progress (1): 102/118 kB Progress (1): 106/118 kB Progress (1): 110/118 kB Progress (1): 114/118 kB Progress (1): 118 kB Progress (2): 118 kB | 4.1/31 kB Progress (2): 118 kB | 7.7/31 kB Progress (2): 118 kB | 12/31 kB Progress (3): 118 kB | 12/31 kB | 4.1/316 kB Progress (3): 118 kB | 12/31 kB | 7.7/316 kB Progress (3): 118 kB | 12/31 kB | 12/316 kB Progress (3): 118 kB | 12/31 kB | 16/316 kB Progress (3): 118 kB | 16/31 kB | 16/316 kB Progress (3): 118 kB | 20/31 kB | 16/316 kB Progress (3): 118 kB | 24/31 kB | 16/316 kB Progress (3): 118 kB | 28/31 kB | 16/316 kB Progress (3): 118 kB | 31 kB | 16/316 kB Progress (3): 118 kB | 31 kB | 20/316 kB Progress (3): 118 kB | 31 kB | 24/316 kB Progress (3): 118 kB | 31 kB | 28/316 kB Progress (3): 118 kB | 31 kB | 32/316 kB Progress (3): 118 kB | 31 kB | 36/316 kB Progress (3): 118 kB | 31 kB | 41/316 kB Progress (3): 118 kB | 31 kB | 45/316 kB Progress (3): 118 kB | 31 kB | 49/316 kB Progress (3): 118 kB | 31 kB | 53/316 kB Progress (3): 118 kB | 31 kB | 57/316 kB Progress (3): 118 kB | 31 kB | 61/316 kB Progress (3): 118 kB | 31 kB | 65/316 kB Progress (3): 118 kB | 31 kB | 69/316 kB Progress (3): 118 kB | 31 kB | 73/316 kB Progress (3): 118 kB | 31 kB | 77/316 kB Progress (3): 118 kB | 31 kB | 81/316 kB Progress (3): 118 kB | 31 kB | 86/316 kB Progress (3): 118 kB | 31 kB | 90/316 kB Progress (3): 118 kB | 31 kB | 94/316 kB Progress (3): 118 kB | 31 kB | 98/316 kB Progress (3): 118 kB | 31 kB | 102/316 kB Progress (3): 118 kB | 31 kB | 106/316 kB Progress (3): 118 kB | 31 kB | 110/316 kB Progress (3): 118 kB | 31 kB | 114/316 kB Progress (3): 118 kB | 31 kB | 118/316 kB Progress (3): 118 kB | 31 kB | 122/316 kB Progress (3): 118 kB | 31 kB | 127/316 kB Progress (3): 118 kB | 31 kB | 131/316 kB Progress (4): 118 kB | 31 kB | 131/316 kB | 4.1/263 kB Progress (4): 118 kB | 31 kB | 131/316 kB | 7.7/263 kB Progress (4): 118 kB | 31 kB | 135/316 kB | 7.7/263 kB Progress (4): 118 kB | 31 kB | 135/316 kB | 12/263 kB Progress (4): 118 kB | 31 kB | 135/316 kB | 16/263 kB Progress (4): 118 kB | 31 kB | 139/316 kB | 16/263 kB Progress (4): 118 kB | 31 kB | 139/316 kB | 20/263 kB Progress (4): 118 kB | 31 kB | 143/316 kB | 20/263 kB Progress (4): 118 kB | 31 kB | 143/316 kB | 24/263 kB Progress (4): 118 kB | 31 kB | 147/316 kB | 24/263 kB Progress (4): 118 kB | 31 kB | 147/316 kB | 28/263 kB Progress (4): 118 kB | 31 kB | 147/316 kB | 32/263 kB Progress (4): 118 kB | 31 kB | 151/316 kB | 32/263 kB Progress (4): 118 kB | 31 kB | 151/316 kB | 36/263 kB Progress (4): 118 kB | 31 kB | 155/316 kB | 36/263 kB Progress (4): 118 kB | 31 kB | 155/316 kB | 41/263 kB Progress (4): 118 kB | 31 kB | 159/316 kB | 41/263 kB Progress (4): 118 kB | 31 kB | 159/316 kB | 45/263 kB Progress (4): 118 kB | 31 kB | 163/316 kB | 45/263 kB Progress (4): 118 kB | 31 kB | 163/316 kB | 49/263 kB Progress (4): 118 kB | 31 kB | 167/316 kB | 49/263 kB Progress (4): 118 kB | 31 kB | 172/316 kB | 49/263 kB Progress (4): 118 kB | 31 kB | 176/316 kB | 49/263 kB Progress (4): 118 kB | 31 kB | 176/316 kB | 53/263 kB Progress (4): 118 kB | 31 kB | 180/316 kB | 53/263 kB Progress (4): 118 kB | 31 kB | 180/316 kB | 57/263 kB Progress (4): 118 kB | 31 kB | 180/316 kB | 61/263 kB Progress (4): 118 kB | 31 kB | 184/316 kB | 61/263 kB Progress (4): 118 kB | 31 kB | 184/316 kB | 65/263 kB Progress (4): 118 kB | 31 kB | 188/316 kB | 65/263 kB Progress (4): 118 kB | 31 kB | 192/316 kB | 65/263 kB Progress (4): 118 kB | 31 kB | 196/316 kB | 65/263 kB Progress (4): 118 kB | 31 kB | 196/316 kB | 69/263 kB Progress (4): 118 kB | 31 kB | 196/316 kB | 73/263 kB Progress (4): 118 kB | 31 kB | 200/316 kB | 73/263 kB Progress (4): 118 kB | 31 kB | 200/316 kB | 77/263 kB Progress (4): 118 kB | 31 kB | 204/316 kB | 77/263 kB Progress (4): 118 kB | 31 kB | 204/316 kB | 81/263 kB Progress (4): 118 kB | 31 kB | 208/316 kB | 81/263 kB Progress (4): 118 kB | 31 kB | 213/316 kB | 81/263 kB Progress (4): 118 kB | 31 kB | 213/316 kB | 86/263 kB Progress (4): 118 kB | 31 kB | 217/316 kB | 86/263 kB Progress (4): 118 kB | 31 kB | 217/316 kB | 90/263 kB Progress (4): 118 kB | 31 kB | 221/316 kB | 90/263 kB Progress (4): 118 kB | 31 kB | 221/316 kB | 94/263 kB Progress (4): 118 kB | 31 kB | 225/316 kB | 94/263 kB Progress (4): 118 kB | 31 kB | 225/316 kB | 98/263 kB Progress (4): 118 kB | 31 kB | 229/316 kB | 98/263 kB Progress (4): 118 kB | 31 kB | 229/316 kB | 102/263 kB Progress (4): 118 kB | 31 kB | 233/316 kB | 102/263 kB Progress (4): 118 kB | 31 kB | 233/316 kB | 106/263 kB Progress (4): 118 kB | 31 kB | 237/316 kB | 106/263 kB Progress (4): 118 kB | 31 kB | 237/316 kB | 110/263 kB Progress (4): 118 kB | 31 kB | 241/316 kB | 110/263 kB Progress (4): 118 kB | 31 kB | 241/316 kB | 114/263 kB Progress (4): 118 kB | 31 kB | 245/316 kB | 114/263 kB Progress (4): 118 kB | 31 kB | 245/316 kB | 118/263 kB Progress (4): 118 kB | 31 kB | 249/316 kB | 118/263 kB Progress (4): 118 kB | 31 kB | 249/316 kB | 122/263 kB Progress (4): 118 kB | 31 kB | 254/316 kB | 122/263 kB Progress (4): 118 kB | 31 kB | 254/316 kB | 127/263 kB Progress (4): 118 kB | 31 kB | 258/316 kB | 127/263 kB Progress (4): 118 kB | 31 kB | 258/316 kB | 131/263 kB Progress (4): 118 kB | 31 kB | 262/316 kB | 131/263 kB Progress (4): 118 kB | 31 kB | 262/316 kB | 135/263 kB Progress (4): 118 kB | 31 kB | 266/316 kB | 135/263 kB Progress (4): 118 kB | 31 kB | 270/316 kB | 135/263 kB Progress (4): 118 kB | 31 kB | 274/316 kB | 135/263 kB Progress (4): 118 kB | 31 kB | 274/316 kB | 139/263 kB Progress (4): 118 kB | 31 kB | 278/316 kB | 139/263 kB Progress (4): 118 kB | 31 kB | 278/316 kB | 143/263 kB Progress (4): 118 kB | 31 kB | 278/316 kB | 147/263 kB Progress (4): 118 kB | 31 kB | 282/316 kB | 147/263 kB Progress (4): 118 kB | 31 kB | 286/316 kB | 147/263 kB Progress (4): 118 kB | 31 kB | 290/316 kB | 147/263 kB Progress (4): 118 kB | 31 kB | 290/316 kB | 151/263 kB Progress (4): 118 kB | 31 kB | 294/316 kB | 151/263 kB Progress (4): 118 kB | 31 kB | 294/316 kB | 155/263 kB Progress (4): 118 kB | 31 kB | 294/316 kB | 159/263 kB Progress (4): 118 kB | 31 kB | 299/316 kB | 159/263 kB Progress (4): 118 kB | 31 kB | 299/316 kB | 163/263 kB Progress (4): 118 kB | 31 kB | 303/316 kB | 163/263 kB Progress (4): 118 kB | 31 kB | 307/316 kB | 163/263 kB Progress (4): 118 kB | 31 kB | 311/316 kB | 163/263 kB Progress (4): 118 kB | 31 kB | 311/316 kB | 167/263 kB Progress (4): 118 kB | 31 kB | 315/316 kB | 167/263 kB Progress (4): 118 kB | 31 kB | 315/316 kB | 172/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 172/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 176/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 180/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 184/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 188/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 192/263 kB Progress (4): 118 kB | 31 kB | 316 kB | 196/263 kB Progress (5): 118 kB | 31 kB | 316 kB | 196/263 kB | 4.1/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 200/263 kB | 4.1/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 200/263 kB | 7.7/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 204/263 kB | 7.7/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 204/263 kB | 12/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 208/263 kB | 12/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 208/263 kB | 16/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 213/263 kB | 16/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 213/263 kB | 20/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 217/263 kB | 20/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 217/263 kB | 24/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 221/263 kB | 24/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 221/263 kB | 28/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 225/263 kB | 28/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 225/263 kB | 32/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 229/263 kB | 32/35 kB Progress (5): 118 kB | 31 kB | 316 kB | 229/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 233/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 237/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 241/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 245/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 249/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 254/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 258/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 262/263 kB | 35 kB Progress (5): 118 kB | 31 kB | 316 kB | 263 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 3.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 758 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 5.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 6.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 35 kB | 4.1/232 kB Progress (2): 35 kB | 7.7/232 kB Progress (2): 35 kB | 12/232 kB Progress (2): 35 kB | 16/232 kB Progress (2): 35 kB | 20/232 kB Progress (2): 35 kB | 24/232 kB Progress (2): 35 kB | 28/232 kB Progress (2): 35 kB | 32/232 kB Progress (2): 35 kB | 36/232 kB Progress (2): 35 kB | 41/232 kB Progress (2): 35 kB | 45/232 kB Progress (2): 35 kB | 49/232 kB Progress (2): 35 kB | 53/232 kB Progress (2): 35 kB | 57/232 kB Progress (2): 35 kB | 61/232 kB Progress (2): 35 kB | 65/232 kB Progress (2): 35 kB | 69/232 kB Progress (2): 35 kB | 73/232 kB Progress (2): 35 kB | 77/232 kB Progress (2): 35 kB | 81/232 kB Progress (2): 35 kB | 86/232 kB Progress (2): 35 kB | 90/232 kB Progress (2): 35 kB | 94/232 kB Progress (2): 35 kB | 98/232 kB Progress (2): 35 kB | 102/232 kB Progress (2): 35 kB | 106/232 kB Progress (2): 35 kB | 110/232 kB Progress (2): 35 kB | 114/232 kB Progress (2): 35 kB | 118/232 kB Progress (2): 35 kB | 122/232 kB Progress (2): 35 kB | 127/232 kB Progress (2): 35 kB | 131/232 kB Progress (2): 35 kB | 135/232 kB Progress (2): 35 kB | 139/232 kB Progress (2): 35 kB | 143/232 kB Progress (2): 35 kB | 147/232 kB Progress (2): 35 kB | 151/232 kB Progress (2): 35 kB | 155/232 kB Progress (2): 35 kB | 159/232 kB Progress (2): 35 kB | 163/232 kB Progress (2): 35 kB | 167/232 kB Progress (2): 35 kB | 172/232 kB Progress (2): 35 kB | 176/232 kB Progress (2): 35 kB | 180/232 kB Progress (2): 35 kB | 184/232 kB Progress (2): 35 kB | 188/232 kB Progress (2): 35 kB | 192/232 kB Progress (2): 35 kB | 196/232 kB Progress (2): 35 kB | 200/232 kB Progress (2): 35 kB | 204/232 kB Progress (2): 35 kB | 208/232 kB Progress (2): 35 kB | 213/232 kB Progress (2): 35 kB | 217/232 kB Progress (2): 35 kB | 221/232 kB Progress (2): 35 kB | 225/232 kB Progress (2): 35 kB | 229/232 kB Progress (2): 35 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 588 kB/s) Progress (2): 232 kB | 4.1/10 kB Progress (2): 232 kB | 7.7/10 kB Progress (2): 232 kB | 10 kB Progress (3): 232 kB | 10 kB | 4.1/14 kB Progress (3): 232 kB | 10 kB | 7.7/14 kB Progress (3): 232 kB | 10 kB | 12/14 kB Progress (3): 232 kB | 10 kB | 14 kB Progress (4): 232 kB | 10 kB | 14 kB | 4.1/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 7.7/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 12/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 16/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 20/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 24/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 28/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 32/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 36/38 kB Progress (4): 232 kB | 10 kB | 14 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 124 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.7 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 151 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 384 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 555 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 440 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 563 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 163 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 794 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 596 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 383 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 748 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/36 kB Progress (1): 7.7/36 kB Progress (1): 12/36 kB Progress (1): 16/36 kB Progress (1): 20/36 kB Progress (1): 24/36 kB Progress (1): 28/36 kB Progress (1): 32/36 kB Progress (1): 36 kB Progress (2): 36 kB | 4.1/79 kB Progress (2): 36 kB | 7.7/79 kB Progress (2): 36 kB | 12/79 kB Progress (2): 36 kB | 16/79 kB Progress (2): 36 kB | 20/79 kB Progress (2): 36 kB | 24/79 kB Progress (2): 36 kB | 28/79 kB Progress (2): 36 kB | 32/79 kB Progress (2): 36 kB | 36/79 kB Progress (2): 36 kB | 40/79 kB Progress (2): 36 kB | 44/79 kB Progress (2): 36 kB | 48/79 kB Progress (2): 36 kB | 53/79 kB Progress (2): 36 kB | 57/79 kB Progress (2): 36 kB | 61/79 kB Progress (2): 36 kB | 65/79 kB Progress (2): 36 kB | 69/79 kB Progress (2): 36 kB | 73/79 kB Progress (2): 36 kB | 77/79 kB Progress (2): 36 kB | 79 kB Progress (3): 36 kB | 79 kB | 4.1/41 kB Progress (3): 36 kB | 79 kB | 7.7/41 kB Progress (3): 36 kB | 79 kB | 12/41 kB Progress (3): 36 kB | 79 kB | 16/41 kB Progress (3): 36 kB | 79 kB | 20/41 kB Progress (3): 36 kB | 79 kB | 24/41 kB Progress (3): 36 kB | 79 kB | 28/41 kB Progress (3): 36 kB | 79 kB | 32/41 kB Progress (3): 36 kB | 79 kB | 36/41 kB Progress (3): 36 kB | 79 kB | 41/41 kB Progress (3): 36 kB | 79 kB | 41 kB Progress (4): 36 kB | 79 kB | 41 kB | 4.1/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 7.7/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 12/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 16/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 20/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 24/26 kB Progress (4): 36 kB | 79 kB | 41 kB | 26 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 4.1/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 7.7/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 12/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 16/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 20/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 24/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 28/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 32/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 36/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 41/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 45/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 49/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 53/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 57/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 61/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 65/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 69/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 73/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 77/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 81/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 86/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 90/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 94/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 98/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 102/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 106/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 110/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 114/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 118/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 122/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 127/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 131/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 135/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 139/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 143/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 147/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 151/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 155/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 159/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 163/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 167/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 172/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 176/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 180/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 184/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 188/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 192/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 196/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 200/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 204/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 208/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 213/327 kB Progress (5): 36 kB | 79 kB | 41 kB | 26 kB | 217/327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 1.0 MB/s) Progress (4): 79 kB | 41 kB | 26 kB | 221/327 kB Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Progress (4): 79 kB | 41 kB | 26 kB | 225/327 kB Progress (4): 79 kB | 41 kB | 26 kB | 229/327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 1.1 MB/s) Progress (3): 79 kB | 26 kB | 233/327 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Progress (3): 79 kB | 26 kB | 237/327 kB Progress (3): 79 kB | 26 kB | 241/327 kB Progress (3): 79 kB | 26 kB | 245/327 kB Progress (3): 79 kB | 26 kB | 249/327 kB Progress (3): 79 kB | 26 kB | 254/327 kB Progress (3): 79 kB | 26 kB | 258/327 kB Progress (3): 79 kB | 26 kB | 262/327 kB Progress (3): 79 kB | 26 kB | 266/327 kB Progress (3): 79 kB | 26 kB | 270/327 kB Progress (3): 79 kB | 26 kB | 274/327 kB Progress (3): 79 kB | 26 kB | 278/327 kB Progress (3): 79 kB | 26 kB | 282/327 kB Progress (3): 79 kB | 26 kB | 286/327 kB Progress (3): 79 kB | 26 kB | 290/327 kB Progress (3): 79 kB | 26 kB | 294/327 kB Progress (3): 79 kB | 26 kB | 299/327 kB Progress (3): 79 kB | 26 kB | 303/327 kB Progress (3): 79 kB | 26 kB | 307/327 kB Progress (3): 79 kB | 26 kB | 311/327 kB Progress (3): 79 kB | 26 kB | 315/327 kB Progress (3): 79 kB | 26 kB | 319/327 kB Progress (3): 79 kB | 26 kB | 323/327 kB Progress (3): 79 kB | 26 kB | 327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 610 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 327 kB | 4.1/211 kB Progress (2): 327 kB | 7.7/211 kB Progress (2): 327 kB | 12/211 kB Progress (2): 327 kB | 16/211 kB Progress (2): 327 kB | 20/211 kB Progress (2): 327 kB | 24/211 kB Progress (2): 327 kB | 28/211 kB Progress (2): 327 kB | 32/211 kB Progress (2): 327 kB | 36/211 kB Progress (2): 327 kB | 41/211 kB Progress (2): 327 kB | 45/211 kB Progress (2): 327 kB | 49/211 kB Progress (2): 327 kB | 53/211 kB Progress (2): 327 kB | 57/211 kB Progress (2): 327 kB | 61/211 kB Progress (2): 327 kB | 65/211 kB Progress (2): 327 kB | 69/211 kB Progress (2): 327 kB | 73/211 kB Progress (2): 327 kB | 77/211 kB Progress (2): 327 kB | 81/211 kB Progress (2): 327 kB | 86/211 kB Progress (2): 327 kB | 90/211 kB Progress (2): 327 kB | 94/211 kB Progress (2): 327 kB | 98/211 kB Progress (2): 327 kB | 102/211 kB Progress (2): 327 kB | 106/211 kB Progress (2): 327 kB | 110/211 kB Progress (2): 327 kB | 114/211 kB Progress (2): 327 kB | 118/211 kB Progress (2): 327 kB | 122/211 kB Progress (2): 327 kB | 127/211 kB Progress (2): 327 kB | 131/211 kB Progress (2): 327 kB | 135/211 kB Progress (2): 327 kB | 139/211 kB Progress (2): 327 kB | 143/211 kB Progress (2): 327 kB | 147/211 kB Progress (2): 327 kB | 151/211 kB Progress (2): 327 kB | 155/211 kB Progress (2): 327 kB | 159/211 kB Progress (2): 327 kB | 163/211 kB Progress (2): 327 kB | 167/211 kB Progress (2): 327 kB | 172/211 kB Progress (2): 327 kB | 176/211 kB Progress (2): 327 kB | 180/211 kB Progress (2): 327 kB | 184/211 kB Progress (2): 327 kB | 188/211 kB Progress (2): 327 kB | 192/211 kB Progress (2): 327 kB | 196/211 kB Progress (2): 327 kB | 200/211 kB Progress (2): 327 kB | 204/211 kB Progress (2): 327 kB | 208/211 kB Progress (2): 327 kB | 211 kB Progress (3): 327 kB | 211 kB | 2.5 kB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 4.1/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 4.1/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 7.7/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 7.7/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 12/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 12/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 16/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 16/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 20/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0/1.0 MB | 24/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 24/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 28/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 32/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 36/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 41/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 45/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 49/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 53/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 57/58 kB Progress (5): 327 kB | 211 kB | 2.5 kB | 1.0 MB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 4.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 12 MB/s) Progress (2): 58 kB | 4.1/116 kB Progress (2): 58 kB | 7.7/116 kB Progress (2): 58 kB | 12/116 kB Progress (2): 58 kB | 16/116 kB Progress (2): 58 kB | 20/116 kB Progress (2): 58 kB | 24/116 kB Progress (2): 58 kB | 28/116 kB Progress (2): 58 kB | 32/116 kB Progress (2): 58 kB | 36/116 kB Progress (2): 58 kB | 41/116 kB Progress (2): 58 kB | 45/116 kB Progress (2): 58 kB | 49/116 kB Progress (2): 58 kB | 53/116 kB Progress (2): 58 kB | 57/116 kB Progress (2): 58 kB | 61/116 kB Progress (2): 58 kB | 65/116 kB Progress (2): 58 kB | 69/116 kB Progress (2): 58 kB | 73/116 kB Progress (2): 58 kB | 77/116 kB Progress (2): 58 kB | 81/116 kB Progress (2): 58 kB | 86/116 kB Progress (2): 58 kB | 90/116 kB Progress (2): 58 kB | 94/116 kB Progress (2): 58 kB | 98/116 kB Progress (2): 58 kB | 102/116 kB Progress (2): 58 kB | 106/116 kB Progress (2): 58 kB | 110/116 kB Progress (2): 58 kB | 114/116 kB Progress (2): 58 kB | 116 kB Progress (3): 58 kB | 116 kB | 4.1/85 kB Progress (3): 58 kB | 116 kB | 7.7/85 kB Progress (3): 58 kB | 116 kB | 12/85 kB Progress (3): 58 kB | 116 kB | 16/85 kB Progress (3): 58 kB | 116 kB | 20/85 kB Progress (3): 58 kB | 116 kB | 24/85 kB Progress (3): 58 kB | 116 kB | 28/85 kB Progress (3): 58 kB | 116 kB | 32/85 kB Progress (3): 58 kB | 116 kB | 36/85 kB Progress (3): 58 kB | 116 kB | 41/85 kB Progress (3): 58 kB | 116 kB | 45/85 kB Progress (3): 58 kB | 116 kB | 49/85 kB Progress (3): 58 kB | 116 kB | 53/85 kB Progress (3): 58 kB | 116 kB | 57/85 kB Progress (3): 58 kB | 116 kB | 61/85 kB Progress (3): 58 kB | 116 kB | 65/85 kB Progress (3): 58 kB | 116 kB | 69/85 kB Progress (3): 58 kB | 116 kB | 73/85 kB Progress (3): 58 kB | 116 kB | 77/85 kB Progress (3): 58 kB | 116 kB | 81/85 kB Progress (3): 58 kB | 116 kB | 85 kB Progress (4): 58 kB | 116 kB | 85 kB | 4.1/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 7.7/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 12/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 16/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 20/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 24/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 28/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 32/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 36/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 41/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 45/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 49/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 53/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 57/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 61/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 65/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 69/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 73/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 77/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 81/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 86/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 90/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 94/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 98/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 102/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 106/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 110/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 114/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 118/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 122/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 127/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 131/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 135/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 139/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 143/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 147/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 151/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 155/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 159/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 163/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 167/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 172/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 176/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 180/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 184/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 188/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 192/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 196/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 200/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 204/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 208/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 213/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 217/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 221/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 225/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 229/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 233/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 237/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 241/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 245/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 249/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 254/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 258/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 262/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 266/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 552 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 783 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.4 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 561 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 667 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 216 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 276 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 503 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 412 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 415 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 551 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 304 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 774 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 432 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 419 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 349 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 744 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 44/49 kB Progress (1): 48/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/165 kB Progress (2): 49 kB | 7.7/165 kB Progress (2): 49 kB | 12/165 kB Progress (2): 49 kB | 16/165 kB Progress (2): 49 kB | 20/165 kB Progress (2): 49 kB | 24/165 kB Progress (2): 49 kB | 28/165 kB Progress (2): 49 kB | 32/165 kB Progress (2): 49 kB | 36/165 kB Progress (2): 49 kB | 41/165 kB Progress (2): 49 kB | 45/165 kB Progress (2): 49 kB | 49/165 kB Progress (2): 49 kB | 53/165 kB Progress (2): 49 kB | 57/165 kB Progress (2): 49 kB | 61/165 kB Progress (2): 49 kB | 65/165 kB Progress (2): 49 kB | 69/165 kB Progress (2): 49 kB | 73/165 kB Progress (2): 49 kB | 77/165 kB Progress (2): 49 kB | 81/165 kB Progress (2): 49 kB | 86/165 kB Progress (2): 49 kB | 90/165 kB Progress (2): 49 kB | 94/165 kB Progress (2): 49 kB | 98/165 kB Progress (2): 49 kB | 102/165 kB Progress (3): 49 kB | 102/165 kB | 4.1/153 kB Progress (3): 49 kB | 106/165 kB | 4.1/153 kB Progress (3): 49 kB | 106/165 kB | 7.7/153 kB Progress (3): 49 kB | 110/165 kB | 7.7/153 kB Progress (3): 49 kB | 110/165 kB | 12/153 kB Progress (3): 49 kB | 114/165 kB | 12/153 kB Progress (3): 49 kB | 114/165 kB | 16/153 kB Progress (3): 49 kB | 118/165 kB | 16/153 kB Progress (3): 49 kB | 122/165 kB | 16/153 kB Progress (3): 49 kB | 122/165 kB | 20/153 kB Progress (3): 49 kB | 127/165 kB | 20/153 kB Progress (3): 49 kB | 127/165 kB | 24/153 kB Progress (3): 49 kB | 131/165 kB | 24/153 kB Progress (3): 49 kB | 131/165 kB | 28/153 kB Progress (3): 49 kB | 135/165 kB | 28/153 kB Progress (3): 49 kB | 135/165 kB | 32/153 kB Progress (3): 49 kB | 135/165 kB | 36/153 kB Progress (3): 49 kB | 135/165 kB | 41/153 kB Progress (3): 49 kB | 139/165 kB | 41/153 kB Progress (3): 49 kB | 139/165 kB | 45/153 kB Progress (3): 49 kB | 139/165 kB | 49/153 kB Progress (3): 49 kB | 143/165 kB | 49/153 kB Progress (3): 49 kB | 147/165 kB | 49/153 kB Progress (3): 49 kB | 147/165 kB | 53/153 kB Progress (3): 49 kB | 151/165 kB | 53/153 kB Progress (3): 49 kB | 151/165 kB | 57/153 kB Progress (3): 49 kB | 155/165 kB | 57/153 kB Progress (3): 49 kB | 155/165 kB | 61/153 kB Progress (3): 49 kB | 159/165 kB | 61/153 kB Progress (3): 49 kB | 159/165 kB | 65/153 kB Progress (3): 49 kB | 163/165 kB | 65/153 kB Progress (3): 49 kB | 163/165 kB | 69/153 kB Progress (3): 49 kB | 165 kB | 69/153 kB Progress (3): 49 kB | 165 kB | 73/153 kB Progress (3): 49 kB | 165 kB | 77/153 kB Progress (3): 49 kB | 165 kB | 81/153 kB Progress (3): 49 kB | 165 kB | 86/153 kB Progress (3): 49 kB | 165 kB | 90/153 kB Progress (3): 49 kB | 165 kB | 94/153 kB Progress (3): 49 kB | 165 kB | 98/153 kB Progress (3): 49 kB | 165 kB | 102/153 kB Progress (3): 49 kB | 165 kB | 106/153 kB Progress (3): 49 kB | 165 kB | 110/153 kB Progress (3): 49 kB | 165 kB | 114/153 kB Progress (3): 49 kB | 165 kB | 118/153 kB Progress (3): 49 kB | 165 kB | 122/153 kB Progress (3): 49 kB | 165 kB | 127/153 kB Progress (3): 49 kB | 165 kB | 131/153 kB Progress (3): 49 kB | 165 kB | 135/153 kB Progress (3): 49 kB | 165 kB | 139/153 kB Progress (3): 49 kB | 165 kB | 143/153 kB Progress (3): 49 kB | 165 kB | 147/153 kB Progress (3): 49 kB | 165 kB | 151/153 kB Progress (3): 49 kB | 165 kB | 153 kB Progress (4): 49 kB | 165 kB | 153 kB | 4.1/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 7.7/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 12/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 16/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 20/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 24/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 28/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 32/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 36/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 40/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 44/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 48/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 53/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 57/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 61/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 65/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 69/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 73/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 77/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 81/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 85/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 89/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 94/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 98/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 102/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 106/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 110/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 114/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 118/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 122/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 126/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 130/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 134/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 139/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 143/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 147/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 151/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 155/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 159/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 163/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 167/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 171/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 175/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 180/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 184/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 188/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 192/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 196/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 200/202 kB Progress (4): 49 kB | 165 kB | 153 kB | 202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 4.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Progress (2): 202 kB | 4.1/472 kB Progress (2): 202 kB | 7.7/472 kB Progress (2): 202 kB | 12/472 kB Progress (2): 202 kB | 16/472 kB Progress (2): 202 kB | 20/472 kB Progress (2): 202 kB | 24/472 kB Progress (2): 202 kB | 28/472 kB Progress (2): 202 kB | 32/472 kB Progress (2): 202 kB | 36/472 kB Progress (2): 202 kB | 41/472 kB Progress (2): 202 kB | 45/472 kB Progress (2): 202 kB | 49/472 kB Progress (2): 202 kB | 53/472 kB Progress (2): 202 kB | 57/472 kB Progress (2): 202 kB | 61/472 kB Progress (2): 202 kB | 65/472 kB Progress (2): 202 kB | 69/472 kB Progress (2): 202 kB | 73/472 kB Progress (2): 202 kB | 77/472 kB Progress (2): 202 kB | 81/472 kB Progress (2): 202 kB | 86/472 kB Progress (2): 202 kB | 90/472 kB Progress (2): 202 kB | 94/472 kB Progress (2): 202 kB | 98/472 kB Progress (2): 202 kB | 102/472 kB Progress (2): 202 kB | 106/472 kB Progress (2): 202 kB | 110/472 kB Progress (2): 202 kB | 114/472 kB Progress (2): 202 kB | 118/472 kB Progress (2): 202 kB | 122/472 kB Progress (2): 202 kB | 127/472 kB Progress (2): 202 kB | 131/472 kB Progress (2): 202 kB | 135/472 kB Progress (2): 202 kB | 139/472 kB Progress (2): 202 kB | 143/472 kB Progress (2): 202 kB | 147/472 kB Progress (2): 202 kB | 151/472 kB Progress (2): 202 kB | 155/472 kB Progress (2): 202 kB | 159/472 kB Progress (2): 202 kB | 163/472 kB Progress (2): 202 kB | 167/472 kB Progress (2): 202 kB | 172/472 kB Progress (2): 202 kB | 176/472 kB Progress (2): 202 kB | 180/472 kB Progress (2): 202 kB | 184/472 kB Progress (2): 202 kB | 188/472 kB Progress (2): 202 kB | 192/472 kB Progress (2): 202 kB | 196/472 kB Progress (2): 202 kB | 200/472 kB Progress (2): 202 kB | 204/472 kB Progress (2): 202 kB | 208/472 kB Progress (2): 202 kB | 213/472 kB Progress (2): 202 kB | 217/472 kB Progress (2): 202 kB | 221/472 kB Progress (2): 202 kB | 225/472 kB Progress (2): 202 kB | 229/472 kB Progress (2): 202 kB | 233/472 kB Progress (2): 202 kB | 237/472 kB Progress (2): 202 kB | 241/472 kB Progress (2): 202 kB | 245/472 kB Progress (2): 202 kB | 249/472 kB Progress (2): 202 kB | 254/472 kB Progress (2): 202 kB | 258/472 kB Progress (2): 202 kB | 262/472 kB Progress (2): 202 kB | 266/472 kB Progress (2): 202 kB | 270/472 kB Progress (2): 202 kB | 274/472 kB Progress (2): 202 kB | 278/472 kB Progress (2): 202 kB | 282/472 kB Progress (2): 202 kB | 286/472 kB Progress (2): 202 kB | 290/472 kB Progress (2): 202 kB | 294/472 kB Progress (2): 202 kB | 299/472 kB Progress (2): 202 kB | 303/472 kB Progress (2): 202 kB | 307/472 kB Progress (2): 202 kB | 311/472 kB Progress (2): 202 kB | 315/472 kB Progress (2): 202 kB | 319/472 kB Progress (2): 202 kB | 323/472 kB Progress (2): 202 kB | 327/472 kB Progress (2): 202 kB | 331/472 kB Progress (2): 202 kB | 335/472 kB Progress (2): 202 kB | 340/472 kB Progress (2): 202 kB | 344/472 kB Progress (2): 202 kB | 348/472 kB Progress (2): 202 kB | 352/472 kB Progress (2): 202 kB | 356/472 kB Progress (2): 202 kB | 360/472 kB Progress (2): 202 kB | 364/472 kB Progress (2): 202 kB | 368/472 kB Progress (2): 202 kB | 372/472 kB Progress (2): 202 kB | 376/472 kB Progress (2): 202 kB | 380/472 kB Progress (2): 202 kB | 385/472 kB Progress (2): 202 kB | 389/472 kB Progress (2): 202 kB | 393/472 kB Progress (2): 202 kB | 397/472 kB Progress (2): 202 kB | 401/472 kB Progress (2): 202 kB | 405/472 kB Progress (2): 202 kB | 409/472 kB Progress (2): 202 kB | 413/472 kB Progress (2): 202 kB | 417/472 kB Progress (2): 202 kB | 421/472 kB Progress (2): 202 kB | 426/472 kB Progress (2): 202 kB | 430/472 kB Progress (2): 202 kB | 434/472 kB Progress (2): 202 kB | 438/472 kB Progress (2): 202 kB | 442/472 kB Progress (2): 202 kB | 446/472 kB Progress (2): 202 kB | 450/472 kB Progress (2): 202 kB | 454/472 kB Progress (2): 202 kB | 458/472 kB Progress (2): 202 kB | 462/472 kB Progress (2): 202 kB | 466/472 kB Progress (2): 202 kB | 471/472 kB Progress (2): 202 kB | 472 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 4.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 472 kB | 4.1/527 kB Progress (2): 472 kB | 7.7/527 kB Progress (2): 472 kB | 12/527 kB Progress (2): 472 kB | 16/527 kB Progress (2): 472 kB | 20/527 kB Progress (2): 472 kB | 24/527 kB Progress (2): 472 kB | 28/527 kB Progress (2): 472 kB | 32/527 kB Progress (2): 472 kB | 36/527 kB Progress (2): 472 kB | 41/527 kB Progress (2): 472 kB | 45/527 kB Progress (2): 472 kB | 49/527 kB Progress (2): 472 kB | 53/527 kB Progress (2): 472 kB | 57/527 kB Progress (2): 472 kB | 61/527 kB Progress (2): 472 kB | 65/527 kB Progress (2): 472 kB | 69/527 kB Progress (2): 472 kB | 73/527 kB Progress (2): 472 kB | 77/527 kB Progress (2): 472 kB | 81/527 kB Progress (2): 472 kB | 86/527 kB Progress (2): 472 kB | 90/527 kB Progress (2): 472 kB | 94/527 kB Progress (2): 472 kB | 98/527 kB Progress (2): 472 kB | 102/527 kB Progress (2): 472 kB | 106/527 kB Progress (2): 472 kB | 110/527 kB Progress (2): 472 kB | 114/527 kB Progress (2): 472 kB | 118/527 kB Progress (2): 472 kB | 122/527 kB Progress (2): 472 kB | 127/527 kB Progress (2): 472 kB | 131/527 kB Progress (2): 472 kB | 135/527 kB Progress (2): 472 kB | 139/527 kB Progress (2): 472 kB | 143/527 kB Progress (2): 472 kB | 147/527 kB Progress (2): 472 kB | 151/527 kB Progress (2): 472 kB | 155/527 kB Progress (2): 472 kB | 159/527 kB Progress (2): 472 kB | 163/527 kB Progress (2): 472 kB | 167/527 kB Progress (2): 472 kB | 172/527 kB Progress (2): 472 kB | 176/527 kB Progress (2): 472 kB | 180/527 kB Progress (2): 472 kB | 184/527 kB Progress (2): 472 kB | 188/527 kB Progress (2): 472 kB | 192/527 kB Progress (2): 472 kB | 196/527 kB Progress (2): 472 kB | 200/527 kB Progress (2): 472 kB | 204/527 kB Progress (2): 472 kB | 208/527 kB Progress (2): 472 kB | 213/527 kB Progress (2): 472 kB | 217/527 kB Progress (3): 472 kB | 217/527 kB | 4.1/47 kB Progress (3): 472 kB | 221/527 kB | 4.1/47 kB Progress (3): 472 kB | 225/527 kB | 4.1/47 kB Progress (3): 472 kB | 225/527 kB | 8.2/47 kB Progress (3): 472 kB | 229/527 kB | 8.2/47 kB Progress (3): 472 kB | 229/527 kB | 12/47 kB Progress (4): 472 kB | 229/527 kB | 12/47 kB | 4.1/38 kB Progress (4): 472 kB | 229/527 kB | 16/47 kB | 4.1/38 kB Progress (4): 472 kB | 229/527 kB | 16/47 kB | 7.7/38 kB Progress (4): 472 kB | 233/527 kB | 16/47 kB | 7.7/38 kB Progress (4): 472 kB | 233/527 kB | 20/47 kB | 7.7/38 kB Progress (4): 472 kB | 233/527 kB | 20/47 kB | 12/38 kB Progress (4): 472 kB | 233/527 kB | 25/47 kB | 12/38 kB Progress (4): 472 kB | 237/527 kB | 25/47 kB | 12/38 kB Progress (4): 472 kB | 237/527 kB | 25/47 kB | 16/38 kB Progress (4): 472 kB | 237/527 kB | 29/47 kB | 16/38 kB Progress (4): 472 kB | 241/527 kB | 29/47 kB | 16/38 kB Progress (4): 472 kB | 241/527 kB | 33/47 kB | 16/38 kB Progress (4): 472 kB | 241/527 kB | 33/47 kB | 20/38 kB Progress (4): 472 kB | 241/527 kB | 37/47 kB | 20/38 kB Progress (4): 472 kB | 245/527 kB | 37/47 kB | 20/38 kB Progress (4): 472 kB | 245/527 kB | 41/47 kB | 20/38 kB Progress (4): 472 kB | 249/527 kB | 41/47 kB | 20/38 kB Progress (4): 472 kB | 249/527 kB | 41/47 kB | 24/38 kB Progress (4): 472 kB | 249/527 kB | 45/47 kB | 24/38 kB Progress (4): 472 kB | 249/527 kB | 45/47 kB | 28/38 kB Progress (4): 472 kB | 254/527 kB | 45/47 kB | 28/38 kB Progress (4): 472 kB | 254/527 kB | 45/47 kB | 32/38 kB Progress (4): 472 kB | 254/527 kB | 47 kB | 32/38 kB Progress (4): 472 kB | 258/527 kB | 47 kB | 32/38 kB Progress (4): 472 kB | 258/527 kB | 47 kB | 36/38 kB Progress (4): 472 kB | 262/527 kB | 47 kB | 36/38 kB Progress (4): 472 kB | 262/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 266/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 270/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 274/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 278/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 282/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 286/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 290/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 294/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 299/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 303/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 307/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 311/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 315/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 319/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 323/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 327/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 331/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 335/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 340/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 344/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 348/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 352/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 356/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 360/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 364/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 368/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 372/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 376/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 380/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 385/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 389/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 393/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 397/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 401/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 405/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 409/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 413/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 417/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 421/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 426/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 430/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 434/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 438/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 442/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 446/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 450/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 454/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 458/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 462/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 466/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 471/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 475/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 479/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 483/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 487/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 491/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 495/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 499/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 503/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 507/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 512/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 516/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 520/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 524/527 kB | 47 kB | 38 kB Progress (4): 472 kB | 527 kB | 47 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 6.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 511 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 606 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (2): 527 kB | 4.1/30 kB Progress (2): 527 kB | 7.7/30 kB Progress (2): 527 kB | 12/30 kB Progress (2): 527 kB | 16/30 kB Progress (2): 527 kB | 20/30 kB Progress (2): 527 kB | 24/30 kB Progress (2): 527 kB | 28/30 kB Progress (2): 527 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (2): 30 kB | 4.1/51 kB Progress (2): 30 kB | 7.7/51 kB Progress (2): 30 kB | 12/51 kB Progress (2): 30 kB | 16/51 kB Progress (2): 30 kB | 20/51 kB Progress (2): 30 kB | 24/51 kB Progress (2): 30 kB | 28/51 kB Progress (2): 30 kB | 32/51 kB Progress (2): 30 kB | 36/51 kB Progress (2): 30 kB | 41/51 kB Progress (2): 30 kB | 45/51 kB Progress (2): 30 kB | 49/51 kB Progress (2): 30 kB | 51 kB Progress (3): 30 kB | 51 kB | 4.1/106 kB Progress (3): 30 kB | 51 kB | 8.2/106 kB Progress (3): 30 kB | 51 kB | 12/106 kB Progress (3): 30 kB | 51 kB | 16/106 kB Progress (3): 30 kB | 51 kB | 20/106 kB Progress (3): 30 kB | 51 kB | 25/106 kB Progress (3): 30 kB | 51 kB | 29/106 kB Progress (3): 30 kB | 51 kB | 33/106 kB Progress (3): 30 kB | 51 kB | 37/106 kB Progress (3): 30 kB | 51 kB | 41/106 kB Progress (3): 30 kB | 51 kB | 45/106 kB Progress (3): 30 kB | 51 kB | 49/106 kB Progress (3): 30 kB | 51 kB | 53/106 kB Progress (3): 30 kB | 51 kB | 57/106 kB Progress (3): 30 kB | 51 kB | 61/106 kB Progress (3): 30 kB | 51 kB | 66/106 kB Progress (3): 30 kB | 51 kB | 70/106 kB Progress (3): 30 kB | 51 kB | 74/106 kB Progress (3): 30 kB | 51 kB | 78/106 kB Progress (3): 30 kB | 51 kB | 82/106 kB Progress (3): 30 kB | 51 kB | 86/106 kB Progress (3): 30 kB | 51 kB | 90/106 kB Progress (3): 30 kB | 51 kB | 94/106 kB Progress (3): 30 kB | 51 kB | 98/106 kB Progress (3): 30 kB | 51 kB | 102/106 kB Progress (3): 30 kB | 51 kB | 106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 313 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (3): 51 kB | 106 kB | 4.1/14 kB Progress (3): 51 kB | 106 kB | 7.7/14 kB Progress (3): 51 kB | 106 kB | 12/14 kB Progress (3): 51 kB | 106 kB | 14 kB Progress (4): 51 kB | 106 kB | 14 kB | 4.1/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 7.7/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 12/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 16/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 20/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 24/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 28/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 32/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 36/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 40/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 44/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 48/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 53/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 57/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 61/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 65/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 69/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 73/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 77/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 81/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 85/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 89/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 94/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 98/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 102/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 106/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 110/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 114/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 118/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 122/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 126/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 130/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 134/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 139/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 143/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 147/148 kB Progress (4): 51 kB | 106 kB | 14 kB | 148 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 4.1/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 7.7/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 12/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 16/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 20/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 24/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 28/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 32/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 36/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 41/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 45/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 49/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 53/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 57/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 61/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 65/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 69/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 73/74 kB Progress (5): 51 kB | 106 kB | 14 kB | 148 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 908 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 558 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (2): 148 kB | 4.1/108 kB Progress (2): 148 kB | 7.7/108 kB Progress (2): 148 kB | 12/108 kB Progress (2): 148 kB | 16/108 kB Progress (2): 148 kB | 20/108 kB Progress (2): 148 kB | 24/108 kB Progress (2): 148 kB | 28/108 kB Progress (2): 148 kB | 32/108 kB Progress (2): 148 kB | 36/108 kB Progress (2): 148 kB | 41/108 kB Progress (2): 148 kB | 45/108 kB Progress (2): 148 kB | 49/108 kB Progress (2): 148 kB | 53/108 kB Progress (2): 148 kB | 57/108 kB Progress (2): 148 kB | 61/108 kB Progress (2): 148 kB | 65/108 kB Progress (2): 148 kB | 69/108 kB Progress (2): 148 kB | 73/108 kB Progress (2): 148 kB | 77/108 kB Progress (2): 148 kB | 81/108 kB Progress (2): 148 kB | 86/108 kB Progress (2): 148 kB | 90/108 kB Progress (2): 148 kB | 94/108 kB Progress (2): 148 kB | 98/108 kB Progress (2): 148 kB | 102/108 kB Progress (2): 148 kB | 106/108 kB Progress (2): 148 kB | 108 kB Progress (3): 148 kB | 108 kB | 4.1/46 kB Progress (3): 148 kB | 108 kB | 7.7/46 kB Progress (3): 148 kB | 108 kB | 12/46 kB Progress (3): 148 kB | 108 kB | 16/46 kB Progress (3): 148 kB | 108 kB | 20/46 kB Progress (3): 148 kB | 108 kB | 24/46 kB Progress (3): 148 kB | 108 kB | 28/46 kB Progress (3): 148 kB | 108 kB | 32/46 kB Progress (3): 148 kB | 108 kB | 36/46 kB Progress (3): 148 kB | 108 kB | 41/46 kB Progress (3): 148 kB | 108 kB | 45/46 kB Progress (3): 148 kB | 108 kB | 46 kB Progress (4): 148 kB | 108 kB | 46 kB | 4.1/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 7.7/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 12/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 16/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 20/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 24/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 28/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 32/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 36/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 41/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 45/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 49/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 53/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 57/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 61/61 kB Progress (4): 148 kB | 108 kB | 46 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (4): 108 kB | 46 kB | 61 kB | 4.1/4.2 kB Progress (4): 108 kB | 46 kB | 61 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 389 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 675 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (1): 3.4/29 kB Progress (1): 7.5/29 kB Progress (1): 12/29 kB Progress (1): 16/29 kB Progress (1): 20/29 kB Progress (1): 24/29 kB Progress (1): 28/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/13 kB Progress (2): 29 kB | 7.7/13 kB Progress (2): 29 kB | 12/13 kB Progress (2): 29 kB | 13 kB Progress (3): 29 kB | 13 kB | 4.1/52 kB Progress (3): 29 kB | 13 kB | 7.7/52 kB Progress (3): 29 kB | 13 kB | 12/52 kB Progress (3): 29 kB | 13 kB | 16/52 kB Progress (3): 29 kB | 13 kB | 20/52 kB Progress (3): 29 kB | 13 kB | 24/52 kB Progress (3): 29 kB | 13 kB | 28/52 kB Progress (3): 29 kB | 13 kB | 32/52 kB Progress (3): 29 kB | 13 kB | 36/52 kB Progress (3): 29 kB | 13 kB | 41/52 kB Progress (3): 29 kB | 13 kB | 45/52 kB Progress (3): 29 kB | 13 kB | 49/52 kB Progress (3): 29 kB | 13 kB | 52 kB Progress (4): 29 kB | 13 kB | 52 kB | 4.1/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 7.7/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 12/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 16/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 20/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 24/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 28/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 32/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 36/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 41/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 45/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 49/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 53/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 57/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 61/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 65/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 69/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 73/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 77/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 81/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 86/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 90/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 94/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 98/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 102/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 106/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 110/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 114/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 118/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 122/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 127/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 131/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 135/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 139/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 143/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 147/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 151/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 155/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 159/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 163/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 167/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 172/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 176/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 180/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 184/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 188/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 192/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 196/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 200/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 204/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 208/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 213/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 217/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 221/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 225/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 229/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 233/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 237/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 241/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 245/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 249/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 254/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 258/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 262/263 kB Progress (4): 29 kB | 13 kB | 52 kB | 263 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 4.1/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 7.7/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 12/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 16/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 20/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 24/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 28/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 32/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 36/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 41/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 45/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 49/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 53/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 57/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 61/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 65/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 69/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 73/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 77/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 81/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 86/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 90/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 94/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 98/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 102/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 106/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 110/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 114/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 118/120 kB Progress (5): 29 kB | 13 kB | 52 kB | 263 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 135 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (2): 120 kB | 4.1/61 kB Progress (2): 120 kB | 7.7/61 kB Progress (2): 120 kB | 12/61 kB Progress (2): 120 kB | 16/61 kB Progress (2): 120 kB | 20/61 kB Progress (2): 120 kB | 24/61 kB Progress (2): 120 kB | 28/61 kB Progress (2): 120 kB | 32/61 kB Progress (2): 120 kB | 36/61 kB Progress (2): 120 kB | 41/61 kB Progress (2): 120 kB | 45/61 kB Progress (2): 120 kB | 49/61 kB Progress (2): 120 kB | 53/61 kB Progress (2): 120 kB | 57/61 kB Progress (2): 120 kB | 61/61 kB Progress (2): 120 kB | 61 kB Progress (3): 120 kB | 61 kB | 4.1/164 kB Progress (3): 120 kB | 61 kB | 7.7/164 kB Progress (3): 120 kB | 61 kB | 12/164 kB Progress (3): 120 kB | 61 kB | 16/164 kB Progress (3): 120 kB | 61 kB | 20/164 kB Progress (3): 120 kB | 61 kB | 24/164 kB Progress (3): 120 kB | 61 kB | 28/164 kB Progress (3): 120 kB | 61 kB | 32/164 kB Progress (3): 120 kB | 61 kB | 36/164 kB Progress (3): 120 kB | 61 kB | 40/164 kB Progress (3): 120 kB | 61 kB | 44/164 kB Progress (3): 120 kB | 61 kB | 48/164 kB Progress (3): 120 kB | 61 kB | 53/164 kB Progress (3): 120 kB | 61 kB | 57/164 kB Progress (3): 120 kB | 61 kB | 61/164 kB Progress (3): 120 kB | 61 kB | 65/164 kB Progress (3): 120 kB | 61 kB | 69/164 kB Progress (3): 120 kB | 61 kB | 73/164 kB Progress (3): 120 kB | 61 kB | 77/164 kB Progress (3): 120 kB | 61 kB | 81/164 kB Progress (3): 120 kB | 61 kB | 85/164 kB Progress (3): 120 kB | 61 kB | 89/164 kB Progress (3): 120 kB | 61 kB | 94/164 kB Progress (3): 120 kB | 61 kB | 98/164 kB Progress (3): 120 kB | 61 kB | 102/164 kB Progress (3): 120 kB | 61 kB | 106/164 kB Progress (3): 120 kB | 61 kB | 110/164 kB Progress (3): 120 kB | 61 kB | 114/164 kB Progress (3): 120 kB | 61 kB | 118/164 kB Progress (3): 120 kB | 61 kB | 122/164 kB Progress (3): 120 kB | 61 kB | 126/164 kB Progress (3): 120 kB | 61 kB | 130/164 kB Progress (3): 120 kB | 61 kB | 134/164 kB Progress (3): 120 kB | 61 kB | 139/164 kB Progress (3): 120 kB | 61 kB | 143/164 kB Progress (3): 120 kB | 61 kB | 147/164 kB Progress (3): 120 kB | 61 kB | 151/164 kB Progress (3): 120 kB | 61 kB | 155/164 kB Progress (3): 120 kB | 61 kB | 159/164 kB Progress (3): 120 kB | 61 kB | 163/164 kB Progress (3): 120 kB | 61 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 544 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 4.1/26 kB Progress (2): 164 kB | 8.2/26 kB Progress (2): 164 kB | 12/26 kB Progress (2): 164 kB | 16/26 kB Progress (2): 164 kB | 20/26 kB Progress (2): 164 kB | 25/26 kB Progress (2): 164 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 682 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (2): 26 kB | 4.1/122 kB Progress (2): 26 kB | 7.7/122 kB Progress (2): 26 kB | 12/122 kB Progress (2): 26 kB | 16/122 kB Progress (2): 26 kB | 20/122 kB Progress (2): 26 kB | 24/122 kB Progress (2): 26 kB | 28/122 kB Progress (2): 26 kB | 32/122 kB Progress (2): 26 kB | 36/122 kB Progress (2): 26 kB | 41/122 kB Progress (2): 26 kB | 45/122 kB Progress (2): 26 kB | 49/122 kB Progress (2): 26 kB | 53/122 kB Progress (2): 26 kB | 57/122 kB Progress (2): 26 kB | 61/122 kB Progress (2): 26 kB | 65/122 kB Progress (2): 26 kB | 69/122 kB Progress (2): 26 kB | 73/122 kB Progress (2): 26 kB | 77/122 kB Progress (2): 26 kB | 81/122 kB Progress (2): 26 kB | 86/122 kB Progress (2): 26 kB | 90/122 kB Progress (2): 26 kB | 94/122 kB Progress (2): 26 kB | 98/122 kB Progress (2): 26 kB | 102/122 kB Progress (2): 26 kB | 106/122 kB Progress (2): 26 kB | 110/122 kB Progress (2): 26 kB | 114/122 kB Progress (2): 26 kB | 118/122 kB Progress (2): 26 kB | 122 kB Progress (3): 26 kB | 122 kB | 4.1/335 kB Progress (3): 26 kB | 122 kB | 7.7/335 kB Progress (3): 26 kB | 122 kB | 12/335 kB Progress (3): 26 kB | 122 kB | 16/335 kB Progress (3): 26 kB | 122 kB | 20/335 kB Progress (3): 26 kB | 122 kB | 24/335 kB Progress (3): 26 kB | 122 kB | 28/335 kB Progress (3): 26 kB | 122 kB | 32/335 kB Progress (3): 26 kB | 122 kB | 36/335 kB Progress (3): 26 kB | 122 kB | 41/335 kB Progress (3): 26 kB | 122 kB | 45/335 kB Progress (3): 26 kB | 122 kB | 49/335 kB Progress (3): 26 kB | 122 kB | 53/335 kB Progress (3): 26 kB | 122 kB | 57/335 kB Progress (3): 26 kB | 122 kB | 61/335 kB Progress (3): 26 kB | 122 kB | 65/335 kB Progress (3): 26 kB | 122 kB | 69/335 kB Progress (3): 26 kB | 122 kB | 73/335 kB Progress (3): 26 kB | 122 kB | 77/335 kB Progress (3): 26 kB | 122 kB | 81/335 kB Progress (3): 26 kB | 122 kB | 86/335 kB Progress (3): 26 kB | 122 kB | 90/335 kB Progress (3): 26 kB | 122 kB | 94/335 kB Progress (3): 26 kB | 122 kB | 98/335 kB Progress (3): 26 kB | 122 kB | 102/335 kB Progress (3): 26 kB | 122 kB | 106/335 kB Progress (3): 26 kB | 122 kB | 110/335 kB Progress (3): 26 kB | 122 kB | 114/335 kB Progress (3): 26 kB | 122 kB | 118/335 kB Progress (3): 26 kB | 122 kB | 122/335 kB Progress (3): 26 kB | 122 kB | 127/335 kB Progress (3): 26 kB | 122 kB | 131/335 kB Progress (3): 26 kB | 122 kB | 135/335 kB Progress (3): 26 kB | 122 kB | 139/335 kB Progress (3): 26 kB | 122 kB | 143/335 kB Progress (3): 26 kB | 122 kB | 147/335 kB Progress (3): 26 kB | 122 kB | 151/335 kB Progress (3): 26 kB | 122 kB | 155/335 kB Progress (3): 26 kB | 122 kB | 159/335 kB Progress (3): 26 kB | 122 kB | 163/335 kB Progress (3): 26 kB | 122 kB | 167/335 kB Progress (3): 26 kB | 122 kB | 172/335 kB Progress (3): 26 kB | 122 kB | 176/335 kB Progress (3): 26 kB | 122 kB | 180/335 kB Progress (3): 26 kB | 122 kB | 184/335 kB Progress (3): 26 kB | 122 kB | 188/335 kB Progress (3): 26 kB | 122 kB | 192/335 kB Progress (3): 26 kB | 122 kB | 196/335 kB Progress (3): 26 kB | 122 kB | 200/335 kB Progress (3): 26 kB | 122 kB | 204/335 kB Progress (3): 26 kB | 122 kB | 208/335 kB Progress (3): 26 kB | 122 kB | 213/335 kB Progress (3): 26 kB | 122 kB | 217/335 kB Progress (3): 26 kB | 122 kB | 221/335 kB Progress (3): 26 kB | 122 kB | 225/335 kB Progress (3): 26 kB | 122 kB | 229/335 kB Progress (3): 26 kB | 122 kB | 233/335 kB Progress (3): 26 kB | 122 kB | 237/335 kB Progress (3): 26 kB | 122 kB | 241/335 kB Progress (3): 26 kB | 122 kB | 245/335 kB Progress (3): 26 kB | 122 kB | 249/335 kB Progress (3): 26 kB | 122 kB | 254/335 kB Progress (3): 26 kB | 122 kB | 258/335 kB Progress (3): 26 kB | 122 kB | 262/335 kB Progress (3): 26 kB | 122 kB | 266/335 kB Progress (3): 26 kB | 122 kB | 270/335 kB Progress (3): 26 kB | 122 kB | 274/335 kB Progress (3): 26 kB | 122 kB | 278/335 kB Progress (3): 26 kB | 122 kB | 282/335 kB Progress (3): 26 kB | 122 kB | 286/335 kB Progress (3): 26 kB | 122 kB | 290/335 kB Progress (3): 26 kB | 122 kB | 294/335 kB Progress (3): 26 kB | 122 kB | 299/335 kB Progress (3): 26 kB | 122 kB | 303/335 kB Progress (3): 26 kB | 122 kB | 307/335 kB Progress (3): 26 kB | 122 kB | 311/335 kB Progress (3): 26 kB | 122 kB | 315/335 kB Progress (3): 26 kB | 122 kB | 319/335 kB Progress (3): 26 kB | 122 kB | 323/335 kB Progress (3): 26 kB | 122 kB | 327/335 kB Progress (3): 26 kB | 122 kB | 331/335 kB Progress (3): 26 kB | 122 kB | 335 kB Progress (4): 26 kB | 122 kB | 335 kB | 4.1/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 7.7/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 12/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 16/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 20/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 24/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 28/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 32/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 36/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 41/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 45/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 49/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 53/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 57/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 61/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 65/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 69/72 kB Progress (4): 26 kB | 122 kB | 335 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Progress (3): 335 kB | 72 kB | 4.1/53 kB Progress (3): 335 kB | 72 kB | 7.7/53 kB Progress (3): 335 kB | 72 kB | 12/53 kB Progress (3): 335 kB | 72 kB | 16/53 kB Progress (3): 335 kB | 72 kB | 20/53 kB Progress (3): 335 kB | 72 kB | 24/53 kB Progress (3): 335 kB | 72 kB | 28/53 kB Progress (3): 335 kB | 72 kB | 32/53 kB Progress (3): 335 kB | 72 kB | 36/53 kB Progress (3): 335 kB | 72 kB | 41/53 kB Progress (3): 335 kB | 72 kB | 45/53 kB Progress (3): 335 kB | 72 kB | 49/53 kB Progress (3): 335 kB | 72 kB | 53 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (3): 335 kB | 53 kB | 4.1/33 kB Progress (3): 335 kB | 53 kB | 7.7/33 kB Progress (3): 335 kB | 53 kB | 12/33 kB Progress (3): 335 kB | 53 kB | 16/33 kB Progress (3): 335 kB | 53 kB | 20/33 kB Progress (3): 335 kB | 53 kB | 24/33 kB Progress (3): 335 kB | 53 kB | 28/33 kB Progress (3): 335 kB | 53 kB | 32/33 kB Progress (3): 335 kB | 53 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (3): 335 kB | 33 kB | 4.1/305 kB Progress (3): 335 kB | 33 kB | 7.7/305 kB Progress (3): 335 kB | 33 kB | 12/305 kB Progress (3): 335 kB | 33 kB | 16/305 kB Progress (3): 335 kB | 33 kB | 20/305 kB Progress (3): 335 kB | 33 kB | 24/305 kB Progress (3): 335 kB | 33 kB | 28/305 kB Progress (3): 335 kB | 33 kB | 32/305 kB Progress (3): 335 kB | 33 kB | 36/305 kB Progress (3): 335 kB | 33 kB | 41/305 kB Progress (3): 335 kB | 33 kB | 45/305 kB Progress (3): 335 kB | 33 kB | 49/305 kB Progress (3): 335 kB | 33 kB | 53/305 kB Progress (3): 335 kB | 33 kB | 57/305 kB Progress (3): 335 kB | 33 kB | 61/305 kB Progress (3): 335 kB | 33 kB | 65/305 kB Progress (3): 335 kB | 33 kB | 69/305 kB Progress (3): 335 kB | 33 kB | 73/305 kB Progress (3): 335 kB | 33 kB | 77/305 kB Progress (3): 335 kB | 33 kB | 81/305 kB Progress (3): 335 kB | 33 kB | 86/305 kB Progress (3): 335 kB | 33 kB | 90/305 kB Progress (3): 335 kB | 33 kB | 94/305 kB Progress (3): 335 kB | 33 kB | 98/305 kB Progress (3): 335 kB | 33 kB | 102/305 kB Progress (3): 335 kB | 33 kB | 106/305 kB Progress (3): 335 kB | 33 kB | 110/305 kB Progress (3): 335 kB | 33 kB | 114/305 kB Progress (3): 335 kB | 33 kB | 118/305 kB Progress (3): 335 kB | 33 kB | 122/305 kB Progress (3): 335 kB | 33 kB | 127/305 kB Progress (3): 335 kB | 33 kB | 131/305 kB Progress (3): 335 kB | 33 kB | 135/305 kB Progress (3): 335 kB | 33 kB | 139/305 kB Progress (3): 335 kB | 33 kB | 143/305 kB Progress (3): 335 kB | 33 kB | 147/305 kB Progress (3): 335 kB | 33 kB | 151/305 kB Progress (3): 335 kB | 33 kB | 155/305 kB Progress (3): 335 kB | 33 kB | 159/305 kB Progress (3): 335 kB | 33 kB | 163/305 kB Progress (3): 335 kB | 33 kB | 167/305 kB Progress (3): 335 kB | 33 kB | 172/305 kB Progress (3): 335 kB | 33 kB | 176/305 kB Progress (3): 335 kB | 33 kB | 180/305 kB Progress (3): 335 kB | 33 kB | 184/305 kB Progress (3): 335 kB | 33 kB | 188/305 kB Progress (3): 335 kB | 33 kB | 192/305 kB Progress (3): 335 kB | 33 kB | 196/305 kB Progress (3): 335 kB | 33 kB | 200/305 kB Progress (3): 335 kB | 33 kB | 204/305 kB Progress (3): 335 kB | 33 kB | 208/305 kB Progress (3): 335 kB | 33 kB | 213/305 kB Progress (3): 335 kB | 33 kB | 217/305 kB Progress (3): 335 kB | 33 kB | 221/305 kB Progress (3): 335 kB | 33 kB | 225/305 kB Progress (3): 335 kB | 33 kB | 229/305 kB Progress (3): 335 kB | 33 kB | 233/305 kB Progress (3): 335 kB | 33 kB | 237/305 kB Progress (3): 335 kB | 33 kB | 241/305 kB Progress (3): 335 kB | 33 kB | 245/305 kB Progress (3): 335 kB | 33 kB | 249/305 kB Progress (3): 335 kB | 33 kB | 254/305 kB Progress (3): 335 kB | 33 kB | 258/305 kB Progress (3): 335 kB | 33 kB | 262/305 kB Progress (3): 335 kB | 33 kB | 266/305 kB Progress (3): 335 kB | 33 kB | 270/305 kB Progress (3): 335 kB | 33 kB | 274/305 kB Progress (3): 335 kB | 33 kB | 278/305 kB Progress (3): 335 kB | 33 kB | 282/305 kB Progress (3): 335 kB | 33 kB | 286/305 kB Progress (3): 335 kB | 33 kB | 290/305 kB Progress (3): 335 kB | 33 kB | 294/305 kB Progress (3): 335 kB | 33 kB | 299/305 kB Progress (3): 335 kB | 33 kB | 303/305 kB Progress (3): 335 kB | 33 kB | 305 kB Progress (4): 335 kB | 33 kB | 305 kB | 4.1/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 7.7/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 12/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 16/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 20/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 24/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 28/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 32/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 36/37 kB Progress (4): 335 kB | 33 kB | 305 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (4): 33 kB | 305 kB | 37 kB | 4.1/134 kB Progress (4): 33 kB | 305 kB | 37 kB | 7.7/134 kB Progress (4): 33 kB | 305 kB | 37 kB | 12/134 kB Progress (4): 33 kB | 305 kB | 37 kB | 16/134 kB Progress (4): 33 kB | 305 kB | 37 kB | 20/134 kB Progress (4): 33 kB | 305 kB | 37 kB | 24/134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 112 kB/s) Progress (3): 305 kB | 37 kB | 28/134 kB Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (3): 305 kB | 37 kB | 32/134 kB Progress (3): 305 kB | 37 kB | 36/134 kB Progress (3): 305 kB | 37 kB | 41/134 kB Progress (3): 305 kB | 37 kB | 45/134 kB Progress (3): 305 kB | 37 kB | 49/134 kB Progress (3): 305 kB | 37 kB | 53/134 kB Progress (3): 305 kB | 37 kB | 57/134 kB Progress (3): 305 kB | 37 kB | 61/134 kB Progress (3): 305 kB | 37 kB | 65/134 kB Progress (3): 305 kB | 37 kB | 69/134 kB Progress (3): 305 kB | 37 kB | 73/134 kB Progress (3): 305 kB | 37 kB | 77/134 kB Progress (3): 305 kB | 37 kB | 81/134 kB Progress (3): 305 kB | 37 kB | 86/134 kB Progress (3): 305 kB | 37 kB | 90/134 kB Progress (3): 305 kB | 37 kB | 94/134 kB Progress (3): 305 kB | 37 kB | 98/134 kB Progress (3): 305 kB | 37 kB | 102/134 kB Progress (3): 305 kB | 37 kB | 106/134 kB Progress (3): 305 kB | 37 kB | 110/134 kB Progress (3): 305 kB | 37 kB | 114/134 kB Progress (3): 305 kB | 37 kB | 118/134 kB Progress (3): 305 kB | 37 kB | 122/134 kB Progress (3): 305 kB | 37 kB | 127/134 kB Progress (3): 305 kB | 37 kB | 131/134 kB Progress (3): 305 kB | 37 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 990 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (2): 134 kB | 4.1/215 kB Progress (2): 134 kB | 7.7/215 kB Progress (2): 134 kB | 12/215 kB Progress (2): 134 kB | 16/215 kB Progress (2): 134 kB | 20/215 kB Progress (2): 134 kB | 24/215 kB Progress (2): 134 kB | 28/215 kB Progress (2): 134 kB | 32/215 kB Progress (2): 134 kB | 36/215 kB Progress (2): 134 kB | 40/215 kB Progress (2): 134 kB | 44/215 kB Progress (2): 134 kB | 48/215 kB Progress (2): 134 kB | 53/215 kB Progress (2): 134 kB | 57/215 kB Progress (2): 134 kB | 61/215 kB Progress (2): 134 kB | 65/215 kB Progress (2): 134 kB | 69/215 kB Progress (2): 134 kB | 73/215 kB Progress (2): 134 kB | 77/215 kB Progress (2): 134 kB | 81/215 kB Progress (2): 134 kB | 85/215 kB Progress (2): 134 kB | 89/215 kB Progress (2): 134 kB | 94/215 kB Progress (2): 134 kB | 98/215 kB Progress (2): 134 kB | 102/215 kB Progress (2): 134 kB | 106/215 kB Progress (2): 134 kB | 110/215 kB Progress (2): 134 kB | 114/215 kB Progress (2): 134 kB | 118/215 kB Progress (2): 134 kB | 122/215 kB Progress (2): 134 kB | 126/215 kB Progress (2): 134 kB | 130/215 kB Progress (2): 134 kB | 134/215 kB Progress (2): 134 kB | 139/215 kB Progress (2): 134 kB | 143/215 kB Progress (2): 134 kB | 147/215 kB Progress (2): 134 kB | 151/215 kB Progress (2): 134 kB | 155/215 kB Progress (2): 134 kB | 159/215 kB Progress (2): 134 kB | 163/215 kB Progress (2): 134 kB | 167/215 kB Progress (2): 134 kB | 171/215 kB Progress (2): 134 kB | 175/215 kB Progress (2): 134 kB | 180/215 kB Progress (2): 134 kB | 184/215 kB Progress (2): 134 kB | 188/215 kB Progress (2): 134 kB | 192/215 kB Progress (2): 134 kB | 196/215 kB Progress (2): 134 kB | 200/215 kB Progress (2): 134 kB | 204/215 kB Progress (2): 134 kB | 208/215 kB Progress (2): 134 kB | 212/215 kB Progress (2): 134 kB | 215 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 421 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (2): 215 kB | 3.4/180 kB Progress (2): 215 kB | 7.5/180 kB Progress (2): 215 kB | 12/180 kB Progress (2): 215 kB | 16/180 kB Progress (2): 215 kB | 20/180 kB Progress (2): 215 kB | 24/180 kB Progress (2): 215 kB | 28/180 kB Progress (2): 215 kB | 32/180 kB Progress (2): 215 kB | 36/180 kB Progress (2): 215 kB | 40/180 kB Progress (2): 215 kB | 44/180 kB Progress (2): 215 kB | 48/180 kB Progress (2): 215 kB | 53/180 kB Progress (2): 215 kB | 57/180 kB Progress (2): 215 kB | 61/180 kB Progress (2): 215 kB | 65/180 kB Progress (2): 215 kB | 69/180 kB Progress (2): 215 kB | 73/180 kB Progress (2): 215 kB | 77/180 kB Progress (2): 215 kB | 81/180 kB Progress (2): 215 kB | 85/180 kB Progress (2): 215 kB | 89/180 kB Progress (2): 215 kB | 94/180 kB Progress (2): 215 kB | 98/180 kB Progress (2): 215 kB | 102/180 kB Progress (2): 215 kB | 106/180 kB Progress (2): 215 kB | 110/180 kB Progress (2): 215 kB | 114/180 kB Progress (2): 215 kB | 118/180 kB Progress (2): 215 kB | 122/180 kB Progress (2): 215 kB | 126/180 kB Progress (2): 215 kB | 130/180 kB Progress (2): 215 kB | 134/180 kB Progress (3): 215 kB | 134/180 kB | 4.1/85 kB Progress (3): 215 kB | 139/180 kB | 4.1/85 kB Progress (3): 215 kB | 143/180 kB | 4.1/85 kB Progress (3): 215 kB | 143/180 kB | 7.7/85 kB Progress (3): 215 kB | 143/180 kB | 12/85 kB Progress (3): 215 kB | 143/180 kB | 16/85 kB Progress (3): 215 kB | 143/180 kB | 20/85 kB Progress (3): 215 kB | 143/180 kB | 24/85 kB Progress (3): 215 kB | 143/180 kB | 28/85 kB Progress (3): 215 kB | 143/180 kB | 32/85 kB Progress (3): 215 kB | 143/180 kB | 36/85 kB Progress (3): 215 kB | 143/180 kB | 41/85 kB Progress (3): 215 kB | 143/180 kB | 45/85 kB Progress (3): 215 kB | 143/180 kB | 49/85 kB Progress (3): 215 kB | 143/180 kB | 53/85 kB Progress (3): 215 kB | 143/180 kB | 57/85 kB Progress (3): 215 kB | 143/180 kB | 61/85 kB Progress (3): 215 kB | 143/180 kB | 65/85 kB Progress (3): 215 kB | 143/180 kB | 69/85 kB Progress (3): 215 kB | 143/180 kB | 73/85 kB Progress (3): 215 kB | 147/180 kB | 73/85 kB Progress (3): 215 kB | 147/180 kB | 77/85 kB Progress (3): 215 kB | 151/180 kB | 77/85 kB Progress (3): 215 kB | 151/180 kB | 81/85 kB Progress (3): 215 kB | 155/180 kB | 81/85 kB Progress (3): 215 kB | 159/180 kB | 81/85 kB Progress (3): 215 kB | 159/180 kB | 85 kB Progress (3): 215 kB | 163/180 kB | 85 kB Progress (3): 215 kB | 167/180 kB | 85 kB Progress (3): 215 kB | 171/180 kB | 85 kB Progress (3): 215 kB | 175/180 kB | 85 kB Progress (3): 215 kB | 180/180 kB | 85 kB Progress (3): 215 kB | 180 kB | 85 kB Progress (4): 215 kB | 180 kB | 85 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.2/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.3/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.4/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.5/2.6 MB Progress (4): 215 kB | 180 kB | 85 kB | 0.5/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 643 kB/s) Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.1/2.6 MB Progress (3): 180 kB | 85 kB | 1.2/2.6 MB Progress (3): 180 kB | 85 kB | 1.2/2.6 MB Progress (3): 180 kB | 85 kB | 1.2/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 250 kB/s) Progress (2): 180 kB | 1.2/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 180 kB | 1.2/2.6 MB Progress (2): 180 kB | 1.2/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.3/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.4/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.5/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.6/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.7/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.8/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 1.9/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.0/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.1/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.2/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.3/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.4/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.5/2.6 MB Progress (2): 180 kB | 2.6/2.6 MB Progress (2): 180 kB | 2.6/2.6 MB Progress (2): 180 kB | 2.6/2.6 MB Progress (2): 180 kB | 2.6/2.6 MB Progress (2): 180 kB | 2.6/2.6 MB Progress (2): 180 kB | 2.6 MB Progress (3): 180 kB | 2.6 MB | 2.2 kB Progress (4): 180 kB | 2.6 MB | 2.2 kB | 4.1/4.6 kB Progress (4): 180 kB | 2.6 MB | 2.2 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 508 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (4): 2.6 MB | 2.2 kB | 4.6 kB | 4.1/20 kB Progress (4): 2.6 MB | 2.2 kB | 4.6 kB | 7.7/20 kB Progress (4): 2.6 MB | 2.2 kB | 4.6 kB | 12/20 kB Progress (4): 2.6 MB | 2.2 kB | 4.6 kB | 16/20 kB Progress (4): 2.6 MB | 2.2 kB | 4.6 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 7.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 6.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Progress (1): 4.1/8.8 kB Progress (1): 7.7/8.8 kB Progress (1): 8.8 kB Progress (2): 8.8 kB | 4.1/5.9 kB Progress (2): 8.8 kB | 5.9 kB Progress (3): 8.8 kB | 5.9 kB | 4.1/14 kB Progress (4): 8.8 kB | 5.9 kB | 4.1/14 kB | 4.1/500 kB Progress (4): 8.8 kB | 5.9 kB | 7.7/14 kB | 4.1/500 kB Progress (4): 8.8 kB | 5.9 kB | 7.7/14 kB | 7.7/500 kB Progress (4): 8.8 kB | 5.9 kB | 12/14 kB | 7.7/500 kB Progress (4): 8.8 kB | 5.9 kB | 12/14 kB | 12/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 12/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 16/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 20/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 24/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 28/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 32/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 36/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 41/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 45/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 49/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 53/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 57/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 61/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 65/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 69/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 73/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 77/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 81/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 86/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 90/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 94/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 98/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 102/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 106/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 110/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 114/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 118/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 122/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 127/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 131/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 135/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 139/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 143/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 147/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 151/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 155/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 159/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 163/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 167/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 172/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 176/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 180/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 184/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 188/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 192/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 196/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 200/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 204/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 208/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 213/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 217/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 221/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 225/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 229/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 233/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 237/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 241/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 245/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 249/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 254/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 258/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 262/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 266/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 270/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 274/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 278/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 282/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 286/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 290/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 294/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 299/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 303/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 307/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 311/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 315/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 319/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 323/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 327/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 331/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 335/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 340/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 344/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 348/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 352/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 356/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 360/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 364/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 368/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 372/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 376/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 380/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 385/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 389/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 393/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 397/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 401/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 405/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 409/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 413/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 417/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 421/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 426/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 430/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 434/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 438/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 442/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 446/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 450/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 454/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 458/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 462/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 466/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 471/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 475/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 479/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 483/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 487/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 491/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 495/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 499/500 kB Progress (4): 8.8 kB | 5.9 kB | 14 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 22 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 34 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.2 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 26.336 s [INFO] Finished at: 2026-02-10T22:07:17Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="2fc3442b7a98e76f688df98e9c5c7ef301377f7e" "org.opencontainers.image.revision"="2fc3442b7a98e76f688df98e9c5c7ef301377f7e" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-02-10T22:06:32Z" "org.opencontainers.image.created"="2026-02-10T22:06:32Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e --> f3b2a51b370f Successfully tagged quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e f3b2a51b370f4b6750449b513c9867e0dc954d5d7e98dc1bff642c7790e5a3ae [2026-02-10T22:07:19,099790719+00:00] Unsetting proxy [2026-02-10T22:07:19,100972300+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:bfa3bba83a7df3e8b7816600e690f74be4da6251cb5e1d998979390890a6e7c3 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:f3b2a51b370f4b6750449b513c9867e0dc954d5d7e98dc1bff642c7790e5a3ae Writing manifest to image destination [2026-02-10T22:07:20,921399964+00:00] End build pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | container step-push: [2026-02-10T22:07:21,301543994+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:07:23,231395152+00:00] Convert image [2026-02-10T22:07:23,232489064+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-v7ppp-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-v7ppp-build-container Getting image source signatures Copying blob sha256:bfa3bba83a7df3e8b7816600e690f74be4da6251cb5e1d998979390890a6e7c3 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:f3b2a51b370f4b6750449b513c9867e0dc954d5d7e98dc1bff642c7790e5a3ae Writing manifest to image destination [2026-02-10T22:07:30,233635612+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e Getting image source signatures Copying blob sha256:bfa3bba83a7df3e8b7816600e690f74be4da6251cb5e1d998979390890a6e7c3 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:f3b2a51b370f4b6750449b513c9867e0dc954d5d7e98dc1bff642c7790e5a3ae Writing manifest to image destination sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252ebquay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e [2026-02-10T22:07:31,012636098+00:00] End push pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | container step-sbom-syft-generate: [2026-02-10T22:07:31,400625217+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:07:40,042418613+00:00] End sbom-syft-generate pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | container step-prepare-sboms: [2026-02-10T22:07:40,746303193+00:00] Prepare SBOM [2026-02-10T22:07:40,750293376+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:07:41,867 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:07:42,004 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:07:43,028 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:07:43,028 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:07:43,028 [INFO] mobster.log: Contextual workflow completed in 1.04s 2026-02-10 22:07:43,059 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:07:43,131819372+00:00] End prepare-sboms pod: test-component-pac-xmjyvu-oc365a98d87a9e1b8f7375a32632092f3-pod | container step-upload-sbom: [2026-02-10T22:07:43,357089636+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:fe9c0b62aea134c0137d7394a486d1e1c38fb7f62305a97826c9823c6ed8d26b [2026-02-10T22:07:45,684953967+00:00] End upload-sbom pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | init container: prepare 2026/02/10 22:07:59 Entrypoint initialization pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | init container: place-scripts 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-0-zhp95 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-1-dkpmm 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-2-74q9x 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-3-mb66w 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-4-bhbhn 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-5-fsqw6 pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Auth json written to "/auth/auth.json". pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-set-skip-for-bundles: 2026/02/10 22:10:09 INFO Step was skipped due to when expressions were evaluated to false. pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-app-check: time="2026-02-10T22:10:10Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:10:10Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e for platform amd64" time="2026-02-10T22:10:10Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e" time="2026-02-10T22:10:18Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:10:18Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:10:18Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:10:19Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:10:19Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:10:19Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:10:19Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:10:28Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:10:28Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:10:28Z" level=info msg="This image's tag on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e will be paired with digest sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 47, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9142, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 136, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:10:29Z" level=info msg="Preflight result: FAILED" pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761430","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e pod: test-component-pac-xmjyvu-odfef721211e29fa1bcd09697a8af29b1-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761430","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-apply-tags-pod | init container: prepare 2026/02/10 22:07:59 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:08:01Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e" time="2026-02-10T22:08:01Z" level=info msg="[param] Image digest: sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb" time="2026-02-10T22:08:01Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:08:01Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | init container: prepare 2026/02/10 22:07:59 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | init container: place-scripts 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-0-f4tgk 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-1-q6csr 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-2-ljst9 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-3-lkgdf pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb. pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:11:28Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"}] 2026-02-10T22:11:28Z INF libvuln initialized component=libvuln/New 2026-02-10T22:11:29Z INF registered configured scanners component=libindex/New 2026-02-10T22:11:29Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:11:29Z INF index request start component=libindex/Libindex.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb 2026-02-10T22:11:29Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb 2026-02-10T22:11:29Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=CheckManifest 2026-02-10T22:11:29Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=FetchLayers 2026-02-10T22:11:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=FetchLayers 2026-02-10T22:11:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=FetchLayers 2026-02-10T22:11:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=ScanLayers 2026-02-10T22:11:32Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:32Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:11:33Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=ScanLayers 2026-02-10T22:11:33Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=IndexManifest 2026-02-10T22:11:33Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=IndexFinished 2026-02-10T22:11:33Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb state=IndexFinished 2026-02-10T22:11:33Z INF index request done component=libindex/Libindex.Index manifest=sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb { "manifest_hash": "sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "88ece637-b92f-45b1-8441-51cd4a73d527": { "id": "88ece637-b92f-45b1-8441-51cd4a73d527", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a": { "id": "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0": { "id": "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "61dfdce4-209b-4edc-940c-4b8c1ce81c1b": { "id": "61dfdce4-209b-4edc-940c-4b8c1ce81c1b", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "7cda4375-ae43-4dd4-b46d-b60c636b225b": { "id": "7cda4375-ae43-4dd4-b46d-b60c636b225b", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "e6045240-2cb5-4b46-adbf-788f258c212e": { "id": "e6045240-2cb5-4b46-adbf-788f258c212e", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "e9d2c37e-193b-4ee4-9efb-b91060360dde": { "id": "e9d2c37e-193b-4ee4-9efb-b91060360dde", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7037d250150f0c5ac00c7f068a09753e5cd6120c93fbbb076363e9f56a148c68", "distribution_id": "", "repository_ids": [ "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7037d250150f0c5ac00c7f068a09753e5cd6120c93fbbb076363e9f56a148c68", "distribution_id": "", "repository_ids": [ "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "61dfdce4-209b-4edc-940c-4b8c1ce81c1b", "61dfdce4-209b-4edc-940c-4b8c1ce81c1b" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7037d250150f0c5ac00c7f068a09753e5cd6120c93fbbb076363e9f56a148c68", "distribution_id": "", "repository_ids": [ "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "61dfdce4-209b-4edc-940c-4b8c1ce81c1b", "61dfdce4-209b-4edc-940c-4b8c1ce81c1b" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7037d250150f0c5ac00c7f068a09753e5cd6120c93fbbb076363e9f56a148c68", "distribution_id": "", "repository_ids": [ "446355dc-9eaa-4e9c-8078-6b0ddf0da3a0" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "7cda4375-ae43-4dd4-b46d-b60c636b225b", "e9d2c37e-193b-4ee4-9efb-b91060360dde" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "88ece637-b92f-45b1-8441-51cd4a73d527", "repository_ids": [ "e6045240-2cb5-4b46-adbf-788f258c212e", "3d5c5ef7-3fc6-4387-a2ec-0f52e0f8fb6a" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), libzstd-1.4.4-1.el8 (CVE-2022-4899), file-libs-5.33-27.el8_10 (CVE-2019-8905), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), expat-2.5.0-1.el8_10 (CVE-2024-28757), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), tar-2:1.30-11.el8_10 (CVE-2025-45582), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), gawk-4.2.1-4.el8 (CVE-2023-4156), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), libzstd-1.4.4-1.el8 (CVE-2021-24032), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), file-libs-5.33-27.el8_10 (CVE-2019-8906), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), pcre2-10.32-3.el8_6 (CVE-2022-41409), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e", "digests": ["sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:11:53+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clamav-scan-pod | init container: prepare 2026/02/10 22:07:59 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clamav-scan-pod | init container: place-scripts 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-0-6dxd4 2026/02/10 22:08:00 Decoded script /tekton/scripts/script-1-q8d7d pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 21.691 sec (0 m 21 s) Start Date: 2026:02:10 22:09:04 End Date: 2026:02:10 22:09:26 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761366","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761366","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761366","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e", "digests": ["sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb"]}} pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 4f138a7b7fdf clamscan-result-amd64.log Uploading b67364064354 clamscan-ec-test-amd64.json Uploaded 4f138a7b7fdf clamscan-result-amd64.log Uploaded b67364064354 clamscan-ec-test-amd64.json Uploading 09f8266ce2a1 application/vnd.oci.image.manifest.v1+json Uploaded 09f8266ce2a1 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2fc3442b7a98e76f688df98e9c5c7ef301377f7e@sha256:f6c2875e6b6e39f21256a61c7dc3d8f47bd4dc2ed20791e2a4652ac835d252eb Digest: sha256:09f8266ce2a1b81c51a47c4c70e7c77c3b7263e36807b333a70debd6ae7fc70e pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-init-pod | init container: prepare 2026/02/10 22:04:23 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-init-pod | init container: place-scripts 2026/02/10 22:04:24 Decoded script /tekton/scripts/script-0-cmlpv pod: test-component-pac-xmjyvu-on-pull-request-v7ppp-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-vkc9p reason: Failed attempt 2/3: PipelineRun "test-component-pac-xmjyvu-on-pull-request-vkc9p" failed: pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | init container: prepare 2026/02/10 22:12:46 Entrypoint initialization pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | init container: place-scripts 2026/02/10 22:12:46 Decoded script /tekton/scripts/script-0-6gdhj 2026/02/10 22:12:46 Decoded script /tekton/scripts/script-1-pzt69 2026/02/10 22:12:46 Decoded script /tekton/scripts/script-2-pd6ss 2026/02/10 22:12:46 Decoded script /tekton/scripts/script-3-wjsr8 2026/02/10 22:12:46 Decoded script /tekton/scripts/script-4-hpp7r pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | container step-build: [2026-02-10T22:12:51,973903515+00:00] Validate context path [2026-02-10T22:12:51,977297798+00:00] Update CA trust [2026-02-10T22:12:51,978355707+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:12:54,076814387+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:12:54,082817254+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:12:54,225729559+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:12:58,437316340+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:12:54Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:12:54Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "0dcafc660a1b623b5220240ec60114a99383e2c6", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "0dcafc660a1b623b5220240ec60114a99383e2c6", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-02-10T22:12:58,480933165+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:12:58,484479547+00:00] Add secrets [2026-02-10T22:12:58,492239522+00:00] Run buildah build [2026-02-10T22:12:58,493361469+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=0dcafc660a1b623b5220240ec60114a99383e2c6 --label org.opencontainers.image.revision=0dcafc660a1b623b5220240ec60114a99383e2c6 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-02-10T22:12:54Z --label org.opencontainers.image.created=2026-02-10T22:12:54Z --annotation org.opencontainers.image.revision=0dcafc660a1b623b5220240ec60114a99383e2c6 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-02-10T22:12:54Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.wgbWLB -t quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 564 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 26/134 kB Progress (1): 30/134 kB Progress (1): 34/134 kB Progress (1): 38/134 kB Progress (1): 42/134 kB Progress (1): 46/134 kB Progress (1): 48/134 kB Progress (1): 52/134 kB Progress (1): 56/134 kB Progress (1): 60/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 81/134 kB Progress (1): 85/134 kB Progress (1): 89/134 kB Progress (1): 93/134 kB Progress (1): 97/134 kB Progress (1): 101/134 kB Progress (1): 106/134 kB Progress (1): 110/134 kB Progress (1): 114/134 kB Progress (1): 116/134 kB Progress (1): 120/134 kB Progress (1): 124/134 kB Progress (1): 128/134 kB Progress (1): 132/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 418 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.5/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 440 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 472 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 582 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 8.2/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 25/43 kB Progress (1): 29/43 kB Progress (1): 33/43 kB Progress (1): 37/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 753 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 516 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 724 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 558 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/3.6 kB Progress (2): 3.6 kB | 3.6 kB Progress (3): 3.6 kB | 3.6 kB | 2.0 kB Progress (4): 3.6 kB | 3.6 kB | 2.0 kB | 2.3/7.1 kB Progress (4): 3.6 kB | 3.6 kB | 2.0 kB | 5.0/7.1 kB Progress (4): 3.6 kB | 3.6 kB | 2.0 kB | 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 61 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 59 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 32 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 105 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 381 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 182 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (2): 11/226 kB | 2.3/13 kB Progress (2): 13/226 kB | 2.3/13 kB Progress (2): 13/226 kB | 6.4/13 kB Progress (2): 16/226 kB | 6.4/13 kB Progress (2): 16/226 kB | 10/13 kB Progress (2): 19/226 kB | 10/13 kB Progress (2): 19/226 kB | 13 kB Progress (2): 21/226 kB | 13 kB Progress (2): 24/226 kB | 13 kB Progress (2): 27/226 kB | 13 kB Progress (2): 30/226 kB | 13 kB Progress (2): 33/226 kB | 13 kB Progress (2): 36/226 kB | 13 kB Progress (2): 38/226 kB | 13 kB Progress (2): 41/226 kB | 13 kB Progress (2): 44/226 kB | 13 kB Progress (2): 46/226 kB | 13 kB Progress (2): 49/226 kB | 13 kB Progress (2): 53/226 kB | 13 kB Progress (2): 57/226 kB | 13 kB Progress (2): 62/226 kB | 13 kB Progress (2): 66/226 kB | 13 kB Progress (2): 70/226 kB | 13 kB Progress (2): 74/226 kB | 13 kB Progress (2): 78/226 kB | 13 kB Progress (2): 82/226 kB | 13 kB Progress (2): 86/226 kB | 13 kB Progress (2): 90/226 kB | 13 kB Progress (2): 94/226 kB | 13 kB Progress (2): 98/226 kB | 13 kB Progress (2): 102/226 kB | 13 kB Progress (2): 107/226 kB | 13 kB Progress (2): 111/226 kB | 13 kB Progress (2): 115/226 kB | 13 kB Progress (2): 117/226 kB | 13 kB Progress (2): 121/226 kB | 13 kB Progress (2): 125/226 kB | 13 kB Progress (2): 129/226 kB | 13 kB Progress (2): 133/226 kB | 13 kB Progress (2): 137/226 kB | 13 kB Progress (2): 141/226 kB | 13 kB Progress (2): 146/226 kB | 13 kB Progress (2): 150/226 kB | 13 kB Progress (2): 154/226 kB | 13 kB Progress (2): 158/226 kB | 13 kB Progress (2): 162/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 185/226 kB | 13 kB Progress (2): 189/226 kB | 13 kB Progress (2): 193/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 201/226 kB | 13 kB Progress (2): 205/226 kB | 13 kB Progress (2): 209/226 kB | 13 kB Progress (2): 213/226 kB | 13 kB Progress (2): 217/226 kB | 13 kB Progress (2): 221/226 kB | 13 kB Progress (2): 226/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 292 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.2 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 202 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 493 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 135 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 249 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 154 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 442 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (1): 28/116 kB Progress (1): 32/116 kB Progress (1): 36/116 kB Progress (1): 41/116 kB Progress (1): 45/116 kB Progress (1): 49/116 kB Progress (1): 53/116 kB Progress (1): 57/116 kB Progress (1): 61/116 kB Progress (1): 65/116 kB Progress (1): 69/116 kB Progress (1): 73/116 kB Progress (1): 77/116 kB Progress (1): 81/116 kB Progress (1): 86/116 kB Progress (1): 90/116 kB Progress (1): 94/116 kB Progress (1): 98/116 kB Progress (1): 102/116 kB Progress (1): 106/116 kB Progress (1): 110/116 kB Progress (2): 110/116 kB | 3.8/35 kB Progress (2): 114/116 kB | 3.8/35 kB Progress (2): 116 kB | 3.8/35 kB Progress (2): 116 kB | 7.9/35 kB Progress (2): 116 kB | 12/35 kB Progress (2): 116 kB | 16/35 kB Progress (2): 116 kB | 20/35 kB Progress (2): 116 kB | 24/35 kB Progress (2): 116 kB | 28/35 kB Progress (2): 116 kB | 32/35 kB Progress (2): 116 kB | 35 kB Progress (3): 116 kB | 35 kB | 2.3/29 kB Progress (3): 116 kB | 35 kB | 5.0/29 kB Progress (3): 116 kB | 35 kB | 7.8/29 kB Progress (3): 116 kB | 35 kB | 11/29 kB Progress (3): 116 kB | 35 kB | 13/29 kB Progress (3): 116 kB | 35 kB | 16/29 kB Progress (3): 116 kB | 35 kB | 19/29 kB Progress (3): 116 kB | 35 kB | 21/29 kB Progress (3): 116 kB | 35 kB | 24/29 kB Progress (3): 116 kB | 35 kB | 27/29 kB Progress (3): 116 kB | 35 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 860 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (2): 29 kB | 2.3/152 kB Progress (2): 29 kB | 5.0/152 kB Progress (2): 29 kB | 7.8/152 kB Progress (2): 29 kB | 11/152 kB Progress (2): 29 kB | 13/152 kB Progress (2): 29 kB | 16/152 kB Progress (2): 29 kB | 19/152 kB Progress (2): 29 kB | 21/152 kB Progress (2): 29 kB | 24/152 kB Progress (2): 29 kB | 27/152 kB Progress (2): 29 kB | 30/152 kB Progress (2): 29 kB | 33/152 kB Progress (2): 29 kB | 36/152 kB Progress (2): 29 kB | 38/152 kB Progress (2): 29 kB | 41/152 kB Progress (2): 29 kB | 44/152 kB Progress (2): 29 kB | 46/152 kB Progress (2): 29 kB | 49/152 kB Progress (2): 29 kB | 52/152 kB Progress (2): 29 kB | 55/152 kB Progress (2): 29 kB | 59/152 kB Progress (3): 29 kB | 59/152 kB | 4.1/57 kB Progress (3): 29 kB | 59/152 kB | 8.2/57 kB Progress (3): 29 kB | 59/152 kB | 12/57 kB Progress (3): 29 kB | 59/152 kB | 16/57 kB Progress (3): 29 kB | 63/152 kB | 16/57 kB Progress (3): 29 kB | 67/152 kB | 16/57 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 657 kB/s) Progress (2): 71/152 kB | 16/57 kB Progress (2): 71/152 kB | 20/57 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Progress (2): 71/152 kB | 25/57 kB Progress (2): 71/152 kB | 29/57 kB Progress (2): 75/152 kB | 29/57 kB Progress (2): 75/152 kB | 33/57 kB Progress (2): 79/152 kB | 33/57 kB Progress (2): 79/152 kB | 37/57 kB Progress (2): 79/152 kB | 41/57 kB Progress (2): 79/152 kB | 45/57 kB Progress (2): 83/152 kB | 45/57 kB Progress (2): 83/152 kB | 49/57 kB Progress (2): 87/152 kB | 49/57 kB Progress (2): 87/152 kB | 53/57 kB Progress (2): 87/152 kB | 57 kB Progress (2): 92/152 kB | 57 kB Progress (2): 96/152 kB | 57 kB Progress (2): 100/152 kB | 57 kB Progress (2): 104/152 kB | 57 kB Progress (2): 108/152 kB | 57 kB Progress (2): 112/152 kB | 57 kB Progress (2): 116/152 kB | 57 kB Progress (2): 120/152 kB | 57 kB Progress (2): 122/152 kB | 57 kB Progress (2): 126/152 kB | 57 kB Progress (2): 131/152 kB | 57 kB Progress (2): 135/152 kB | 57 kB Progress (2): 139/152 kB | 57 kB Progress (2): 143/152 kB | 57 kB Progress (2): 147/152 kB | 57 kB Progress (2): 151/152 kB | 57 kB Progress (2): 152 kB | 57 kB Progress (3): 152 kB | 57 kB | 4.1/9.9 kB Progress (3): 152 kB | 57 kB | 7.7/9.9 kB Progress (3): 152 kB | 57 kB | 9.9 kB Progress (4): 152 kB | 57 kB | 9.9 kB | 2.3/5.9 kB Progress (4): 152 kB | 57 kB | 9.9 kB | 5.0/5.9 kB Progress (4): 152 kB | 57 kB | 9.9 kB | 5.9 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 3.8/21 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 7.9/21 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 12/21 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 16/21 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 20/21 kB Progress (5): 152 kB | 57 kB | 9.9 kB | 5.9 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 131 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (3): 57 kB | 21 kB | 3.8/24 kB Progress (3): 57 kB | 21 kB | 7.9/24 kB Progress (3): 57 kB | 21 kB | 12/24 kB Progress (3): 57 kB | 21 kB | 16/24 kB Progress (3): 57 kB | 21 kB | 20/24 kB Progress (4): 57 kB | 21 kB | 20/24 kB | 4.1/14 kB Progress (4): 57 kB | 21 kB | 24/24 kB | 4.1/14 kB Progress (4): 57 kB | 21 kB | 24/24 kB | 7.7/14 kB Progress (4): 57 kB | 21 kB | 24 kB | 7.7/14 kB Progress (4): 57 kB | 21 kB | 24 kB | 12/14 kB Progress (4): 57 kB | 21 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 549 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (3): 24 kB | 14 kB | 2.3/30 kB Progress (3): 24 kB | 14 kB | 5.0/30 kB Progress (3): 24 kB | 14 kB | 7.8/30 kB Progress (3): 24 kB | 14 kB | 12/30 kB Progress (3): 24 kB | 14 kB | 16/30 kB Progress (3): 24 kB | 14 kB | 20/30 kB Progress (3): 24 kB | 14 kB | 24/30 kB Progress (3): 24 kB | 14 kB | 28/30 kB Progress (3): 24 kB | 14 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 222 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (3): 14 kB | 30 kB | 3.8/37 kB Progress (3): 14 kB | 30 kB | 7.8/37 kB Progress (3): 14 kB | 30 kB | 12/37 kB Progress (3): 14 kB | 30 kB | 16/37 kB Progress (3): 14 kB | 30 kB | 20/37 kB Progress (3): 14 kB | 30 kB | 24/37 kB Progress (3): 14 kB | 30 kB | 28/37 kB Progress (3): 14 kB | 30 kB | 32/37 kB Progress (3): 14 kB | 30 kB | 36/37 kB Progress (3): 14 kB | 30 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (2): 37 kB | 4.1/13 kB Progress (2): 37 kB | 7.7/13 kB Progress (2): 37 kB | 12/13 kB Progress (2): 37 kB | 13 kB Progress (3): 37 kB | 13 kB | 4.1/38 kB Progress (3): 37 kB | 13 kB | 7.7/38 kB Progress (3): 37 kB | 13 kB | 12/38 kB Progress (3): 37 kB | 13 kB | 16/38 kB Progress (3): 37 kB | 13 kB | 20/38 kB Progress (3): 37 kB | 13 kB | 24/38 kB Progress (3): 37 kB | 13 kB | 28/38 kB Progress (3): 37 kB | 13 kB | 32/38 kB Progress (3): 37 kB | 13 kB | 36/38 kB Progress (3): 37 kB | 13 kB | 38 kB Progress (4): 37 kB | 13 kB | 38 kB | 3.8/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 7.8/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 12/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 16/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 20/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 24/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 28/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 32/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 36/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 41/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 45/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 49/87 kB Progress (4): 37 kB | 13 kB | 38 kB | 53/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 260 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (3): 13 kB | 38 kB | 57/87 kB Progress (3): 13 kB | 38 kB | 61/87 kB Progress (3): 13 kB | 38 kB | 65/87 kB Progress (3): 13 kB | 38 kB | 69/87 kB Progress (3): 13 kB | 38 kB | 73/87 kB Progress (3): 13 kB | 38 kB | 77/87 kB Progress (3): 13 kB | 38 kB | 81/87 kB Progress (3): 13 kB | 38 kB | 86/87 kB Progress (3): 13 kB | 38 kB | 87 kB Progress (4): 13 kB | 38 kB | 87 kB | 3.8/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 7.9/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 12/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 16/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 20/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 24/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 28/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 32/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 37/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 41/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 45/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 49/49 kB Progress (4): 13 kB | 38 kB | 87 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 252 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Progress (4): 13 kB | 87 kB | 49 kB | 3.8/86 kB Progress (4): 13 kB | 87 kB | 49 kB | 7.9/86 kB Progress (4): 13 kB | 87 kB | 49 kB | 12/86 kB Progress (4): 13 kB | 87 kB | 49 kB | 16/86 kB Progress (4): 13 kB | 87 kB | 49 kB | 20/86 kB Progress (4): 13 kB | 87 kB | 49 kB | 24/86 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 536 kB/s) Progress (3): 13 kB | 49 kB | 28/86 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (3): 13 kB | 49 kB | 32/86 kB Progress (3): 13 kB | 49 kB | 36/86 kB Progress (3): 13 kB | 49 kB | 40/86 kB Progress (3): 13 kB | 49 kB | 44/86 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 299 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (2): 13 kB | 48/86 kB Progress (2): 13 kB | 53/86 kB Progress (2): 13 kB | 57/86 kB Progress (2): 13 kB | 61/86 kB Progress (2): 13 kB | 65/86 kB Progress (2): 13 kB | 69/86 kB Progress (2): 13 kB | 73/86 kB Progress (2): 13 kB | 77/86 kB Progress (2): 13 kB | 81/86 kB Progress (3): 13 kB | 81/86 kB | 4.1/10 kB Progress (3): 13 kB | 85/86 kB | 4.1/10 kB Progress (3): 13 kB | 86 kB | 4.1/10 kB Progress (3): 13 kB | 86 kB | 8.2/10 kB Progress (3): 13 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 480 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (2): 10 kB | 3.8/194 kB Progress (2): 10 kB | 7.9/194 kB Progress (2): 10 kB | 12/194 kB Progress (2): 10 kB | 16/194 kB Progress (2): 10 kB | 20/194 kB Progress (2): 10 kB | 24/194 kB Progress (2): 10 kB | 28/194 kB Progress (2): 10 kB | 32/194 kB Progress (2): 10 kB | 37/194 kB Progress (2): 10 kB | 41/194 kB Progress (2): 10 kB | 45/194 kB Progress (2): 10 kB | 49/194 kB Progress (2): 10 kB | 53/194 kB Progress (2): 10 kB | 57/194 kB Progress (3): 10 kB | 57/194 kB | 4.1/121 kB Progress (3): 10 kB | 61/194 kB | 4.1/121 kB Progress (3): 10 kB | 61/194 kB | 7.7/121 kB Progress (3): 10 kB | 61/194 kB | 12/121 kB Progress (3): 10 kB | 61/194 kB | 16/121 kB Progress (3): 10 kB | 65/194 kB | 16/121 kB Progress (3): 10 kB | 69/194 kB | 16/121 kB Progress (3): 10 kB | 71/194 kB | 16/121 kB Progress (3): 10 kB | 76/194 kB | 16/121 kB Progress (3): 10 kB | 76/194 kB | 20/121 kB Progress (3): 10 kB | 80/194 kB | 20/121 kB Progress (3): 10 kB | 80/194 kB | 24/121 kB Progress (3): 10 kB | 80/194 kB | 28/121 kB Progress (3): 10 kB | 80/194 kB | 32/121 kB Progress (3): 10 kB | 84/194 kB | 32/121 kB Progress (3): 10 kB | 84/194 kB | 36/121 kB Progress (3): 10 kB | 84/194 kB | 40/121 kB Progress (3): 10 kB | 88/194 kB | 40/121 kB Progress (3): 10 kB | 88/194 kB | 44/121 kB Progress (3): 10 kB | 92/194 kB | 44/121 kB Progress (3): 10 kB | 92/194 kB | 48/121 kB Progress (3): 10 kB | 96/194 kB | 48/121 kB Progress (3): 10 kB | 100/194 kB | 48/121 kB Progress (3): 10 kB | 100/194 kB | 53/121 kB Progress (3): 10 kB | 100/194 kB | 57/121 kB Progress (3): 10 kB | 104/194 kB | 57/121 kB Progress (3): 10 kB | 104/194 kB | 61/121 kB Progress (3): 10 kB | 108/194 kB | 61/121 kB Progress (3): 10 kB | 108/194 kB | 65/121 kB Progress (3): 10 kB | 112/194 kB | 65/121 kB Progress (3): 10 kB | 116/194 kB | 65/121 kB Progress (3): 10 kB | 116/194 kB | 69/121 kB Progress (3): 10 kB | 121/194 kB | 69/121 kB Progress (3): 10 kB | 121/194 kB | 73/121 kB Progress (3): 10 kB | 125/194 kB | 73/121 kB Progress (3): 10 kB | 125/194 kB | 77/121 kB Progress (3): 10 kB | 129/194 kB | 77/121 kB Progress (3): 10 kB | 129/194 kB | 81/121 kB Progress (3): 10 kB | 133/194 kB | 81/121 kB Progress (3): 10 kB | 133/194 kB | 85/121 kB Progress (3): 10 kB | 133/194 kB | 89/121 kB Progress (3): 10 kB | 137/194 kB | 89/121 kB Progress (3): 10 kB | 137/194 kB | 93/121 kB Progress (3): 10 kB | 141/194 kB | 93/121 kB Progress (3): 10 kB | 141/194 kB | 98/121 kB Progress (3): 10 kB | 145/194 kB | 98/121 kB Progress (3): 10 kB | 149/194 kB | 98/121 kB Progress (3): 10 kB | 149/194 kB | 102/121 kB Progress (3): 10 kB | 149/194 kB | 106/121 kB Progress (3): 10 kB | 153/194 kB | 106/121 kB Progress (3): 10 kB | 153/194 kB | 110/121 kB Progress (3): 10 kB | 157/194 kB | 110/121 kB Progress (3): 10 kB | 157/194 kB | 114/121 kB Progress (3): 10 kB | 162/194 kB | 114/121 kB Progress (3): 10 kB | 166/194 kB | 114/121 kB Progress (3): 10 kB | 166/194 kB | 118/121 kB Progress (3): 10 kB | 166/194 kB | 121 kB Progress (3): 10 kB | 170/194 kB | 121 kB Progress (3): 10 kB | 174/194 kB | 121 kB Progress (3): 10 kB | 178/194 kB | 121 kB Progress (3): 10 kB | 182/194 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (2): 186/194 kB | 121 kB Progress (2): 190/194 kB | 121 kB Progress (2): 194 kB | 121 kB Progress (3): 194 kB | 121 kB | 4.1/6.8 kB Progress (3): 194 kB | 121 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 4.1/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 7.7/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 12/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 20/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 24/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 28/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 32/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 36/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 41/43 kB Progress (4): 194 kB | 121 kB | 6.8 kB | 43 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 4.1/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 7.7/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 12/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 16/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 20/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 24/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 28/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 32/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 36/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 40/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 45/223 kB Progress (5): 194 kB | 121 kB | 6.8 kB | 43 kB | 49/223 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 574 kB/s) Progress (4): 194 kB | 6.8 kB | 43 kB | 53/223 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (4): 194 kB | 6.8 kB | 43 kB | 57/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 61/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 65/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 69/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 73/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 77/223 kB Progress (4): 194 kB | 6.8 kB | 43 kB | 81/223 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 916 kB/s) Progress (3): 6.8 kB | 43 kB | 86/223 kB Progress (3): 6.8 kB | 43 kB | 90/223 kB Progress (3): 6.8 kB | 43 kB | 94/223 kB Progress (3): 6.8 kB | 43 kB | 98/223 kB Progress (3): 6.8 kB | 43 kB | 102/223 kB Progress (3): 6.8 kB | 43 kB | 106/223 kB Progress (3): 6.8 kB | 43 kB | 110/223 kB Progress (3): 6.8 kB | 43 kB | 114/223 kB Progress (3): 6.8 kB | 43 kB | 118/223 kB Progress (3): 6.8 kB | 43 kB | 122/223 kB Progress (3): 6.8 kB | 43 kB | 127/223 kB Progress (3): 6.8 kB | 43 kB | 131/223 kB Progress (3): 6.8 kB | 43 kB | 135/223 kB Progress (3): 6.8 kB | 43 kB | 139/223 kB Progress (3): 6.8 kB | 43 kB | 143/223 kB Progress (3): 6.8 kB | 43 kB | 147/223 kB Progress (3): 6.8 kB | 43 kB | 151/223 kB Progress (3): 6.8 kB | 43 kB | 155/223 kB Progress (3): 6.8 kB | 43 kB | 159/223 kB Progress (3): 6.8 kB | 43 kB | 163/223 kB Progress (3): 6.8 kB | 43 kB | 167/223 kB Progress (3): 6.8 kB | 43 kB | 171/223 kB Progress (3): 6.8 kB | 43 kB | 176/223 kB Progress (3): 6.8 kB | 43 kB | 180/223 kB Progress (3): 6.8 kB | 43 kB | 184/223 kB Progress (3): 6.8 kB | 43 kB | 188/223 kB Progress (3): 6.8 kB | 43 kB | 192/223 kB Progress (3): 6.8 kB | 43 kB | 196/223 kB Progress (3): 6.8 kB | 43 kB | 200/223 kB Progress (3): 6.8 kB | 43 kB | 204/223 kB Progress (3): 6.8 kB | 43 kB | 208/223 kB Progress (3): 6.8 kB | 43 kB | 212/223 kB Progress (3): 6.8 kB | 43 kB | 217/223 kB Progress (3): 6.8 kB | 43 kB | 221/223 kB Progress (3): 6.8 kB | 43 kB | 223 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 192 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 30 kB/s) Progress (2): 223 kB | 4.1/61 kB Progress (2): 223 kB | 8.2/61 kB Progress (2): 223 kB | 12/61 kB Progress (2): 223 kB | 16/61 kB Progress (2): 223 kB | 20/61 kB Progress (2): 223 kB | 25/61 kB Progress (2): 223 kB | 29/61 kB Progress (2): 223 kB | 33/61 kB Progress (2): 223 kB | 37/61 kB Progress (2): 223 kB | 41/61 kB Progress (2): 223 kB | 45/61 kB Progress (2): 223 kB | 49/61 kB Progress (2): 223 kB | 53/61 kB Progress (2): 223 kB | 57/61 kB Progress (2): 223 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 938 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 235 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 420 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 477 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 589 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 454 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 315 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 408 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 394 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 3.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/211 kB Progress (1): 7.7/211 kB Progress (1): 12/211 kB Progress (1): 16/211 kB Progress (1): 20/211 kB Progress (1): 24/211 kB Progress (1): 28/211 kB Progress (1): 32/211 kB Progress (1): 36/211 kB Progress (1): 41/211 kB Progress (1): 45/211 kB Progress (1): 49/211 kB Progress (1): 53/211 kB Progress (1): 57/211 kB Progress (1): 61/211 kB Progress (1): 65/211 kB Progress (1): 69/211 kB Progress (1): 73/211 kB Progress (1): 77/211 kB Progress (1): 81/211 kB Progress (1): 86/211 kB Progress (1): 90/211 kB Progress (1): 94/211 kB Progress (2): 94/211 kB | 4.1/160 kB Progress (2): 98/211 kB | 4.1/160 kB Progress (2): 102/211 kB | 4.1/160 kB Progress (2): 106/211 kB | 4.1/160 kB Progress (3): 106/211 kB | 4.1/160 kB | 4.1/13 kB Progress (3): 106/211 kB | 8.2/160 kB | 4.1/13 kB Progress (3): 110/211 kB | 8.2/160 kB | 4.1/13 kB Progress (3): 110/211 kB | 8.2/160 kB | 7.7/13 kB Progress (3): 114/211 kB | 8.2/160 kB | 7.7/13 kB Progress (3): 114/211 kB | 8.2/160 kB | 12/13 kB Progress (3): 114/211 kB | 12/160 kB | 12/13 kB Progress (3): 114/211 kB | 12/160 kB | 13 kB Progress (3): 118/211 kB | 12/160 kB | 13 kB Progress (3): 118/211 kB | 16/160 kB | 13 kB Progress (3): 122/211 kB | 16/160 kB | 13 kB Progress (3): 122/211 kB | 20/160 kB | 13 kB Progress (3): 122/211 kB | 25/160 kB | 13 kB Progress (3): 127/211 kB | 25/160 kB | 13 kB Progress (3): 131/211 kB | 25/160 kB | 13 kB Progress (3): 131/211 kB | 29/160 kB | 13 kB Progress (3): 135/211 kB | 29/160 kB | 13 kB Progress (3): 135/211 kB | 33/160 kB | 13 kB Progress (3): 135/211 kB | 37/160 kB | 13 kB Progress (3): 135/211 kB | 41/160 kB | 13 kB Progress (3): 135/211 kB | 45/160 kB | 13 kB Progress (3): 139/211 kB | 45/160 kB | 13 kB Progress (3): 139/211 kB | 49/160 kB | 13 kB Progress (3): 143/211 kB | 49/160 kB | 13 kB Progress (3): 147/211 kB | 49/160 kB | 13 kB Progress (3): 147/211 kB | 53/160 kB | 13 kB Progress (3): 151/211 kB | 53/160 kB | 13 kB Progress (3): 151/211 kB | 57/160 kB | 13 kB Progress (3): 155/211 kB | 57/160 kB | 13 kB Progress (3): 155/211 kB | 61/160 kB | 13 kB Progress (3): 155/211 kB | 66/160 kB | 13 kB Progress (3): 159/211 kB | 66/160 kB | 13 kB Progress (3): 163/211 kB | 66/160 kB | 13 kB Progress (3): 167/211 kB | 66/160 kB | 13 kB Progress (3): 172/211 kB | 66/160 kB | 13 kB Progress (3): 172/211 kB | 70/160 kB | 13 kB Progress (3): 172/211 kB | 74/160 kB | 13 kB Progress (3): 176/211 kB | 74/160 kB | 13 kB Progress (3): 176/211 kB | 78/160 kB | 13 kB Progress (3): 180/211 kB | 78/160 kB | 13 kB Progress (3): 180/211 kB | 82/160 kB | 13 kB Progress (3): 184/211 kB | 82/160 kB | 13 kB Progress (3): 188/211 kB | 82/160 kB | 13 kB Progress (3): 188/211 kB | 86/160 kB | 13 kB Progress (3): 192/211 kB | 86/160 kB | 13 kB Progress (3): 192/211 kB | 90/160 kB | 13 kB Progress (3): 196/211 kB | 90/160 kB | 13 kB Progress (3): 196/211 kB | 94/160 kB | 13 kB Progress (3): 200/211 kB | 94/160 kB | 13 kB Progress (3): 200/211 kB | 98/160 kB | 13 kB Progress (3): 204/211 kB | 98/160 kB | 13 kB Progress (3): 208/211 kB | 98/160 kB | 13 kB Progress (3): 208/211 kB | 102/160 kB | 13 kB Progress (3): 211 kB | 102/160 kB | 13 kB Progress (3): 211 kB | 106/160 kB | 13 kB Progress (3): 211 kB | 111/160 kB | 13 kB Progress (3): 211 kB | 115/160 kB | 13 kB Progress (3): 211 kB | 119/160 kB | 13 kB Progress (3): 211 kB | 123/160 kB | 13 kB Progress (3): 211 kB | 127/160 kB | 13 kB Progress (3): 211 kB | 131/160 kB | 13 kB Progress (3): 211 kB | 135/160 kB | 13 kB Progress (3): 211 kB | 139/160 kB | 13 kB Progress (3): 211 kB | 143/160 kB | 13 kB Progress (3): 211 kB | 147/160 kB | 13 kB Progress (3): 211 kB | 152/160 kB | 13 kB Progress (3): 211 kB | 156/160 kB | 13 kB Progress (3): 211 kB | 160 kB | 13 kB Progress (4): 211 kB | 160 kB | 13 kB | 4.1/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 7.7/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 12/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 16/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 20/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 24/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 28/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 32/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 36/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 41/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 45/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 49/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 53/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 57/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 61/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 65/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 69/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 73/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 77/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 81/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 86/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 89 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 4.1/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 7.7/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 12/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 16/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 20/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 24/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 28/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 32/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 36/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 41/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 45/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 49/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 5.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 300 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 862 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/35 kB Progress (1): 7.7/35 kB Progress (1): 12/35 kB Progress (1): 16/35 kB Progress (1): 20/35 kB Progress (1): 24/35 kB Progress (1): 28/35 kB Progress (1): 32/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/21 kB Progress (2): 35 kB | 8.2/21 kB Progress (2): 35 kB | 12/21 kB Progress (2): 35 kB | 16/21 kB Progress (2): 35 kB | 20/21 kB Progress (2): 35 kB | 21 kB Progress (3): 35 kB | 21 kB | 4.1/87 kB Progress (3): 35 kB | 21 kB | 7.7/87 kB Progress (3): 35 kB | 21 kB | 12/87 kB Progress (3): 35 kB | 21 kB | 16/87 kB Progress (3): 35 kB | 21 kB | 20/87 kB Progress (3): 35 kB | 21 kB | 24/87 kB Progress (3): 35 kB | 21 kB | 28/87 kB Progress (3): 35 kB | 21 kB | 32/87 kB Progress (3): 35 kB | 21 kB | 36/87 kB Progress (3): 35 kB | 21 kB | 41/87 kB Progress (3): 35 kB | 21 kB | 45/87 kB Progress (3): 35 kB | 21 kB | 49/87 kB Progress (3): 35 kB | 21 kB | 53/87 kB Progress (3): 35 kB | 21 kB | 57/87 kB Progress (3): 35 kB | 21 kB | 61/87 kB Progress (3): 35 kB | 21 kB | 65/87 kB Progress (3): 35 kB | 21 kB | 69/87 kB Progress (3): 35 kB | 21 kB | 73/87 kB Progress (3): 35 kB | 21 kB | 77/87 kB Progress (3): 35 kB | 21 kB | 81/87 kB Progress (3): 35 kB | 21 kB | 86/87 kB Progress (3): 35 kB | 21 kB | 87 kB Progress (4): 35 kB | 21 kB | 87 kB | 4.1/14 kB Progress (4): 35 kB | 21 kB | 87 kB | 7.7/14 kB Progress (4): 35 kB | 21 kB | 87 kB | 12/14 kB Progress (4): 35 kB | 21 kB | 87 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 252 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (2): 14 kB | 4.1/25 kB Progress (2): 14 kB | 7.7/25 kB Progress (2): 14 kB | 12/25 kB Progress (2): 14 kB | 16/25 kB Progress (2): 14 kB | 20/25 kB Progress (2): 14 kB | 24/25 kB Progress (2): 14 kB | 25 kB Progress (3): 14 kB | 25 kB | 4.1/122 kB Progress (4): 14 kB | 25 kB | 4.1/122 kB | 4.1/37 kB Progress (4): 14 kB | 25 kB | 7.7/122 kB | 4.1/37 kB Progress (4): 14 kB | 25 kB | 7.7/122 kB | 7.7/37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 135 kB/s) Progress (3): 25 kB | 12/122 kB | 7.7/37 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (3): 25 kB | 16/122 kB | 7.7/37 kB Progress (3): 25 kB | 16/122 kB | 12/37 kB Progress (3): 25 kB | 20/122 kB | 12/37 kB Progress (3): 25 kB | 20/122 kB | 16/37 kB Progress (3): 25 kB | 24/122 kB | 16/37 kB Progress (3): 25 kB | 24/122 kB | 20/37 kB Progress (3): 25 kB | 28/122 kB | 20/37 kB Progress (3): 25 kB | 28/122 kB | 24/37 kB Progress (3): 25 kB | 32/122 kB | 24/37 kB Progress (3): 25 kB | 32/122 kB | 28/37 kB Progress (3): 25 kB | 32/122 kB | 32/37 kB Progress (3): 25 kB | 36/122 kB | 32/37 kB Progress (3): 25 kB | 36/122 kB | 36/37 kB Progress (3): 25 kB | 41/122 kB | 36/37 kB Progress (3): 25 kB | 41/122 kB | 37 kB Progress (3): 25 kB | 45/122 kB | 37 kB Progress (3): 25 kB | 49/122 kB | 37 kB Progress (3): 25 kB | 53/122 kB | 37 kB Progress (3): 25 kB | 57/122 kB | 37 kB Progress (3): 25 kB | 61/122 kB | 37 kB Progress (3): 25 kB | 65/122 kB | 37 kB Progress (3): 25 kB | 69/122 kB | 37 kB Progress (3): 25 kB | 73/122 kB | 37 kB Progress (3): 25 kB | 77/122 kB | 37 kB Progress (3): 25 kB | 81/122 kB | 37 kB Progress (3): 25 kB | 86/122 kB | 37 kB Progress (3): 25 kB | 90/122 kB | 37 kB Progress (3): 25 kB | 94/122 kB | 37 kB Progress (3): 25 kB | 98/122 kB | 37 kB Progress (3): 25 kB | 102/122 kB | 37 kB Progress (3): 25 kB | 106/122 kB | 37 kB Progress (3): 25 kB | 110/122 kB | 37 kB Progress (3): 25 kB | 114/122 kB | 37 kB Progress (3): 25 kB | 118/122 kB | 37 kB Progress (3): 25 kB | 122 kB | 37 kB Progress (4): 25 kB | 122 kB | 37 kB | 4.1/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 7.7/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 12/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 16/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 20/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 24/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 28/29 kB Progress (4): 25 kB | 122 kB | 37 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 998 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (1): 4.1/58 kB Progress (1): 7.7/58 kB Progress (1): 12/58 kB Progress (1): 16/58 kB Progress (1): 20/58 kB Progress (1): 24/58 kB Progress (1): 28/58 kB Progress (1): 32/58 kB Progress (1): 36/58 kB Progress (1): 41/58 kB Progress (1): 45/58 kB Progress (1): 49/58 kB Progress (1): 53/58 kB Progress (1): 57/58 kB Progress (1): 58 kB Progress (2): 58 kB | 4.1/155 kB Progress (2): 58 kB | 7.7/155 kB Progress (2): 58 kB | 12/155 kB Progress (2): 58 kB | 16/155 kB Progress (2): 58 kB | 20/155 kB Progress (2): 58 kB | 24/155 kB Progress (2): 58 kB | 28/155 kB Progress (2): 58 kB | 32/155 kB Progress (2): 58 kB | 36/155 kB Progress (2): 58 kB | 41/155 kB Progress (2): 58 kB | 45/155 kB Progress (2): 58 kB | 49/155 kB Progress (2): 58 kB | 53/155 kB Progress (2): 58 kB | 57/155 kB Progress (2): 58 kB | 61/155 kB Progress (2): 58 kB | 65/155 kB Progress (2): 58 kB | 69/155 kB Progress (2): 58 kB | 73/155 kB Progress (2): 58 kB | 77/155 kB Progress (2): 58 kB | 81/155 kB Progress (2): 58 kB | 86/155 kB Progress (2): 58 kB | 90/155 kB Progress (2): 58 kB | 94/155 kB Progress (2): 58 kB | 98/155 kB Progress (2): 58 kB | 102/155 kB Progress (2): 58 kB | 106/155 kB Progress (2): 58 kB | 110/155 kB Progress (2): 58 kB | 114/155 kB Progress (2): 58 kB | 118/155 kB Progress (2): 58 kB | 122/155 kB Progress (2): 58 kB | 127/155 kB Progress (2): 58 kB | 131/155 kB Progress (2): 58 kB | 135/155 kB Progress (2): 58 kB | 139/155 kB Progress (2): 58 kB | 143/155 kB Progress (2): 58 kB | 147/155 kB Progress (2): 58 kB | 151/155 kB Progress (2): 58 kB | 155 kB Progress (3): 58 kB | 155 kB | 4.1/33 kB Progress (3): 58 kB | 155 kB | 7.7/33 kB Progress (3): 58 kB | 155 kB | 12/33 kB Progress (3): 58 kB | 155 kB | 16/33 kB Progress (3): 58 kB | 155 kB | 20/33 kB Progress (3): 58 kB | 155 kB | 24/33 kB Progress (3): 58 kB | 155 kB | 28/33 kB Progress (3): 58 kB | 155 kB | 32/33 kB Progress (3): 58 kB | 155 kB | 33 kB Progress (4): 58 kB | 155 kB | 33 kB | 4.1/10 kB Progress (4): 58 kB | 155 kB | 33 kB | 7.7/10 kB Progress (4): 58 kB | 155 kB | 33 kB | 10 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 4.1/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 7.7/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 12/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 16/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 20/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 24/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 28/32 kB Progress (5): 58 kB | 155 kB | 33 kB | 10 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 954 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 355 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 10 kB | 4.1/14 kB Progress (2): 10 kB | 7.7/14 kB Progress (2): 10 kB | 12/14 kB Progress (2): 10 kB | 14 kB Progress (3): 10 kB | 14 kB | 4.1/4.2 kB Progress (3): 10 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (3): 14 kB | 4.2 kB | 4.1/4.6 kB Progress (3): 14 kB | 4.2 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (3): 4.2 kB | 4.6 kB | 4.1/25 kB Progress (3): 4.2 kB | 4.6 kB | 7.7/25 kB Progress (3): 4.2 kB | 4.6 kB | 12/25 kB Progress (3): 4.2 kB | 4.6 kB | 16/25 kB Progress (3): 4.2 kB | 4.6 kB | 20/25 kB Progress (3): 4.2 kB | 4.6 kB | 24/25 kB Progress (3): 4.2 kB | 4.6 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (2): 25 kB | 4.1/217 kB Progress (2): 25 kB | 7.7/217 kB Progress (2): 25 kB | 12/217 kB Progress (2): 25 kB | 16/217 kB Progress (2): 25 kB | 20/217 kB Progress (2): 25 kB | 24/217 kB Progress (2): 25 kB | 28/217 kB Progress (2): 25 kB | 32/217 kB Progress (2): 25 kB | 36/217 kB Progress (2): 25 kB | 41/217 kB Progress (2): 25 kB | 45/217 kB Progress (2): 25 kB | 49/217 kB Progress (2): 25 kB | 53/217 kB Progress (2): 25 kB | 57/217 kB Progress (2): 25 kB | 61/217 kB Progress (2): 25 kB | 65/217 kB Progress (2): 25 kB | 69/217 kB Progress (2): 25 kB | 73/217 kB Progress (2): 25 kB | 77/217 kB Progress (2): 25 kB | 81/217 kB Progress (2): 25 kB | 86/217 kB Progress (2): 25 kB | 90/217 kB Progress (2): 25 kB | 94/217 kB Progress (2): 25 kB | 98/217 kB Progress (2): 25 kB | 102/217 kB Progress (2): 25 kB | 106/217 kB Progress (2): 25 kB | 110/217 kB Progress (2): 25 kB | 114/217 kB Progress (2): 25 kB | 118/217 kB Progress (2): 25 kB | 122/217 kB Progress (2): 25 kB | 127/217 kB Progress (2): 25 kB | 131/217 kB Progress (2): 25 kB | 135/217 kB Progress (2): 25 kB | 139/217 kB Progress (2): 25 kB | 143/217 kB Progress (2): 25 kB | 147/217 kB Progress (2): 25 kB | 151/217 kB Progress (2): 25 kB | 155/217 kB Progress (2): 25 kB | 159/217 kB Progress (2): 25 kB | 163/217 kB Progress (2): 25 kB | 167/217 kB Progress (2): 25 kB | 172/217 kB Progress (2): 25 kB | 176/217 kB Progress (2): 25 kB | 180/217 kB Progress (2): 25 kB | 184/217 kB Progress (2): 25 kB | 188/217 kB Progress (2): 25 kB | 192/217 kB Progress (2): 25 kB | 196/217 kB Progress (2): 25 kB | 200/217 kB Progress (2): 25 kB | 204/217 kB Progress (2): 25 kB | 208/217 kB Progress (2): 25 kB | 213/217 kB Progress (2): 25 kB | 217/217 kB Progress (2): 25 kB | 217 kB Progress (3): 25 kB | 217 kB | 4.1/19 kB Progress (3): 25 kB | 217 kB | 7.7/19 kB Progress (3): 25 kB | 217 kB | 12/19 kB Progress (3): 25 kB | 217 kB | 16/19 kB Progress (3): 25 kB | 217 kB | 19 kB Progress (4): 25 kB | 217 kB | 19 kB | 4.1/134 kB Progress (4): 25 kB | 217 kB | 19 kB | 7.7/134 kB Progress (4): 25 kB | 217 kB | 19 kB | 12/134 kB Progress (4): 25 kB | 217 kB | 19 kB | 16/134 kB Progress (5): 25 kB | 217 kB | 19 kB | 16/134 kB | 4.1/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 20/134 kB | 4.1/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 20/134 kB | 7.7/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 24/134 kB | 7.7/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 24/134 kB | 12/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 28/134 kB | 12/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 28/134 kB | 16/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 32/134 kB | 16/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 36/134 kB | 16/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 36/134 kB | 20/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 41/134 kB | 20/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 41/134 kB | 24/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 45/134 kB | 24/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 45/134 kB | 28/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 49/134 kB | 28/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 49/134 kB | 32/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 53/134 kB | 32/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 53/134 kB | 36/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 57/134 kB | 36/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 57/134 kB | 41/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 61/134 kB | 41/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 61/134 kB | 45/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 65/134 kB | 45/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 65/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 69/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 73/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 77/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 81/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 86/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 90/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 94/134 kB | 46 kB Progress (5): 25 kB | 217 kB | 19 kB | 98/134 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 111 kB/s) Progress (4): 217 kB | 19 kB | 102/134 kB | 46 kB Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (4): 217 kB | 19 kB | 106/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 110/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 114/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 118/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 122/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 127/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 131/134 kB | 46 kB Progress (4): 217 kB | 19 kB | 134 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 918 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 548 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (2): 19 kB | 4.1/358 kB Progress (2): 19 kB | 7.7/358 kB Progress (2): 19 kB | 12/358 kB Progress (2): 19 kB | 16/358 kB Progress (2): 19 kB | 20/358 kB Progress (2): 19 kB | 24/358 kB Progress (2): 19 kB | 28/358 kB Progress (2): 19 kB | 32/358 kB Progress (2): 19 kB | 36/358 kB Progress (2): 19 kB | 41/358 kB Progress (2): 19 kB | 45/358 kB Progress (2): 19 kB | 49/358 kB Progress (2): 19 kB | 53/358 kB Progress (2): 19 kB | 57/358 kB Progress (2): 19 kB | 61/358 kB Progress (2): 19 kB | 65/358 kB Progress (2): 19 kB | 69/358 kB Progress (2): 19 kB | 73/358 kB Progress (2): 19 kB | 77/358 kB Progress (2): 19 kB | 81/358 kB Progress (2): 19 kB | 86/358 kB Progress (2): 19 kB | 90/358 kB Progress (2): 19 kB | 94/358 kB Progress (2): 19 kB | 98/358 kB Progress (2): 19 kB | 102/358 kB Progress (2): 19 kB | 106/358 kB Progress (2): 19 kB | 110/358 kB Progress (2): 19 kB | 114/358 kB Progress (2): 19 kB | 118/358 kB Progress (2): 19 kB | 122/358 kB Progress (2): 19 kB | 127/358 kB Progress (2): 19 kB | 131/358 kB Progress (2): 19 kB | 135/358 kB Progress (2): 19 kB | 139/358 kB Progress (2): 19 kB | 143/358 kB Progress (2): 19 kB | 147/358 kB Progress (2): 19 kB | 151/358 kB Progress (2): 19 kB | 155/358 kB Progress (2): 19 kB | 159/358 kB Progress (2): 19 kB | 163/358 kB Progress (2): 19 kB | 167/358 kB Progress (2): 19 kB | 172/358 kB Progress (2): 19 kB | 176/358 kB Progress (2): 19 kB | 180/358 kB Progress (2): 19 kB | 184/358 kB Progress (2): 19 kB | 188/358 kB Progress (2): 19 kB | 192/358 kB Progress (2): 19 kB | 196/358 kB Progress (2): 19 kB | 200/358 kB Progress (2): 19 kB | 204/358 kB Progress (2): 19 kB | 208/358 kB Progress (2): 19 kB | 213/358 kB Progress (2): 19 kB | 217/358 kB Progress (2): 19 kB | 221/358 kB Progress (2): 19 kB | 225/358 kB Progress (2): 19 kB | 229/358 kB Progress (2): 19 kB | 233/358 kB Progress (2): 19 kB | 237/358 kB Progress (2): 19 kB | 241/358 kB Progress (2): 19 kB | 245/358 kB Progress (2): 19 kB | 249/358 kB Progress (2): 19 kB | 254/358 kB Progress (2): 19 kB | 258/358 kB Progress (2): 19 kB | 262/358 kB Progress (2): 19 kB | 266/358 kB Progress (2): 19 kB | 270/358 kB Progress (2): 19 kB | 274/358 kB Progress (2): 19 kB | 278/358 kB Progress (2): 19 kB | 282/358 kB Progress (2): 19 kB | 286/358 kB Progress (2): 19 kB | 290/358 kB Progress (2): 19 kB | 294/358 kB Progress (2): 19 kB | 299/358 kB Progress (2): 19 kB | 303/358 kB Progress (2): 19 kB | 307/358 kB Progress (2): 19 kB | 311/358 kB Progress (2): 19 kB | 315/358 kB Progress (2): 19 kB | 319/358 kB Progress (2): 19 kB | 323/358 kB Progress (2): 19 kB | 327/358 kB Progress (2): 19 kB | 331/358 kB Progress (2): 19 kB | 335/358 kB Progress (2): 19 kB | 340/358 kB Progress (2): 19 kB | 344/358 kB Progress (2): 19 kB | 348/358 kB Progress (2): 19 kB | 352/358 kB Progress (2): 19 kB | 356/358 kB Progress (2): 19 kB | 358 kB Progress (3): 19 kB | 358 kB | 4.1/45 kB Progress (3): 19 kB | 358 kB | 7.7/45 kB Progress (3): 19 kB | 358 kB | 12/45 kB Progress (3): 19 kB | 358 kB | 16/45 kB Progress (3): 19 kB | 358 kB | 20/45 kB Progress (3): 19 kB | 358 kB | 24/45 kB Progress (3): 19 kB | 358 kB | 28/45 kB Progress (3): 19 kB | 358 kB | 32/45 kB Progress (3): 19 kB | 358 kB | 36/45 kB Progress (3): 19 kB | 358 kB | 41/45 kB Progress (3): 19 kB | 358 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 74 kB/s) Progress (3): 358 kB | 45 kB | 4.1/640 kB Progress (3): 358 kB | 45 kB | 7.7/640 kB Progress (3): 358 kB | 45 kB | 12/640 kB Progress (3): 358 kB | 45 kB | 16/640 kB Progress (3): 358 kB | 45 kB | 20/640 kB Progress (3): 358 kB | 45 kB | 24/640 kB Progress (3): 358 kB | 45 kB | 28/640 kB Progress (3): 358 kB | 45 kB | 32/640 kB Progress (3): 358 kB | 45 kB | 36/640 kB Progress (3): 358 kB | 45 kB | 40/640 kB Progress (3): 358 kB | 45 kB | 44/640 kB Progress (3): 358 kB | 45 kB | 48/640 kB Progress (3): 358 kB | 45 kB | 53/640 kB Progress (3): 358 kB | 45 kB | 57/640 kB Progress (3): 358 kB | 45 kB | 61/640 kB Progress (3): 358 kB | 45 kB | 65/640 kB Progress (3): 358 kB | 45 kB | 69/640 kB Progress (3): 358 kB | 45 kB | 73/640 kB Progress (3): 358 kB | 45 kB | 77/640 kB Progress (3): 358 kB | 45 kB | 81/640 kB Progress (3): 358 kB | 45 kB | 85/640 kB Progress (3): 358 kB | 45 kB | 89/640 kB Progress (3): 358 kB | 45 kB | 94/640 kB Progress (3): 358 kB | 45 kB | 98/640 kB Progress (3): 358 kB | 45 kB | 102/640 kB Progress (3): 358 kB | 45 kB | 106/640 kB Progress (3): 358 kB | 45 kB | 110/640 kB Progress (3): 358 kB | 45 kB | 114/640 kB Progress (3): 358 kB | 45 kB | 118/640 kB Progress (3): 358 kB | 45 kB | 122/640 kB Progress (3): 358 kB | 45 kB | 126/640 kB Progress (3): 358 kB | 45 kB | 130/640 kB Progress (3): 358 kB | 45 kB | 134/640 kB Progress (3): 358 kB | 45 kB | 139/640 kB Progress (3): 358 kB | 45 kB | 143/640 kB Progress (3): 358 kB | 45 kB | 147/640 kB Progress (3): 358 kB | 45 kB | 151/640 kB Progress (3): 358 kB | 45 kB | 155/640 kB Progress (3): 358 kB | 45 kB | 159/640 kB Progress (3): 358 kB | 45 kB | 163/640 kB Progress (3): 358 kB | 45 kB | 167/640 kB Progress (3): 358 kB | 45 kB | 171/640 kB Progress (3): 358 kB | 45 kB | 175/640 kB Progress (3): 358 kB | 45 kB | 180/640 kB Progress (3): 358 kB | 45 kB | 184/640 kB Progress (3): 358 kB | 45 kB | 188/640 kB Progress (3): 358 kB | 45 kB | 192/640 kB Progress (3): 358 kB | 45 kB | 196/640 kB Progress (3): 358 kB | 45 kB | 200/640 kB Progress (3): 358 kB | 45 kB | 204/640 kB Progress (3): 358 kB | 45 kB | 208/640 kB Progress (3): 358 kB | 45 kB | 212/640 kB Progress (3): 358 kB | 45 kB | 216/640 kB Progress (3): 358 kB | 45 kB | 220/640 kB Progress (3): 358 kB | 45 kB | 225/640 kB Progress (3): 358 kB | 45 kB | 229/640 kB Progress (3): 358 kB | 45 kB | 233/640 kB Progress (3): 358 kB | 45 kB | 237/640 kB Progress (3): 358 kB | 45 kB | 241/640 kB Progress (3): 358 kB | 45 kB | 245/640 kB Progress (3): 358 kB | 45 kB | 249/640 kB Progress (3): 358 kB | 45 kB | 253/640 kB Progress (3): 358 kB | 45 kB | 257/640 kB Progress (3): 358 kB | 45 kB | 261/640 kB Progress (3): 358 kB | 45 kB | 266/640 kB Progress (3): 358 kB | 45 kB | 270/640 kB Progress (3): 358 kB | 45 kB | 274/640 kB Progress (3): 358 kB | 45 kB | 278/640 kB Progress (3): 358 kB | 45 kB | 282/640 kB Progress (3): 358 kB | 45 kB | 286/640 kB Progress (3): 358 kB | 45 kB | 290/640 kB Progress (3): 358 kB | 45 kB | 294/640 kB Progress (3): 358 kB | 45 kB | 298/640 kB Progress (3): 358 kB | 45 kB | 302/640 kB Progress (3): 358 kB | 45 kB | 307/640 kB Progress (4): 358 kB | 45 kB | 307/640 kB | 4.1/121 kB Progress (4): 358 kB | 45 kB | 311/640 kB | 4.1/121 kB Progress (4): 358 kB | 45 kB | 311/640 kB | 7.7/121 kB Progress (4): 358 kB | 45 kB | 315/640 kB | 7.7/121 kB Progress (4): 358 kB | 45 kB | 315/640 kB | 12/121 kB Progress (4): 358 kB | 45 kB | 319/640 kB | 12/121 kB Progress (4): 358 kB | 45 kB | 319/640 kB | 16/121 kB Progress (4): 358 kB | 45 kB | 323/640 kB | 16/121 kB Progress (4): 358 kB | 45 kB | 323/640 kB | 20/121 kB Progress (4): 358 kB | 45 kB | 327/640 kB | 20/121 kB Progress (4): 358 kB | 45 kB | 327/640 kB | 24/121 kB Progress (4): 358 kB | 45 kB | 331/640 kB | 24/121 kB Progress (4): 358 kB | 45 kB | 335/640 kB | 24/121 kB Progress (4): 358 kB | 45 kB | 339/640 kB | 24/121 kB Progress (4): 358 kB | 45 kB | 339/640 kB | 28/121 kB Progress (4): 358 kB | 45 kB | 339/640 kB | 32/121 kB Progress (4): 358 kB | 45 kB | 339/640 kB | 36/121 kB Progress (4): 358 kB | 45 kB | 343/640 kB | 36/121 kB Progress (4): 358 kB | 45 kB | 343/640 kB | 41/121 kB Progress (4): 358 kB | 45 kB | 347/640 kB | 41/121 kB Progress (4): 358 kB | 45 kB | 351/640 kB | 41/121 kB Progress (4): 358 kB | 45 kB | 355/640 kB | 41/121 kB Progress (4): 358 kB | 45 kB | 355/640 kB | 45/121 kB Progress (4): 358 kB | 45 kB | 355/640 kB | 49/121 kB Progress (4): 358 kB | 45 kB | 355/640 kB | 53/121 kB Progress (4): 358 kB | 45 kB | 359/640 kB | 53/121 kB Progress (4): 358 kB | 45 kB | 359/640 kB | 57/121 kB Progress (4): 358 kB | 45 kB | 364/640 kB | 57/121 kB Progress (4): 358 kB | 45 kB | 368/640 kB | 57/121 kB Progress (4): 358 kB | 45 kB | 372/640 kB | 57/121 kB Progress (4): 358 kB | 45 kB | 372/640 kB | 61/121 kB Progress (4): 358 kB | 45 kB | 372/640 kB | 65/121 kB Progress (4): 358 kB | 45 kB | 372/640 kB | 69/121 kB Progress (4): 358 kB | 45 kB | 376/640 kB | 69/121 kB Progress (4): 358 kB | 45 kB | 376/640 kB | 73/121 kB Progress (4): 358 kB | 45 kB | 380/640 kB | 73/121 kB Progress (4): 358 kB | 45 kB | 384/640 kB | 73/121 kB Progress (4): 358 kB | 45 kB | 388/640 kB | 73/121 kB Progress (4): 358 kB | 45 kB | 388/640 kB | 77/121 kB Progress (4): 358 kB | 45 kB | 388/640 kB | 81/121 kB Progress (4): 358 kB | 45 kB | 388/640 kB | 86/121 kB Progress (4): 358 kB | 45 kB | 392/640 kB | 86/121 kB Progress (4): 358 kB | 45 kB | 392/640 kB | 90/121 kB Progress (4): 358 kB | 45 kB | 396/640 kB | 90/121 kB Progress (4): 358 kB | 45 kB | 400/640 kB | 90/121 kB Progress (4): 358 kB | 45 kB | 405/640 kB | 90/121 kB Progress (4): 358 kB | 45 kB | 405/640 kB | 94/121 kB Progress (4): 358 kB | 45 kB | 405/640 kB | 98/121 kB Progress (4): 358 kB | 45 kB | 405/640 kB | 102/121 kB Progress (4): 358 kB | 45 kB | 409/640 kB | 102/121 kB Progress (4): 358 kB | 45 kB | 409/640 kB | 106/121 kB Progress (4): 358 kB | 45 kB | 413/640 kB | 106/121 kB Progress (4): 358 kB | 45 kB | 417/640 kB | 106/121 kB Progress (4): 358 kB | 45 kB | 421/640 kB | 106/121 kB Progress (4): 358 kB | 45 kB | 421/640 kB | 110/121 kB Progress (4): 358 kB | 45 kB | 421/640 kB | 114/121 kB Progress (4): 358 kB | 45 kB | 425/640 kB | 114/121 kB Progress (4): 358 kB | 45 kB | 425/640 kB | 118/121 kB Progress (4): 358 kB | 45 kB | 429/640 kB | 118/121 kB Progress (4): 358 kB | 45 kB | 429/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 433/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 437/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 441/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 446/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 450/640 kB | 121 kB Progress (4): 358 kB | 45 kB | 454/640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Progress (3): 45 kB | 458/640 kB | 121 kB Progress (3): 45 kB | 462/640 kB | 121 kB Progress (3): 45 kB | 466/640 kB | 121 kB Progress (3): 45 kB | 470/640 kB | 121 kB Progress (3): 45 kB | 474/640 kB | 121 kB Progress (3): 45 kB | 478/640 kB | 121 kB Progress (3): 45 kB | 482/640 kB | 121 kB Progress (3): 45 kB | 486/640 kB | 121 kB Progress (3): 45 kB | 491/640 kB | 121 kB Progress (3): 45 kB | 495/640 kB | 121 kB Progress (3): 45 kB | 499/640 kB | 121 kB Progress (3): 45 kB | 503/640 kB | 121 kB Progress (3): 45 kB | 507/640 kB | 121 kB Progress (3): 45 kB | 511/640 kB | 121 kB Progress (3): 45 kB | 515/640 kB | 121 kB Progress (3): 45 kB | 519/640 kB | 121 kB Progress (3): 45 kB | 523/640 kB | 121 kB Progress (3): 45 kB | 527/640 kB | 121 kB Progress (3): 45 kB | 532/640 kB | 121 kB Progress (3): 45 kB | 536/640 kB | 121 kB Progress (3): 45 kB | 540/640 kB | 121 kB Progress (3): 45 kB | 544/640 kB | 121 kB Progress (3): 45 kB | 548/640 kB | 121 kB Progress (3): 45 kB | 552/640 kB | 121 kB Progress (3): 45 kB | 556/640 kB | 121 kB Progress (3): 45 kB | 560/640 kB | 121 kB Progress (3): 45 kB | 564/640 kB | 121 kB Progress (3): 45 kB | 568/640 kB | 121 kB Progress (3): 45 kB | 572/640 kB | 121 kB Progress (3): 45 kB | 577/640 kB | 121 kB Progress (3): 45 kB | 581/640 kB | 121 kB Progress (3): 45 kB | 585/640 kB | 121 kB Progress (3): 45 kB | 589/640 kB | 121 kB Progress (3): 45 kB | 593/640 kB | 121 kB Progress (3): 45 kB | 597/640 kB | 121 kB Progress (3): 45 kB | 601/640 kB | 121 kB Progress (3): 45 kB | 605/640 kB | 121 kB Progress (3): 45 kB | 609/640 kB | 121 kB Progress (3): 45 kB | 613/640 kB | 121 kB Progress (3): 45 kB | 618/640 kB | 121 kB Progress (3): 45 kB | 622/640 kB | 121 kB Progress (3): 45 kB | 626/640 kB | 121 kB Progress (3): 45 kB | 630/640 kB | 121 kB Progress (3): 45 kB | 634/640 kB | 121 kB Progress (3): 45 kB | 638/640 kB | 121 kB Progress (3): 45 kB | 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 412 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 149 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 687 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 135 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/316 kB Progress (1): 7.7/316 kB Progress (1): 12/316 kB Progress (1): 16/316 kB Progress (1): 20/316 kB Progress (1): 24/316 kB Progress (1): 28/316 kB Progress (1): 32/316 kB Progress (1): 36/316 kB Progress (1): 41/316 kB Progress (1): 45/316 kB Progress (1): 49/316 kB Progress (1): 53/316 kB Progress (1): 57/316 kB Progress (1): 61/316 kB Progress (1): 65/316 kB Progress (1): 69/316 kB Progress (1): 73/316 kB Progress (1): 77/316 kB Progress (1): 81/316 kB Progress (1): 86/316 kB Progress (1): 90/316 kB Progress (1): 94/316 kB Progress (1): 98/316 kB Progress (1): 102/316 kB Progress (1): 106/316 kB Progress (1): 110/316 kB Progress (1): 114/316 kB Progress (1): 118/316 kB Progress (1): 122/316 kB Progress (1): 127/316 kB Progress (1): 131/316 kB Progress (1): 135/316 kB Progress (1): 139/316 kB Progress (1): 143/316 kB Progress (1): 147/316 kB Progress (1): 151/316 kB Progress (1): 155/316 kB Progress (1): 159/316 kB Progress (1): 163/316 kB Progress (1): 167/316 kB Progress (1): 172/316 kB Progress (1): 176/316 kB Progress (1): 180/316 kB Progress (1): 184/316 kB Progress (1): 188/316 kB Progress (1): 192/316 kB Progress (1): 196/316 kB Progress (1): 200/316 kB Progress (1): 204/316 kB Progress (1): 208/316 kB Progress (1): 213/316 kB Progress (1): 217/316 kB Progress (1): 221/316 kB Progress (1): 225/316 kB Progress (1): 229/316 kB Progress (1): 233/316 kB Progress (1): 237/316 kB Progress (1): 241/316 kB Progress (1): 245/316 kB Progress (1): 249/316 kB Progress (1): 254/316 kB Progress (1): 258/316 kB Progress (1): 262/316 kB Progress (1): 266/316 kB Progress (1): 270/316 kB Progress (1): 274/316 kB Progress (1): 278/316 kB Progress (1): 282/316 kB Progress (1): 286/316 kB Progress (1): 290/316 kB Progress (1): 294/316 kB Progress (1): 299/316 kB Progress (1): 303/316 kB Progress (1): 307/316 kB Progress (1): 311/316 kB Progress (1): 315/316 kB Progress (2): 315/316 kB | 4.1/31 kB Progress (2): 316 kB | 4.1/31 kB Progress (2): 316 kB | 7.7/31 kB Progress (2): 316 kB | 12/31 kB Progress (2): 316 kB | 16/31 kB Progress (2): 316 kB | 20/31 kB Progress (2): 316 kB | 24/31 kB Progress (2): 316 kB | 28/31 kB Progress (2): 316 kB | 31 kB Progress (3): 316 kB | 31 kB | 4.1/118 kB Progress (3): 316 kB | 31 kB | 7.7/118 kB Progress (3): 316 kB | 31 kB | 12/118 kB Progress (3): 316 kB | 31 kB | 16/118 kB Progress (3): 316 kB | 31 kB | 20/118 kB Progress (3): 316 kB | 31 kB | 24/118 kB Progress (3): 316 kB | 31 kB | 28/118 kB Progress (3): 316 kB | 31 kB | 32/118 kB Progress (3): 316 kB | 31 kB | 36/118 kB Progress (3): 316 kB | 31 kB | 41/118 kB Progress (3): 316 kB | 31 kB | 45/118 kB Progress (3): 316 kB | 31 kB | 49/118 kB Progress (3): 316 kB | 31 kB | 53/118 kB Progress (3): 316 kB | 31 kB | 57/118 kB Progress (3): 316 kB | 31 kB | 61/118 kB Progress (3): 316 kB | 31 kB | 65/118 kB Progress (3): 316 kB | 31 kB | 69/118 kB Progress (3): 316 kB | 31 kB | 73/118 kB Progress (3): 316 kB | 31 kB | 77/118 kB Progress (3): 316 kB | 31 kB | 81/118 kB Progress (3): 316 kB | 31 kB | 86/118 kB Progress (3): 316 kB | 31 kB | 90/118 kB Progress (3): 316 kB | 31 kB | 94/118 kB Progress (3): 316 kB | 31 kB | 98/118 kB Progress (3): 316 kB | 31 kB | 102/118 kB Progress (3): 316 kB | 31 kB | 106/118 kB Progress (3): 316 kB | 31 kB | 110/118 kB Progress (3): 316 kB | 31 kB | 114/118 kB Progress (3): 316 kB | 31 kB | 118 kB Progress (4): 316 kB | 31 kB | 118 kB | 4.1/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 7.7/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 12/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 16/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 20/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 24/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 28/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 32/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 36/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 41/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 45/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 49/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 53/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 57/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 61/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 65/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 69/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 73/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 77/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 81/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 86/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 90/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 94/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 98/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 102/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 106/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 110/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 114/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 118/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 122/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 127/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 131/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 135/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 139/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 143/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 147/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 151/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 155/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 159/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 163/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 167/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 172/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 176/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 180/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 184/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 188/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 192/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 196/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 200/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 204/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 208/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 213/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 217/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 221/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 225/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 229/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 233/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 237/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 241/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 245/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 249/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 254/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 258/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 262/263 kB Progress (4): 316 kB | 31 kB | 118 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 776 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 5.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Progress (2): 263 kB | 4.1/35 kB Progress (2): 263 kB | 7.7/35 kB Progress (2): 263 kB | 12/35 kB Progress (2): 263 kB | 16/35 kB Progress (2): 263 kB | 20/35 kB Progress (2): 263 kB | 24/35 kB Progress (2): 263 kB | 28/35 kB Progress (2): 263 kB | 32/35 kB Progress (2): 263 kB | 35 kB Progress (3): 263 kB | 35 kB | 4.1/232 kB Progress (3): 263 kB | 35 kB | 7.7/232 kB Progress (3): 263 kB | 35 kB | 12/232 kB Progress (3): 263 kB | 35 kB | 16/232 kB Progress (3): 263 kB | 35 kB | 20/232 kB Progress (3): 263 kB | 35 kB | 24/232 kB Progress (3): 263 kB | 35 kB | 28/232 kB Progress (3): 263 kB | 35 kB | 32/232 kB Progress (3): 263 kB | 35 kB | 36/232 kB Progress (3): 263 kB | 35 kB | 41/232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 4.5 MB/s) Progress (2): 35 kB | 45/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 35 kB | 49/232 kB Progress (2): 35 kB | 53/232 kB Progress (2): 35 kB | 57/232 kB Progress (2): 35 kB | 61/232 kB Progress (2): 35 kB | 65/232 kB Progress (2): 35 kB | 69/232 kB Progress (2): 35 kB | 73/232 kB Progress (2): 35 kB | 77/232 kB Progress (2): 35 kB | 81/232 kB Progress (2): 35 kB | 86/232 kB Progress (2): 35 kB | 90/232 kB Progress (2): 35 kB | 94/232 kB Progress (2): 35 kB | 98/232 kB Progress (2): 35 kB | 102/232 kB Progress (2): 35 kB | 106/232 kB Progress (2): 35 kB | 110/232 kB Progress (2): 35 kB | 114/232 kB Progress (2): 35 kB | 118/232 kB Progress (2): 35 kB | 122/232 kB Progress (2): 35 kB | 127/232 kB Progress (2): 35 kB | 131/232 kB Progress (2): 35 kB | 135/232 kB Progress (2): 35 kB | 139/232 kB Progress (2): 35 kB | 143/232 kB Progress (2): 35 kB | 147/232 kB Progress (2): 35 kB | 151/232 kB Progress (2): 35 kB | 155/232 kB Progress (2): 35 kB | 159/232 kB Progress (2): 35 kB | 163/232 kB Progress (2): 35 kB | 167/232 kB Progress (2): 35 kB | 172/232 kB Progress (2): 35 kB | 176/232 kB Progress (2): 35 kB | 180/232 kB Progress (2): 35 kB | 184/232 kB Progress (2): 35 kB | 188/232 kB Progress (2): 35 kB | 192/232 kB Progress (2): 35 kB | 196/232 kB Progress (2): 35 kB | 200/232 kB Progress (2): 35 kB | 204/232 kB Progress (2): 35 kB | 208/232 kB Progress (2): 35 kB | 213/232 kB Progress (2): 35 kB | 217/232 kB Progress (2): 35 kB | 221/232 kB Progress (2): 35 kB | 225/232 kB Progress (2): 35 kB | 229/232 kB Progress (2): 35 kB | 232 kB Progress (3): 35 kB | 232 kB | 4.1/38 kB Progress (3): 35 kB | 232 kB | 7.7/38 kB Progress (3): 35 kB | 232 kB | 12/38 kB Progress (3): 35 kB | 232 kB | 16/38 kB Progress (3): 35 kB | 232 kB | 20/38 kB Progress (3): 35 kB | 232 kB | 24/38 kB Progress (3): 35 kB | 232 kB | 28/38 kB Progress (3): 35 kB | 232 kB | 32/38 kB Progress (3): 35 kB | 232 kB | 36/38 kB Progress (3): 35 kB | 232 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 3.1 MB/s) Progress (3): 35 kB | 38 kB | 4.1/10 kB Progress (3): 35 kB | 38 kB | 7.7/10 kB Progress (3): 35 kB | 38 kB | 10 kB Progress (4): 35 kB | 38 kB | 10 kB | 4.1/14 kB Progress (4): 35 kB | 38 kB | 10 kB | 7.7/14 kB Progress (4): 35 kB | 38 kB | 10 kB | 12/14 kB Progress (4): 35 kB | 38 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 399 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 422 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 105 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 136 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 402 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 403 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 591 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 136 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 458 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 196 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 565 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 3.4/79 kB Progress (1): 7.5/79 kB Progress (1): 12/79 kB Progress (1): 16/79 kB Progress (1): 20/79 kB Progress (1): 24/79 kB Progress (1): 28/79 kB Progress (1): 32/79 kB Progress (1): 36/79 kB Progress (1): 40/79 kB Progress (1): 44/79 kB Progress (1): 48/79 kB Progress (1): 53/79 kB Progress (1): 57/79 kB Progress (1): 61/79 kB Progress (1): 65/79 kB Progress (1): 69/79 kB Progress (1): 73/79 kB Progress (1): 77/79 kB Progress (1): 79 kB Progress (2): 79 kB | 4.1/327 kB Progress (2): 79 kB | 7.7/327 kB Progress (2): 79 kB | 12/327 kB Progress (2): 79 kB | 16/327 kB Progress (2): 79 kB | 20/327 kB Progress (2): 79 kB | 24/327 kB Progress (2): 79 kB | 28/327 kB Progress (2): 79 kB | 32/327 kB Progress (2): 79 kB | 36/327 kB Progress (2): 79 kB | 41/327 kB Progress (2): 79 kB | 45/327 kB Progress (2): 79 kB | 49/327 kB Progress (2): 79 kB | 53/327 kB Progress (2): 79 kB | 57/327 kB Progress (2): 79 kB | 61/327 kB Progress (2): 79 kB | 65/327 kB Progress (2): 79 kB | 69/327 kB Progress (2): 79 kB | 73/327 kB Progress (2): 79 kB | 77/327 kB Progress (2): 79 kB | 81/327 kB Progress (2): 79 kB | 86/327 kB Progress (2): 79 kB | 90/327 kB Progress (2): 79 kB | 94/327 kB Progress (2): 79 kB | 98/327 kB Progress (2): 79 kB | 102/327 kB Progress (2): 79 kB | 106/327 kB Progress (2): 79 kB | 110/327 kB Progress (2): 79 kB | 114/327 kB Progress (2): 79 kB | 118/327 kB Progress (2): 79 kB | 122/327 kB Progress (2): 79 kB | 127/327 kB Progress (2): 79 kB | 131/327 kB Progress (2): 79 kB | 135/327 kB Progress (2): 79 kB | 139/327 kB Progress (2): 79 kB | 143/327 kB Progress (2): 79 kB | 147/327 kB Progress (2): 79 kB | 151/327 kB Progress (2): 79 kB | 155/327 kB Progress (2): 79 kB | 159/327 kB Progress (2): 79 kB | 163/327 kB Progress (2): 79 kB | 167/327 kB Progress (2): 79 kB | 172/327 kB Progress (2): 79 kB | 176/327 kB Progress (2): 79 kB | 180/327 kB Progress (2): 79 kB | 184/327 kB Progress (2): 79 kB | 188/327 kB Progress (2): 79 kB | 192/327 kB Progress (2): 79 kB | 196/327 kB Progress (2): 79 kB | 200/327 kB Progress (2): 79 kB | 204/327 kB Progress (2): 79 kB | 208/327 kB Progress (2): 79 kB | 213/327 kB Progress (2): 79 kB | 217/327 kB Progress (2): 79 kB | 221/327 kB Progress (2): 79 kB | 225/327 kB Progress (2): 79 kB | 229/327 kB Progress (2): 79 kB | 233/327 kB Progress (2): 79 kB | 237/327 kB Progress (2): 79 kB | 241/327 kB Progress (2): 79 kB | 245/327 kB Progress (2): 79 kB | 249/327 kB Progress (2): 79 kB | 254/327 kB Progress (2): 79 kB | 258/327 kB Progress (2): 79 kB | 262/327 kB Progress (2): 79 kB | 266/327 kB Progress (2): 79 kB | 270/327 kB Progress (2): 79 kB | 274/327 kB Progress (2): 79 kB | 278/327 kB Progress (2): 79 kB | 282/327 kB Progress (2): 79 kB | 286/327 kB Progress (2): 79 kB | 290/327 kB Progress (2): 79 kB | 294/327 kB Progress (2): 79 kB | 299/327 kB Progress (2): 79 kB | 303/327 kB Progress (2): 79 kB | 307/327 kB Progress (2): 79 kB | 311/327 kB Progress (2): 79 kB | 315/327 kB Progress (2): 79 kB | 319/327 kB Progress (2): 79 kB | 323/327 kB Progress (2): 79 kB | 327 kB Progress (3): 79 kB | 327 kB | 4.1/36 kB Progress (3): 79 kB | 327 kB | 7.7/36 kB Progress (3): 79 kB | 327 kB | 12/36 kB Progress (3): 79 kB | 327 kB | 16/36 kB Progress (3): 79 kB | 327 kB | 20/36 kB Progress (3): 79 kB | 327 kB | 24/36 kB Progress (3): 79 kB | 327 kB | 28/36 kB Progress (3): 79 kB | 327 kB | 32/36 kB Progress (3): 79 kB | 327 kB | 36 kB Progress (4): 79 kB | 327 kB | 36 kB | 4.1/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 7.7/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 12/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 16/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 20/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 24/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 28/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 32/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 36/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 6.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 727 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Progress (2): 41 kB | 4.1/26 kB Progress (2): 41 kB | 7.7/26 kB Progress (2): 41 kB | 12/26 kB Progress (2): 41 kB | 16/26 kB Progress (2): 41 kB | 20/26 kB Progress (2): 41 kB | 24/26 kB Progress (2): 41 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 633 kB/s) Progress (2): 26 kB | 4.1/211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 26 kB | 7.7/211 kB Progress (2): 26 kB | 12/211 kB Progress (2): 26 kB | 16/211 kB Progress (2): 26 kB | 20/211 kB Progress (2): 26 kB | 24/211 kB Progress (2): 26 kB | 28/211 kB Progress (2): 26 kB | 32/211 kB Progress (2): 26 kB | 36/211 kB Progress (2): 26 kB | 40/211 kB Progress (2): 26 kB | 44/211 kB Progress (2): 26 kB | 48/211 kB Progress (2): 26 kB | 53/211 kB Progress (2): 26 kB | 57/211 kB Progress (2): 26 kB | 61/211 kB Progress (2): 26 kB | 65/211 kB Progress (2): 26 kB | 69/211 kB Progress (2): 26 kB | 73/211 kB Progress (2): 26 kB | 77/211 kB Progress (2): 26 kB | 81/211 kB Progress (2): 26 kB | 85/211 kB Progress (2): 26 kB | 89/211 kB Progress (2): 26 kB | 94/211 kB Progress (2): 26 kB | 98/211 kB Progress (2): 26 kB | 102/211 kB Progress (2): 26 kB | 106/211 kB Progress (2): 26 kB | 110/211 kB Progress (2): 26 kB | 114/211 kB Progress (2): 26 kB | 118/211 kB Progress (2): 26 kB | 122/211 kB Progress (2): 26 kB | 126/211 kB Progress (2): 26 kB | 130/211 kB Progress (2): 26 kB | 134/211 kB Progress (2): 26 kB | 139/211 kB Progress (2): 26 kB | 143/211 kB Progress (2): 26 kB | 147/211 kB Progress (2): 26 kB | 151/211 kB Progress (2): 26 kB | 155/211 kB Progress (2): 26 kB | 159/211 kB Progress (2): 26 kB | 163/211 kB Progress (2): 26 kB | 167/211 kB Progress (2): 26 kB | 171/211 kB Progress (2): 26 kB | 175/211 kB Progress (2): 26 kB | 180/211 kB Progress (2): 26 kB | 184/211 kB Progress (2): 26 kB | 188/211 kB Progress (2): 26 kB | 192/211 kB Progress (2): 26 kB | 196/211 kB Progress (2): 26 kB | 200/211 kB Progress (2): 26 kB | 204/211 kB Progress (2): 26 kB | 208/211 kB Progress (2): 26 kB | 211 kB Progress (3): 26 kB | 211 kB | 2.5 kB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.1/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.2/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.3/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.4/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.5/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.7/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.8/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 0.9/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0/1.0 MB Progress (4): 26 kB | 211 kB | 2.5 kB | 1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (3): 26 kB | 1.0 MB | 4.1/58 kB Progress (3): 26 kB | 1.0 MB | 7.7/58 kB Progress (3): 26 kB | 1.0 MB | 12/58 kB Progress (3): 26 kB | 1.0 MB | 16/58 kB Progress (3): 26 kB | 1.0 MB | 20/58 kB Progress (3): 26 kB | 1.0 MB | 24/58 kB Progress (3): 26 kB | 1.0 MB | 28/58 kB Progress (3): 26 kB | 1.0 MB | 32/58 kB Progress (3): 26 kB | 1.0 MB | 36/58 kB Progress (3): 26 kB | 1.0 MB | 41/58 kB Progress (3): 26 kB | 1.0 MB | 45/58 kB Progress (3): 26 kB | 1.0 MB | 49/58 kB Progress (3): 26 kB | 1.0 MB | 53/58 kB Progress (3): 26 kB | 1.0 MB | 57/58 kB Progress (3): 26 kB | 1.0 MB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (3): 26 kB | 58 kB | 4.1/85 kB Progress (3): 26 kB | 58 kB | 7.7/85 kB Progress (3): 26 kB | 58 kB | 12/85 kB Progress (3): 26 kB | 58 kB | 16/85 kB Progress (3): 26 kB | 58 kB | 20/85 kB Progress (3): 26 kB | 58 kB | 24/85 kB Progress (3): 26 kB | 58 kB | 28/85 kB Progress (3): 26 kB | 58 kB | 32/85 kB Progress (3): 26 kB | 58 kB | 36/85 kB Progress (3): 26 kB | 58 kB | 41/85 kB Progress (3): 26 kB | 58 kB | 45/85 kB Progress (3): 26 kB | 58 kB | 49/85 kB Progress (3): 26 kB | 58 kB | 53/85 kB Progress (3): 26 kB | 58 kB | 57/85 kB Progress (3): 26 kB | 58 kB | 61/85 kB Progress (3): 26 kB | 58 kB | 65/85 kB Progress (3): 26 kB | 58 kB | 69/85 kB Progress (3): 26 kB | 58 kB | 73/85 kB Progress (3): 26 kB | 58 kB | 77/85 kB Progress (3): 26 kB | 58 kB | 81/85 kB Progress (3): 26 kB | 58 kB | 85 kB Progress (4): 26 kB | 58 kB | 85 kB | 4.1/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 7.7/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 12/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 16/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 20/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 24/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 28/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 32/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 36/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 41/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 45/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 49/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 53/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 57/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 61/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 65/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 69/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 73/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 77/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 81/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 86/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 90/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 94/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 98/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 102/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 106/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 110/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 114/116 kB Progress (4): 26 kB | 58 kB | 85 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 500 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 217 kB/s) Progress (3): 85 kB | 116 kB | 4.1/267 kB Progress (3): 85 kB | 116 kB | 7.7/267 kB Progress (3): 85 kB | 116 kB | 12/267 kB Progress (3): 85 kB | 116 kB | 16/267 kB Progress (3): 85 kB | 116 kB | 20/267 kB Progress (3): 85 kB | 116 kB | 24/267 kB Progress (3): 85 kB | 116 kB | 28/267 kB Progress (3): 85 kB | 116 kB | 32/267 kB Progress (3): 85 kB | 116 kB | 36/267 kB Progress (3): 85 kB | 116 kB | 41/267 kB Progress (3): 85 kB | 116 kB | 45/267 kB Progress (3): 85 kB | 116 kB | 49/267 kB Progress (3): 85 kB | 116 kB | 53/267 kB Progress (3): 85 kB | 116 kB | 57/267 kB Progress (3): 85 kB | 116 kB | 61/267 kB Progress (3): 85 kB | 116 kB | 65/267 kB Progress (3): 85 kB | 116 kB | 69/267 kB Progress (3): 85 kB | 116 kB | 73/267 kB Progress (3): 85 kB | 116 kB | 77/267 kB Progress (3): 85 kB | 116 kB | 81/267 kB Progress (3): 85 kB | 116 kB | 86/267 kB Progress (3): 85 kB | 116 kB | 90/267 kB Progress (3): 85 kB | 116 kB | 94/267 kB Progress (3): 85 kB | 116 kB | 98/267 kB Progress (3): 85 kB | 116 kB | 102/267 kB Progress (3): 85 kB | 116 kB | 106/267 kB Progress (3): 85 kB | 116 kB | 110/267 kB Progress (3): 85 kB | 116 kB | 114/267 kB Progress (3): 85 kB | 116 kB | 118/267 kB Progress (3): 85 kB | 116 kB | 122/267 kB Progress (3): 85 kB | 116 kB | 127/267 kB Progress (3): 85 kB | 116 kB | 131/267 kB Progress (3): 85 kB | 116 kB | 135/267 kB Progress (3): 85 kB | 116 kB | 139/267 kB Progress (3): 85 kB | 116 kB | 143/267 kB Progress (3): 85 kB | 116 kB | 147/267 kB Progress (3): 85 kB | 116 kB | 151/267 kB Progress (3): 85 kB | 116 kB | 155/267 kB Progress (3): 85 kB | 116 kB | 159/267 kB Progress (3): 85 kB | 116 kB | 163/267 kB Progress (3): 85 kB | 116 kB | 167/267 kB Progress (3): 85 kB | 116 kB | 172/267 kB Progress (3): 85 kB | 116 kB | 176/267 kB Progress (3): 85 kB | 116 kB | 180/267 kB Progress (3): 85 kB | 116 kB | 184/267 kB Progress (3): 85 kB | 116 kB | 188/267 kB Progress (3): 85 kB | 116 kB | 192/267 kB Progress (3): 85 kB | 116 kB | 196/267 kB Progress (3): 85 kB | 116 kB | 200/267 kB Progress (3): 85 kB | 116 kB | 204/267 kB Progress (3): 85 kB | 116 kB | 208/267 kB Progress (3): 85 kB | 116 kB | 213/267 kB Progress (3): 85 kB | 116 kB | 217/267 kB Progress (3): 85 kB | 116 kB | 221/267 kB Progress (3): 85 kB | 116 kB | 225/267 kB Progress (3): 85 kB | 116 kB | 229/267 kB Progress (3): 85 kB | 116 kB | 233/267 kB Progress (3): 85 kB | 116 kB | 237/267 kB Progress (3): 85 kB | 116 kB | 241/267 kB Progress (3): 85 kB | 116 kB | 245/267 kB Progress (3): 85 kB | 116 kB | 249/267 kB Progress (3): 85 kB | 116 kB | 254/267 kB Progress (3): 85 kB | 116 kB | 258/267 kB Progress (3): 85 kB | 116 kB | 262/267 kB Progress (3): 85 kB | 116 kB | 266/267 kB Progress (3): 85 kB | 116 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 652 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 866 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.8 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 466 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 546 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 276 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 981 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 503 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 461 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 497 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 694 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 411 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 303 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 216 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 733 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 348 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 359 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 369 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 765 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/165 kB Progress (1): 7.7/165 kB Progress (1): 12/165 kB Progress (1): 16/165 kB Progress (1): 20/165 kB Progress (1): 24/165 kB Progress (1): 28/165 kB Progress (1): 32/165 kB Progress (1): 36/165 kB Progress (1): 40/165 kB Progress (2): 40/165 kB | 4.1/49 kB Progress (2): 44/165 kB | 4.1/49 kB Progress (2): 44/165 kB | 7.7/49 kB Progress (2): 48/165 kB | 7.7/49 kB Progress (2): 48/165 kB | 12/49 kB Progress (2): 48/165 kB | 16/49 kB Progress (2): 53/165 kB | 16/49 kB Progress (2): 57/165 kB | 16/49 kB Progress (2): 57/165 kB | 20/49 kB Progress (2): 61/165 kB | 20/49 kB Progress (2): 61/165 kB | 24/49 kB Progress (2): 65/165 kB | 24/49 kB Progress (2): 65/165 kB | 28/49 kB Progress (2): 65/165 kB | 32/49 kB Progress (2): 69/165 kB | 32/49 kB Progress (2): 69/165 kB | 36/49 kB Progress (2): 73/165 kB | 36/49 kB Progress (2): 73/165 kB | 41/49 kB Progress (2): 77/165 kB | 41/49 kB Progress (2): 77/165 kB | 45/49 kB Progress (2): 81/165 kB | 45/49 kB Progress (2): 81/165 kB | 49/49 kB Progress (2): 81/165 kB | 49 kB Progress (2): 85/165 kB | 49 kB Progress (2): 89/165 kB | 49 kB Progress (2): 93/165 kB | 49 kB Progress (2): 98/165 kB | 49 kB Progress (2): 102/165 kB | 49 kB Progress (2): 106/165 kB | 49 kB Progress (2): 110/165 kB | 49 kB Progress (2): 114/165 kB | 49 kB Progress (2): 118/165 kB | 49 kB Progress (2): 122/165 kB | 49 kB Progress (2): 126/165 kB | 49 kB Progress (2): 130/165 kB | 49 kB Progress (2): 134/165 kB | 49 kB Progress (2): 139/165 kB | 49 kB Progress (2): 143/165 kB | 49 kB Progress (2): 147/165 kB | 49 kB Progress (2): 151/165 kB | 49 kB Progress (2): 155/165 kB | 49 kB Progress (2): 159/165 kB | 49 kB Progress (2): 163/165 kB | 49 kB Progress (2): 165 kB | 49 kB Progress (3): 165 kB | 49 kB | 4.1/202 kB Progress (3): 165 kB | 49 kB | 7.7/202 kB Progress (3): 165 kB | 49 kB | 12/202 kB Progress (3): 165 kB | 49 kB | 16/202 kB Progress (3): 165 kB | 49 kB | 20/202 kB Progress (3): 165 kB | 49 kB | 24/202 kB Progress (3): 165 kB | 49 kB | 28/202 kB Progress (3): 165 kB | 49 kB | 32/202 kB Progress (3): 165 kB | 49 kB | 36/202 kB Progress (3): 165 kB | 49 kB | 41/202 kB Progress (3): 165 kB | 49 kB | 45/202 kB Progress (3): 165 kB | 49 kB | 49/202 kB Progress (3): 165 kB | 49 kB | 53/202 kB Progress (3): 165 kB | 49 kB | 57/202 kB Progress (3): 165 kB | 49 kB | 61/202 kB Progress (3): 165 kB | 49 kB | 65/202 kB Progress (3): 165 kB | 49 kB | 69/202 kB Progress (3): 165 kB | 49 kB | 73/202 kB Progress (3): 165 kB | 49 kB | 77/202 kB Progress (3): 165 kB | 49 kB | 81/202 kB Progress (3): 165 kB | 49 kB | 86/202 kB Progress (3): 165 kB | 49 kB | 90/202 kB Progress (3): 165 kB | 49 kB | 94/202 kB Progress (3): 165 kB | 49 kB | 98/202 kB Progress (3): 165 kB | 49 kB | 102/202 kB Progress (3): 165 kB | 49 kB | 106/202 kB Progress (3): 165 kB | 49 kB | 110/202 kB Progress (3): 165 kB | 49 kB | 114/202 kB Progress (3): 165 kB | 49 kB | 118/202 kB Progress (3): 165 kB | 49 kB | 122/202 kB Progress (3): 165 kB | 49 kB | 127/202 kB Progress (3): 165 kB | 49 kB | 131/202 kB Progress (3): 165 kB | 49 kB | 135/202 kB Progress (3): 165 kB | 49 kB | 139/202 kB Progress (3): 165 kB | 49 kB | 143/202 kB Progress (3): 165 kB | 49 kB | 147/202 kB Progress (3): 165 kB | 49 kB | 151/202 kB Progress (3): 165 kB | 49 kB | 155/202 kB Progress (3): 165 kB | 49 kB | 159/202 kB Progress (3): 165 kB | 49 kB | 163/202 kB Progress (3): 165 kB | 49 kB | 167/202 kB Progress (3): 165 kB | 49 kB | 172/202 kB Progress (3): 165 kB | 49 kB | 176/202 kB Progress (3): 165 kB | 49 kB | 180/202 kB Progress (3): 165 kB | 49 kB | 184/202 kB Progress (3): 165 kB | 49 kB | 188/202 kB Progress (3): 165 kB | 49 kB | 192/202 kB Progress (3): 165 kB | 49 kB | 196/202 kB Progress (3): 165 kB | 49 kB | 200/202 kB Progress (3): 165 kB | 49 kB | 202 kB Progress (4): 165 kB | 49 kB | 202 kB | 4.1/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 7.7/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 12/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 16/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 20/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 24/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 28/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 32/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 36/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 41/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 45/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 49/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 53/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 57/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 61/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 65/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 69/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 73/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 77/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 81/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 86/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 90/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 94/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 98/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 102/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 106/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 110/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 114/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 118/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 122/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 127/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 131/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 135/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 139/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 143/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 147/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 151/153 kB Progress (4): 165 kB | 49 kB | 202 kB | 153 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 4.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Progress (2): 202 kB | 4.1/472 kB Progress (2): 202 kB | 7.7/472 kB Progress (2): 202 kB | 12/472 kB Progress (2): 202 kB | 16/472 kB Progress (2): 202 kB | 20/472 kB Progress (2): 202 kB | 24/472 kB Progress (2): 202 kB | 28/472 kB Progress (2): 202 kB | 32/472 kB Progress (2): 202 kB | 36/472 kB Progress (2): 202 kB | 40/472 kB Progress (2): 202 kB | 45/472 kB Progress (2): 202 kB | 49/472 kB Progress (2): 202 kB | 53/472 kB Progress (2): 202 kB | 57/472 kB Progress (2): 202 kB | 61/472 kB Progress (2): 202 kB | 65/472 kB Progress (2): 202 kB | 69/472 kB Progress (2): 202 kB | 73/472 kB Progress (2): 202 kB | 77/472 kB Progress (2): 202 kB | 81/472 kB Progress (2): 202 kB | 86/472 kB Progress (2): 202 kB | 90/472 kB Progress (2): 202 kB | 94/472 kB Progress (2): 202 kB | 98/472 kB Progress (2): 202 kB | 102/472 kB Progress (2): 202 kB | 106/472 kB Progress (2): 202 kB | 110/472 kB Progress (2): 202 kB | 114/472 kB Progress (2): 202 kB | 118/472 kB Progress (2): 202 kB | 122/472 kB Progress (2): 202 kB | 127/472 kB Progress (2): 202 kB | 131/472 kB Progress (2): 202 kB | 135/472 kB Progress (2): 202 kB | 139/472 kB Progress (2): 202 kB | 143/472 kB Progress (2): 202 kB | 147/472 kB Progress (2): 202 kB | 151/472 kB Progress (2): 202 kB | 155/472 kB Progress (2): 202 kB | 159/472 kB Progress (2): 202 kB | 163/472 kB Progress (2): 202 kB | 167/472 kB Progress (2): 202 kB | 171/472 kB Progress (2): 202 kB | 176/472 kB Progress (2): 202 kB | 180/472 kB Progress (2): 202 kB | 184/472 kB Progress (2): 202 kB | 188/472 kB Progress (2): 202 kB | 192/472 kB Progress (2): 202 kB | 196/472 kB Progress (2): 202 kB | 200/472 kB Progress (2): 202 kB | 204/472 kB Progress (2): 202 kB | 208/472 kB Progress (2): 202 kB | 212/472 kB Progress (2): 202 kB | 217/472 kB Progress (2): 202 kB | 221/472 kB Progress (2): 202 kB | 225/472 kB Progress (2): 202 kB | 229/472 kB Progress (2): 202 kB | 233/472 kB Progress (2): 202 kB | 237/472 kB Progress (2): 202 kB | 241/472 kB Progress (2): 202 kB | 245/472 kB Progress (2): 202 kB | 249/472 kB Progress (2): 202 kB | 253/472 kB Progress (2): 202 kB | 257/472 kB Progress (2): 202 kB | 262/472 kB Progress (2): 202 kB | 266/472 kB Progress (2): 202 kB | 270/472 kB Progress (2): 202 kB | 274/472 kB Progress (2): 202 kB | 278/472 kB Progress (2): 202 kB | 282/472 kB Progress (2): 202 kB | 286/472 kB Progress (2): 202 kB | 290/472 kB Progress (2): 202 kB | 294/472 kB Progress (2): 202 kB | 298/472 kB Progress (2): 202 kB | 302/472 kB Progress (2): 202 kB | 307/472 kB Progress (2): 202 kB | 311/472 kB Progress (2): 202 kB | 315/472 kB Progress (2): 202 kB | 319/472 kB Progress (2): 202 kB | 323/472 kB Progress (2): 202 kB | 327/472 kB Progress (2): 202 kB | 331/472 kB Progress (2): 202 kB | 335/472 kB Progress (2): 202 kB | 339/472 kB Progress (2): 202 kB | 343/472 kB Progress (2): 202 kB | 348/472 kB Progress (2): 202 kB | 352/472 kB Progress (2): 202 kB | 356/472 kB Progress (2): 202 kB | 360/472 kB Progress (2): 202 kB | 364/472 kB Progress (2): 202 kB | 368/472 kB Progress (2): 202 kB | 372/472 kB Progress (2): 202 kB | 376/472 kB Progress (2): 202 kB | 380/472 kB Progress (2): 202 kB | 384/472 kB Progress (2): 202 kB | 388/472 kB Progress (2): 202 kB | 393/472 kB Progress (2): 202 kB | 397/472 kB Progress (2): 202 kB | 401/472 kB Progress (2): 202 kB | 405/472 kB Progress (2): 202 kB | 409/472 kB Progress (2): 202 kB | 413/472 kB Progress (2): 202 kB | 417/472 kB Progress (2): 202 kB | 421/472 kB Progress (2): 202 kB | 425/472 kB Progress (2): 202 kB | 429/472 kB Progress (2): 202 kB | 434/472 kB Progress (2): 202 kB | 438/472 kB Progress (2): 202 kB | 442/472 kB Progress (2): 202 kB | 446/472 kB Progress (2): 202 kB | 450/472 kB Progress (2): 202 kB | 454/472 kB Progress (2): 202 kB | 458/472 kB Progress (2): 202 kB | 462/472 kB Progress (2): 202 kB | 466/472 kB Progress (2): 202 kB | 470/472 kB Progress (2): 202 kB | 472 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 3.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 472 kB | 4.1/527 kB Progress (2): 472 kB | 7.7/527 kB Progress (2): 472 kB | 12/527 kB Progress (2): 472 kB | 16/527 kB Progress (2): 472 kB | 20/527 kB Progress (2): 472 kB | 24/527 kB Progress (2): 472 kB | 28/527 kB Progress (2): 472 kB | 32/527 kB Progress (2): 472 kB | 36/527 kB Progress (2): 472 kB | 41/527 kB Progress (2): 472 kB | 45/527 kB Progress (2): 472 kB | 49/527 kB Progress (2): 472 kB | 53/527 kB Progress (2): 472 kB | 57/527 kB Progress (2): 472 kB | 61/527 kB Progress (2): 472 kB | 65/527 kB Progress (2): 472 kB | 69/527 kB Progress (2): 472 kB | 73/527 kB Progress (2): 472 kB | 77/527 kB Progress (2): 472 kB | 81/527 kB Progress (2): 472 kB | 86/527 kB Progress (2): 472 kB | 90/527 kB Progress (2): 472 kB | 94/527 kB Progress (2): 472 kB | 98/527 kB Progress (2): 472 kB | 102/527 kB Progress (2): 472 kB | 106/527 kB Progress (2): 472 kB | 110/527 kB Progress (2): 472 kB | 114/527 kB Progress (2): 472 kB | 118/527 kB Progress (2): 472 kB | 122/527 kB Progress (2): 472 kB | 127/527 kB Progress (2): 472 kB | 131/527 kB Progress (2): 472 kB | 135/527 kB Progress (2): 472 kB | 139/527 kB Progress (2): 472 kB | 143/527 kB Progress (2): 472 kB | 147/527 kB Progress (2): 472 kB | 151/527 kB Progress (2): 472 kB | 155/527 kB Progress (2): 472 kB | 159/527 kB Progress (2): 472 kB | 163/527 kB Progress (2): 472 kB | 167/527 kB Progress (2): 472 kB | 172/527 kB Progress (2): 472 kB | 176/527 kB Progress (2): 472 kB | 180/527 kB Progress (2): 472 kB | 184/527 kB Progress (2): 472 kB | 188/527 kB Progress (2): 472 kB | 192/527 kB Progress (2): 472 kB | 196/527 kB Progress (2): 472 kB | 200/527 kB Progress (2): 472 kB | 204/527 kB Progress (2): 472 kB | 208/527 kB Progress (2): 472 kB | 213/527 kB Progress (2): 472 kB | 217/527 kB Progress (2): 472 kB | 221/527 kB Progress (2): 472 kB | 225/527 kB Progress (2): 472 kB | 229/527 kB Progress (2): 472 kB | 233/527 kB Progress (2): 472 kB | 237/527 kB Progress (2): 472 kB | 241/527 kB Progress (2): 472 kB | 245/527 kB Progress (2): 472 kB | 249/527 kB Progress (2): 472 kB | 254/527 kB Progress (2): 472 kB | 258/527 kB Progress (2): 472 kB | 262/527 kB Progress (2): 472 kB | 266/527 kB Progress (2): 472 kB | 270/527 kB Progress (2): 472 kB | 274/527 kB Progress (2): 472 kB | 278/527 kB Progress (2): 472 kB | 282/527 kB Progress (2): 472 kB | 286/527 kB Progress (2): 472 kB | 290/527 kB Progress (2): 472 kB | 294/527 kB Progress (2): 472 kB | 299/527 kB Progress (2): 472 kB | 303/527 kB Progress (2): 472 kB | 307/527 kB Progress (2): 472 kB | 311/527 kB Progress (2): 472 kB | 315/527 kB Progress (2): 472 kB | 319/527 kB Progress (2): 472 kB | 323/527 kB Progress (2): 472 kB | 327/527 kB Progress (2): 472 kB | 331/527 kB Progress (2): 472 kB | 335/527 kB Progress (2): 472 kB | 340/527 kB Progress (2): 472 kB | 344/527 kB Progress (2): 472 kB | 348/527 kB Progress (2): 472 kB | 352/527 kB Progress (2): 472 kB | 356/527 kB Progress (2): 472 kB | 360/527 kB Progress (2): 472 kB | 364/527 kB Progress (2): 472 kB | 368/527 kB Progress (2): 472 kB | 372/527 kB Progress (2): 472 kB | 376/527 kB Progress (2): 472 kB | 380/527 kB Progress (2): 472 kB | 385/527 kB Progress (2): 472 kB | 389/527 kB Progress (2): 472 kB | 393/527 kB Progress (2): 472 kB | 397/527 kB Progress (2): 472 kB | 401/527 kB Progress (2): 472 kB | 405/527 kB Progress (2): 472 kB | 409/527 kB Progress (2): 472 kB | 413/527 kB Progress (2): 472 kB | 417/527 kB Progress (2): 472 kB | 421/527 kB Progress (2): 472 kB | 426/527 kB Progress (2): 472 kB | 430/527 kB Progress (2): 472 kB | 434/527 kB Progress (2): 472 kB | 438/527 kB Progress (2): 472 kB | 442/527 kB Progress (2): 472 kB | 446/527 kB Progress (2): 472 kB | 450/527 kB Progress (2): 472 kB | 454/527 kB Progress (2): 472 kB | 458/527 kB Progress (2): 472 kB | 462/527 kB Progress (2): 472 kB | 466/527 kB Progress (2): 472 kB | 471/527 kB Progress (2): 472 kB | 475/527 kB Progress (2): 472 kB | 479/527 kB Progress (2): 472 kB | 483/527 kB Progress (2): 472 kB | 487/527 kB Progress (2): 472 kB | 491/527 kB Progress (2): 472 kB | 495/527 kB Progress (2): 472 kB | 499/527 kB Progress (2): 472 kB | 503/527 kB Progress (2): 472 kB | 507/527 kB Progress (2): 472 kB | 512/527 kB Progress (2): 472 kB | 516/527 kB Progress (2): 472 kB | 520/527 kB Progress (2): 472 kB | 524/527 kB Progress (2): 472 kB | 527 kB Progress (3): 472 kB | 527 kB | 4.1/38 kB Progress (3): 472 kB | 527 kB | 7.7/38 kB Progress (3): 472 kB | 527 kB | 12/38 kB Progress (3): 472 kB | 527 kB | 16/38 kB Progress (3): 472 kB | 527 kB | 20/38 kB Progress (3): 472 kB | 527 kB | 24/38 kB Progress (3): 472 kB | 527 kB | 28/38 kB Progress (3): 472 kB | 527 kB | 32/38 kB Progress (3): 472 kB | 527 kB | 36/38 kB Progress (3): 472 kB | 527 kB | 38 kB Progress (4): 472 kB | 527 kB | 38 kB | 4.1/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 8.2/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 12/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 16/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 20/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 25/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 29/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 33/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 37/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 41/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 45/47 kB Progress (4): 472 kB | 527 kB | 38 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 6.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 472 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (3): 527 kB | 47 kB | 4.1/30 kB Progress (3): 527 kB | 47 kB | 7.7/30 kB Progress (3): 527 kB | 47 kB | 12/30 kB Progress (3): 527 kB | 47 kB | 16/30 kB Progress (3): 527 kB | 47 kB | 20/30 kB Progress (3): 527 kB | 47 kB | 24/30 kB Progress (3): 527 kB | 47 kB | 28/30 kB Progress (3): 527 kB | 47 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 491 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (2): 30 kB | 4.1/106 kB Progress (2): 30 kB | 8.2/106 kB Progress (2): 30 kB | 12/106 kB Progress (2): 30 kB | 16/106 kB Progress (2): 30 kB | 20/106 kB Progress (2): 30 kB | 25/106 kB Progress (2): 30 kB | 29/106 kB Progress (2): 30 kB | 33/106 kB Progress (2): 30 kB | 37/106 kB Progress (2): 30 kB | 41/106 kB Progress (2): 30 kB | 45/106 kB Progress (2): 30 kB | 49/106 kB Progress (2): 30 kB | 53/106 kB Progress (2): 30 kB | 57/106 kB Progress (2): 30 kB | 61/106 kB Progress (2): 30 kB | 66/106 kB Progress (2): 30 kB | 70/106 kB Progress (2): 30 kB | 74/106 kB Progress (2): 30 kB | 78/106 kB Progress (2): 30 kB | 82/106 kB Progress (2): 30 kB | 86/106 kB Progress (2): 30 kB | 90/106 kB Progress (2): 30 kB | 94/106 kB Progress (2): 30 kB | 98/106 kB Progress (2): 30 kB | 102/106 kB Progress (2): 30 kB | 106 kB Progress (3): 30 kB | 106 kB | 4.1/51 kB Progress (3): 30 kB | 106 kB | 7.7/51 kB Progress (3): 30 kB | 106 kB | 12/51 kB Progress (3): 30 kB | 106 kB | 16/51 kB Progress (3): 30 kB | 106 kB | 20/51 kB Progress (3): 30 kB | 106 kB | 24/51 kB Progress (3): 30 kB | 106 kB | 28/51 kB Progress (3): 30 kB | 106 kB | 32/51 kB Progress (3): 30 kB | 106 kB | 36/51 kB Progress (3): 30 kB | 106 kB | 40/51 kB Progress (3): 30 kB | 106 kB | 44/51 kB Progress (3): 30 kB | 106 kB | 48/51 kB Progress (3): 30 kB | 106 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 932 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (2): 51 kB | 4.1/148 kB Progress (2): 51 kB | 7.7/148 kB Progress (2): 51 kB | 12/148 kB Progress (2): 51 kB | 16/148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 430 kB/s) Progress (1): 20/148 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Progress (1): 24/148 kB Progress (1): 28/148 kB Progress (1): 32/148 kB Progress (1): 36/148 kB Progress (1): 40/148 kB Progress (1): 45/148 kB Progress (1): 49/148 kB Progress (1): 53/148 kB Progress (1): 57/148 kB Progress (1): 61/148 kB Progress (1): 65/148 kB Progress (1): 69/148 kB Progress (1): 73/148 kB Progress (1): 77/148 kB Progress (1): 81/148 kB Progress (1): 86/148 kB Progress (1): 90/148 kB Progress (1): 94/148 kB Progress (1): 98/148 kB Progress (1): 102/148 kB Progress (1): 106/148 kB Progress (1): 110/148 kB Progress (1): 114/148 kB Progress (1): 118/148 kB Progress (1): 122/148 kB Progress (1): 127/148 kB Progress (1): 131/148 kB Progress (1): 135/148 kB Progress (1): 139/148 kB Progress (1): 143/148 kB Progress (1): 147/148 kB Progress (1): 148 kB Progress (2): 148 kB | 4.1/14 kB Progress (2): 148 kB | 7.7/14 kB Progress (2): 148 kB | 12/14 kB Progress (2): 148 kB | 14 kB Progress (3): 148 kB | 14 kB | 4.1/74 kB Progress (3): 148 kB | 14 kB | 7.7/74 kB Progress (3): 148 kB | 14 kB | 12/74 kB Progress (3): 148 kB | 14 kB | 16/74 kB Progress (3): 148 kB | 14 kB | 20/74 kB Progress (3): 148 kB | 14 kB | 24/74 kB Progress (3): 148 kB | 14 kB | 28/74 kB Progress (3): 148 kB | 14 kB | 32/74 kB Progress (3): 148 kB | 14 kB | 36/74 kB Progress (3): 148 kB | 14 kB | 41/74 kB Progress (3): 148 kB | 14 kB | 45/74 kB Progress (3): 148 kB | 14 kB | 49/74 kB Progress (3): 148 kB | 14 kB | 53/74 kB Progress (3): 148 kB | 14 kB | 57/74 kB Progress (3): 148 kB | 14 kB | 61/74 kB Progress (3): 148 kB | 14 kB | 65/74 kB Progress (3): 148 kB | 14 kB | 69/74 kB Progress (3): 148 kB | 14 kB | 73/74 kB Progress (3): 148 kB | 14 kB | 74 kB Progress (4): 148 kB | 14 kB | 74 kB | 4.1/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 7.7/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 12/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 16/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 20/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 24/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 28/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 32/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 36/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 41/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 45/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 49/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 53/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 57/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 61/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 65/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 69/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 73/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 77/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 81/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 86/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 90/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 94/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 98/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 102/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 106/108 kB Progress (4): 148 kB | 14 kB | 74 kB | 108 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 4.1/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 7.7/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 12/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 16/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 20/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 24/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 28/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 32/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 36/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 41/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 45/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 49/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 53/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 57/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 61/61 kB Progress (5): 148 kB | 14 kB | 74 kB | 108 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 724 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 485 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 925 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 379 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (1): 3.4/4.2 kB Progress (1): 4.2 kB Progress (2): 4.2 kB | 4.1/29 kB Progress (2): 4.2 kB | 7.7/29 kB Progress (2): 4.2 kB | 12/29 kB Progress (2): 4.2 kB | 16/29 kB Progress (2): 4.2 kB | 20/29 kB Progress (2): 4.2 kB | 24/29 kB Progress (2): 4.2 kB | 28/29 kB Progress (2): 4.2 kB | 29 kB Progress (3): 4.2 kB | 29 kB | 4.1/52 kB Progress (3): 4.2 kB | 29 kB | 7.7/52 kB Progress (3): 4.2 kB | 29 kB | 12/52 kB Progress (3): 4.2 kB | 29 kB | 16/52 kB Progress (3): 4.2 kB | 29 kB | 20/52 kB Progress (3): 4.2 kB | 29 kB | 24/52 kB Progress (3): 4.2 kB | 29 kB | 28/52 kB Progress (3): 4.2 kB | 29 kB | 32/52 kB Progress (3): 4.2 kB | 29 kB | 36/52 kB Progress (3): 4.2 kB | 29 kB | 41/52 kB Progress (3): 4.2 kB | 29 kB | 45/52 kB Progress (3): 4.2 kB | 29 kB | 49/52 kB Progress (3): 4.2 kB | 29 kB | 52 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 4.1/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 7.7/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 12/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 16/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 20/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 24/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 28/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 32/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 36/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 41/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 45/46 kB Progress (4): 4.2 kB | 29 kB | 52 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (4): 29 kB | 52 kB | 46 kB | 4.1/13 kB Progress (4): 29 kB | 52 kB | 46 kB | 7.7/13 kB Progress (4): 29 kB | 52 kB | 46 kB | 12/13 kB Progress (4): 29 kB | 52 kB | 46 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 230 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (2): 13 kB | 4.1/263 kB Progress (2): 13 kB | 7.7/263 kB Progress (2): 13 kB | 12/263 kB Progress (2): 13 kB | 16/263 kB Progress (2): 13 kB | 20/263 kB Progress (2): 13 kB | 24/263 kB Progress (2): 13 kB | 28/263 kB Progress (2): 13 kB | 32/263 kB Progress (2): 13 kB | 36/263 kB Progress (2): 13 kB | 41/263 kB Progress (2): 13 kB | 45/263 kB Progress (2): 13 kB | 49/263 kB Progress (2): 13 kB | 53/263 kB Progress (2): 13 kB | 57/263 kB Progress (2): 13 kB | 61/263 kB Progress (2): 13 kB | 65/263 kB Progress (2): 13 kB | 69/263 kB Progress (2): 13 kB | 73/263 kB Progress (2): 13 kB | 77/263 kB Progress (2): 13 kB | 81/263 kB Progress (2): 13 kB | 86/263 kB Progress (2): 13 kB | 90/263 kB Progress (2): 13 kB | 94/263 kB Progress (2): 13 kB | 98/263 kB Progress (2): 13 kB | 102/263 kB Progress (2): 13 kB | 106/263 kB Progress (2): 13 kB | 110/263 kB Progress (2): 13 kB | 114/263 kB Progress (2): 13 kB | 118/263 kB Progress (2): 13 kB | 122/263 kB Progress (2): 13 kB | 127/263 kB Progress (2): 13 kB | 131/263 kB Progress (2): 13 kB | 135/263 kB Progress (2): 13 kB | 139/263 kB Progress (2): 13 kB | 143/263 kB Progress (2): 13 kB | 147/263 kB Progress (2): 13 kB | 151/263 kB Progress (2): 13 kB | 155/263 kB Progress (2): 13 kB | 159/263 kB Progress (2): 13 kB | 163/263 kB Progress (2): 13 kB | 167/263 kB Progress (2): 13 kB | 172/263 kB Progress (2): 13 kB | 176/263 kB Progress (2): 13 kB | 180/263 kB Progress (2): 13 kB | 184/263 kB Progress (2): 13 kB | 188/263 kB Progress (2): 13 kB | 192/263 kB Progress (2): 13 kB | 196/263 kB Progress (2): 13 kB | 200/263 kB Progress (2): 13 kB | 204/263 kB Progress (2): 13 kB | 208/263 kB Progress (2): 13 kB | 213/263 kB Progress (2): 13 kB | 217/263 kB Progress (2): 13 kB | 221/263 kB Progress (2): 13 kB | 225/263 kB Progress (2): 13 kB | 229/263 kB Progress (2): 13 kB | 233/263 kB Progress (2): 13 kB | 237/263 kB Progress (2): 13 kB | 241/263 kB Progress (2): 13 kB | 245/263 kB Progress (2): 13 kB | 249/263 kB Progress (2): 13 kB | 254/263 kB Progress (2): 13 kB | 258/263 kB Progress (2): 13 kB | 262/263 kB Progress (2): 13 kB | 263 kB Progress (3): 13 kB | 263 kB | 4.1/61 kB Progress (3): 13 kB | 263 kB | 7.7/61 kB Progress (3): 13 kB | 263 kB | 12/61 kB Progress (3): 13 kB | 263 kB | 16/61 kB Progress (3): 13 kB | 263 kB | 20/61 kB Progress (3): 13 kB | 263 kB | 24/61 kB Progress (3): 13 kB | 263 kB | 28/61 kB Progress (3): 13 kB | 263 kB | 32/61 kB Progress (3): 13 kB | 263 kB | 36/61 kB Progress (3): 13 kB | 263 kB | 41/61 kB Progress (3): 13 kB | 263 kB | 45/61 kB Progress (3): 13 kB | 263 kB | 49/61 kB Progress (3): 13 kB | 263 kB | 53/61 kB Progress (3): 13 kB | 263 kB | 57/61 kB Progress (3): 13 kB | 263 kB | 61/61 kB Progress (3): 13 kB | 263 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (3): 263 kB | 61 kB | 4.1/120 kB Progress (3): 263 kB | 61 kB | 7.7/120 kB Progress (3): 263 kB | 61 kB | 12/120 kB Progress (3): 263 kB | 61 kB | 16/120 kB Progress (3): 263 kB | 61 kB | 20/120 kB Progress (3): 263 kB | 61 kB | 24/120 kB Progress (3): 263 kB | 61 kB | 28/120 kB Progress (3): 263 kB | 61 kB | 32/120 kB Progress (3): 263 kB | 61 kB | 36/120 kB Progress (3): 263 kB | 61 kB | 41/120 kB Progress (3): 263 kB | 61 kB | 45/120 kB Progress (3): 263 kB | 61 kB | 49/120 kB Progress (3): 263 kB | 61 kB | 53/120 kB Progress (3): 263 kB | 61 kB | 57/120 kB Progress (3): 263 kB | 61 kB | 61/120 kB Progress (3): 263 kB | 61 kB | 65/120 kB Progress (3): 263 kB | 61 kB | 69/120 kB Progress (3): 263 kB | 61 kB | 73/120 kB Progress (3): 263 kB | 61 kB | 77/120 kB Progress (3): 263 kB | 61 kB | 81/120 kB Progress (3): 263 kB | 61 kB | 86/120 kB Progress (3): 263 kB | 61 kB | 90/120 kB Progress (3): 263 kB | 61 kB | 94/120 kB Progress (3): 263 kB | 61 kB | 98/120 kB Progress (3): 263 kB | 61 kB | 102/120 kB Progress (4): 263 kB | 61 kB | 102/120 kB | 4.1/164 kB Progress (4): 263 kB | 61 kB | 106/120 kB | 4.1/164 kB Progress (4): 263 kB | 61 kB | 106/120 kB | 7.7/164 kB Progress (4): 263 kB | 61 kB | 110/120 kB | 7.7/164 kB Progress (4): 263 kB | 61 kB | 110/120 kB | 12/164 kB Progress (4): 263 kB | 61 kB | 114/120 kB | 12/164 kB Progress (4): 263 kB | 61 kB | 114/120 kB | 16/164 kB Progress (4): 263 kB | 61 kB | 118/120 kB | 16/164 kB Progress (4): 263 kB | 61 kB | 118/120 kB | 20/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 20/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 24/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 28/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 32/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 36/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 41/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 45/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 49/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 53/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 57/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 61/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 65/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 69/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 73/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 77/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 81/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 86/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 90/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 94/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 98/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 102/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 106/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 110/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 114/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 118/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 122/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 127/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 131/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 135/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 139/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 143/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 147/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 151/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 155/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 159/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 163/164 kB Progress (4): 263 kB | 61 kB | 120 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 260 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 495 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 665 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (1): 4.1/122 kB Progress (1): 7.7/122 kB Progress (1): 12/122 kB Progress (1): 16/122 kB Progress (1): 20/122 kB Progress (1): 24/122 kB Progress (1): 28/122 kB Progress (1): 32/122 kB Progress (1): 36/122 kB Progress (1): 41/122 kB Progress (1): 45/122 kB Progress (1): 49/122 kB Progress (1): 53/122 kB Progress (1): 57/122 kB Progress (1): 61/122 kB Progress (1): 65/122 kB Progress (1): 69/122 kB Progress (1): 73/122 kB Progress (1): 77/122 kB Progress (1): 81/122 kB Progress (1): 86/122 kB Progress (1): 90/122 kB Progress (1): 94/122 kB Progress (1): 98/122 kB Progress (1): 102/122 kB Progress (1): 106/122 kB Progress (1): 110/122 kB Progress (1): 114/122 kB Progress (1): 118/122 kB Progress (1): 122 kB Progress (2): 122 kB | 4.1/26 kB Progress (2): 122 kB | 7.7/26 kB Progress (2): 122 kB | 12/26 kB Progress (2): 122 kB | 16/26 kB Progress (2): 122 kB | 20/26 kB Progress (2): 122 kB | 24/26 kB Progress (2): 122 kB | 26 kB Progress (3): 122 kB | 26 kB | 4.1/72 kB Progress (3): 122 kB | 26 kB | 7.7/72 kB Progress (3): 122 kB | 26 kB | 12/72 kB Progress (3): 122 kB | 26 kB | 16/72 kB Progress (3): 122 kB | 26 kB | 20/72 kB Progress (3): 122 kB | 26 kB | 24/72 kB Progress (3): 122 kB | 26 kB | 28/72 kB Progress (3): 122 kB | 26 kB | 32/72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 451 kB/s) Progress (2): 26 kB | 36/72 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Progress (2): 26 kB | 41/72 kB Progress (2): 26 kB | 45/72 kB Progress (2): 26 kB | 49/72 kB Progress (2): 26 kB | 53/72 kB Progress (2): 26 kB | 57/72 kB Progress (2): 26 kB | 61/72 kB Progress (2): 26 kB | 65/72 kB Progress (2): 26 kB | 69/72 kB Progress (2): 26 kB | 72 kB Progress (3): 26 kB | 72 kB | 4.1/53 kB Progress (3): 26 kB | 72 kB | 7.7/53 kB Progress (3): 26 kB | 72 kB | 12/53 kB Progress (3): 26 kB | 72 kB | 16/53 kB Progress (3): 26 kB | 72 kB | 20/53 kB Progress (3): 26 kB | 72 kB | 24/53 kB Progress (3): 26 kB | 72 kB | 28/53 kB Progress (3): 26 kB | 72 kB | 32/53 kB Progress (3): 26 kB | 72 kB | 36/53 kB Progress (3): 26 kB | 72 kB | 41/53 kB Progress (3): 26 kB | 72 kB | 45/53 kB Progress (3): 26 kB | 72 kB | 49/53 kB Progress (3): 26 kB | 72 kB | 53 kB Progress (4): 26 kB | 72 kB | 53 kB | 4.1/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 8.2/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 12/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 16/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 20/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 25/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 29/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 33/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 37/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 41/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 45/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 49/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 53/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 57/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 61/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 66/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 70/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 74/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 78/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 82/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 86/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 90/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 94/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 98/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 102/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 106/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 111/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 115/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 119/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 123/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 127/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 131/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 135/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 139/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 143/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 147/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 152/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 156/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 160/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 164/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 168/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 172/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 176/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 180/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 184/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 188/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 193/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 197/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 201/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 205/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 209/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 213/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 217/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 221/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 225/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 229/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 233/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 238/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 242/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 246/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 250/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 254/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 258/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 262/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 266/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 270/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 274/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 279/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 283/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 287/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 291/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 295/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 299/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 303/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 307/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 311/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 315/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 319/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 324/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 328/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 332/335 kB Progress (4): 26 kB | 72 kB | 53 kB | 335 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Progress (4): 72 kB | 53 kB | 335 kB | 4.1/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 7.7/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 12/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 16/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 20/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 24/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 28/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 32/33 kB Progress (4): 72 kB | 53 kB | 335 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 248 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 180 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (2): 335 kB | 4.1/305 kB Progress (2): 335 kB | 7.7/305 kB Progress (2): 335 kB | 12/305 kB Progress (2): 335 kB | 16/305 kB Progress (2): 335 kB | 20/305 kB Progress (2): 335 kB | 24/305 kB Progress (2): 335 kB | 28/305 kB Progress (2): 335 kB | 32/305 kB Progress (2): 335 kB | 36/305 kB Progress (2): 335 kB | 41/305 kB Progress (2): 335 kB | 45/305 kB Progress (2): 335 kB | 49/305 kB Progress (2): 335 kB | 53/305 kB Progress (2): 335 kB | 57/305 kB Progress (2): 335 kB | 61/305 kB Progress (2): 335 kB | 65/305 kB Progress (2): 335 kB | 69/305 kB Progress (2): 335 kB | 73/305 kB Progress (2): 335 kB | 77/305 kB Progress (2): 335 kB | 81/305 kB Progress (2): 335 kB | 86/305 kB Progress (2): 335 kB | 90/305 kB Progress (2): 335 kB | 94/305 kB Progress (2): 335 kB | 98/305 kB Progress (2): 335 kB | 102/305 kB Progress (2): 335 kB | 106/305 kB Progress (2): 335 kB | 110/305 kB Progress (2): 335 kB | 114/305 kB Progress (2): 335 kB | 118/305 kB Progress (2): 335 kB | 122/305 kB Progress (2): 335 kB | 127/305 kB Progress (2): 335 kB | 131/305 kB Progress (2): 335 kB | 135/305 kB Progress (2): 335 kB | 139/305 kB Progress (2): 335 kB | 143/305 kB Progress (2): 335 kB | 147/305 kB Progress (2): 335 kB | 151/305 kB Progress (2): 335 kB | 155/305 kB Progress (2): 335 kB | 159/305 kB Progress (2): 335 kB | 163/305 kB Progress (2): 335 kB | 167/305 kB Progress (2): 335 kB | 172/305 kB Progress (2): 335 kB | 176/305 kB Progress (2): 335 kB | 180/305 kB Progress (2): 335 kB | 184/305 kB Progress (2): 335 kB | 188/305 kB Progress (2): 335 kB | 192/305 kB Progress (2): 335 kB | 196/305 kB Progress (2): 335 kB | 200/305 kB Progress (2): 335 kB | 204/305 kB Progress (2): 335 kB | 208/305 kB Progress (2): 335 kB | 213/305 kB Progress (2): 335 kB | 217/305 kB Progress (2): 335 kB | 221/305 kB Progress (2): 335 kB | 225/305 kB Progress (2): 335 kB | 229/305 kB Progress (2): 335 kB | 233/305 kB Progress (2): 335 kB | 237/305 kB Progress (2): 335 kB | 241/305 kB Progress (2): 335 kB | 245/305 kB Progress (2): 335 kB | 249/305 kB Progress (2): 335 kB | 254/305 kB Progress (2): 335 kB | 258/305 kB Progress (2): 335 kB | 262/305 kB Progress (2): 335 kB | 266/305 kB Progress (2): 335 kB | 270/305 kB Progress (2): 335 kB | 274/305 kB Progress (2): 335 kB | 278/305 kB Progress (2): 335 kB | 282/305 kB Progress (2): 335 kB | 286/305 kB Progress (2): 335 kB | 290/305 kB Progress (2): 335 kB | 294/305 kB Progress (2): 335 kB | 299/305 kB Progress (2): 335 kB | 303/305 kB Progress (2): 335 kB | 305 kB Progress (3): 335 kB | 305 kB | 4.1/37 kB Progress (3): 335 kB | 305 kB | 7.7/37 kB Progress (3): 335 kB | 305 kB | 12/37 kB Progress (3): 335 kB | 305 kB | 16/37 kB Progress (3): 335 kB | 305 kB | 20/37 kB Progress (3): 335 kB | 305 kB | 24/37 kB Progress (3): 335 kB | 305 kB | 28/37 kB Progress (3): 335 kB | 305 kB | 32/37 kB Progress (3): 335 kB | 305 kB | 36/37 kB Progress (3): 335 kB | 305 kB | 37 kB Progress (4): 335 kB | 305 kB | 37 kB | 4.1/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 7.7/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 12/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 16/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 20/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 24/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 28/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 32/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 36/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 41/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 45/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 49/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 53/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 57/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 61/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 65/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 69/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 73/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 77/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 81/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 86/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 90/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 94/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 98/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 102/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 106/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 110/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 114/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 118/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 122/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 127/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 131/134 kB Progress (4): 335 kB | 305 kB | 37 kB | 134 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 4.1/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 7.7/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 12/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 16/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 20/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 24/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 28/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 32/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 36/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 40/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 44/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 48/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 53/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 57/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 61/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 65/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 69/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 73/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 77/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 81/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 85/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 89/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 94/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 98/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 102/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 106/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 110/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 114/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 118/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 122/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 126/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 130/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 134/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 139/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 143/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 147/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 151/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 155/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 159/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 163/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 167/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 171/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 175/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 180/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 184/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 188/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 192/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 196/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 200/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 204/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 208/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 212/215 kB Progress (5): 335 kB | 305 kB | 37 kB | 134 kB | 215 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 921 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 645 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (2): 335 kB | 4.1/180 kB Progress (2): 335 kB | 7.7/180 kB Progress (2): 335 kB | 12/180 kB Progress (2): 335 kB | 16/180 kB Progress (2): 335 kB | 20/180 kB Progress (2): 335 kB | 24/180 kB Progress (2): 335 kB | 28/180 kB Progress (2): 335 kB | 32/180 kB Progress (2): 335 kB | 36/180 kB Progress (2): 335 kB | 41/180 kB Progress (2): 335 kB | 45/180 kB Progress (2): 335 kB | 49/180 kB Progress (2): 335 kB | 53/180 kB Progress (2): 335 kB | 57/180 kB Progress (2): 335 kB | 61/180 kB Progress (2): 335 kB | 65/180 kB Progress (2): 335 kB | 69/180 kB Progress (2): 335 kB | 73/180 kB Progress (2): 335 kB | 77/180 kB Progress (2): 335 kB | 81/180 kB Progress (2): 335 kB | 86/180 kB Progress (2): 335 kB | 90/180 kB Progress (2): 335 kB | 94/180 kB Progress (2): 335 kB | 98/180 kB Progress (2): 335 kB | 102/180 kB Progress (2): 335 kB | 106/180 kB Progress (2): 335 kB | 110/180 kB Progress (2): 335 kB | 114/180 kB Progress (2): 335 kB | 118/180 kB Progress (2): 335 kB | 122/180 kB Progress (2): 335 kB | 127/180 kB Progress (2): 335 kB | 131/180 kB Progress (2): 335 kB | 135/180 kB Progress (2): 335 kB | 139/180 kB Progress (2): 335 kB | 143/180 kB Progress (2): 335 kB | 147/180 kB Progress (2): 335 kB | 151/180 kB Progress (2): 335 kB | 155/180 kB Progress (2): 335 kB | 159/180 kB Progress (2): 335 kB | 163/180 kB Progress (2): 335 kB | 167/180 kB Progress (2): 335 kB | 172/180 kB Progress (2): 335 kB | 176/180 kB Progress (2): 335 kB | 180/180 kB Progress (2): 335 kB | 180 kB Progress (3): 335 kB | 180 kB | 0/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 952 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (2): 180 kB | 0/2.6 MB Progress (2): 180 kB | 0/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.1/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.2/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.3/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.4/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.5/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.6/2.6 MB Progress (2): 180 kB | 0.7/2.6 MB Progress (2): 180 kB | 0.7/2.6 MB Progress (3): 180 kB | 0.7/2.6 MB | 4.1/4.6 kB Progress (3): 180 kB | 0.7/2.6 MB | 4.1/4.6 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.1/4.6 kB | 4.1/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.1/4.6 kB | 7.7/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 7.7/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 7.7/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 12/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 16/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 16/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 20/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 24/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 24/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 28/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 32/85 kB Progress (4): 180 kB | 0.7/2.6 MB | 4.6 kB | 36/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 36/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 41/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 45/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 49/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 49/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 53/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 57/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 61/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 61/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 65/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 69/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 73/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 77/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 81/85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 0.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.1/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.2/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.3/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.4/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.5/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.6/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.7/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.8/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 1.9/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 2.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 2.0/2.6 MB | 4.6 kB | 85 kB Progress (4): 180 kB | 2.0/2.6 MB | 4.6 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 496 kB/s) Progress (3): 2.0/2.6 MB | 4.6 kB | 85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (3): 2.0/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.0/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.1/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.2/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 85 kB Progress (3): 2.6 MB | 4.6 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (2): 2.6 MB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Progress (2): 2.2 kB | 4.1/20 kB Progress (2): 2.2 kB | 7.7/20 kB Progress (2): 2.2 kB | 12/20 kB Progress (2): 2.2 kB | 16/20 kB Progress (2): 2.2 kB | 20 kB Progress (3): 2.2 kB | 20 kB | 4.1/8.8 kB Progress (3): 2.2 kB | 20 kB | 7.7/8.8 kB Progress (3): 2.2 kB | 20 kB | 8.8 kB Progress (4): 2.2 kB | 20 kB | 8.8 kB | 4.1/14 kB Progress (4): 2.2 kB | 20 kB | 8.8 kB | 7.7/14 kB Progress (4): 2.2 kB | 20 kB | 8.8 kB | 12/14 kB Progress (4): 2.2 kB | 20 kB | 8.8 kB | 14 kB Progress (5): 2.2 kB | 20 kB | 8.8 kB | 14 kB | 4.1/5.9 kB Progress (5): 2.2 kB | 20 kB | 8.8 kB | 14 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 48 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 21 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 32 kB/s) Progress (1): 4.1/500 kB Progress (1): 7.7/500 kB Progress (1): 12/500 kB Progress (1): 16/500 kB Progress (1): 20/500 kB Progress (1): 24/500 kB Progress (1): 28/500 kB Progress (1): 32/500 kB Progress (1): 36/500 kB Progress (1): 41/500 kB Progress (1): 45/500 kB Progress (1): 49/500 kB Progress (1): 53/500 kB Progress (1): 57/500 kB Progress (1): 61/500 kB Progress (1): 65/500 kB Progress (1): 69/500 kB Progress (1): 73/500 kB Progress (1): 77/500 kB Progress (1): 81/500 kB Progress (1): 86/500 kB Progress (1): 90/500 kB Progress (1): 94/500 kB Progress (1): 98/500 kB Progress (1): 102/500 kB Progress (1): 106/500 kB Progress (1): 110/500 kB Progress (1): 114/500 kB Progress (1): 118/500 kB Progress (1): 122/500 kB Progress (1): 127/500 kB Progress (1): 131/500 kB Progress (1): 135/500 kB Progress (1): 139/500 kB Progress (1): 143/500 kB Progress (1): 147/500 kB Progress (1): 151/500 kB Progress (1): 155/500 kB Progress (1): 159/500 kB Progress (1): 163/500 kB Progress (1): 167/500 kB Progress (1): 172/500 kB Progress (1): 176/500 kB Progress (1): 180/500 kB Progress (1): 184/500 kB Progress (1): 188/500 kB Progress (1): 192/500 kB Progress (1): 196/500 kB Progress (1): 200/500 kB Progress (1): 204/500 kB Progress (1): 208/500 kB Progress (1): 213/500 kB Progress (1): 217/500 kB Progress (1): 221/500 kB Progress (1): 225/500 kB Progress (1): 229/500 kB Progress (1): 233/500 kB Progress (1): 237/500 kB Progress (1): 241/500 kB Progress (1): 245/500 kB Progress (1): 249/500 kB Progress (1): 254/500 kB Progress (1): 258/500 kB Progress (1): 262/500 kB Progress (1): 266/500 kB Progress (1): 270/500 kB Progress (1): 274/500 kB Progress (1): 278/500 kB Progress (1): 282/500 kB Progress (1): 286/500 kB Progress (1): 290/500 kB Progress (1): 294/500 kB Progress (1): 299/500 kB Progress (1): 303/500 kB Progress (1): 307/500 kB Progress (1): 311/500 kB Progress (1): 315/500 kB Progress (1): 319/500 kB Progress (1): 323/500 kB Progress (1): 327/500 kB Progress (1): 331/500 kB Progress (1): 335/500 kB Progress (1): 340/500 kB Progress (1): 344/500 kB Progress (1): 348/500 kB Progress (1): 352/500 kB Progress (1): 356/500 kB Progress (1): 360/500 kB Progress (1): 364/500 kB Progress (1): 368/500 kB Progress (1): 372/500 kB Progress (1): 376/500 kB Progress (1): 380/500 kB Progress (1): 385/500 kB Progress (1): 389/500 kB Progress (1): 393/500 kB Progress (1): 397/500 kB Progress (1): 401/500 kB Progress (1): 405/500 kB Progress (1): 409/500 kB Progress (1): 413/500 kB Progress (1): 417/500 kB Progress (1): 421/500 kB Progress (1): 426/500 kB Progress (1): 430/500 kB Progress (1): 434/500 kB Progress (1): 438/500 kB Progress (1): 442/500 kB Progress (1): 446/500 kB Progress (1): 450/500 kB Progress (1): 454/500 kB Progress (1): 458/500 kB Progress (1): 462/500 kB Progress (1): 466/500 kB Progress (1): 471/500 kB Progress (1): 475/500 kB Progress (1): 479/500 kB Progress (1): 483/500 kB Progress (1): 487/500 kB Progress (1): 491/500 kB Progress (1): 495/500 kB Progress (1): 499/500 kB Progress (1): 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 16.587 s [INFO] Finished at: 2026-02-10T22:13:20Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="0dcafc660a1b623b5220240ec60114a99383e2c6" "org.opencontainers.image.revision"="0dcafc660a1b623b5220240ec60114a99383e2c6" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-02-10T22:12:54Z" "org.opencontainers.image.created"="2026-02-10T22:12:54Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 --> 62f5a206aef5 Successfully tagged quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 62f5a206aef5dac557cb26c48625a40887c4e0be0b596cba0c91643e5e0ed4a4 [2026-02-10T22:13:22,589438548+00:00] Unsetting proxy [2026-02-10T22:13:22,590668912+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:e0b77c7773881685d3e11b8910469c01ae698f66d9ec2ad01238c49decbc19e4 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:62f5a206aef5dac557cb26c48625a40887c4e0be0b596cba0c91643e5e0ed4a4 Writing manifest to image destination [2026-02-10T22:13:23,811578299+00:00] End build pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | container step-push: [2026-02-10T22:13:24,106799636+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:13:26,163595110+00:00] Convert image [2026-02-10T22:13:26,164646005+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-vkc9p-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-vkc9p-build-container Getting image source signatures Copying blob sha256:e0b77c7773881685d3e11b8910469c01ae698f66d9ec2ad01238c49decbc19e4 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:62f5a206aef5dac557cb26c48625a40887c4e0be0b596cba0c91643e5e0ed4a4 Writing manifest to image destination [2026-02-10T22:13:29,503570114+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 Getting image source signatures Copying blob sha256:e0b77c7773881685d3e11b8910469c01ae698f66d9ec2ad01238c49decbc19e4 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:62f5a206aef5dac557cb26c48625a40887c4e0be0b596cba0c91643e5e0ed4a4 Writing manifest to image destination sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 [2026-02-10T22:13:30,231960077+00:00] End push pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | container step-sbom-syft-generate: [2026-02-10T22:13:31,235946352+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:13:39,264629822+00:00] End sbom-syft-generate pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | container step-prepare-sboms: [2026-02-10T22:13:39,332094956+00:00] Prepare SBOM [2026-02-10T22:13:39,335992113+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:13:40,421 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:13:40,545 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:13:42,055 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:13:42,055 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:13:42,056 [INFO] mobster.log: Contextual workflow completed in 1.53s 2026-02-10 22:13:42,085 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:13:42,152135984+00:00] End prepare-sboms pod: test-component-pac-xmjyvu-o555f97ed4072e15ed425f8eae2862337-pod | container step-upload-sbom: [2026-02-10T22:13:42,419971466+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:24a67b9de4b0496a8017e480e7439a6413ffdbe4dc7fc596c63ae1745d381a74 [2026-02-10T22:13:44,735925072+00:00] End upload-sbom pod: test-component-pac-xmjyvu-o55d33fda7b14f6ac2f055112e3ef9859-pod | init container: prepare 2026/02/10 22:14:03 Entrypoint initialization pod: test-component-pac-xmjyvu-o55d33fda7b14f6ac2f055112e3ef9859-pod | init container: place-scripts 2026/02/10 22:14:04 Decoded script /tekton/scripts/script-0-r948g pod: test-component-pac-xmjyvu-o55d33fda7b14f6ac2f055112e3ef9859-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o55d33fda7b14f6ac2f055112e3ef9859-pod | container step-push: [2026-02-10T22:14:09,489351016+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.jM21KqXiNM --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:sha256-14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1.dockerfile Dockerfile pod: test-component-pac-xmjyvu-oce0787b4c49765865b5c48ae936df7a9-pod | init container: prepare 2026/02/10 22:14:03 Entrypoint initialization pod: test-component-pac-xmjyvu-oce0787b4c49765865b5c48ae936df7a9-pod | init container: place-scripts 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-0-wlm7h 2026/02/10 22:14:03 Decoded script /tekton/scripts/script-1-xkg6r pod: test-component-pac-xmjyvu-oce0787b4c49765865b5c48ae936df7a9-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-oce0787b4c49765865b5c48ae936df7a9-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-component-pac-xmjyvu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:14:08+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-oce0787b4c49765865b5c48ae936df7a9-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | init container: prepare 2026/02/10 22:13:56 Entrypoint initialization pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | init container: place-scripts 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-0-nsdd8 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-1-4srpk 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-2-dcnkh 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-3-6dqzf 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-4-ccqp5 2026/02/10 22:13:57 Decoded script /tekton/scripts/script-5-dqh8p pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Auth json written to "/auth/auth.json". pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-set-skip-for-bundles: 2026/02/10 22:14:03 INFO Step was skipped due to when expressions were evaluated to false. pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-app-check: time="2026-02-10T22:14:03Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:14:03Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 for platform amd64" time="2026-02-10T22:14:03Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6" time="2026-02-10T22:14:11Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:14:11Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:14:11Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:14:11Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:14:11Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:14:11Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:14:11Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:14:21Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:14:23Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:14:23Z" level=info msg="This image's tag on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 will be paired with digest sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 36, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9803, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 1897, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:14:23Z" level=info msg="Preflight result: FAILED" pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761664","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 pod: test-component-pac-xmjyvu-oe89801e22ce953f7532f110df521b2d5-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761664","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-apply-tags-pod | init container: prepare 2026/02/10 22:13:56 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:13:59Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6" time="2026-02-10T22:13:59Z" level=info msg="[param] Image digest: sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1" time="2026-02-10T22:13:59Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:13:59Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | init container: prepare 2026/02/10 22:13:55 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | init container: place-scripts 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-0-dzs98 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-1-qf6v6 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-2-fmtd4 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-3-z5fmx pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1. pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:14:04Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"}] 2026-02-10T22:14:04Z INF libvuln initialized component=libvuln/New 2026-02-10T22:14:05Z INF registered configured scanners component=libindex/New 2026-02-10T22:14:05Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:14:05Z INF index request start component=libindex/Libindex.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 2026-02-10T22:14:05Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 2026-02-10T22:14:05Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=CheckManifest 2026-02-10T22:14:05Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=FetchLayers 2026-02-10T22:14:08Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=FetchLayers 2026-02-10T22:14:08Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=FetchLayers 2026-02-10T22:14:08Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=ScanLayers 2026-02-10T22:14:08Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:14:08Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:14:08Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=ScanLayers 2026-02-10T22:14:08Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=IndexManifest 2026-02-10T22:14:08Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=IndexFinished 2026-02-10T22:14:08Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 state=IndexFinished 2026-02-10T22:14:09Z INF index request done component=libindex/Libindex.Index manifest=sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 { "manifest_hash": "sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "183c3502-981c-4913-b3aa-02a57922cf9b": { "id": "183c3502-981c-4913-b3aa-02a57922cf9b", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "13ee9455-4d53-40e3-90cf-4b150f6fcf48": { "id": "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "2d795a9c-962d-4811-bb1a-e4576068fbc5": { "id": "2d795a9c-962d-4811-bb1a-e4576068fbc5", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "8833ce05-f0b3-4491-b25f-d049f2a44927": { "id": "8833ce05-f0b3-4491-b25f-d049f2a44927", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "ac0d27a7-671f-4a59-b543-ddaa4d3fac63": { "id": "ac0d27a7-671f-4a59-b543-ddaa4d3fac63", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394": { "id": "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "c5e07336-23d7-4b8a-8e97-4a99d91614c9": { "id": "c5e07336-23d7-4b8a-8e97-4a99d91614c9", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:313eb067391ba8c271d5cd67f158802e37814ab55eb4bf132c8169c4bee7442f", "distribution_id": "", "repository_ids": [ "8833ce05-f0b3-4491-b25f-d049f2a44927" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:313eb067391ba8c271d5cd67f158802e37814ab55eb4bf132c8169c4bee7442f", "distribution_id": "", "repository_ids": [ "8833ce05-f0b3-4491-b25f-d049f2a44927" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "2d795a9c-962d-4811-bb1a-e4576068fbc5", "2d795a9c-962d-4811-bb1a-e4576068fbc5" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:313eb067391ba8c271d5cd67f158802e37814ab55eb4bf132c8169c4bee7442f", "distribution_id": "", "repository_ids": [ "8833ce05-f0b3-4491-b25f-d049f2a44927" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "2d795a9c-962d-4811-bb1a-e4576068fbc5", "2d795a9c-962d-4811-bb1a-e4576068fbc5" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:313eb067391ba8c271d5cd67f158802e37814ab55eb4bf132c8169c4bee7442f", "distribution_id": "", "repository_ids": [ "8833ce05-f0b3-4491-b25f-d049f2a44927" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "c0e6d9e9-584a-4c0a-af41-7fa1d3d5a394", "c5e07336-23d7-4b8a-8e97-4a99d91614c9" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "183c3502-981c-4913-b3aa-02a57922cf9b", "repository_ids": [ "13ee9455-4d53-40e3-90cf-4b150f6fcf48", "ac0d27a7-671f-4a59-b543-ddaa4d3fac63" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), expat-2.5.0-1.el8_10 (CVE-2024-28757), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), file-libs-5.33-27.el8_10 (CVE-2019-8905), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), tar-2:1.30-11.el8_10 (CVE-2025-45582), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), libzstd-1.4.4-1.el8 (CVE-2022-4899)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gawk-4.2.1-4.el8 (CVE-2023-4156), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), file-libs-5.33-27.el8_10 (CVE-2019-8906), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), pcre2-10.32-3.el8_6 (CVE-2022-41409), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), libzstd-1.4.4-1.el8 (CVE-2021-24032)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6", "digests": ["sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:14:28+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clamav-scan-pod | init container: prepare 2026/02/10 22:13:55 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clamav-scan-pod | init container: place-scripts 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-0-cxff2 2026/02/10 22:13:56 Decoded script /tekton/scripts/script-1-sf6c8 pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 19.708 sec (0 m 19 s) Start Date: 2026:02:10 22:14:12 End Date: 2026:02:10 22:14:32 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761672","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761672","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761672","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6", "digests": ["sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1"]}} pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading ee129f132e5b clamscan-result-amd64.log Uploading d10d40104a12 clamscan-ec-test-amd64.json Uploaded d10d40104a12 clamscan-ec-test-amd64.json Uploaded ee129f132e5b clamscan-result-amd64.log Uploading 9617aac5a7f8 application/vnd.oci.image.manifest.v1+json Uploaded 9617aac5a7f8 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-0dcafc660a1b623b5220240ec60114a99383e2c6@sha256:14061b78e7eeb0ce156d3be701013a10c71f7fe74e8b10c0a6d07a283b6855e1 Digest: sha256:9617aac5a7f891e982ddf69b47c73a5dba2b934844633a470820e2ed448eddb9 pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-init-pod | init container: prepare 2026/02/10 22:12:13 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-init-pod | init container: place-scripts 2026/02/10 22:12:13 Decoded script /tekton/scripts/script-0-xbs5x pod: test-component-pac-xmjyvu-on-pull-request-vkc9p-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Running PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: PipelineRunStopping PipelineRun test-component-pac-xmjyvu-on-pull-request-lhdm7 reason: Failed attempt 3/3: PipelineRun "test-component-pac-xmjyvu-on-pull-request-lhdm7" failed: pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: prepare 2026/02/10 22:15:37 Entrypoint initialization pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: place-scripts 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-0-vrjmc 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-1-w2sd4 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-2-st4xk 2026/02/10 22:15:38 Decoded script /tekton/scripts/script-3-jm85g 2026/02/10 22:15:38 Decoded script /tekton/scripts/script-4-4kfjh pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-build: [2026-02-10T22:15:43,035280439+00:00] Validate context path [2026-02-10T22:15:43,038521154+00:00] Update CA trust [2026-02-10T22:15:43,039580881+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:15:45,029013488+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:15:45,034850368+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:15:45,148508316+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:15:50,032033335+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:15:45Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:15:45Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "2141ba55580678246c722e07819f9c5ce33e3df7", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "2141ba55580678246c722e07819f9c5ce33e3df7", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-02-10T22:15:50,082129668+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:15:50,085428796+00:00] Add secrets [2026-02-10T22:15:50,093773913+00:00] Run buildah build [2026-02-10T22:15:50,095043739+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=2141ba55580678246c722e07819f9c5ce33e3df7 --label org.opencontainers.image.revision=2141ba55580678246c722e07819f9c5ce33e3df7 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-02-10T22:15:45Z --label org.opencontainers.image.created=2026-02-10T22:15:45Z --annotation org.opencontainers.image.revision=2141ba55580678246c722e07819f9c5ce33e3df7 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-02-10T22:15:45Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.DMJyxn -t quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 382 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 297 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 280 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 425 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 224 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 388 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 250 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 753 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 564 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 691 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 369 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Progress (4): 3.6 kB | 7.1 kB | 2.0 kB | 2.3/3.6 kB Progress (4): 3.6 kB | 7.1 kB | 2.0 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 51 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 101 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 28 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 48 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 162 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (1): 24/226 kB Progress (1): 27/226 kB Progress (1): 30/226 kB Progress (1): 32/226 kB Progress (1): 35/226 kB Progress (1): 38/226 kB Progress (1): 41/226 kB Progress (1): 43/226 kB Progress (1): 46/226 kB Progress (1): 49/226 kB Progress (1): 53/226 kB Progress (1): 57/226 kB Progress (1): 61/226 kB Progress (1): 65/226 kB Progress (1): 69/226 kB Progress (1): 73/226 kB Progress (1): 76/226 kB Progress (1): 80/226 kB Progress (1): 84/226 kB Progress (1): 88/226 kB Progress (1): 92/226 kB Progress (1): 96/226 kB Progress (1): 100/226 kB Progress (1): 104/226 kB Progress (1): 108/226 kB Progress (1): 112/226 kB Progress (1): 117/226 kB Progress (1): 121/226 kB Progress (1): 125/226 kB Progress (1): 129/226 kB Progress (1): 133/226 kB Progress (2): 133/226 kB | 2.3/13 kB Progress (2): 137/226 kB | 2.3/13 kB Progress (2): 137/226 kB | 5.0/13 kB Progress (2): 137/226 kB | 7.8/13 kB Progress (2): 141/226 kB | 7.8/13 kB Progress (2): 143/226 kB | 7.8/13 kB Progress (2): 143/226 kB | 12/13 kB Progress (2): 143/226 kB | 13 kB Progress (2): 147/226 kB | 13 kB Progress (2): 151/226 kB | 13 kB Progress (2): 156/226 kB | 13 kB Progress (2): 160/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 192/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 201/226 kB | 13 kB Progress (2): 205/226 kB | 13 kB Progress (2): 209/226 kB | 13 kB Progress (2): 211/226 kB | 13 kB Progress (2): 215/226 kB | 13 kB Progress (2): 219/226 kB | 13 kB Progress (2): 223/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 218 kB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 7.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 322 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (1): 28/116 kB Progress (1): 32/116 kB Progress (1): 36/116 kB Progress (1): 41/116 kB Progress (1): 45/116 kB Progress (1): 49/116 kB Progress (1): 53/116 kB Progress (1): 57/116 kB Progress (1): 61/116 kB Progress (1): 65/116 kB Progress (1): 69/116 kB Progress (1): 73/116 kB Progress (1): 77/116 kB Progress (1): 81/116 kB Progress (1): 86/116 kB Progress (1): 90/116 kB Progress (1): 94/116 kB Progress (1): 98/116 kB Progress (1): 102/116 kB Progress (1): 106/116 kB Progress (1): 110/116 kB Progress (1): 114/116 kB Progress (1): 116 kB Progress (2): 116 kB | 4.1/35 kB Progress (2): 116 kB | 7.7/35 kB Progress (2): 116 kB | 12/35 kB Progress (2): 116 kB | 16/35 kB Progress (3): 116 kB | 16/35 kB | 2.3/57 kB Progress (3): 116 kB | 16/35 kB | 4.7/57 kB Progress (3): 116 kB | 20/35 kB | 4.7/57 kB Progress (3): 116 kB | 20/35 kB | 7.5/57 kB Progress (3): 116 kB | 24/35 kB | 7.5/57 kB Progress (3): 116 kB | 28/35 kB | 7.5/57 kB Progress (3): 116 kB | 28/35 kB | 10/57 kB Progress (3): 116 kB | 32/35 kB | 10/57 kB Progress (3): 116 kB | 32/35 kB | 13/57 kB Progress (3): 116 kB | 35 kB | 13/57 kB Progress (3): 116 kB | 35 kB | 16/57 kB Progress (3): 116 kB | 35 kB | 18/57 kB Progress (3): 116 kB | 35 kB | 21/57 kB Progress (3): 116 kB | 35 kB | 24/57 kB Progress (3): 116 kB | 35 kB | 27/57 kB Progress (3): 116 kB | 35 kB | 29/57 kB Progress (3): 116 kB | 35 kB | 32/57 kB Progress (3): 116 kB | 35 kB | 35/57 kB Progress (3): 116 kB | 35 kB | 38/57 kB Progress (3): 116 kB | 35 kB | 40/57 kB Progress (3): 116 kB | 35 kB | 43/57 kB Progress (3): 116 kB | 35 kB | 47/57 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 4.1/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 7.7/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 12/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 16/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 20/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 24/152 kB Progress (4): 116 kB | 35 kB | 51/57 kB | 24/152 kB Progress (4): 116 kB | 35 kB | 51/57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 55/57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 32/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 36/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 40/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 44/152 kB Progress (5): 116 kB | 35 kB | 57 kB | 44/152 kB | 2.3/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 44/152 kB | 5.0/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 48/152 kB | 5.0/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 48/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 53/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 57/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 57/152 kB | 11/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 11/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 13/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 16/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 19/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 65/152 kB | 19/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 65/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 69/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 73/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 73/152 kB | 24/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 24/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 27/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 81/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 85/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 89/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 94/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 98/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 102/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 106/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 110/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 114/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 118/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 122/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 126/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 130/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 134/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 139/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 143/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 147/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 151/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 152 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 556 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 653 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 152 kB | 4.1/21 kB Progress (2): 152 kB | 7.7/21 kB Progress (2): 152 kB | 12/21 kB Progress (2): 152 kB | 16/21 kB Progress (2): 152 kB | 20/21 kB Progress (2): 152 kB | 21 kB Progress (3): 152 kB | 21 kB | 3.8/9.9 kB Progress (3): 152 kB | 21 kB | 7.8/9.9 kB Progress (3): 152 kB | 21 kB | 9.9 kB Progress (4): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB | 4.1/24 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB | 7.7/24 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 5.0/5.9 kB | 7.7/24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.0 MB/s) Progress (4): 21 kB | 9.9 kB | 5.9 kB | 7.7/24 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (4): 21 kB | 9.9 kB | 5.9 kB | 12/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 16/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 20/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 253 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Progress (2): 30 kB | 4.1/14 kB Progress (2): 30 kB | 7.7/14 kB Progress (2): 30 kB | 12/14 kB Progress (2): 30 kB | 14 kB Progress (3): 30 kB | 14 kB | 3.8/37 kB Progress (3): 30 kB | 14 kB | 7.9/37 kB Progress (3): 30 kB | 14 kB | 12/37 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 249 kB/s) Progress (2): 14 kB | 16/37 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (2): 14 kB | 20/37 kB Progress (2): 14 kB | 24/37 kB Progress (2): 14 kB | 28/37 kB Progress (2): 14 kB | 32/37 kB Progress (2): 14 kB | 37/37 kB Progress (2): 14 kB | 37 kB Progress (3): 14 kB | 37 kB | 4.1/38 kB Progress (3): 14 kB | 37 kB | 7.7/38 kB Progress (3): 14 kB | 37 kB | 12/38 kB Progress (3): 14 kB | 37 kB | 16/38 kB Progress (3): 14 kB | 37 kB | 20/38 kB Progress (3): 14 kB | 37 kB | 24/38 kB Progress (3): 14 kB | 37 kB | 28/38 kB Progress (3): 14 kB | 37 kB | 32/38 kB Progress (3): 14 kB | 37 kB | 36/38 kB Progress (3): 14 kB | 37 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (3): 37 kB | 38 kB | 2.3/13 kB Progress (3): 37 kB | 38 kB | 5.0/13 kB Progress (3): 37 kB | 38 kB | 7.8/13 kB Progress (3): 37 kB | 38 kB | 10/13 kB Progress (3): 37 kB | 38 kB | 13/13 kB Progress (3): 37 kB | 38 kB | 13 kB Progress (4): 37 kB | 38 kB | 13 kB | 4.1/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 7.7/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 12/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 16/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 20/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 24/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 28/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 32/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 36/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 41/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 45/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 49/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 53/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 57/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 61/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 65/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 69/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 73/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 77/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 81/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 86/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 41/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (1): 49 kB Progress (2): 49 kB | 3.8/86 kB Progress (2): 49 kB | 7.9/86 kB Progress (2): 49 kB | 12/86 kB Progress (2): 49 kB | 16/86 kB Progress (2): 49 kB | 20/86 kB Progress (2): 49 kB | 24/86 kB Progress (2): 49 kB | 28/86 kB Progress (2): 49 kB | 32/86 kB Progress (2): 49 kB | 36/86 kB Progress (2): 49 kB | 40/86 kB Progress (2): 49 kB | 44/86 kB Progress (2): 49 kB | 48/86 kB Progress (2): 49 kB | 53/86 kB Progress (2): 49 kB | 57/86 kB Progress (2): 49 kB | 61/86 kB Progress (2): 49 kB | 65/86 kB Progress (2): 49 kB | 69/86 kB Progress (2): 49 kB | 73/86 kB Progress (2): 49 kB | 77/86 kB Progress (2): 49 kB | 81/86 kB Progress (2): 49 kB | 83/86 kB Progress (2): 49 kB | 86 kB Progress (3): 49 kB | 86 kB | 4.1/121 kB Progress (4): 49 kB | 86 kB | 4.1/121 kB | 4.1/10 kB Progress (4): 49 kB | 86 kB | 7.7/121 kB | 4.1/10 kB Progress (4): 49 kB | 86 kB | 7.7/121 kB | 7.7/10 kB Progress (4): 49 kB | 86 kB | 12/121 kB | 7.7/10 kB Progress (4): 49 kB | 86 kB | 12/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 16/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 20/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 24/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 28/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 32/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 36/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 41/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 45/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 49/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 53/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 57/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 61/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 65/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 69/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 73/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 77/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 81/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 86/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 90/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 94/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 98/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 102/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 106/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 110/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 114/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 118/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 121 kB | 10 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 3.8/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 7.9/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 12/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 16/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 20/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 24/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 28/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 32/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 37/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 41/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 45/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 49/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 53/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 57/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 61/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 65/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 69/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 71/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 76/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 80/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 84/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 88/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 92/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 96/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 100/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 104/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 108/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 441 kB/s) Progress (4): 49 kB | 121 kB | 10 kB | 112/194 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (4): 49 kB | 121 kB | 10 kB | 116/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 121/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 125/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 129/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 133/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 137/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 139/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 143/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 147/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 151/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 155/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 160/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 164/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 168/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 172/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 176/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 180/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 184/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 188/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 192/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 194 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 602 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (2): 194 kB | 4.1/223 kB Progress (2): 194 kB | 7.7/223 kB Progress (2): 194 kB | 12/223 kB Progress (2): 194 kB | 16/223 kB Progress (2): 194 kB | 20/223 kB Progress (2): 194 kB | 24/223 kB Progress (2): 194 kB | 28/223 kB Progress (2): 194 kB | 32/223 kB Progress (2): 194 kB | 36/223 kB Progress (2): 194 kB | 41/223 kB Progress (3): 194 kB | 41/223 kB | 4.1/43 kB Progress (3): 194 kB | 45/223 kB | 4.1/43 kB Progress (3): 194 kB | 45/223 kB | 7.7/43 kB Progress (3): 194 kB | 49/223 kB | 7.7/43 kB Progress (3): 194 kB | 49/223 kB | 12/43 kB Progress (3): 194 kB | 49/223 kB | 16/43 kB Progress (3): 194 kB | 53/223 kB | 16/43 kB Progress (3): 194 kB | 57/223 kB | 16/43 kB Progress (3): 194 kB | 61/223 kB | 16/43 kB Progress (3): 194 kB | 61/223 kB | 20/43 kB Progress (3): 194 kB | 65/223 kB | 20/43 kB Progress (3): 194 kB | 65/223 kB | 24/43 kB Progress (3): 194 kB | 65/223 kB | 28/43 kB Progress (3): 194 kB | 65/223 kB | 32/43 kB Progress (3): 194 kB | 69/223 kB | 32/43 kB Progress (3): 194 kB | 69/223 kB | 36/43 kB Progress (3): 194 kB | 73/223 kB | 36/43 kB Progress (3): 194 kB | 73/223 kB | 41/43 kB Progress (3): 194 kB | 77/223 kB | 41/43 kB Progress (3): 194 kB | 77/223 kB | 43 kB Progress (3): 194 kB | 81/223 kB | 43 kB Progress (3): 194 kB | 86/223 kB | 43 kB Progress (3): 194 kB | 90/223 kB | 43 kB Progress (3): 194 kB | 94/223 kB | 43 kB Progress (3): 194 kB | 98/223 kB | 43 kB Progress (3): 194 kB | 102/223 kB | 43 kB Progress (3): 194 kB | 106/223 kB | 43 kB Progress (3): 194 kB | 110/223 kB | 43 kB Progress (3): 194 kB | 114/223 kB | 43 kB Progress (3): 194 kB | 118/223 kB | 43 kB Progress (3): 194 kB | 122/223 kB | 43 kB Progress (3): 194 kB | 127/223 kB | 43 kB Progress (3): 194 kB | 131/223 kB | 43 kB Progress (3): 194 kB | 135/223 kB | 43 kB Progress (3): 194 kB | 139/223 kB | 43 kB Progress (3): 194 kB | 143/223 kB | 43 kB Progress (3): 194 kB | 147/223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 867 kB/s) Progress (2): 151/223 kB | 43 kB Progress (2): 155/223 kB | 43 kB Progress (2): 159/223 kB | 43 kB Progress (2): 163/223 kB | 43 kB Progress (2): 167/223 kB | 43 kB Progress (2): 172/223 kB | 43 kB Progress (2): 176/223 kB | 43 kB Progress (2): 180/223 kB | 43 kB Progress (2): 184/223 kB | 43 kB Progress (2): 188/223 kB | 43 kB Progress (2): 192/223 kB | 43 kB Progress (2): 196/223 kB | 43 kB Progress (2): 200/223 kB | 43 kB Progress (2): 204/223 kB | 43 kB Progress (2): 208/223 kB | 43 kB Progress (2): 213/223 kB | 43 kB Progress (2): 217/223 kB | 43 kB Progress (2): 221/223 kB | 43 kB Progress (2): 223 kB | 43 kB Progress (3): 223 kB | 43 kB | 4.1/6.8 kB Progress (3): 223 kB | 43 kB | 6.8 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 4.1/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 7.7/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 12/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 16/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 20/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 24/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 28/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 32/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 36/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 41/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 45/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 49/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 53/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 57/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 177 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 904 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 27 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 229 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 332 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 331 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 380 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 484 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 165 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/160 kB Progress (1): 7.7/160 kB Progress (1): 12/160 kB Progress (1): 16/160 kB Progress (1): 20/160 kB Progress (1): 24/160 kB Progress (1): 28/160 kB Progress (1): 32/160 kB Progress (1): 36/160 kB Progress (1): 41/160 kB Progress (1): 45/160 kB Progress (1): 49/160 kB Progress (1): 53/160 kB Progress (1): 57/160 kB Progress (1): 61/160 kB Progress (1): 65/160 kB Progress (1): 69/160 kB Progress (1): 73/160 kB Progress (1): 77/160 kB Progress (1): 81/160 kB Progress (1): 86/160 kB Progress (1): 90/160 kB Progress (1): 94/160 kB Progress (1): 98/160 kB Progress (1): 102/160 kB Progress (1): 106/160 kB Progress (1): 110/160 kB Progress (1): 114/160 kB Progress (1): 118/160 kB Progress (1): 122/160 kB Progress (1): 127/160 kB Progress (1): 131/160 kB Progress (1): 135/160 kB Progress (1): 139/160 kB Progress (1): 143/160 kB Progress (1): 147/160 kB Progress (1): 151/160 kB Progress (1): 155/160 kB Progress (1): 159/160 kB Progress (1): 160 kB Progress (2): 160 kB | 4.1/49 kB Progress (2): 160 kB | 7.7/49 kB Progress (2): 160 kB | 12/49 kB Progress (2): 160 kB | 16/49 kB Progress (2): 160 kB | 20/49 kB Progress (2): 160 kB | 24/49 kB Progress (2): 160 kB | 28/49 kB Progress (2): 160 kB | 32/49 kB Progress (2): 160 kB | 36/49 kB Progress (2): 160 kB | 41/49 kB Progress (2): 160 kB | 45/49 kB Progress (2): 160 kB | 49/49 kB Progress (3): 160 kB | 49/49 kB | 4.1/89 kB Progress (3): 160 kB | 49 kB | 4.1/89 kB Progress (3): 160 kB | 49 kB | 7.7/89 kB Progress (3): 160 kB | 49 kB | 12/89 kB Progress (3): 160 kB | 49 kB | 16/89 kB Progress (3): 160 kB | 49 kB | 20/89 kB Progress (3): 160 kB | 49 kB | 24/89 kB Progress (3): 160 kB | 49 kB | 28/89 kB Progress (3): 160 kB | 49 kB | 32/89 kB Progress (3): 160 kB | 49 kB | 36/89 kB Progress (3): 160 kB | 49 kB | 41/89 kB Progress (3): 160 kB | 49 kB | 45/89 kB Progress (3): 160 kB | 49 kB | 49/89 kB Progress (3): 160 kB | 49 kB | 53/89 kB Progress (3): 160 kB | 49 kB | 57/89 kB Progress (3): 160 kB | 49 kB | 61/89 kB Progress (3): 160 kB | 49 kB | 65/89 kB Progress (3): 160 kB | 49 kB | 69/89 kB Progress (3): 160 kB | 49 kB | 73/89 kB Progress (3): 160 kB | 49 kB | 77/89 kB Progress (3): 160 kB | 49 kB | 81/89 kB Progress (3): 160 kB | 49 kB | 86/89 kB Progress (3): 160 kB | 49 kB | 89 kB Progress (4): 160 kB | 49 kB | 89 kB | 3.4/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 7.5/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 12/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Progress (4): 160 kB | 89 kB | 13 kB | 4.1/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 7.7/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 12/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 16/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 20/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 24/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.7 MB/s) Progress (3): 89 kB | 13 kB | 28/211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Progress (3): 89 kB | 13 kB | 32/211 kB Progress (3): 89 kB | 13 kB | 36/211 kB Progress (3): 89 kB | 13 kB | 41/211 kB Progress (3): 89 kB | 13 kB | 45/211 kB Progress (3): 89 kB | 13 kB | 49/211 kB Progress (3): 89 kB | 13 kB | 53/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 2.0 MB/s) Progress (2): 13 kB | 57/211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Progress (2): 13 kB | 61/211 kB Progress (2): 13 kB | 65/211 kB Progress (2): 13 kB | 69/211 kB Progress (2): 13 kB | 73/211 kB Progress (2): 13 kB | 77/211 kB Progress (2): 13 kB | 81/211 kB Progress (2): 13 kB | 86/211 kB Progress (2): 13 kB | 90/211 kB Progress (2): 13 kB | 94/211 kB Progress (2): 13 kB | 98/211 kB Progress (2): 13 kB | 102/211 kB Progress (2): 13 kB | 106/211 kB Progress (2): 13 kB | 110/211 kB Progress (2): 13 kB | 114/211 kB Progress (2): 13 kB | 118/211 kB Progress (2): 13 kB | 122/211 kB Progress (2): 13 kB | 127/211 kB Progress (2): 13 kB | 131/211 kB Progress (2): 13 kB | 135/211 kB Progress (2): 13 kB | 139/211 kB Progress (2): 13 kB | 143/211 kB Progress (2): 13 kB | 147/211 kB Progress (2): 13 kB | 151/211 kB Progress (2): 13 kB | 155/211 kB Progress (2): 13 kB | 159/211 kB Progress (2): 13 kB | 163/211 kB Progress (2): 13 kB | 167/211 kB Progress (2): 13 kB | 172/211 kB Progress (2): 13 kB | 176/211 kB Progress (2): 13 kB | 180/211 kB Progress (2): 13 kB | 184/211 kB Progress (2): 13 kB | 188/211 kB Progress (2): 13 kB | 192/211 kB Progress (2): 13 kB | 196/211 kB Progress (2): 13 kB | 200/211 kB Progress (2): 13 kB | 204/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Progress (1): 208/211 kB Progress (1): 211 kB Progress (2): 211 kB | 4.1/21 kB Progress (2): 211 kB | 8.2/21 kB Progress (2): 211 kB | 12/21 kB Progress (2): 211 kB | 16/21 kB Progress (2): 211 kB | 20/21 kB Progress (2): 211 kB | 21 kB Progress (3): 211 kB | 21 kB | 4.1/87 kB Progress (3): 211 kB | 21 kB | 7.7/87 kB Progress (3): 211 kB | 21 kB | 12/87 kB Progress (3): 211 kB | 21 kB | 16/87 kB Progress (3): 211 kB | 21 kB | 20/87 kB Progress (3): 211 kB | 21 kB | 24/87 kB Progress (3): 211 kB | 21 kB | 28/87 kB Progress (3): 211 kB | 21 kB | 32/87 kB Progress (3): 211 kB | 21 kB | 36/87 kB Progress (3): 211 kB | 21 kB | 41/87 kB Progress (3): 211 kB | 21 kB | 45/87 kB Progress (3): 211 kB | 21 kB | 49/87 kB Progress (3): 211 kB | 21 kB | 53/87 kB Progress (4): 211 kB | 21 kB | 53/87 kB | 4.1/35 kB Progress (4): 211 kB | 21 kB | 57/87 kB | 4.1/35 kB Progress (4): 211 kB | 21 kB | 57/87 kB | 7.7/35 kB Progress (4): 211 kB | 21 kB | 61/87 kB | 7.7/35 kB Progress (4): 211 kB | 21 kB | 61/87 kB | 12/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 12/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 16/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 20/35 kB Progress (4): 211 kB | 21 kB | 69/87 kB | 20/35 kB Progress (4): 211 kB | 21 kB | 69/87 kB | 24/35 kB Progress (4): 211 kB | 21 kB | 73/87 kB | 24/35 kB Progress (4): 211 kB | 21 kB | 73/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 77/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 32/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 35 kB Progress (4): 211 kB | 21 kB | 86/87 kB | 35 kB Progress (4): 211 kB | 21 kB | 87 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 992 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Progress (2): 25 kB | 4.1/14 kB Progress (2): 25 kB | 7.7/14 kB Progress (2): 25 kB | 12/14 kB Progress (2): 25 kB | 14 kB Progress (3): 25 kB | 14 kB | 4.1/37 kB Progress (3): 25 kB | 14 kB | 7.7/37 kB Progress (3): 25 kB | 14 kB | 12/37 kB Progress (3): 25 kB | 14 kB | 16/37 kB Progress (3): 25 kB | 14 kB | 20/37 kB Progress (3): 25 kB | 14 kB | 24/37 kB Progress (3): 25 kB | 14 kB | 28/37 kB Progress (3): 25 kB | 14 kB | 32/37 kB Progress (3): 25 kB | 14 kB | 36/37 kB Progress (3): 25 kB | 14 kB | 37 kB Progress (4): 25 kB | 14 kB | 37 kB | 4.1/122 kB Progress (4): 25 kB | 14 kB | 37 kB | 7.7/122 kB Progress (4): 25 kB | 14 kB | 37 kB | 12/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 128 kB/s) Progress (3): 25 kB | 37 kB | 16/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (3): 25 kB | 37 kB | 20/122 kB Progress (3): 25 kB | 37 kB | 24/122 kB Progress (3): 25 kB | 37 kB | 28/122 kB Progress (3): 25 kB | 37 kB | 32/122 kB Progress (3): 25 kB | 37 kB | 36/122 kB Progress (3): 25 kB | 37 kB | 41/122 kB Progress (3): 25 kB | 37 kB | 45/122 kB Progress (3): 25 kB | 37 kB | 49/122 kB Progress (3): 25 kB | 37 kB | 53/122 kB Progress (3): 25 kB | 37 kB | 57/122 kB Progress (3): 25 kB | 37 kB | 61/122 kB Progress (3): 25 kB | 37 kB | 65/122 kB Progress (3): 25 kB | 37 kB | 69/122 kB Progress (3): 25 kB | 37 kB | 73/122 kB Progress (3): 25 kB | 37 kB | 77/122 kB Progress (3): 25 kB | 37 kB | 81/122 kB Progress (3): 25 kB | 37 kB | 86/122 kB Progress (3): 25 kB | 37 kB | 90/122 kB Progress (3): 25 kB | 37 kB | 94/122 kB Progress (3): 25 kB | 37 kB | 98/122 kB Progress (3): 25 kB | 37 kB | 102/122 kB Progress (3): 25 kB | 37 kB | 106/122 kB Progress (3): 25 kB | 37 kB | 110/122 kB Progress (3): 25 kB | 37 kB | 114/122 kB Progress (4): 25 kB | 37 kB | 114/122 kB | 4.1/29 kB Progress (4): 25 kB | 37 kB | 118/122 kB | 4.1/29 kB Progress (4): 25 kB | 37 kB | 118/122 kB | 7.7/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 7.7/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 12/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 16/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 20/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 24/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 28/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (4): 25 kB | 122 kB | 29 kB | 4.1/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 7.7/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 12/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 16/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 20/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 24/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 28/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 32/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 36/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 41/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 45/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 49/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 53/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 57/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 937 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 388 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (1): 4.1/10 kB Progress (1): 7.7/10 kB Progress (1): 10 kB Progress (2): 10 kB | 4.1/33 kB Progress (2): 10 kB | 7.7/33 kB Progress (2): 10 kB | 12/33 kB Progress (2): 10 kB | 16/33 kB Progress (2): 10 kB | 20/33 kB Progress (2): 10 kB | 24/33 kB Progress (2): 10 kB | 28/33 kB Progress (2): 10 kB | 32/33 kB Progress (2): 10 kB | 33 kB Progress (3): 10 kB | 33 kB | 4.1/155 kB Progress (3): 10 kB | 33 kB | 7.7/155 kB Progress (3): 10 kB | 33 kB | 12/155 kB Progress (3): 10 kB | 33 kB | 16/155 kB Progress (3): 10 kB | 33 kB | 20/155 kB Progress (3): 10 kB | 33 kB | 24/155 kB Progress (3): 10 kB | 33 kB | 28/155 kB Progress (3): 10 kB | 33 kB | 32/155 kB Progress (3): 10 kB | 33 kB | 36/155 kB Progress (3): 10 kB | 33 kB | 40/155 kB Progress (3): 10 kB | 33 kB | 44/155 kB Progress (3): 10 kB | 33 kB | 48/155 kB Progress (3): 10 kB | 33 kB | 53/155 kB Progress (3): 10 kB | 33 kB | 57/155 kB Progress (3): 10 kB | 33 kB | 61/155 kB Progress (3): 10 kB | 33 kB | 65/155 kB Progress (3): 10 kB | 33 kB | 69/155 kB Progress (3): 10 kB | 33 kB | 73/155 kB Progress (3): 10 kB | 33 kB | 77/155 kB Progress (3): 10 kB | 33 kB | 81/155 kB Progress (3): 10 kB | 33 kB | 85/155 kB Progress (3): 10 kB | 33 kB | 89/155 kB Progress (3): 10 kB | 33 kB | 94/155 kB Progress (3): 10 kB | 33 kB | 98/155 kB Progress (3): 10 kB | 33 kB | 102/155 kB Progress (3): 10 kB | 33 kB | 106/155 kB Progress (3): 10 kB | 33 kB | 110/155 kB Progress (3): 10 kB | 33 kB | 114/155 kB Progress (3): 10 kB | 33 kB | 118/155 kB Progress (3): 10 kB | 33 kB | 122/155 kB Progress (3): 10 kB | 33 kB | 126/155 kB Progress (3): 10 kB | 33 kB | 130/155 kB Progress (3): 10 kB | 33 kB | 134/155 kB Progress (3): 10 kB | 33 kB | 139/155 kB Progress (3): 10 kB | 33 kB | 143/155 kB Progress (3): 10 kB | 33 kB | 147/155 kB Progress (3): 10 kB | 33 kB | 151/155 kB Progress (3): 10 kB | 33 kB | 155 kB Progress (4): 10 kB | 33 kB | 155 kB | 4.1/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 7.7/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 12/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 844 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 14 kB | 4.1/32 kB Progress (2): 14 kB | 7.7/32 kB Progress (2): 14 kB | 12/32 kB Progress (2): 14 kB | 16/32 kB Progress (2): 14 kB | 20/32 kB Progress (2): 14 kB | 24/32 kB Progress (2): 14 kB | 28/32 kB Progress (2): 14 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (2): 32 kB | 4.1/4.2 kB Progress (2): 32 kB | 4.2 kB Progress (3): 32 kB | 4.2 kB | 4.1/4.6 kB Progress (3): 32 kB | 4.2 kB | 4.6 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 4.1/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 7.7/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 12/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 16/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 19 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 4.1/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 7.7/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 12/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 16/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 20/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 24/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (2): 25 kB | 4.1/217 kB Progress (2): 25 kB | 7.7/217 kB Progress (2): 25 kB | 12/217 kB Progress (2): 25 kB | 16/217 kB Progress (2): 25 kB | 20/217 kB Progress (2): 25 kB | 24/217 kB Progress (2): 25 kB | 28/217 kB Progress (2): 25 kB | 32/217 kB Progress (2): 25 kB | 36/217 kB Progress (2): 25 kB | 41/217 kB Progress (2): 25 kB | 45/217 kB Progress (2): 25 kB | 49/217 kB Progress (2): 25 kB | 53/217 kB Progress (2): 25 kB | 57/217 kB Progress (2): 25 kB | 61/217 kB Progress (2): 25 kB | 65/217 kB Progress (2): 25 kB | 69/217 kB Progress (2): 25 kB | 73/217 kB Progress (2): 25 kB | 77/217 kB Progress (2): 25 kB | 81/217 kB Progress (2): 25 kB | 86/217 kB Progress (2): 25 kB | 90/217 kB Progress (2): 25 kB | 94/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 108 kB/s) Progress (1): 98/217 kB Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (1): 102/217 kB Progress (1): 106/217 kB Progress (1): 110/217 kB Progress (1): 114/217 kB Progress (1): 118/217 kB Progress (1): 122/217 kB Progress (1): 127/217 kB Progress (1): 131/217 kB Progress (1): 135/217 kB Progress (1): 139/217 kB Progress (1): 143/217 kB Progress (1): 147/217 kB Progress (1): 151/217 kB Progress (1): 155/217 kB Progress (1): 159/217 kB Progress (1): 163/217 kB Progress (1): 167/217 kB Progress (1): 172/217 kB Progress (1): 176/217 kB Progress (1): 180/217 kB Progress (1): 184/217 kB Progress (1): 188/217 kB Progress (1): 192/217 kB Progress (1): 196/217 kB Progress (1): 200/217 kB Progress (1): 204/217 kB Progress (1): 208/217 kB Progress (1): 213/217 kB Progress (1): 217/217 kB Progress (1): 217 kB Progress (2): 217 kB | 4.1/358 kB Progress (2): 217 kB | 7.7/358 kB Progress (2): 217 kB | 12/358 kB Progress (2): 217 kB | 16/358 kB Progress (2): 217 kB | 20/358 kB Progress (2): 217 kB | 24/358 kB Progress (2): 217 kB | 28/358 kB Progress (2): 217 kB | 32/358 kB Progress (2): 217 kB | 36/358 kB Progress (2): 217 kB | 41/358 kB Progress (2): 217 kB | 45/358 kB Progress (2): 217 kB | 49/358 kB Progress (2): 217 kB | 53/358 kB Progress (2): 217 kB | 57/358 kB Progress (2): 217 kB | 61/358 kB Progress (2): 217 kB | 65/358 kB Progress (2): 217 kB | 69/358 kB Progress (2): 217 kB | 73/358 kB Progress (2): 217 kB | 77/358 kB Progress (2): 217 kB | 81/358 kB Progress (2): 217 kB | 86/358 kB Progress (2): 217 kB | 90/358 kB Progress (2): 217 kB | 94/358 kB Progress (2): 217 kB | 98/358 kB Progress (2): 217 kB | 102/358 kB Progress (2): 217 kB | 106/358 kB Progress (2): 217 kB | 110/358 kB Progress (2): 217 kB | 114/358 kB Progress (2): 217 kB | 118/358 kB Progress (2): 217 kB | 122/358 kB Progress (2): 217 kB | 127/358 kB Progress (2): 217 kB | 131/358 kB Progress (2): 217 kB | 135/358 kB Progress (2): 217 kB | 139/358 kB Progress (2): 217 kB | 143/358 kB Progress (2): 217 kB | 147/358 kB Progress (2): 217 kB | 151/358 kB Progress (3): 217 kB | 151/358 kB | 4.1/134 kB Progress (3): 217 kB | 155/358 kB | 4.1/134 kB Progress (3): 217 kB | 155/358 kB | 7.7/134 kB Progress (3): 217 kB | 155/358 kB | 12/134 kB Progress (3): 217 kB | 159/358 kB | 12/134 kB Progress (3): 217 kB | 163/358 kB | 12/134 kB Progress (3): 217 kB | 167/358 kB | 12/134 kB Progress (3): 217 kB | 172/358 kB | 12/134 kB Progress (3): 217 kB | 172/358 kB | 16/134 kB Progress (3): 217 kB | 172/358 kB | 20/134 kB Progress (3): 217 kB | 176/358 kB | 20/134 kB Progress (3): 217 kB | 176/358 kB | 24/134 kB Progress (3): 217 kB | 180/358 kB | 24/134 kB Progress (3): 217 kB | 180/358 kB | 28/134 kB Progress (3): 217 kB | 184/358 kB | 28/134 kB Progress (3): 217 kB | 188/358 kB | 28/134 kB Progress (3): 217 kB | 188/358 kB | 32/134 kB Progress (3): 217 kB | 192/358 kB | 32/134 kB Progress (3): 217 kB | 192/358 kB | 36/134 kB Progress (3): 217 kB | 196/358 kB | 36/134 kB Progress (3): 217 kB | 196/358 kB | 40/134 kB Progress (3): 217 kB | 200/358 kB | 40/134 kB Progress (3): 217 kB | 200/358 kB | 44/134 kB Progress (3): 217 kB | 204/358 kB | 44/134 kB Progress (3): 217 kB | 208/358 kB | 44/134 kB Progress (3): 217 kB | 208/358 kB | 48/134 kB Progress (3): 217 kB | 213/358 kB | 48/134 kB Progress (3): 217 kB | 213/358 kB | 53/134 kB Progress (3): 217 kB | 217/358 kB | 53/134 kB Progress (3): 217 kB | 217/358 kB | 57/134 kB Progress (3): 217 kB | 221/358 kB | 57/134 kB Progress (3): 217 kB | 221/358 kB | 61/134 kB Progress (3): 217 kB | 225/358 kB | 61/134 kB Progress (3): 217 kB | 229/358 kB | 61/134 kB Progress (3): 217 kB | 229/358 kB | 65/134 kB Progress (3): 217 kB | 229/358 kB | 69/134 kB Progress (3): 217 kB | 233/358 kB | 69/134 kB Progress (3): 217 kB | 233/358 kB | 73/134 kB Progress (3): 217 kB | 237/358 kB | 73/134 kB Progress (3): 217 kB | 237/358 kB | 77/134 kB Progress (3): 217 kB | 237/358 kB | 81/134 kB Progress (3): 217 kB | 241/358 kB | 81/134 kB Progress (3): 217 kB | 241/358 kB | 85/134 kB Progress (3): 217 kB | 245/358 kB | 85/134 kB Progress (3): 217 kB | 245/358 kB | 89/134 kB Progress (3): 217 kB | 249/358 kB | 89/134 kB Progress (3): 217 kB | 249/358 kB | 93/134 kB Progress (3): 217 kB | 254/358 kB | 93/134 kB Progress (3): 217 kB | 254/358 kB | 98/134 kB Progress (3): 217 kB | 258/358 kB | 98/134 kB Progress (3): 217 kB | 258/358 kB | 102/134 kB Progress (3): 217 kB | 262/358 kB | 102/134 kB Progress (3): 217 kB | 262/358 kB | 106/134 kB Progress (3): 217 kB | 266/358 kB | 106/134 kB Progress (3): 217 kB | 266/358 kB | 110/134 kB Progress (3): 217 kB | 270/358 kB | 110/134 kB Progress (3): 217 kB | 270/358 kB | 114/134 kB Progress (3): 217 kB | 274/358 kB | 114/134 kB Progress (3): 217 kB | 274/358 kB | 118/134 kB Progress (3): 217 kB | 278/358 kB | 118/134 kB Progress (3): 217 kB | 278/358 kB | 122/134 kB Progress (3): 217 kB | 282/358 kB | 122/134 kB Progress (3): 217 kB | 282/358 kB | 126/134 kB Progress (3): 217 kB | 286/358 kB | 126/134 kB Progress (3): 217 kB | 286/358 kB | 130/134 kB Progress (3): 217 kB | 286/358 kB | 134 kB Progress (3): 217 kB | 290/358 kB | 134 kB Progress (3): 217 kB | 294/358 kB | 134 kB Progress (3): 217 kB | 299/358 kB | 134 kB Progress (3): 217 kB | 303/358 kB | 134 kB Progress (3): 217 kB | 307/358 kB | 134 kB Progress (3): 217 kB | 311/358 kB | 134 kB Progress (3): 217 kB | 315/358 kB | 134 kB Progress (3): 217 kB | 319/358 kB | 134 kB Progress (3): 217 kB | 323/358 kB | 134 kB Progress (3): 217 kB | 327/358 kB | 134 kB Progress (3): 217 kB | 331/358 kB | 134 kB Progress (3): 217 kB | 335/358 kB | 134 kB Progress (3): 217 kB | 340/358 kB | 134 kB Progress (3): 217 kB | 344/358 kB | 134 kB Progress (3): 217 kB | 348/358 kB | 134 kB Progress (3): 217 kB | 352/358 kB | 134 kB Progress (3): 217 kB | 356/358 kB | 134 kB Progress (3): 217 kB | 358 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 836 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 358 kB | 134 kB | 4.1/46 kB Progress (3): 358 kB | 134 kB | 7.7/46 kB Progress (3): 358 kB | 134 kB | 12/46 kB Progress (3): 358 kB | 134 kB | 16/46 kB Progress (4): 358 kB | 134 kB | 16/46 kB | 4.1/45 kB Progress (4): 358 kB | 134 kB | 20/46 kB | 4.1/45 kB Progress (4): 358 kB | 134 kB | 20/46 kB | 7.7/45 kB Progress (4): 358 kB | 134 kB | 24/46 kB | 7.7/45 kB Progress (4): 358 kB | 134 kB | 24/46 kB | 12/45 kB Progress (4): 358 kB | 134 kB | 28/46 kB | 12/45 kB Progress (4): 358 kB | 134 kB | 28/46 kB | 16/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 16/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 20/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 24/45 kB Progress (4): 358 kB | 134 kB | 36/46 kB | 24/45 kB Progress (4): 358 kB | 134 kB | 36/46 kB | 28/45 kB Progress (4): 358 kB | 134 kB | 41/46 kB | 28/45 kB Progress (4): 358 kB | 134 kB | 41/46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 45/46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 36/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 41/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (4): 134 kB | 46 kB | 45 kB | 4.1/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 7.7/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 20/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 24/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 28/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 32/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 36/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 57/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 61/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 65/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 69/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 73/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 77/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 81/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 90/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 102/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 106/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 110/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 114/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 158 kB/s) Progress (3): 134 kB | 46 kB | 118/640 kB Progress (3): 134 kB | 46 kB | 122/640 kB Progress (3): 134 kB | 46 kB | 127/640 kB Progress (3): 134 kB | 46 kB | 131/640 kB Progress (3): 134 kB | 46 kB | 135/640 kB Progress (3): 134 kB | 46 kB | 139/640 kB Progress (3): 134 kB | 46 kB | 143/640 kB Progress (3): 134 kB | 46 kB | 147/640 kB Progress (3): 134 kB | 46 kB | 151/640 kB Progress (3): 134 kB | 46 kB | 155/640 kB Progress (3): 134 kB | 46 kB | 159/640 kB Progress (3): 134 kB | 46 kB | 163/640 kB Progress (3): 134 kB | 46 kB | 167/640 kB Progress (3): 134 kB | 46 kB | 172/640 kB Progress (3): 134 kB | 46 kB | 176/640 kB Progress (3): 134 kB | 46 kB | 180/640 kB Progress (3): 134 kB | 46 kB | 184/640 kB Progress (3): 134 kB | 46 kB | 188/640 kB Progress (3): 134 kB | 46 kB | 192/640 kB Progress (3): 134 kB | 46 kB | 196/640 kB Progress (3): 134 kB | 46 kB | 200/640 kB Progress (3): 134 kB | 46 kB | 204/640 kB Progress (3): 134 kB | 46 kB | 208/640 kB Progress (3): 134 kB | 46 kB | 213/640 kB Progress (3): 134 kB | 46 kB | 217/640 kB Progress (3): 134 kB | 46 kB | 221/640 kB Progress (3): 134 kB | 46 kB | 225/640 kB Progress (3): 134 kB | 46 kB | 229/640 kB Progress (3): 134 kB | 46 kB | 233/640 kB Progress (3): 134 kB | 46 kB | 237/640 kB Progress (3): 134 kB | 46 kB | 241/640 kB Progress (3): 134 kB | 46 kB | 245/640 kB Progress (3): 134 kB | 46 kB | 249/640 kB Progress (3): 134 kB | 46 kB | 254/640 kB Progress (3): 134 kB | 46 kB | 258/640 kB Progress (3): 134 kB | 46 kB | 262/640 kB Progress (3): 134 kB | 46 kB | 266/640 kB Progress (3): 134 kB | 46 kB | 270/640 kB Progress (3): 134 kB | 46 kB | 274/640 kB Progress (3): 134 kB | 46 kB | 278/640 kB Progress (3): 134 kB | 46 kB | 282/640 kB Progress (3): 134 kB | 46 kB | 286/640 kB Progress (3): 134 kB | 46 kB | 290/640 kB Progress (3): 134 kB | 46 kB | 294/640 kB Progress (3): 134 kB | 46 kB | 299/640 kB Progress (3): 134 kB | 46 kB | 303/640 kB Progress (3): 134 kB | 46 kB | 307/640 kB Progress (3): 134 kB | 46 kB | 311/640 kB Progress (3): 134 kB | 46 kB | 315/640 kB Progress (3): 134 kB | 46 kB | 319/640 kB Progress (3): 134 kB | 46 kB | 323/640 kB Progress (3): 134 kB | 46 kB | 327/640 kB Progress (3): 134 kB | 46 kB | 331/640 kB Progress (3): 134 kB | 46 kB | 335/640 kB Progress (3): 134 kB | 46 kB | 340/640 kB Progress (3): 134 kB | 46 kB | 344/640 kB Progress (3): 134 kB | 46 kB | 348/640 kB Progress (3): 134 kB | 46 kB | 352/640 kB Progress (3): 134 kB | 46 kB | 356/640 kB Progress (3): 134 kB | 46 kB | 360/640 kB Progress (3): 134 kB | 46 kB | 364/640 kB Progress (3): 134 kB | 46 kB | 368/640 kB Progress (3): 134 kB | 46 kB | 372/640 kB Progress (3): 134 kB | 46 kB | 376/640 kB Progress (3): 134 kB | 46 kB | 380/640 kB Progress (3): 134 kB | 46 kB | 385/640 kB Progress (3): 134 kB | 46 kB | 389/640 kB Progress (3): 134 kB | 46 kB | 393/640 kB Progress (3): 134 kB | 46 kB | 397/640 kB Progress (3): 134 kB | 46 kB | 401/640 kB Progress (3): 134 kB | 46 kB | 405/640 kB Progress (3): 134 kB | 46 kB | 409/640 kB Progress (3): 134 kB | 46 kB | 413/640 kB Progress (3): 134 kB | 46 kB | 417/640 kB Progress (3): 134 kB | 46 kB | 421/640 kB Progress (3): 134 kB | 46 kB | 426/640 kB Progress (3): 134 kB | 46 kB | 430/640 kB Progress (3): 134 kB | 46 kB | 434/640 kB Progress (3): 134 kB | 46 kB | 438/640 kB Progress (3): 134 kB | 46 kB | 442/640 kB Progress (3): 134 kB | 46 kB | 446/640 kB Progress (3): 134 kB | 46 kB | 450/640 kB Progress (3): 134 kB | 46 kB | 454/640 kB Progress (3): 134 kB | 46 kB | 458/640 kB Progress (3): 134 kB | 46 kB | 462/640 kB Progress (3): 134 kB | 46 kB | 466/640 kB Progress (3): 134 kB | 46 kB | 471/640 kB Progress (3): 134 kB | 46 kB | 475/640 kB Progress (3): 134 kB | 46 kB | 479/640 kB Progress (3): 134 kB | 46 kB | 483/640 kB Progress (3): 134 kB | 46 kB | 487/640 kB Progress (3): 134 kB | 46 kB | 491/640 kB Progress (3): 134 kB | 46 kB | 495/640 kB Progress (3): 134 kB | 46 kB | 499/640 kB Progress (3): 134 kB | 46 kB | 503/640 kB Progress (3): 134 kB | 46 kB | 507/640 kB Progress (3): 134 kB | 46 kB | 512/640 kB Progress (3): 134 kB | 46 kB | 516/640 kB Progress (3): 134 kB | 46 kB | 520/640 kB Progress (3): 134 kB | 46 kB | 524/640 kB Progress (3): 134 kB | 46 kB | 528/640 kB Progress (3): 134 kB | 46 kB | 532/640 kB Progress (3): 134 kB | 46 kB | 536/640 kB Progress (3): 134 kB | 46 kB | 540/640 kB Progress (3): 134 kB | 46 kB | 544/640 kB Progress (3): 134 kB | 46 kB | 548/640 kB Progress (3): 134 kB | 46 kB | 553/640 kB Progress (3): 134 kB | 46 kB | 557/640 kB Progress (3): 134 kB | 46 kB | 561/640 kB Progress (3): 134 kB | 46 kB | 565/640 kB Progress (3): 134 kB | 46 kB | 569/640 kB Progress (3): 134 kB | 46 kB | 573/640 kB Progress (3): 134 kB | 46 kB | 577/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 463 kB/s) Progress (2): 46 kB | 581/640 kB Progress (2): 46 kB | 585/640 kB Progress (2): 46 kB | 589/640 kB Progress (2): 46 kB | 593/640 kB Progress (2): 46 kB | 598/640 kB Progress (2): 46 kB | 602/640 kB Progress (2): 46 kB | 606/640 kB Progress (2): 46 kB | 610/640 kB Progress (2): 46 kB | 614/640 kB Progress (2): 46 kB | 618/640 kB Progress (2): 46 kB | 622/640 kB Progress (2): 46 kB | 626/640 kB Progress (2): 46 kB | 630/640 kB Progress (2): 46 kB | 634/640 kB Progress (2): 46 kB | 639/640 kB Progress (2): 46 kB | 640 kB Progress (3): 46 kB | 640 kB | 4.1/121 kB Progress (3): 46 kB | 640 kB | 7.7/121 kB Progress (3): 46 kB | 640 kB | 12/121 kB Progress (3): 46 kB | 640 kB | 16/121 kB Progress (3): 46 kB | 640 kB | 20/121 kB Progress (3): 46 kB | 640 kB | 24/121 kB Progress (3): 46 kB | 640 kB | 28/121 kB Progress (3): 46 kB | 640 kB | 32/121 kB Progress (3): 46 kB | 640 kB | 36/121 kB Progress (3): 46 kB | 640 kB | 40/121 kB Progress (3): 46 kB | 640 kB | 44/121 kB Progress (3): 46 kB | 640 kB | 48/121 kB Progress (3): 46 kB | 640 kB | 53/121 kB Progress (3): 46 kB | 640 kB | 57/121 kB Progress (3): 46 kB | 640 kB | 61/121 kB Progress (3): 46 kB | 640 kB | 65/121 kB Progress (3): 46 kB | 640 kB | 69/121 kB Progress (3): 46 kB | 640 kB | 73/121 kB Progress (3): 46 kB | 640 kB | 77/121 kB Progress (3): 46 kB | 640 kB | 81/121 kB Progress (3): 46 kB | 640 kB | 85/121 kB Progress (3): 46 kB | 640 kB | 89/121 kB Progress (3): 46 kB | 640 kB | 94/121 kB Progress (3): 46 kB | 640 kB | 98/121 kB Progress (3): 46 kB | 640 kB | 102/121 kB Progress (3): 46 kB | 640 kB | 106/121 kB Progress (3): 46 kB | 640 kB | 110/121 kB Progress (3): 46 kB | 640 kB | 114/121 kB Progress (3): 46 kB | 640 kB | 118/121 kB Progress (3): 46 kB | 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 154 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 390 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 506 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 428 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 975 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 345 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 514 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 312 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/316 kB Progress (1): 7.7/316 kB Progress (1): 12/316 kB Progress (1): 16/316 kB Progress (1): 20/316 kB Progress (1): 24/316 kB Progress (1): 28/316 kB Progress (1): 32/316 kB Progress (1): 36/316 kB Progress (1): 41/316 kB Progress (1): 45/316 kB Progress (1): 49/316 kB Progress (1): 53/316 kB Progress (1): 57/316 kB Progress (1): 61/316 kB Progress (1): 65/316 kB Progress (1): 69/316 kB Progress (1): 73/316 kB Progress (1): 77/316 kB Progress (1): 81/316 kB Progress (1): 86/316 kB Progress (1): 90/316 kB Progress (1): 94/316 kB Progress (1): 98/316 kB Progress (1): 102/316 kB Progress (1): 106/316 kB Progress (1): 110/316 kB Progress (1): 114/316 kB Progress (1): 118/316 kB Progress (1): 122/316 kB Progress (1): 127/316 kB Progress (1): 131/316 kB Progress (1): 135/316 kB Progress (1): 139/316 kB Progress (1): 143/316 kB Progress (1): 147/316 kB Progress (1): 151/316 kB Progress (1): 155/316 kB Progress (1): 159/316 kB Progress (1): 163/316 kB Progress (1): 167/316 kB Progress (1): 172/316 kB Progress (1): 176/316 kB Progress (1): 180/316 kB Progress (1): 184/316 kB Progress (1): 188/316 kB Progress (1): 192/316 kB Progress (1): 196/316 kB Progress (1): 200/316 kB Progress (1): 204/316 kB Progress (1): 208/316 kB Progress (1): 213/316 kB Progress (1): 217/316 kB Progress (1): 221/316 kB Progress (1): 225/316 kB Progress (1): 229/316 kB Progress (1): 232/316 kB Progress (1): 236/316 kB Progress (1): 240/316 kB Progress (1): 244/316 kB Progress (1): 248/316 kB Progress (1): 253/316 kB Progress (1): 257/316 kB Progress (1): 261/316 kB Progress (1): 265/316 kB Progress (1): 269/316 kB Progress (1): 273/316 kB Progress (1): 277/316 kB Progress (1): 281/316 kB Progress (1): 285/316 kB Progress (1): 289/316 kB Progress (1): 294/316 kB Progress (1): 298/316 kB Progress (1): 302/316 kB Progress (1): 306/316 kB Progress (1): 310/316 kB Progress (1): 314/316 kB Progress (1): 316 kB Progress (2): 316 kB | 4.1/35 kB Progress (2): 316 kB | 7.7/35 kB Progress (2): 316 kB | 12/35 kB Progress (2): 316 kB | 16/35 kB Progress (2): 316 kB | 20/35 kB Progress (2): 316 kB | 24/35 kB Progress (2): 316 kB | 28/35 kB Progress (2): 316 kB | 32/35 kB Progress (2): 316 kB | 35 kB Progress (3): 316 kB | 35 kB | 4.1/118 kB Progress (3): 316 kB | 35 kB | 7.7/118 kB Progress (3): 316 kB | 35 kB | 12/118 kB Progress (3): 316 kB | 35 kB | 16/118 kB Progress (3): 316 kB | 35 kB | 20/118 kB Progress (3): 316 kB | 35 kB | 24/118 kB Progress (3): 316 kB | 35 kB | 28/118 kB Progress (3): 316 kB | 35 kB | 32/118 kB Progress (3): 316 kB | 35 kB | 36/118 kB Progress (3): 316 kB | 35 kB | 41/118 kB Progress (3): 316 kB | 35 kB | 45/118 kB Progress (3): 316 kB | 35 kB | 49/118 kB Progress (3): 316 kB | 35 kB | 53/118 kB Progress (3): 316 kB | 35 kB | 57/118 kB Progress (3): 316 kB | 35 kB | 61/118 kB Progress (3): 316 kB | 35 kB | 65/118 kB Progress (3): 316 kB | 35 kB | 69/118 kB Progress (3): 316 kB | 35 kB | 73/118 kB Progress (3): 316 kB | 35 kB | 77/118 kB Progress (3): 316 kB | 35 kB | 81/118 kB Progress (3): 316 kB | 35 kB | 86/118 kB Progress (3): 316 kB | 35 kB | 90/118 kB Progress (3): 316 kB | 35 kB | 94/118 kB Progress (3): 316 kB | 35 kB | 98/118 kB Progress (3): 316 kB | 35 kB | 102/118 kB Progress (3): 316 kB | 35 kB | 106/118 kB Progress (3): 316 kB | 35 kB | 110/118 kB Progress (3): 316 kB | 35 kB | 114/118 kB Progress (3): 316 kB | 35 kB | 118 kB Progress (4): 316 kB | 35 kB | 118 kB | 4.1/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 7.7/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 12/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 16/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 20/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 24/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 28/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 31 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 4.1/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 7.7/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 12/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 16/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 20/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 24/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 28/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 32/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 36/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 41/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 45/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 49/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 53/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 57/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 826 kB/s) Progress (4): 316 kB | 118 kB | 31 kB | 61/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 316 kB | 118 kB | 31 kB | 65/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 69/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 73/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 77/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 81/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 86/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 90/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 94/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 98/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 102/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 106/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 110/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 114/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 118/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 122/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 127/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 131/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 135/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 139/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 143/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 147/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 151/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 155/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 159/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 163/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 167/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 172/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 176/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 180/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 184/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 188/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 192/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 196/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 200/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 204/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 208/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 213/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 217/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 221/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 225/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 229/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 233/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 237/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 241/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 245/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 249/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.5 MB/s) Progress (3): 316 kB | 31 kB | 254/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (3): 316 kB | 31 kB | 258/263 kB Progress (3): 316 kB | 31 kB | 262/263 kB Progress (3): 316 kB | 31 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 5.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 526 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 263 kB | 4.1/232 kB Progress (2): 263 kB | 7.7/232 kB Progress (2): 263 kB | 12/232 kB Progress (2): 263 kB | 16/232 kB Progress (2): 263 kB | 20/232 kB Progress (2): 263 kB | 24/232 kB Progress (2): 263 kB | 28/232 kB Progress (2): 263 kB | 32/232 kB Progress (2): 263 kB | 36/232 kB Progress (2): 263 kB | 41/232 kB Progress (2): 263 kB | 45/232 kB Progress (2): 263 kB | 49/232 kB Progress (2): 263 kB | 53/232 kB Progress (2): 263 kB | 57/232 kB Progress (2): 263 kB | 61/232 kB Progress (2): 263 kB | 65/232 kB Progress (2): 263 kB | 69/232 kB Progress (2): 263 kB | 73/232 kB Progress (2): 263 kB | 77/232 kB Progress (2): 263 kB | 81/232 kB Progress (2): 263 kB | 86/232 kB Progress (2): 263 kB | 90/232 kB Progress (2): 263 kB | 94/232 kB Progress (2): 263 kB | 98/232 kB Progress (2): 263 kB | 102/232 kB Progress (2): 263 kB | 106/232 kB Progress (2): 263 kB | 110/232 kB Progress (2): 263 kB | 114/232 kB Progress (2): 263 kB | 118/232 kB Progress (2): 263 kB | 122/232 kB Progress (2): 263 kB | 127/232 kB Progress (2): 263 kB | 131/232 kB Progress (2): 263 kB | 135/232 kB Progress (2): 263 kB | 139/232 kB Progress (2): 263 kB | 143/232 kB Progress (2): 263 kB | 147/232 kB Progress (2): 263 kB | 151/232 kB Progress (2): 263 kB | 155/232 kB Progress (2): 263 kB | 159/232 kB Progress (2): 263 kB | 163/232 kB Progress (2): 263 kB | 167/232 kB Progress (2): 263 kB | 172/232 kB Progress (2): 263 kB | 176/232 kB Progress (2): 263 kB | 180/232 kB Progress (2): 263 kB | 184/232 kB Progress (2): 263 kB | 188/232 kB Progress (2): 263 kB | 192/232 kB Progress (2): 263 kB | 196/232 kB Progress (2): 263 kB | 200/232 kB Progress (2): 263 kB | 204/232 kB Progress (2): 263 kB | 208/232 kB Progress (2): 263 kB | 213/232 kB Progress (2): 263 kB | 217/232 kB Progress (2): 263 kB | 221/232 kB Progress (2): 263 kB | 225/232 kB Progress (2): 263 kB | 229/232 kB Progress (2): 263 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 3.9 MB/s) Progress (2): 232 kB | 4.1/38 kB Progress (2): 232 kB | 7.7/38 kB Progress (2): 232 kB | 12/38 kB Progress (2): 232 kB | 16/38 kB Progress (2): 232 kB | 20/38 kB Progress (2): 232 kB | 24/38 kB Progress (2): 232 kB | 28/38 kB Progress (2): 232 kB | 32/38 kB Progress (2): 232 kB | 36/38 kB Progress (2): 232 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.8 MB/s) Progress (2): 38 kB | 4.1/10 kB Progress (2): 38 kB | 7.7/10 kB Progress (2): 38 kB | 10 kB Progress (3): 38 kB | 10 kB | 4.1/14 kB Progress (3): 38 kB | 10 kB | 7.7/14 kB Progress (3): 38 kB | 10 kB | 12/14 kB Progress (3): 38 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 417 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 123 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 75 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 615 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 193 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 843 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 374 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 10 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 417 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/327 kB Progress (1): 7.7/327 kB Progress (1): 12/327 kB Progress (1): 16/327 kB Progress (1): 20/327 kB Progress (1): 24/327 kB Progress (1): 28/327 kB Progress (1): 32/327 kB Progress (1): 36/327 kB Progress (1): 41/327 kB Progress (1): 45/327 kB Progress (1): 49/327 kB Progress (1): 53/327 kB Progress (1): 57/327 kB Progress (1): 61/327 kB Progress (1): 65/327 kB Progress (1): 69/327 kB Progress (1): 73/327 kB Progress (1): 77/327 kB Progress (1): 81/327 kB Progress (1): 86/327 kB Progress (1): 90/327 kB Progress (1): 94/327 kB Progress (1): 98/327 kB Progress (1): 102/327 kB Progress (1): 106/327 kB Progress (1): 110/327 kB Progress (1): 114/327 kB Progress (1): 118/327 kB Progress (1): 122/327 kB Progress (1): 127/327 kB Progress (1): 131/327 kB Progress (1): 135/327 kB Progress (1): 139/327 kB Progress (1): 143/327 kB Progress (1): 147/327 kB Progress (1): 151/327 kB Progress (1): 155/327 kB Progress (1): 159/327 kB Progress (1): 163/327 kB Progress (1): 167/327 kB Progress (1): 172/327 kB Progress (1): 176/327 kB Progress (1): 180/327 kB Progress (1): 184/327 kB Progress (1): 188/327 kB Progress (1): 192/327 kB Progress (1): 196/327 kB Progress (1): 200/327 kB Progress (1): 204/327 kB Progress (1): 208/327 kB Progress (1): 213/327 kB Progress (1): 217/327 kB Progress (1): 221/327 kB Progress (1): 225/327 kB Progress (1): 229/327 kB Progress (1): 233/327 kB Progress (1): 237/327 kB Progress (1): 241/327 kB Progress (1): 245/327 kB Progress (1): 249/327 kB Progress (1): 254/327 kB Progress (1): 258/327 kB Progress (1): 262/327 kB Progress (1): 266/327 kB Progress (1): 270/327 kB Progress (1): 274/327 kB Progress (1): 278/327 kB Progress (1): 282/327 kB Progress (1): 286/327 kB Progress (1): 290/327 kB Progress (1): 294/327 kB Progress (1): 299/327 kB Progress (1): 303/327 kB Progress (1): 307/327 kB Progress (1): 311/327 kB Progress (1): 315/327 kB Progress (1): 319/327 kB Progress (1): 323/327 kB Progress (1): 327 kB Progress (2): 327 kB | 4.1/79 kB Progress (2): 327 kB | 8.2/79 kB Progress (2): 327 kB | 12/79 kB Progress (2): 327 kB | 16/79 kB Progress (2): 327 kB | 20/79 kB Progress (2): 327 kB | 25/79 kB Progress (2): 327 kB | 29/79 kB Progress (2): 327 kB | 33/79 kB Progress (2): 327 kB | 37/79 kB Progress (2): 327 kB | 41/79 kB Progress (2): 327 kB | 45/79 kB Progress (2): 327 kB | 49/79 kB Progress (2): 327 kB | 53/79 kB Progress (2): 327 kB | 57/79 kB Progress (2): 327 kB | 61/79 kB Progress (2): 327 kB | 66/79 kB Progress (2): 327 kB | 70/79 kB Progress (2): 327 kB | 74/79 kB Progress (2): 327 kB | 78/79 kB Progress (2): 327 kB | 79 kB Progress (3): 327 kB | 79 kB | 4.1/26 kB Progress (3): 327 kB | 79 kB | 7.7/26 kB Progress (3): 327 kB | 79 kB | 12/26 kB Progress (3): 327 kB | 79 kB | 16/26 kB Progress (3): 327 kB | 79 kB | 20/26 kB Progress (3): 327 kB | 79 kB | 24/26 kB Progress (3): 327 kB | 79 kB | 26 kB Progress (4): 327 kB | 79 kB | 26 kB | 4.1/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 7.7/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 12/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 16/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 20/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 24/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 28/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 32/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 36/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 41/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 41 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 4.1/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 7.7/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 12/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 16/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 20/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 24/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 28/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 32/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 36 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 8.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 656 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Progress (3): 41 kB | 36 kB | 4.1/211 kB Progress (3): 41 kB | 36 kB | 7.7/211 kB Progress (3): 41 kB | 36 kB | 12/211 kB Progress (3): 41 kB | 36 kB | 16/211 kB Progress (3): 41 kB | 36 kB | 20/211 kB Progress (3): 41 kB | 36 kB | 24/211 kB Progress (3): 41 kB | 36 kB | 28/211 kB Progress (3): 41 kB | 36 kB | 32/211 kB Progress (3): 41 kB | 36 kB | 36/211 kB Progress (3): 41 kB | 36 kB | 41/211 kB Progress (4): 41 kB | 36 kB | 41/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 45/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 45/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 49/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 49/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 53/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 53/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 57/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 61/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 61/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 65/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 65/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 69/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 73/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 77/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 81/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 86/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 86/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 90/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 90/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 94/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 98/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 98/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 102/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 102/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 106/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 110/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 110/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 114/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 114/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 118/211 kB | 0.1/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 568 kB/s) Progress (3): 41 kB | 122/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 122/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 127/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 131/211 kB | 0.1/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (3): 41 kB | 135/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 135/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 139/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 143/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 143/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 147/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 147/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 151/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 151/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 155/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 155/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 159/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 159/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 163/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 163/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 167/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 167/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 172/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 172/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 176/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 176/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 180/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 180/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 184/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 184/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 188/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 188/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 192/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 192/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 196/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 196/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 200/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 200/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 204/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 204/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 208/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 211 kB | 0.2/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 579 kB/s) Progress (3): 211 kB | 1.0/1.0 MB | 2.5 kB Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (3): 211 kB | 1.0 MB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (2): 1.0 MB | 4.1/58 kB Progress (2): 1.0 MB | 7.7/58 kB Progress (2): 1.0 MB | 12/58 kB Progress (3): 1.0 MB | 12/58 kB | 4.1/116 kB Progress (3): 1.0 MB | 16/58 kB | 4.1/116 kB Progress (3): 1.0 MB | 16/58 kB | 7.7/116 kB Progress (3): 1.0 MB | 16/58 kB | 12/116 kB Progress (3): 1.0 MB | 16/58 kB | 16/116 kB Progress (3): 1.0 MB | 20/58 kB | 16/116 kB Progress (3): 1.0 MB | 24/58 kB | 16/116 kB Progress (3): 1.0 MB | 24/58 kB | 20/116 kB Progress (3): 1.0 MB | 28/58 kB | 20/116 kB Progress (3): 1.0 MB | 28/58 kB | 24/116 kB Progress (3): 1.0 MB | 32/58 kB | 24/116 kB Progress (3): 1.0 MB | 32/58 kB | 28/116 kB Progress (3): 1.0 MB | 32/58 kB | 32/116 kB Progress (3): 1.0 MB | 36/58 kB | 32/116 kB Progress (3): 1.0 MB | 36/58 kB | 36/116 kB Progress (3): 1.0 MB | 41/58 kB | 36/116 kB Progress (3): 1.0 MB | 41/58 kB | 41/116 kB Progress (3): 1.0 MB | 45/58 kB | 41/116 kB Progress (3): 1.0 MB | 45/58 kB | 45/116 kB Progress (3): 1.0 MB | 49/58 kB | 45/116 kB Progress (3): 1.0 MB | 49/58 kB | 49/116 kB Progress (3): 1.0 MB | 53/58 kB | 49/116 kB Progress (3): 1.0 MB | 53/58 kB | 53/116 kB Progress (3): 1.0 MB | 57/58 kB | 53/116 kB Progress (3): 1.0 MB | 57/58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 61/116 kB Progress (3): 1.0 MB | 58 kB | 65/116 kB Progress (3): 1.0 MB | 58 kB | 69/116 kB Progress (3): 1.0 MB | 58 kB | 73/116 kB Progress (3): 1.0 MB | 58 kB | 77/116 kB Progress (3): 1.0 MB | 58 kB | 81/116 kB Progress (3): 1.0 MB | 58 kB | 86/116 kB Progress (3): 1.0 MB | 58 kB | 90/116 kB Progress (3): 1.0 MB | 58 kB | 94/116 kB Progress (3): 1.0 MB | 58 kB | 98/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 10 MB/s) Progress (3): 58 kB | 116 kB | 4.1/85 kB Progress (3): 58 kB | 116 kB | 7.7/85 kB Progress (3): 58 kB | 116 kB | 12/85 kB Progress (3): 58 kB | 116 kB | 16/85 kB Progress (3): 58 kB | 116 kB | 20/85 kB Progress (3): 58 kB | 116 kB | 24/85 kB Progress (3): 58 kB | 116 kB | 28/85 kB Progress (3): 58 kB | 116 kB | 32/85 kB Progress (3): 58 kB | 116 kB | 36/85 kB Progress (3): 58 kB | 116 kB | 41/85 kB Progress (3): 58 kB | 116 kB | 45/85 kB Progress (3): 58 kB | 116 kB | 49/85 kB Progress (3): 58 kB | 116 kB | 53/85 kB Progress (3): 58 kB | 116 kB | 57/85 kB Progress (3): 58 kB | 116 kB | 61/85 kB Progress (3): 58 kB | 116 kB | 65/85 kB Progress (3): 58 kB | 116 kB | 69/85 kB Progress (3): 58 kB | 116 kB | 73/85 kB Progress (3): 58 kB | 116 kB | 77/85 kB Progress (3): 58 kB | 116 kB | 81/85 kB Progress (3): 58 kB | 116 kB | 85 kB Progress (4): 58 kB | 116 kB | 85 kB | 4.1/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 7.7/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 12/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 16/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 20/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 24/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 28/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 32/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 36/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 41/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 45/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 49/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 53/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 57/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 61/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 65/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 69/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 73/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 77/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 81/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 86/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 90/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 94/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 98/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 102/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 106/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 110/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 114/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 118/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 122/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 127/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 131/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 135/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 139/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 143/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 147/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 151/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 155/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 159/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 163/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 167/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 172/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 176/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 180/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 184/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 188/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 192/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 196/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 200/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 204/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 208/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 213/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 217/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 221/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 225/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 229/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 233/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 237/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 241/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 245/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 249/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 254/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 258/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 262/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 266/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 500 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 688 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 936 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.0 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 608 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 686 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 262 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 308 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 664 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 396 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 295 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 391 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 283 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 586 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/202 kB Progress (1): 7.7/202 kB Progress (1): 12/202 kB Progress (1): 16/202 kB Progress (1): 20/202 kB Progress (1): 24/202 kB Progress (1): 28/202 kB Progress (1): 32/202 kB Progress (1): 36/202 kB Progress (1): 40/202 kB Progress (1): 44/202 kB Progress (1): 48/202 kB Progress (1): 53/202 kB Progress (1): 57/202 kB Progress (1): 61/202 kB Progress (1): 65/202 kB Progress (1): 69/202 kB Progress (1): 73/202 kB Progress (1): 77/202 kB Progress (1): 81/202 kB Progress (1): 85/202 kB Progress (1): 89/202 kB Progress (1): 94/202 kB Progress (1): 98/202 kB Progress (1): 102/202 kB Progress (1): 106/202 kB Progress (1): 110/202 kB Progress (1): 114/202 kB Progress (1): 118/202 kB Progress (1): 122/202 kB Progress (1): 126/202 kB Progress (1): 130/202 kB Progress (1): 134/202 kB Progress (1): 139/202 kB Progress (1): 143/202 kB Progress (1): 147/202 kB Progress (1): 151/202 kB Progress (1): 155/202 kB Progress (1): 159/202 kB Progress (1): 163/202 kB Progress (1): 167/202 kB Progress (1): 171/202 kB Progress (1): 175/202 kB Progress (1): 180/202 kB Progress (1): 184/202 kB Progress (1): 188/202 kB Progress (1): 192/202 kB Progress (1): 196/202 kB Progress (1): 200/202 kB Progress (1): 202 kB Progress (2): 202 kB | 4.1/153 kB Progress (2): 202 kB | 7.7/153 kB Progress (2): 202 kB | 12/153 kB Progress (2): 202 kB | 16/153 kB Progress (2): 202 kB | 20/153 kB Progress (2): 202 kB | 24/153 kB Progress (2): 202 kB | 28/153 kB Progress (2): 202 kB | 32/153 kB Progress (3): 202 kB | 32/153 kB | 4.1/165 kB Progress (3): 202 kB | 36/153 kB | 4.1/165 kB Progress (3): 202 kB | 41/153 kB | 4.1/165 kB Progress (3): 202 kB | 41/153 kB | 7.7/165 kB Progress (3): 202 kB | 45/153 kB | 7.7/165 kB Progress (3): 202 kB | 45/153 kB | 12/165 kB Progress (3): 202 kB | 49/153 kB | 12/165 kB Progress (3): 202 kB | 49/153 kB | 16/165 kB Progress (3): 202 kB | 53/153 kB | 16/165 kB Progress (3): 202 kB | 57/153 kB | 16/165 kB Progress (3): 202 kB | 57/153 kB | 20/165 kB Progress (3): 202 kB | 61/153 kB | 20/165 kB Progress (3): 202 kB | 61/153 kB | 24/165 kB Progress (3): 202 kB | 65/153 kB | 24/165 kB Progress (3): 202 kB | 65/153 kB | 28/165 kB Progress (3): 202 kB | 69/153 kB | 28/165 kB Progress (3): 202 kB | 69/153 kB | 32/165 kB Progress (3): 202 kB | 73/153 kB | 32/165 kB Progress (3): 202 kB | 73/153 kB | 36/165 kB Progress (3): 202 kB | 77/153 kB | 36/165 kB Progress (3): 202 kB | 77/153 kB | 40/165 kB Progress (3): 202 kB | 81/153 kB | 40/165 kB Progress (3): 202 kB | 81/153 kB | 44/165 kB Progress (3): 202 kB | 86/153 kB | 44/165 kB Progress (3): 202 kB | 86/153 kB | 48/165 kB Progress (3): 202 kB | 90/153 kB | 48/165 kB Progress (3): 202 kB | 90/153 kB | 53/165 kB Progress (3): 202 kB | 94/153 kB | 53/165 kB Progress (3): 202 kB | 94/153 kB | 57/165 kB Progress (3): 202 kB | 98/153 kB | 57/165 kB Progress (3): 202 kB | 98/153 kB | 61/165 kB Progress (3): 202 kB | 102/153 kB | 61/165 kB Progress (3): 202 kB | 102/153 kB | 65/165 kB Progress (3): 202 kB | 106/153 kB | 65/165 kB Progress (3): 202 kB | 106/153 kB | 69/165 kB Progress (3): 202 kB | 110/153 kB | 69/165 kB Progress (3): 202 kB | 110/153 kB | 73/165 kB Progress (3): 202 kB | 114/153 kB | 73/165 kB Progress (3): 202 kB | 114/153 kB | 77/165 kB Progress (3): 202 kB | 118/153 kB | 77/165 kB Progress (3): 202 kB | 118/153 kB | 81/165 kB Progress (3): 202 kB | 122/153 kB | 81/165 kB Progress (3): 202 kB | 122/153 kB | 85/165 kB Progress (3): 202 kB | 127/153 kB | 85/165 kB Progress (3): 202 kB | 127/153 kB | 89/165 kB Progress (3): 202 kB | 131/153 kB | 89/165 kB Progress (3): 202 kB | 131/153 kB | 93/165 kB Progress (3): 202 kB | 135/153 kB | 93/165 kB Progress (3): 202 kB | 135/153 kB | 98/165 kB Progress (3): 202 kB | 135/153 kB | 102/165 kB Progress (3): 202 kB | 135/153 kB | 106/165 kB Progress (3): 202 kB | 139/153 kB | 106/165 kB Progress (3): 202 kB | 139/153 kB | 110/165 kB Progress (3): 202 kB | 143/153 kB | 110/165 kB Progress (3): 202 kB | 143/153 kB | 114/165 kB Progress (3): 202 kB | 147/153 kB | 114/165 kB Progress (3): 202 kB | 147/153 kB | 118/165 kB Progress (3): 202 kB | 151/153 kB | 118/165 kB Progress (3): 202 kB | 151/153 kB | 122/165 kB Progress (3): 202 kB | 153 kB | 122/165 kB Progress (3): 202 kB | 153 kB | 126/165 kB Progress (3): 202 kB | 153 kB | 130/165 kB Progress (3): 202 kB | 153 kB | 134/165 kB Progress (3): 202 kB | 153 kB | 139/165 kB Progress (3): 202 kB | 153 kB | 143/165 kB Progress (4): 202 kB | 153 kB | 143/165 kB | 4.1/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 4.1/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 7.7/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 12/472 kB Progress (4): 202 kB | 153 kB | 151/165 kB | 12/472 kB Progress (4): 202 kB | 153 kB | 151/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 155/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 159/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 159/165 kB | 20/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 20/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 24/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 28/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 28/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 32/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 36/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 41/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 45/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 49/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 53/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 57/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 61/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 65/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 69/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 73/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 77/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 81/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 86/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 90/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 94/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 98/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 102/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 106/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 110/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 114/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 118/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 122/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 127/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 131/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 135/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 139/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 143/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 147/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 151/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 155/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 159/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 163/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 167/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 172/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 176/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 180/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 184/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 188/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 192/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 196/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 200/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 204/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 208/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 213/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 217/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 221/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 225/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 229/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 233/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 237/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 241/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 245/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 249/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 254/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 258/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 262/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 266/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 270/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 274/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 278/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 282/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 286/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 290/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 294/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 299/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 303/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 307/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 311/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 315/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 319/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 323/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 327/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 331/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 335/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 340/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 344/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 348/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 352/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 356/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 360/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 364/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 368/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 372/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 376/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 380/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 385/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 389/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 393/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 397/472 kB Progress (5): 202 kB | 153 kB | 165 kB | 397/472 kB | 4.1/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 401/472 kB | 4.1/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 401/472 kB | 7.7/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 405/472 kB | 7.7/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 405/472 kB | 12/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 409/472 kB | 12/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 409/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 413/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 417/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 417/472 kB | 20/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 421/472 kB | 20/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 421/472 kB | 24/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 426/472 kB | 24/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 426/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 430/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 434/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 434/472 kB | 32/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 438/472 kB | 32/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 438/472 kB | 36/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 442/472 kB | 36/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 442/472 kB | 40/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 446/472 kB | 40/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 446/472 kB | 44/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 44/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 48/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 454/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 458/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 462/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 466/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 471/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 472 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 5.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 889 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 472 kB | 4.1/527 kB Progress (2): 472 kB | 7.7/527 kB Progress (2): 472 kB | 12/527 kB Progress (2): 472 kB | 16/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 8.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (1): 20/527 kB Progress (1): 24/527 kB Progress (1): 28/527 kB Progress (1): 32/527 kB Progress (1): 36/527 kB Progress (1): 40/527 kB Progress (1): 44/527 kB Progress (1): 48/527 kB Progress (1): 53/527 kB Progress (1): 57/527 kB Progress (1): 61/527 kB Progress (1): 65/527 kB Progress (1): 69/527 kB Progress (1): 73/527 kB Progress (1): 77/527 kB Progress (1): 81/527 kB Progress (1): 85/527 kB Progress (1): 89/527 kB Progress (1): 94/527 kB Progress (1): 98/527 kB Progress (1): 102/527 kB Progress (1): 106/527 kB Progress (1): 110/527 kB Progress (1): 114/527 kB Progress (1): 118/527 kB Progress (1): 122/527 kB Progress (1): 126/527 kB Progress (1): 130/527 kB Progress (1): 134/527 kB Progress (1): 139/527 kB Progress (1): 143/527 kB Progress (1): 147/527 kB Progress (1): 151/527 kB Progress (1): 155/527 kB Progress (1): 159/527 kB Progress (1): 163/527 kB Progress (1): 167/527 kB Progress (1): 171/527 kB Progress (1): 175/527 kB Progress (1): 180/527 kB Progress (1): 184/527 kB Progress (1): 188/527 kB Progress (1): 192/527 kB Progress (1): 196/527 kB Progress (1): 200/527 kB Progress (1): 204/527 kB Progress (1): 208/527 kB Progress (1): 212/527 kB Progress (1): 216/527 kB Progress (1): 220/527 kB Progress (1): 225/527 kB Progress (1): 229/527 kB Progress (1): 233/527 kB Progress (1): 237/527 kB Progress (1): 241/527 kB Progress (1): 245/527 kB Progress (1): 249/527 kB Progress (1): 253/527 kB Progress (1): 257/527 kB Progress (1): 261/527 kB Progress (1): 266/527 kB Progress (1): 270/527 kB Progress (1): 274/527 kB Progress (1): 278/527 kB Progress (1): 282/527 kB Progress (1): 286/527 kB Progress (1): 290/527 kB Progress (1): 294/527 kB Progress (1): 298/527 kB Progress (1): 302/527 kB Progress (1): 307/527 kB Progress (1): 311/527 kB Progress (1): 315/527 kB Progress (1): 319/527 kB Progress (1): 323/527 kB Progress (1): 327/527 kB Progress (1): 331/527 kB Progress (1): 335/527 kB Progress (1): 339/527 kB Progress (1): 343/527 kB Progress (1): 347/527 kB Progress (1): 352/527 kB Progress (1): 356/527 kB Progress (1): 360/527 kB Progress (1): 364/527 kB Progress (1): 368/527 kB Progress (1): 372/527 kB Progress (1): 376/527 kB Progress (1): 380/527 kB Progress (1): 384/527 kB Progress (1): 388/527 kB Progress (1): 393/527 kB Progress (1): 397/527 kB Progress (1): 401/527 kB Progress (1): 405/527 kB Progress (1): 409/527 kB Progress (1): 413/527 kB Progress (1): 417/527 kB Progress (1): 421/527 kB Progress (1): 425/527 kB Progress (1): 429/527 kB Progress (1): 433/527 kB Progress (1): 438/527 kB Progress (1): 442/527 kB Progress (1): 446/527 kB Progress (1): 450/527 kB Progress (1): 454/527 kB Progress (1): 458/527 kB Progress (1): 462/527 kB Progress (1): 466/527 kB Progress (1): 470/527 kB Progress (1): 474/527 kB Progress (1): 479/527 kB Progress (1): 483/527 kB Progress (1): 487/527 kB Progress (1): 491/527 kB Progress (1): 495/527 kB Progress (1): 499/527 kB Progress (1): 503/527 kB Progress (1): 507/527 kB Progress (1): 511/527 kB Progress (1): 515/527 kB Progress (1): 519/527 kB Progress (1): 524/527 kB Progress (1): 527 kB Progress (2): 527 kB | 4.1/30 kB Progress (2): 527 kB | 7.7/30 kB Progress (2): 527 kB | 12/30 kB Progress (2): 527 kB | 16/30 kB Progress (2): 527 kB | 20/30 kB Progress (2): 527 kB | 24/30 kB Progress (2): 527 kB | 28/30 kB Progress (2): 527 kB | 30 kB Progress (3): 527 kB | 30 kB | 4.1/47 kB Progress (3): 527 kB | 30 kB | 7.7/47 kB Progress (3): 527 kB | 30 kB | 12/47 kB Progress (3): 527 kB | 30 kB | 16/47 kB Progress (3): 527 kB | 30 kB | 20/47 kB Progress (3): 527 kB | 30 kB | 24/47 kB Progress (3): 527 kB | 30 kB | 28/47 kB Progress (3): 527 kB | 30 kB | 32/47 kB Progress (3): 527 kB | 30 kB | 36/47 kB Progress (3): 527 kB | 30 kB | 40/47 kB Progress (3): 527 kB | 30 kB | 44/47 kB Progress (3): 527 kB | 30 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (3): 30 kB | 47 kB | 4.1/38 kB Progress (3): 30 kB | 47 kB | 7.7/38 kB Progress (3): 30 kB | 47 kB | 12/38 kB Progress (3): 30 kB | 47 kB | 16/38 kB Progress (3): 30 kB | 47 kB | 20/38 kB Progress (3): 30 kB | 47 kB | 24/38 kB Progress (3): 30 kB | 47 kB | 28/38 kB Progress (3): 30 kB | 47 kB | 32/38 kB Progress (3): 30 kB | 47 kB | 36/38 kB Progress (3): 30 kB | 47 kB | 38 kB Progress (4): 30 kB | 47 kB | 38 kB | 4.1/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 7.7/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 12/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 16/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 20/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 24/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 28/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 32/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 36/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 41/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 45/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 49/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 53/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 57/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 61/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 65/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 69/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 73/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 77/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 81/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 86/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 90/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 94/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 98/148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 354 kB/s) Progress (3): 47 kB | 38 kB | 102/148 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (3): 47 kB | 38 kB | 106/148 kB Progress (3): 47 kB | 38 kB | 110/148 kB Progress (3): 47 kB | 38 kB | 114/148 kB Progress (3): 47 kB | 38 kB | 118/148 kB Progress (3): 47 kB | 38 kB | 122/148 kB Progress (3): 47 kB | 38 kB | 127/148 kB Progress (3): 47 kB | 38 kB | 131/148 kB Progress (3): 47 kB | 38 kB | 135/148 kB Progress (3): 47 kB | 38 kB | 139/148 kB Progress (3): 47 kB | 38 kB | 143/148 kB Progress (3): 47 kB | 38 kB | 147/148 kB Progress (3): 47 kB | 38 kB | 148 kB Progress (4): 47 kB | 38 kB | 148 kB | 4.1/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 8.2/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 12/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 16/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 20/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 25/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 29/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 33/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 37/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 41/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 45/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 49/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 51 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 4.1/106 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 7.7/106 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 12/106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 458 kB/s) Progress (4): 38 kB | 148 kB | 51 kB | 16/106 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (4): 38 kB | 148 kB | 51 kB | 20/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 24/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 28/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 32/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 36/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 41/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 45/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 49/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 53/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 57/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 61/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 65/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 69/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 73/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 77/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 81/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 86/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 90/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 94/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 98/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 102/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 106/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 430 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 886 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (1): 4.1/74 kB Progress (1): 7.7/74 kB Progress (1): 12/74 kB Progress (1): 16/74 kB Progress (1): 20/74 kB Progress (1): 24/74 kB Progress (1): 28/74 kB Progress (1): 32/74 kB Progress (1): 36/74 kB Progress (1): 41/74 kB Progress (1): 45/74 kB Progress (1): 49/74 kB Progress (1): 53/74 kB Progress (1): 57/74 kB Progress (1): 61/74 kB Progress (1): 65/74 kB Progress (1): 69/74 kB Progress (1): 73/74 kB Progress (1): 74 kB Progress (2): 74 kB | 4.1/14 kB Progress (2): 74 kB | 7.7/14 kB Progress (2): 74 kB | 12/14 kB Progress (2): 74 kB | 14 kB Progress (3): 74 kB | 14 kB | 4.1/108 kB Progress (4): 74 kB | 14 kB | 4.1/108 kB | 4.1/61 kB Progress (4): 74 kB | 14 kB | 7.7/108 kB | 4.1/61 kB Progress (4): 74 kB | 14 kB | 7.7/108 kB | 7.7/61 kB Progress (4): 74 kB | 14 kB | 12/108 kB | 7.7/61 kB Progress (4): 74 kB | 14 kB | 12/108 kB | 12/61 kB Progress (4): 74 kB | 14 kB | 16/108 kB | 12/61 kB Progress (4): 74 kB | 14 kB | 16/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 20/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 24/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 24/108 kB | 20/61 kB Progress (4): 74 kB | 14 kB | 28/108 kB | 20/61 kB Progress (4): 74 kB | 14 kB | 28/108 kB | 24/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 24/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 28/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 32/61 kB Progress (4): 74 kB | 14 kB | 36/108 kB | 32/61 kB Progress (4): 74 kB | 14 kB | 36/108 kB | 36/61 kB Progress (4): 74 kB | 14 kB | 41/108 kB | 36/61 kB Progress (4): 74 kB | 14 kB | 41/108 kB | 41/61 kB Progress (4): 74 kB | 14 kB | 45/108 kB | 41/61 kB Progress (4): 74 kB | 14 kB | 45/108 kB | 45/61 kB Progress (4): 74 kB | 14 kB | 49/108 kB | 45/61 kB Progress (4): 74 kB | 14 kB | 49/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 53/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 57/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 61/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 65/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 65/108 kB | 53/61 kB Progress (4): 74 kB | 14 kB | 69/108 kB | 53/61 kB Progress (4): 74 kB | 14 kB | 69/108 kB | 57/61 kB Progress (4): 74 kB | 14 kB | 73/108 kB | 57/61 kB Progress (4): 74 kB | 14 kB | 73/108 kB | 61/61 kB Progress (4): 74 kB | 14 kB | 77/108 kB | 61/61 kB Progress (4): 74 kB | 14 kB | 77/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 81/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 86/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 90/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 94/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 98/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 102/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 106/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 108 kB | 61 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 4.1/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 7.7/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 12/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 16/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 20/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 24/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 28/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 32/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 36/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 41/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 45/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 491 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 402 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 670 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (1): 4.1/29 kB Progress (1): 7.7/29 kB Progress (1): 12/29 kB Progress (1): 16/29 kB Progress (1): 20/29 kB Progress (1): 24/29 kB Progress (1): 28/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/52 kB Progress (2): 29 kB | 7.7/52 kB Progress (2): 29 kB | 12/52 kB Progress (2): 29 kB | 16/52 kB Progress (2): 29 kB | 20/52 kB Progress (2): 29 kB | 24/52 kB Progress (2): 29 kB | 28/52 kB Progress (2): 29 kB | 32/52 kB Progress (2): 29 kB | 36/52 kB Progress (2): 29 kB | 41/52 kB Progress (2): 29 kB | 45/52 kB Progress (2): 29 kB | 49/52 kB Progress (2): 29 kB | 52 kB Progress (3): 29 kB | 52 kB | 4.1/4.2 kB Progress (3): 29 kB | 52 kB | 4.2 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 4.1/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 7.7/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 12/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 13 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 4.1/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 7.7/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 12/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 16/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 20/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 24/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 28/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 32/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 36/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 41/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 45/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 49/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 53/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 57/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 61/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 65/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 69/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 73/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 77/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 81/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 86/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 90/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 94/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 98/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 102/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 106/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 110/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 114/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 118/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 122/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 127/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 131/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 135/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 139/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 143/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 147/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 151/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 155/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 159/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 163/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 167/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 172/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 176/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 180/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 184/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 188/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 192/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 196/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 200/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 204/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 208/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 213/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 217/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 221/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 225/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 229/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 233/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 237/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 241/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 245/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 249/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 254/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 258/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 262/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 265 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (2): 263 kB | 4.1/120 kB Progress (2): 263 kB | 7.7/120 kB Progress (2): 263 kB | 12/120 kB Progress (2): 263 kB | 16/120 kB Progress (2): 263 kB | 20/120 kB Progress (2): 263 kB | 24/120 kB Progress (2): 263 kB | 28/120 kB Progress (2): 263 kB | 32/120 kB Progress (2): 263 kB | 36/120 kB Progress (2): 263 kB | 41/120 kB Progress (2): 263 kB | 45/120 kB Progress (2): 263 kB | 49/120 kB Progress (2): 263 kB | 53/120 kB Progress (2): 263 kB | 57/120 kB Progress (2): 263 kB | 61/120 kB Progress (2): 263 kB | 65/120 kB Progress (2): 263 kB | 69/120 kB Progress (2): 263 kB | 73/120 kB Progress (2): 263 kB | 77/120 kB Progress (2): 263 kB | 81/120 kB Progress (2): 263 kB | 86/120 kB Progress (2): 263 kB | 90/120 kB Progress (2): 263 kB | 94/120 kB Progress (2): 263 kB | 98/120 kB Progress (2): 263 kB | 102/120 kB Progress (2): 263 kB | 106/120 kB Progress (2): 263 kB | 110/120 kB Progress (2): 263 kB | 114/120 kB Progress (2): 263 kB | 118/120 kB Progress (2): 263 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (2): 120 kB | 4.1/61 kB Progress (2): 120 kB | 7.7/61 kB Progress (2): 120 kB | 12/61 kB Progress (2): 120 kB | 16/61 kB Progress (2): 120 kB | 20/61 kB Progress (2): 120 kB | 24/61 kB Progress (2): 120 kB | 28/61 kB Progress (2): 120 kB | 32/61 kB Progress (2): 120 kB | 36/61 kB Progress (2): 120 kB | 41/61 kB Progress (2): 120 kB | 45/61 kB Progress (2): 120 kB | 49/61 kB Progress (2): 120 kB | 53/61 kB Progress (2): 120 kB | 57/61 kB Progress (2): 120 kB | 61/61 kB Progress (2): 120 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 537 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/164 kB Progress (2): 61 kB | 7.7/164 kB Progress (2): 61 kB | 12/164 kB Progress (2): 61 kB | 16/164 kB Progress (2): 61 kB | 20/164 kB Progress (2): 61 kB | 24/164 kB Progress (2): 61 kB | 28/164 kB Progress (2): 61 kB | 32/164 kB Progress (2): 61 kB | 36/164 kB Progress (2): 61 kB | 41/164 kB Progress (2): 61 kB | 45/164 kB Progress (2): 61 kB | 49/164 kB Progress (2): 61 kB | 53/164 kB Progress (2): 61 kB | 57/164 kB Progress (2): 61 kB | 61/164 kB Progress (2): 61 kB | 65/164 kB Progress (2): 61 kB | 69/164 kB Progress (2): 61 kB | 73/164 kB Progress (2): 61 kB | 77/164 kB Progress (2): 61 kB | 81/164 kB Progress (2): 61 kB | 86/164 kB Progress (2): 61 kB | 90/164 kB Progress (2): 61 kB | 94/164 kB Progress (2): 61 kB | 98/164 kB Progress (2): 61 kB | 102/164 kB Progress (2): 61 kB | 106/164 kB Progress (2): 61 kB | 110/164 kB Progress (2): 61 kB | 114/164 kB Progress (2): 61 kB | 118/164 kB Progress (2): 61 kB | 122/164 kB Progress (2): 61 kB | 127/164 kB Progress (2): 61 kB | 131/164 kB Progress (2): 61 kB | 135/164 kB Progress (2): 61 kB | 139/164 kB Progress (2): 61 kB | 143/164 kB Progress (2): 61 kB | 147/164 kB Progress (2): 61 kB | 151/164 kB Progress (2): 61 kB | 155/164 kB Progress (2): 61 kB | 159/164 kB Progress (2): 61 kB | 163/164 kB Progress (2): 61 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 262 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 4.1/335 kB Progress (2): 164 kB | 7.7/335 kB Progress (2): 164 kB | 12/335 kB Progress (2): 164 kB | 16/335 kB Progress (2): 164 kB | 20/335 kB Progress (2): 164 kB | 24/335 kB Progress (2): 164 kB | 28/335 kB Progress (2): 164 kB | 32/335 kB Progress (2): 164 kB | 36/335 kB Progress (2): 164 kB | 41/335 kB Progress (2): 164 kB | 45/335 kB Progress (2): 164 kB | 49/335 kB Progress (2): 164 kB | 53/335 kB Progress (2): 164 kB | 57/335 kB Progress (2): 164 kB | 61/335 kB Progress (2): 164 kB | 65/335 kB Progress (2): 164 kB | 69/335 kB Progress (2): 164 kB | 73/335 kB Progress (2): 164 kB | 77/335 kB Progress (2): 164 kB | 81/335 kB Progress (2): 164 kB | 86/335 kB Progress (2): 164 kB | 90/335 kB Progress (2): 164 kB | 94/335 kB Progress (2): 164 kB | 98/335 kB Progress (2): 164 kB | 102/335 kB Progress (2): 164 kB | 106/335 kB Progress (2): 164 kB | 110/335 kB Progress (2): 164 kB | 114/335 kB Progress (2): 164 kB | 118/335 kB Progress (2): 164 kB | 122/335 kB Progress (2): 164 kB | 127/335 kB Progress (2): 164 kB | 131/335 kB Progress (2): 164 kB | 135/335 kB Progress (2): 164 kB | 139/335 kB Progress (2): 164 kB | 143/335 kB Progress (2): 164 kB | 147/335 kB Progress (2): 164 kB | 151/335 kB Progress (2): 164 kB | 155/335 kB Progress (2): 164 kB | 159/335 kB Progress (2): 164 kB | 163/335 kB Progress (2): 164 kB | 167/335 kB Progress (2): 164 kB | 172/335 kB Progress (2): 164 kB | 176/335 kB Progress (2): 164 kB | 180/335 kB Progress (2): 164 kB | 184/335 kB Progress (2): 164 kB | 188/335 kB Progress (2): 164 kB | 192/335 kB Progress (2): 164 kB | 196/335 kB Progress (2): 164 kB | 200/335 kB Progress (2): 164 kB | 204/335 kB Progress (2): 164 kB | 208/335 kB Progress (2): 164 kB | 213/335 kB Progress (2): 164 kB | 217/335 kB Progress (2): 164 kB | 221/335 kB Progress (2): 164 kB | 225/335 kB Progress (2): 164 kB | 229/335 kB Progress (2): 164 kB | 233/335 kB Progress (2): 164 kB | 237/335 kB Progress (2): 164 kB | 241/335 kB Progress (2): 164 kB | 245/335 kB Progress (2): 164 kB | 249/335 kB Progress (2): 164 kB | 254/335 kB Progress (2): 164 kB | 258/335 kB Progress (2): 164 kB | 262/335 kB Progress (2): 164 kB | 266/335 kB Progress (2): 164 kB | 270/335 kB Progress (2): 164 kB | 274/335 kB Progress (2): 164 kB | 278/335 kB Progress (2): 164 kB | 282/335 kB Progress (2): 164 kB | 286/335 kB Progress (2): 164 kB | 290/335 kB Progress (2): 164 kB | 294/335 kB Progress (2): 164 kB | 299/335 kB Progress (2): 164 kB | 303/335 kB Progress (2): 164 kB | 307/335 kB Progress (2): 164 kB | 311/335 kB Progress (2): 164 kB | 315/335 kB Progress (2): 164 kB | 319/335 kB Progress (2): 164 kB | 323/335 kB Progress (2): 164 kB | 327/335 kB Progress (2): 164 kB | 331/335 kB Progress (2): 164 kB | 335 kB Progress (3): 164 kB | 335 kB | 4.1/26 kB Progress (3): 164 kB | 335 kB | 7.7/26 kB Progress (3): 164 kB | 335 kB | 12/26 kB Progress (3): 164 kB | 335 kB | 16/26 kB Progress (3): 164 kB | 335 kB | 20/26 kB Progress (3): 164 kB | 335 kB | 24/26 kB Progress (3): 164 kB | 335 kB | 26 kB Progress (4): 164 kB | 335 kB | 26 kB | 4.1/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 7.7/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 12/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 16/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 20/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 24/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 28/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 32/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 36/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 41/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 45/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 49/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 53/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 57/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 61/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 65/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 69/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 73/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 77/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 81/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 86/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 90/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 94/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 98/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 102/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 106/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 110/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 114/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 118/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 650 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (4): 335 kB | 26 kB | 122 kB | 4.1/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 7.7/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 12/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 16/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 20/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 24/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 28/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 32/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 36/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 41/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 45/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 49/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 53/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 57/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 61/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 65/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 69/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 464 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (1): 4.1/53 kB Progress (1): 7.7/53 kB Progress (1): 12/53 kB Progress (1): 16/53 kB Progress (1): 20/53 kB Progress (1): 24/53 kB Progress (1): 28/53 kB Progress (1): 32/53 kB Progress (1): 36/53 kB Progress (1): 41/53 kB Progress (1): 45/53 kB Progress (1): 49/53 kB Progress (1): 53 kB Progress (2): 53 kB | 4.1/33 kB Progress (2): 53 kB | 7.7/33 kB Progress (2): 53 kB | 12/33 kB Progress (2): 53 kB | 16/33 kB Progress (2): 53 kB | 20/33 kB Progress (2): 53 kB | 24/33 kB Progress (2): 53 kB | 28/33 kB Progress (2): 53 kB | 32/33 kB Progress (2): 53 kB | 33 kB Progress (3): 53 kB | 33 kB | 4.1/37 kB Progress (3): 53 kB | 33 kB | 7.7/37 kB Progress (3): 53 kB | 33 kB | 12/37 kB Progress (3): 53 kB | 33 kB | 16/37 kB Progress (3): 53 kB | 33 kB | 20/37 kB Progress (3): 53 kB | 33 kB | 24/37 kB Progress (3): 53 kB | 33 kB | 28/37 kB Progress (3): 53 kB | 33 kB | 32/37 kB Progress (3): 53 kB | 33 kB | 36/37 kB Progress (3): 53 kB | 33 kB | 37 kB Progress (4): 53 kB | 33 kB | 37 kB | 4.1/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 7.7/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 12/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 16/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 20/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 24/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 28/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 32/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 36/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 41/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 45/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 49/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 53/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 57/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 61/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 65/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 69/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 73/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 77/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 81/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 86/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 90/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 94/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 98/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 102/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 106/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 110/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 114/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 118/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 122/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 127/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 131/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 135/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 139/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 143/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 147/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 151/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 155/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 159/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 163/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 167/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 172/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 176/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 180/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 184/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 188/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 192/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 196/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 200/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 204/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 208/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 213/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 217/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 221/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 225/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 229/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 233/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 237/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 241/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 245/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 249/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 254/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 258/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 262/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 266/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 270/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 274/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 278/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 282/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 286/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 290/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 294/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 299/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 303/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 927 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (1): 4.1/180 kB Progress (1): 8.2/180 kB Progress (1): 12/180 kB Progress (1): 16/180 kB Progress (2): 16/180 kB | 4.1/134 kB Progress (2): 20/180 kB | 4.1/134 kB Progress (2): 25/180 kB | 4.1/134 kB Progress (2): 25/180 kB | 7.7/134 kB Progress (2): 29/180 kB | 7.7/134 kB Progress (2): 29/180 kB | 12/134 kB Progress (2): 33/180 kB | 12/134 kB Progress (2): 33/180 kB | 16/134 kB Progress (2): 37/180 kB | 16/134 kB Progress (2): 41/180 kB | 16/134 kB Progress (2): 41/180 kB | 20/134 kB Progress (2): 41/180 kB | 24/134 kB Progress (2): 45/180 kB | 24/134 kB Progress (2): 45/180 kB | 28/134 kB Progress (2): 49/180 kB | 28/134 kB Progress (2): 49/180 kB | 32/134 kB Progress (2): 53/180 kB | 32/134 kB Progress (2): 57/180 kB | 32/134 kB Progress (2): 57/180 kB | 36/134 kB Progress (2): 61/180 kB | 36/134 kB Progress (2): 61/180 kB | 41/134 kB Progress (2): 66/180 kB | 41/134 kB Progress (2): 66/180 kB | 45/134 kB Progress (2): 70/180 kB | 45/134 kB Progress (2): 70/180 kB | 49/134 kB Progress (2): 74/180 kB | 49/134 kB Progress (2): 74/180 kB | 53/134 kB Progress (2): 74/180 kB | 57/134 kB Progress (2): 78/180 kB | 57/134 kB Progress (2): 78/180 kB | 61/134 kB Progress (2): 82/180 kB | 61/134 kB Progress (2): 82/180 kB | 65/134 kB Progress (2): 86/180 kB | 65/134 kB Progress (2): 86/180 kB | 69/134 kB Progress (2): 90/180 kB | 69/134 kB Progress (2): 90/180 kB | 73/134 kB Progress (2): 90/180 kB | 77/134 kB Progress (2): 94/180 kB | 77/134 kB Progress (2): 94/180 kB | 81/134 kB Progress (2): 98/180 kB | 81/134 kB Progress (2): 98/180 kB | 86/134 kB Progress (2): 102/180 kB | 86/134 kB Progress (2): 102/180 kB | 90/134 kB Progress (2): 106/180 kB | 90/134 kB Progress (2): 106/180 kB | 94/134 kB Progress (2): 106/180 kB | 98/134 kB Progress (2): 111/180 kB | 98/134 kB Progress (2): 111/180 kB | 102/134 kB Progress (2): 115/180 kB | 102/134 kB Progress (2): 115/180 kB | 106/134 kB Progress (2): 119/180 kB | 106/134 kB Progress (2): 119/180 kB | 110/134 kB Progress (2): 123/180 kB | 110/134 kB Progress (2): 123/180 kB | 114/134 kB Progress (2): 123/180 kB | 118/134 kB Progress (2): 123/180 kB | 122/134 kB Progress (2): 123/180 kB | 127/134 kB Progress (2): 123/180 kB | 131/134 kB Progress (2): 123/180 kB | 134 kB Progress (2): 127/180 kB | 134 kB Progress (2): 131/180 kB | 134 kB Progress (2): 135/180 kB | 134 kB Progress (2): 139/180 kB | 134 kB Progress (2): 143/180 kB | 134 kB Progress (2): 147/180 kB | 134 kB Progress (2): 152/180 kB | 134 kB Progress (2): 156/180 kB | 134 kB Progress (2): 160/180 kB | 134 kB Progress (2): 164/180 kB | 134 kB Progress (2): 168/180 kB | 134 kB Progress (2): 172/180 kB | 134 kB Progress (2): 176/180 kB | 134 kB Progress (2): 180 kB | 134 kB Progress (3): 180 kB | 134 kB | 4.1/215 kB Progress (3): 180 kB | 134 kB | 7.7/215 kB Progress (3): 180 kB | 134 kB | 12/215 kB Progress (3): 180 kB | 134 kB | 16/215 kB Progress (3): 180 kB | 134 kB | 20/215 kB Progress (3): 180 kB | 134 kB | 24/215 kB Progress (3): 180 kB | 134 kB | 28/215 kB Progress (3): 180 kB | 134 kB | 32/215 kB Progress (3): 180 kB | 134 kB | 36/215 kB Progress (3): 180 kB | 134 kB | 41/215 kB Progress (3): 180 kB | 134 kB | 45/215 kB Progress (3): 180 kB | 134 kB | 49/215 kB Progress (3): 180 kB | 134 kB | 53/215 kB Progress (3): 180 kB | 134 kB | 57/215 kB Progress (3): 180 kB | 134 kB | 61/215 kB Progress (3): 180 kB | 134 kB | 65/215 kB Progress (3): 180 kB | 134 kB | 69/215 kB Progress (3): 180 kB | 134 kB | 73/215 kB Progress (3): 180 kB | 134 kB | 77/215 kB Progress (3): 180 kB | 134 kB | 81/215 kB Progress (3): 180 kB | 134 kB | 86/215 kB Progress (3): 180 kB | 134 kB | 90/215 kB Progress (3): 180 kB | 134 kB | 94/215 kB Progress (3): 180 kB | 134 kB | 98/215 kB Progress (3): 180 kB | 134 kB | 102/215 kB Progress (3): 180 kB | 134 kB | 106/215 kB Progress (3): 180 kB | 134 kB | 110/215 kB Progress (3): 180 kB | 134 kB | 114/215 kB Progress (3): 180 kB | 134 kB | 118/215 kB Progress (3): 180 kB | 134 kB | 122/215 kB Progress (3): 180 kB | 134 kB | 127/215 kB Progress (3): 180 kB | 134 kB | 131/215 kB Progress (3): 180 kB | 134 kB | 135/215 kB Progress (3): 180 kB | 134 kB | 139/215 kB Progress (3): 180 kB | 134 kB | 143/215 kB Progress (3): 180 kB | 134 kB | 147/215 kB Progress (3): 180 kB | 134 kB | 151/215 kB Progress (3): 180 kB | 134 kB | 155/215 kB Progress (3): 180 kB | 134 kB | 159/215 kB Progress (3): 180 kB | 134 kB | 163/215 kB Progress (3): 180 kB | 134 kB | 167/215 kB Progress (3): 180 kB | 134 kB | 172/215 kB Progress (3): 180 kB | 134 kB | 176/215 kB Progress (3): 180 kB | 134 kB | 180/215 kB Progress (3): 180 kB | 134 kB | 184/215 kB Progress (3): 180 kB | 134 kB | 188/215 kB Progress (3): 180 kB | 134 kB | 192/215 kB Progress (3): 180 kB | 134 kB | 196/215 kB Progress (3): 180 kB | 134 kB | 200/215 kB Progress (3): 180 kB | 134 kB | 204/215 kB Progress (3): 180 kB | 134 kB | 208/215 kB Progress (3): 180 kB | 134 kB | 213/215 kB Progress (3): 180 kB | 134 kB | 215 kB Progress (4): 180 kB | 134 kB | 215 kB | 4.1/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 7.7/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 12/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 16/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 20/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 24/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 28/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 32/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 36/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 41/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 45/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 49/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 53/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 57/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 61/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 65/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 69/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 73/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 77/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 81/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 511 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 603 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 372 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (1): 0.4/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (2): 1.1/2.6 MB | 4.1/4.6 kB Progress (2): 1.1/2.6 MB | 4.1/4.6 kB Progress (2): 1.1/2.6 MB | 4.6 kB Progress (2): 1.1/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 4.1/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 4.1/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 7.7/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 12/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 16/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 16/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 20 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (5): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB | 4.1/5.9 kB Progress (5): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.4 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Progress (2): 14 kB | 4.1/8.8 kB Progress (2): 14 kB | 7.7/8.8 kB Progress (2): 14 kB | 8.8 kB Progress (3): 14 kB | 8.8 kB | 4.1/500 kB Progress (3): 14 kB | 8.8 kB | 7.7/500 kB Progress (3): 14 kB | 8.8 kB | 12/500 kB Progress (3): 14 kB | 8.8 kB | 16/500 kB Progress (3): 14 kB | 8.8 kB | 20/500 kB Progress (3): 14 kB | 8.8 kB | 24/500 kB Progress (3): 14 kB | 8.8 kB | 28/500 kB Progress (3): 14 kB | 8.8 kB | 32/500 kB Progress (3): 14 kB | 8.8 kB | 36/500 kB Progress (3): 14 kB | 8.8 kB | 41/500 kB Progress (3): 14 kB | 8.8 kB | 45/500 kB Progress (3): 14 kB | 8.8 kB | 49/500 kB Progress (3): 14 kB | 8.8 kB | 53/500 kB Progress (3): 14 kB | 8.8 kB | 57/500 kB Progress (3): 14 kB | 8.8 kB | 61/500 kB Progress (3): 14 kB | 8.8 kB | 65/500 kB Progress (3): 14 kB | 8.8 kB | 69/500 kB Progress (3): 14 kB | 8.8 kB | 73/500 kB Progress (3): 14 kB | 8.8 kB | 77/500 kB Progress (3): 14 kB | 8.8 kB | 81/500 kB Progress (3): 14 kB | 8.8 kB | 86/500 kB Progress (3): 14 kB | 8.8 kB | 90/500 kB Progress (3): 14 kB | 8.8 kB | 94/500 kB Progress (3): 14 kB | 8.8 kB | 98/500 kB Progress (3): 14 kB | 8.8 kB | 102/500 kB Progress (3): 14 kB | 8.8 kB | 106/500 kB Progress (3): 14 kB | 8.8 kB | 110/500 kB Progress (3): 14 kB | 8.8 kB | 114/500 kB Progress (3): 14 kB | 8.8 kB | 118/500 kB Progress (3): 14 kB | 8.8 kB | 122/500 kB Progress (3): 14 kB | 8.8 kB | 127/500 kB Progress (3): 14 kB | 8.8 kB | 131/500 kB Progress (3): 14 kB | 8.8 kB | 135/500 kB Progress (3): 14 kB | 8.8 kB | 139/500 kB Progress (3): 14 kB | 8.8 kB | 143/500 kB Progress (3): 14 kB | 8.8 kB | 147/500 kB Progress (3): 14 kB | 8.8 kB | 151/500 kB Progress (3): 14 kB | 8.8 kB | 155/500 kB Progress (3): 14 kB | 8.8 kB | 159/500 kB Progress (3): 14 kB | 8.8 kB | 163/500 kB Progress (3): 14 kB | 8.8 kB | 167/500 kB Progress (3): 14 kB | 8.8 kB | 172/500 kB Progress (3): 14 kB | 8.8 kB | 176/500 kB Progress (3): 14 kB | 8.8 kB | 180/500 kB Progress (3): 14 kB | 8.8 kB | 184/500 kB Progress (3): 14 kB | 8.8 kB | 188/500 kB Progress (3): 14 kB | 8.8 kB | 192/500 kB Progress (3): 14 kB | 8.8 kB | 196/500 kB Progress (3): 14 kB | 8.8 kB | 200/500 kB Progress (3): 14 kB | 8.8 kB | 204/500 kB Progress (3): 14 kB | 8.8 kB | 208/500 kB Progress (3): 14 kB | 8.8 kB | 213/500 kB Progress (3): 14 kB | 8.8 kB | 217/500 kB Progress (3): 14 kB | 8.8 kB | 221/500 kB Progress (3): 14 kB | 8.8 kB | 225/500 kB Progress (3): 14 kB | 8.8 kB | 229/500 kB Progress (3): 14 kB | 8.8 kB | 233/500 kB Progress (3): 14 kB | 8.8 kB | 237/500 kB Progress (3): 14 kB | 8.8 kB | 241/500 kB Progress (3): 14 kB | 8.8 kB | 245/500 kB Progress (3): 14 kB | 8.8 kB | 249/500 kB Progress (3): 14 kB | 8.8 kB | 254/500 kB Progress (3): 14 kB | 8.8 kB | 258/500 kB Progress (3): 14 kB | 8.8 kB | 262/500 kB Progress (3): 14 kB | 8.8 kB | 266/500 kB Progress (3): 14 kB | 8.8 kB | 270/500 kB Progress (3): 14 kB | 8.8 kB | 274/500 kB Progress (3): 14 kB | 8.8 kB | 278/500 kB Progress (3): 14 kB | 8.8 kB | 282/500 kB Progress (3): 14 kB | 8.8 kB | 286/500 kB Progress (3): 14 kB | 8.8 kB | 290/500 kB Progress (3): 14 kB | 8.8 kB | 294/500 kB Progress (3): 14 kB | 8.8 kB | 299/500 kB Progress (3): 14 kB | 8.8 kB | 303/500 kB Progress (3): 14 kB | 8.8 kB | 307/500 kB Progress (3): 14 kB | 8.8 kB | 311/500 kB Progress (3): 14 kB | 8.8 kB | 315/500 kB Progress (3): 14 kB | 8.8 kB | 319/500 kB Progress (3): 14 kB | 8.8 kB | 323/500 kB Progress (3): 14 kB | 8.8 kB | 327/500 kB Progress (3): 14 kB | 8.8 kB | 331/500 kB Progress (3): 14 kB | 8.8 kB | 335/500 kB Progress (3): 14 kB | 8.8 kB | 340/500 kB Progress (3): 14 kB | 8.8 kB | 344/500 kB Progress (3): 14 kB | 8.8 kB | 348/500 kB Progress (3): 14 kB | 8.8 kB | 352/500 kB Progress (3): 14 kB | 8.8 kB | 356/500 kB Progress (3): 14 kB | 8.8 kB | 360/500 kB Progress (3): 14 kB | 8.8 kB | 364/500 kB Progress (3): 14 kB | 8.8 kB | 368/500 kB Progress (3): 14 kB | 8.8 kB | 372/500 kB Progress (3): 14 kB | 8.8 kB | 376/500 kB Progress (3): 14 kB | 8.8 kB | 380/500 kB Progress (3): 14 kB | 8.8 kB | 385/500 kB Progress (3): 14 kB | 8.8 kB | 389/500 kB Progress (3): 14 kB | 8.8 kB | 393/500 kB Progress (3): 14 kB | 8.8 kB | 397/500 kB Progress (3): 14 kB | 8.8 kB | 401/500 kB Progress (3): 14 kB | 8.8 kB | 405/500 kB Progress (3): 14 kB | 8.8 kB | 409/500 kB Progress (3): 14 kB | 8.8 kB | 413/500 kB Progress (3): 14 kB | 8.8 kB | 417/500 kB Progress (3): 14 kB | 8.8 kB | 421/500 kB Progress (3): 14 kB | 8.8 kB | 426/500 kB Progress (3): 14 kB | 8.8 kB | 430/500 kB Progress (3): 14 kB | 8.8 kB | 434/500 kB Progress (3): 14 kB | 8.8 kB | 438/500 kB Progress (3): 14 kB | 8.8 kB | 442/500 kB Progress (3): 14 kB | 8.8 kB | 446/500 kB Progress (3): 14 kB | 8.8 kB | 450/500 kB Progress (3): 14 kB | 8.8 kB | 454/500 kB Progress (3): 14 kB | 8.8 kB | 458/500 kB Progress (3): 14 kB | 8.8 kB | 462/500 kB Progress (3): 14 kB | 8.8 kB | 466/500 kB Progress (3): 14 kB | 8.8 kB | 471/500 kB Progress (3): 14 kB | 8.8 kB | 475/500 kB Progress (3): 14 kB | 8.8 kB | 479/500 kB Progress (3): 14 kB | 8.8 kB | 483/500 kB Progress (3): 14 kB | 8.8 kB | 487/500 kB Progress (3): 14 kB | 8.8 kB | 491/500 kB Progress (3): 14 kB | 8.8 kB | 495/500 kB Progress (3): 14 kB | 8.8 kB | 499/500 kB Progress (3): 14 kB | 8.8 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 32 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 19.016 s [INFO] Finished at: 2026-02-10T22:16:15Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="2141ba55580678246c722e07819f9c5ce33e3df7" "org.opencontainers.image.revision"="2141ba55580678246c722e07819f9c5ce33e3df7" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-02-10T22:15:45Z" "org.opencontainers.image.created"="2026-02-10T22:15:45Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 --> dcb8d10316f9 Successfully tagged quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 [2026-02-10T22:16:17,102735406+00:00] Unsetting proxy [2026-02-10T22:16:17,103977225+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination [2026-02-10T22:16:19,085601780+00:00] End build pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-push: [2026-02-10T22:16:19,179055097+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:16:21,144718486+00:00] Convert image [2026-02-10T22:16:21,145782733+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-lhdm7-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-lhdm7-build-container Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination [2026-02-10T22:16:24,613572757+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 [2026-02-10T22:16:25,359642666+00:00] End push pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-sbom-syft-generate: [2026-02-10T22:16:26,274642973+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:16:34,205149949+00:00] End sbom-syft-generate pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-prepare-sboms: [2026-02-10T22:16:34,390305072+00:00] Prepare SBOM [2026-02-10T22:16:34,394075630+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:16:35,468 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:16:35,597 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:16:36,612 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:16:36,612 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:16:36,612 [INFO] mobster.log: Contextual workflow completed in 1.03s 2026-02-10 22:16:36,643 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:16:36,705479657+00:00] End prepare-sboms pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-upload-sbom: [2026-02-10T22:16:37,495359009+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4b55d463f596c2f083818f9d952039d011772597791b894e89d7a778ff5bdc53 [2026-02-10T22:16:39,691613278+00:00] End upload-sbom pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: prepare 2026/02/10 22:16:55 Entrypoint initialization pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: place-scripts 2026/02/10 22:16:56 Decoded script /tekton/scripts/script-0-drckg pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | container step-push: [2026-02-10T22:17:01,594207274+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.pGR4GbRBE5 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:sha256-4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429.dockerfile Dockerfile pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | init container: prepare 2026/02/10 22:16:53 Entrypoint initialization pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | init container: place-scripts 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-0-pw7fb 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-1-rdzkl 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-2-pg9k2 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-3-fr69w 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-4-rj4xf 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-5-7pzqw pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Auth json written to "/auth/auth.json". pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-set-skip-for-bundles: 2026/02/10 22:16:58 INFO Step was skipped due to when expressions were evaluated to false. pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-app-check: time="2026-02-10T22:16:58Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:16:58Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 for platform amd64" time="2026-02-10T22:16:58Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7" time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:17:06Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:17:06Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:17:16Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:17:18Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:17:18Z" level=info msg="This image's tag on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 will be paired with digest sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 37, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9573, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 2064, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:17:18Z" level=info msg="Preflight result: FAILED" pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761839","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761839","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: prepare 2026/02/10 22:16:55 Entrypoint initialization pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: place-scripts 2026/02/10 22:16:55 Decoded script /tekton/scripts/script-0-56dbt 2026/02/10 22:16:55 Decoded script /tekton/scripts/script-1-hg52h pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-component-pac-xmjyvu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:17:00+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-apply-tags-pod | init container: prepare 2026/02/10 22:16:51 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:16:54Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7" time="2026-02-10T22:16:54Z" level=info msg="[param] Image digest: sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429" time="2026-02-10T22:16:54Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:16:55Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | init container: prepare 2026/02/10 22:16:51 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | init container: place-scripts 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-0-mlmp2 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-1-h8wnn 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-2-qm6bz 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-3-wr7zq pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429. pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:16:59Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:16:59Z INF libvuln initialized component=libvuln/New 2026-02-10T22:17:00Z INF registered configured scanners component=libindex/New 2026-02-10T22:17:00Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:17:00Z INF index request start component=libindex/Libindex.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 2026-02-10T22:17:00Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 2026-02-10T22:17:00Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=CheckManifest 2026-02-10T22:17:00Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=ScanLayers 2026-02-10T22:17:03Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:17:03Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:17:04Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=ScanLayers 2026-02-10T22:17:04Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexManifest 2026-02-10T22:17:04Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexFinished 2026-02-10T22:17:04Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexFinished 2026-02-10T22:17:04Z INF index request done component=libindex/Libindex.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 { "manifest_hash": "sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "51af321a-0ba2-4beb-9d64-a7d4d7c03e20": { "id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "54ceb315-8a23-4a20-b623-82adfc643122": { "id": "54ceb315-8a23-4a20-b623-82adfc643122", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "70ca0848-dac1-49ab-8483-f40fd777b20a": { "id": "70ca0848-dac1-49ab-8483-f40fd777b20a", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "8b86475b-6dca-4c33-959a-ee49ff6dbc37": { "id": "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "920bf0f0-2093-4884-a0ac-fbbc07b53ef2": { "id": "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0": { "id": "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "ae69c572-c8a6-4945-98c9-3e4175f71185": { "id": "ae69c572-c8a6-4945-98c9-3e4175f71185", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "8b86475b-6dca-4c33-959a-ee49ff6dbc37" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "8b86475b-6dca-4c33-959a-ee49ff6dbc37" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: file-libs-5.33-27.el8_10 (CVE-2019-8905), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), expat-2.5.0-1.el8_10 (CVE-2024-28757), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), tar-2:1.30-11.el8_10 (CVE-2025-45582), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: file-libs-5.33-27.el8_10 (CVE-2019-8906), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), pcre2-10.32-3.el8_6 (CVE-2022-41409), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libzstd-1.4.4-1.el8 (CVE-2021-24032), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), gawk-4.2.1-4.el8 (CVE-2023-4156), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "digests": ["sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:17:18+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | init container: prepare 2026/02/10 22:16:53 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | init container: place-scripts 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-0-7k7xw 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-1-b8zsv pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 17.386 sec (0 m 17 s) Start Date: 2026:02:10 22:17:09 End Date: 2026:02:10 22:17:27 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "digests": ["sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429"]}} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 9b40afe0e330 clamscan-ec-test-amd64.json Uploading 5cf55a933afa clamscan-result-amd64.log Uploaded 5cf55a933afa clamscan-result-amd64.log Uploaded 9b40afe0e330 clamscan-ec-test-amd64.json Uploading f1649e25c1f7 application/vnd.oci.image.manifest.v1+json Uploaded f1649e25c1f7 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 Digest: sha256:f1649e25c1f77041af6a9768dfd17b22970ddf7c9f782e8ce84e7167c0f913e8 pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | init container: prepare 2026/02/10 22:15:11 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | init container: place-scripts 2026/02/10 22:15:12 Decoded script /tekton/scripts/script-0-9bw6z pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to [FAILED] in [It] - /tmp/tmp.EaIZ2fdreL/tests/integration-service/integration.go:104 @ 02/10/26 22:17:34.606 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc000a95ad0>: pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: prepare 2026/02/10 22:15:37 Entrypoint initialization pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: place-scripts 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-0-vrjmc 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-1-w2sd4 2026/02/10 22:15:37 Decoded script /tekton/scripts/script-2-st4xk 2026/02/10 22:15:38 Decoded script /tekton/scripts/script-3-jm85g 2026/02/10 22:15:38 Decoded script /tekton/scripts/script-4-4kfjh pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-build: [2026-02-10T22:15:43,035280439+00:00] Validate context path [2026-02-10T22:15:43,038521154+00:00] Update CA trust [2026-02-10T22:15:43,039580881+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:15:45,029013488+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:15:45,034850368+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:15:45,148508316+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:15:50,032033335+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:15:45Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:15:45Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "2141ba55580678246c722e07819f9c5ce33e3df7", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "2141ba55580678246c722e07819f9c5ce33e3df7", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/konflux-test-integration", "quay.expires-after": "6h" } [2026-02-10T22:15:50,082129668+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:15:50,085428796+00:00] Add secrets [2026-02-10T22:15:50,093773913+00:00] Run buildah build [2026-02-10T22:15:50,095043739+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=2141ba55580678246c722e07819f9c5ce33e3df7 --label org.opencontainers.image.revision=2141ba55580678246c722e07819f9c5ce33e3df7 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --label quay.expires-after=6h --label build-date=2026-02-10T22:15:45Z --label org.opencontainers.image.created=2026-02-10T22:15:45Z --annotation org.opencontainers.image.revision=2141ba55580678246c722e07819f9c5ce33e3df7 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/konflux-test-integration --annotation org.opencontainers.image.created=2026-02-10T22:15:45Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.DMJyxn -t quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 382 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 297 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 280 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 425 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 224 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 388 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 250 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 753 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 564 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 691 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 369 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Progress (4): 3.6 kB | 7.1 kB | 2.0 kB | 2.3/3.6 kB Progress (4): 3.6 kB | 7.1 kB | 2.0 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 51 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 101 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 28 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 48 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 162 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (1): 24/226 kB Progress (1): 27/226 kB Progress (1): 30/226 kB Progress (1): 32/226 kB Progress (1): 35/226 kB Progress (1): 38/226 kB Progress (1): 41/226 kB Progress (1): 43/226 kB Progress (1): 46/226 kB Progress (1): 49/226 kB Progress (1): 53/226 kB Progress (1): 57/226 kB Progress (1): 61/226 kB Progress (1): 65/226 kB Progress (1): 69/226 kB Progress (1): 73/226 kB Progress (1): 76/226 kB Progress (1): 80/226 kB Progress (1): 84/226 kB Progress (1): 88/226 kB Progress (1): 92/226 kB Progress (1): 96/226 kB Progress (1): 100/226 kB Progress (1): 104/226 kB Progress (1): 108/226 kB Progress (1): 112/226 kB Progress (1): 117/226 kB Progress (1): 121/226 kB Progress (1): 125/226 kB Progress (1): 129/226 kB Progress (1): 133/226 kB Progress (2): 133/226 kB | 2.3/13 kB Progress (2): 137/226 kB | 2.3/13 kB Progress (2): 137/226 kB | 5.0/13 kB Progress (2): 137/226 kB | 7.8/13 kB Progress (2): 141/226 kB | 7.8/13 kB Progress (2): 143/226 kB | 7.8/13 kB Progress (2): 143/226 kB | 12/13 kB Progress (2): 143/226 kB | 13 kB Progress (2): 147/226 kB | 13 kB Progress (2): 151/226 kB | 13 kB Progress (2): 156/226 kB | 13 kB Progress (2): 160/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 192/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 201/226 kB | 13 kB Progress (2): 205/226 kB | 13 kB Progress (2): 209/226 kB | 13 kB Progress (2): 211/226 kB | 13 kB Progress (2): 215/226 kB | 13 kB Progress (2): 219/226 kB | 13 kB Progress (2): 223/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 218 kB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 7.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 322 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/116 kB Progress (1): 7.7/116 kB Progress (1): 12/116 kB Progress (1): 16/116 kB Progress (1): 20/116 kB Progress (1): 24/116 kB Progress (1): 28/116 kB Progress (1): 32/116 kB Progress (1): 36/116 kB Progress (1): 41/116 kB Progress (1): 45/116 kB Progress (1): 49/116 kB Progress (1): 53/116 kB Progress (1): 57/116 kB Progress (1): 61/116 kB Progress (1): 65/116 kB Progress (1): 69/116 kB Progress (1): 73/116 kB Progress (1): 77/116 kB Progress (1): 81/116 kB Progress (1): 86/116 kB Progress (1): 90/116 kB Progress (1): 94/116 kB Progress (1): 98/116 kB Progress (1): 102/116 kB Progress (1): 106/116 kB Progress (1): 110/116 kB Progress (1): 114/116 kB Progress (1): 116 kB Progress (2): 116 kB | 4.1/35 kB Progress (2): 116 kB | 7.7/35 kB Progress (2): 116 kB | 12/35 kB Progress (2): 116 kB | 16/35 kB Progress (3): 116 kB | 16/35 kB | 2.3/57 kB Progress (3): 116 kB | 16/35 kB | 4.7/57 kB Progress (3): 116 kB | 20/35 kB | 4.7/57 kB Progress (3): 116 kB | 20/35 kB | 7.5/57 kB Progress (3): 116 kB | 24/35 kB | 7.5/57 kB Progress (3): 116 kB | 28/35 kB | 7.5/57 kB Progress (3): 116 kB | 28/35 kB | 10/57 kB Progress (3): 116 kB | 32/35 kB | 10/57 kB Progress (3): 116 kB | 32/35 kB | 13/57 kB Progress (3): 116 kB | 35 kB | 13/57 kB Progress (3): 116 kB | 35 kB | 16/57 kB Progress (3): 116 kB | 35 kB | 18/57 kB Progress (3): 116 kB | 35 kB | 21/57 kB Progress (3): 116 kB | 35 kB | 24/57 kB Progress (3): 116 kB | 35 kB | 27/57 kB Progress (3): 116 kB | 35 kB | 29/57 kB Progress (3): 116 kB | 35 kB | 32/57 kB Progress (3): 116 kB | 35 kB | 35/57 kB Progress (3): 116 kB | 35 kB | 38/57 kB Progress (3): 116 kB | 35 kB | 40/57 kB Progress (3): 116 kB | 35 kB | 43/57 kB Progress (3): 116 kB | 35 kB | 47/57 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 4.1/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 7.7/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 12/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 16/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 20/152 kB Progress (4): 116 kB | 35 kB | 47/57 kB | 24/152 kB Progress (4): 116 kB | 35 kB | 51/57 kB | 24/152 kB Progress (4): 116 kB | 35 kB | 51/57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 55/57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 28/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 32/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 36/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 40/152 kB Progress (4): 116 kB | 35 kB | 57 kB | 44/152 kB Progress (5): 116 kB | 35 kB | 57 kB | 44/152 kB | 2.3/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 44/152 kB | 5.0/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 48/152 kB | 5.0/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 48/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 53/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 57/152 kB | 7.8/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 57/152 kB | 11/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 11/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 13/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 16/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 61/152 kB | 19/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 65/152 kB | 19/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 65/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 69/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 73/152 kB | 21/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 73/152 kB | 24/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 24/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 27/29 kB Progress (5): 116 kB | 35 kB | 57 kB | 77/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 81/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 85/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 89/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 94/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 98/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 102/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 106/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 110/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 114/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 118/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 122/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 126/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 130/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 134/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 139/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 143/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 147/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 151/152 kB | 29 kB Progress (5): 116 kB | 35 kB | 57 kB | 152 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 556 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 653 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 152 kB | 4.1/21 kB Progress (2): 152 kB | 7.7/21 kB Progress (2): 152 kB | 12/21 kB Progress (2): 152 kB | 16/21 kB Progress (2): 152 kB | 20/21 kB Progress (2): 152 kB | 21 kB Progress (3): 152 kB | 21 kB | 3.8/9.9 kB Progress (3): 152 kB | 21 kB | 7.8/9.9 kB Progress (3): 152 kB | 21 kB | 9.9 kB Progress (4): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB | 4.1/24 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 2.3/5.9 kB | 7.7/24 kB Progress (5): 152 kB | 21 kB | 9.9 kB | 5.0/5.9 kB | 7.7/24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.0 MB/s) Progress (4): 21 kB | 9.9 kB | 5.9 kB | 7.7/24 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (4): 21 kB | 9.9 kB | 5.9 kB | 12/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 16/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 20/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24/24 kB Progress (4): 21 kB | 9.9 kB | 5.9 kB | 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 253 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Progress (2): 30 kB | 4.1/14 kB Progress (2): 30 kB | 7.7/14 kB Progress (2): 30 kB | 12/14 kB Progress (2): 30 kB | 14 kB Progress (3): 30 kB | 14 kB | 3.8/37 kB Progress (3): 30 kB | 14 kB | 7.9/37 kB Progress (3): 30 kB | 14 kB | 12/37 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 249 kB/s) Progress (2): 14 kB | 16/37 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (2): 14 kB | 20/37 kB Progress (2): 14 kB | 24/37 kB Progress (2): 14 kB | 28/37 kB Progress (2): 14 kB | 32/37 kB Progress (2): 14 kB | 37/37 kB Progress (2): 14 kB | 37 kB Progress (3): 14 kB | 37 kB | 4.1/38 kB Progress (3): 14 kB | 37 kB | 7.7/38 kB Progress (3): 14 kB | 37 kB | 12/38 kB Progress (3): 14 kB | 37 kB | 16/38 kB Progress (3): 14 kB | 37 kB | 20/38 kB Progress (3): 14 kB | 37 kB | 24/38 kB Progress (3): 14 kB | 37 kB | 28/38 kB Progress (3): 14 kB | 37 kB | 32/38 kB Progress (3): 14 kB | 37 kB | 36/38 kB Progress (3): 14 kB | 37 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (3): 37 kB | 38 kB | 2.3/13 kB Progress (3): 37 kB | 38 kB | 5.0/13 kB Progress (3): 37 kB | 38 kB | 7.8/13 kB Progress (3): 37 kB | 38 kB | 10/13 kB Progress (3): 37 kB | 38 kB | 13/13 kB Progress (3): 37 kB | 38 kB | 13 kB Progress (4): 37 kB | 38 kB | 13 kB | 4.1/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 7.7/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 12/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 16/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 20/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 24/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 28/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 32/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 36/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 41/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 45/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 49/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 53/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 57/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 61/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 65/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 69/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 73/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 77/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 81/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 86/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 41/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (1): 49 kB Progress (2): 49 kB | 3.8/86 kB Progress (2): 49 kB | 7.9/86 kB Progress (2): 49 kB | 12/86 kB Progress (2): 49 kB | 16/86 kB Progress (2): 49 kB | 20/86 kB Progress (2): 49 kB | 24/86 kB Progress (2): 49 kB | 28/86 kB Progress (2): 49 kB | 32/86 kB Progress (2): 49 kB | 36/86 kB Progress (2): 49 kB | 40/86 kB Progress (2): 49 kB | 44/86 kB Progress (2): 49 kB | 48/86 kB Progress (2): 49 kB | 53/86 kB Progress (2): 49 kB | 57/86 kB Progress (2): 49 kB | 61/86 kB Progress (2): 49 kB | 65/86 kB Progress (2): 49 kB | 69/86 kB Progress (2): 49 kB | 73/86 kB Progress (2): 49 kB | 77/86 kB Progress (2): 49 kB | 81/86 kB Progress (2): 49 kB | 83/86 kB Progress (2): 49 kB | 86 kB Progress (3): 49 kB | 86 kB | 4.1/121 kB Progress (4): 49 kB | 86 kB | 4.1/121 kB | 4.1/10 kB Progress (4): 49 kB | 86 kB | 7.7/121 kB | 4.1/10 kB Progress (4): 49 kB | 86 kB | 7.7/121 kB | 7.7/10 kB Progress (4): 49 kB | 86 kB | 12/121 kB | 7.7/10 kB Progress (4): 49 kB | 86 kB | 12/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 16/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 20/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 24/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 28/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 32/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 36/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 41/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 45/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 49/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 53/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 57/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 61/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 65/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 69/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 73/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 77/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 81/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 86/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 90/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 94/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 98/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 102/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 106/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 110/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 114/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 118/121 kB | 10 kB Progress (4): 49 kB | 86 kB | 121 kB | 10 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 3.8/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 7.9/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 12/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 16/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 20/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 24/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 28/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 32/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 37/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 41/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 45/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 49/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 53/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 57/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 61/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 65/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 69/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 71/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 76/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 80/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 84/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 88/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 92/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 96/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 100/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 104/194 kB Progress (5): 49 kB | 86 kB | 121 kB | 10 kB | 108/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 441 kB/s) Progress (4): 49 kB | 121 kB | 10 kB | 112/194 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (4): 49 kB | 121 kB | 10 kB | 116/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 121/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 125/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 129/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 133/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 137/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 139/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 143/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 147/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 151/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 155/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 160/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 164/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 168/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 172/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 176/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 180/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 184/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 188/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 192/194 kB Progress (4): 49 kB | 121 kB | 10 kB | 194 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 602 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (2): 194 kB | 4.1/223 kB Progress (2): 194 kB | 7.7/223 kB Progress (2): 194 kB | 12/223 kB Progress (2): 194 kB | 16/223 kB Progress (2): 194 kB | 20/223 kB Progress (2): 194 kB | 24/223 kB Progress (2): 194 kB | 28/223 kB Progress (2): 194 kB | 32/223 kB Progress (2): 194 kB | 36/223 kB Progress (2): 194 kB | 41/223 kB Progress (3): 194 kB | 41/223 kB | 4.1/43 kB Progress (3): 194 kB | 45/223 kB | 4.1/43 kB Progress (3): 194 kB | 45/223 kB | 7.7/43 kB Progress (3): 194 kB | 49/223 kB | 7.7/43 kB Progress (3): 194 kB | 49/223 kB | 12/43 kB Progress (3): 194 kB | 49/223 kB | 16/43 kB Progress (3): 194 kB | 53/223 kB | 16/43 kB Progress (3): 194 kB | 57/223 kB | 16/43 kB Progress (3): 194 kB | 61/223 kB | 16/43 kB Progress (3): 194 kB | 61/223 kB | 20/43 kB Progress (3): 194 kB | 65/223 kB | 20/43 kB Progress (3): 194 kB | 65/223 kB | 24/43 kB Progress (3): 194 kB | 65/223 kB | 28/43 kB Progress (3): 194 kB | 65/223 kB | 32/43 kB Progress (3): 194 kB | 69/223 kB | 32/43 kB Progress (3): 194 kB | 69/223 kB | 36/43 kB Progress (3): 194 kB | 73/223 kB | 36/43 kB Progress (3): 194 kB | 73/223 kB | 41/43 kB Progress (3): 194 kB | 77/223 kB | 41/43 kB Progress (3): 194 kB | 77/223 kB | 43 kB Progress (3): 194 kB | 81/223 kB | 43 kB Progress (3): 194 kB | 86/223 kB | 43 kB Progress (3): 194 kB | 90/223 kB | 43 kB Progress (3): 194 kB | 94/223 kB | 43 kB Progress (3): 194 kB | 98/223 kB | 43 kB Progress (3): 194 kB | 102/223 kB | 43 kB Progress (3): 194 kB | 106/223 kB | 43 kB Progress (3): 194 kB | 110/223 kB | 43 kB Progress (3): 194 kB | 114/223 kB | 43 kB Progress (3): 194 kB | 118/223 kB | 43 kB Progress (3): 194 kB | 122/223 kB | 43 kB Progress (3): 194 kB | 127/223 kB | 43 kB Progress (3): 194 kB | 131/223 kB | 43 kB Progress (3): 194 kB | 135/223 kB | 43 kB Progress (3): 194 kB | 139/223 kB | 43 kB Progress (3): 194 kB | 143/223 kB | 43 kB Progress (3): 194 kB | 147/223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 867 kB/s) Progress (2): 151/223 kB | 43 kB Progress (2): 155/223 kB | 43 kB Progress (2): 159/223 kB | 43 kB Progress (2): 163/223 kB | 43 kB Progress (2): 167/223 kB | 43 kB Progress (2): 172/223 kB | 43 kB Progress (2): 176/223 kB | 43 kB Progress (2): 180/223 kB | 43 kB Progress (2): 184/223 kB | 43 kB Progress (2): 188/223 kB | 43 kB Progress (2): 192/223 kB | 43 kB Progress (2): 196/223 kB | 43 kB Progress (2): 200/223 kB | 43 kB Progress (2): 204/223 kB | 43 kB Progress (2): 208/223 kB | 43 kB Progress (2): 213/223 kB | 43 kB Progress (2): 217/223 kB | 43 kB Progress (2): 221/223 kB | 43 kB Progress (2): 223 kB | 43 kB Progress (3): 223 kB | 43 kB | 4.1/6.8 kB Progress (3): 223 kB | 43 kB | 6.8 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 4.1/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 7.7/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 12/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 16/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 20/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 24/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 28/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 32/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 36/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 41/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 45/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 49/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 53/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 57/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 177 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 904 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 27 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 229 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 332 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 331 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 380 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 484 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 165 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/160 kB Progress (1): 7.7/160 kB Progress (1): 12/160 kB Progress (1): 16/160 kB Progress (1): 20/160 kB Progress (1): 24/160 kB Progress (1): 28/160 kB Progress (1): 32/160 kB Progress (1): 36/160 kB Progress (1): 41/160 kB Progress (1): 45/160 kB Progress (1): 49/160 kB Progress (1): 53/160 kB Progress (1): 57/160 kB Progress (1): 61/160 kB Progress (1): 65/160 kB Progress (1): 69/160 kB Progress (1): 73/160 kB Progress (1): 77/160 kB Progress (1): 81/160 kB Progress (1): 86/160 kB Progress (1): 90/160 kB Progress (1): 94/160 kB Progress (1): 98/160 kB Progress (1): 102/160 kB Progress (1): 106/160 kB Progress (1): 110/160 kB Progress (1): 114/160 kB Progress (1): 118/160 kB Progress (1): 122/160 kB Progress (1): 127/160 kB Progress (1): 131/160 kB Progress (1): 135/160 kB Progress (1): 139/160 kB Progress (1): 143/160 kB Progress (1): 147/160 kB Progress (1): 151/160 kB Progress (1): 155/160 kB Progress (1): 159/160 kB Progress (1): 160 kB Progress (2): 160 kB | 4.1/49 kB Progress (2): 160 kB | 7.7/49 kB Progress (2): 160 kB | 12/49 kB Progress (2): 160 kB | 16/49 kB Progress (2): 160 kB | 20/49 kB Progress (2): 160 kB | 24/49 kB Progress (2): 160 kB | 28/49 kB Progress (2): 160 kB | 32/49 kB Progress (2): 160 kB | 36/49 kB Progress (2): 160 kB | 41/49 kB Progress (2): 160 kB | 45/49 kB Progress (2): 160 kB | 49/49 kB Progress (3): 160 kB | 49/49 kB | 4.1/89 kB Progress (3): 160 kB | 49 kB | 4.1/89 kB Progress (3): 160 kB | 49 kB | 7.7/89 kB Progress (3): 160 kB | 49 kB | 12/89 kB Progress (3): 160 kB | 49 kB | 16/89 kB Progress (3): 160 kB | 49 kB | 20/89 kB Progress (3): 160 kB | 49 kB | 24/89 kB Progress (3): 160 kB | 49 kB | 28/89 kB Progress (3): 160 kB | 49 kB | 32/89 kB Progress (3): 160 kB | 49 kB | 36/89 kB Progress (3): 160 kB | 49 kB | 41/89 kB Progress (3): 160 kB | 49 kB | 45/89 kB Progress (3): 160 kB | 49 kB | 49/89 kB Progress (3): 160 kB | 49 kB | 53/89 kB Progress (3): 160 kB | 49 kB | 57/89 kB Progress (3): 160 kB | 49 kB | 61/89 kB Progress (3): 160 kB | 49 kB | 65/89 kB Progress (3): 160 kB | 49 kB | 69/89 kB Progress (3): 160 kB | 49 kB | 73/89 kB Progress (3): 160 kB | 49 kB | 77/89 kB Progress (3): 160 kB | 49 kB | 81/89 kB Progress (3): 160 kB | 49 kB | 86/89 kB Progress (3): 160 kB | 49 kB | 89 kB Progress (4): 160 kB | 49 kB | 89 kB | 3.4/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 7.5/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 12/13 kB Progress (4): 160 kB | 49 kB | 89 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Progress (4): 160 kB | 89 kB | 13 kB | 4.1/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 7.7/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 12/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 16/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 20/211 kB Progress (4): 160 kB | 89 kB | 13 kB | 24/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.7 MB/s) Progress (3): 89 kB | 13 kB | 28/211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Progress (3): 89 kB | 13 kB | 32/211 kB Progress (3): 89 kB | 13 kB | 36/211 kB Progress (3): 89 kB | 13 kB | 41/211 kB Progress (3): 89 kB | 13 kB | 45/211 kB Progress (3): 89 kB | 13 kB | 49/211 kB Progress (3): 89 kB | 13 kB | 53/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 2.0 MB/s) Progress (2): 13 kB | 57/211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Progress (2): 13 kB | 61/211 kB Progress (2): 13 kB | 65/211 kB Progress (2): 13 kB | 69/211 kB Progress (2): 13 kB | 73/211 kB Progress (2): 13 kB | 77/211 kB Progress (2): 13 kB | 81/211 kB Progress (2): 13 kB | 86/211 kB Progress (2): 13 kB | 90/211 kB Progress (2): 13 kB | 94/211 kB Progress (2): 13 kB | 98/211 kB Progress (2): 13 kB | 102/211 kB Progress (2): 13 kB | 106/211 kB Progress (2): 13 kB | 110/211 kB Progress (2): 13 kB | 114/211 kB Progress (2): 13 kB | 118/211 kB Progress (2): 13 kB | 122/211 kB Progress (2): 13 kB | 127/211 kB Progress (2): 13 kB | 131/211 kB Progress (2): 13 kB | 135/211 kB Progress (2): 13 kB | 139/211 kB Progress (2): 13 kB | 143/211 kB Progress (2): 13 kB | 147/211 kB Progress (2): 13 kB | 151/211 kB Progress (2): 13 kB | 155/211 kB Progress (2): 13 kB | 159/211 kB Progress (2): 13 kB | 163/211 kB Progress (2): 13 kB | 167/211 kB Progress (2): 13 kB | 172/211 kB Progress (2): 13 kB | 176/211 kB Progress (2): 13 kB | 180/211 kB Progress (2): 13 kB | 184/211 kB Progress (2): 13 kB | 188/211 kB Progress (2): 13 kB | 192/211 kB Progress (2): 13 kB | 196/211 kB Progress (2): 13 kB | 200/211 kB Progress (2): 13 kB | 204/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Progress (1): 208/211 kB Progress (1): 211 kB Progress (2): 211 kB | 4.1/21 kB Progress (2): 211 kB | 8.2/21 kB Progress (2): 211 kB | 12/21 kB Progress (2): 211 kB | 16/21 kB Progress (2): 211 kB | 20/21 kB Progress (2): 211 kB | 21 kB Progress (3): 211 kB | 21 kB | 4.1/87 kB Progress (3): 211 kB | 21 kB | 7.7/87 kB Progress (3): 211 kB | 21 kB | 12/87 kB Progress (3): 211 kB | 21 kB | 16/87 kB Progress (3): 211 kB | 21 kB | 20/87 kB Progress (3): 211 kB | 21 kB | 24/87 kB Progress (3): 211 kB | 21 kB | 28/87 kB Progress (3): 211 kB | 21 kB | 32/87 kB Progress (3): 211 kB | 21 kB | 36/87 kB Progress (3): 211 kB | 21 kB | 41/87 kB Progress (3): 211 kB | 21 kB | 45/87 kB Progress (3): 211 kB | 21 kB | 49/87 kB Progress (3): 211 kB | 21 kB | 53/87 kB Progress (4): 211 kB | 21 kB | 53/87 kB | 4.1/35 kB Progress (4): 211 kB | 21 kB | 57/87 kB | 4.1/35 kB Progress (4): 211 kB | 21 kB | 57/87 kB | 7.7/35 kB Progress (4): 211 kB | 21 kB | 61/87 kB | 7.7/35 kB Progress (4): 211 kB | 21 kB | 61/87 kB | 12/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 12/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 16/35 kB Progress (4): 211 kB | 21 kB | 65/87 kB | 20/35 kB Progress (4): 211 kB | 21 kB | 69/87 kB | 20/35 kB Progress (4): 211 kB | 21 kB | 69/87 kB | 24/35 kB Progress (4): 211 kB | 21 kB | 73/87 kB | 24/35 kB Progress (4): 211 kB | 21 kB | 73/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 77/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 28/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 32/35 kB Progress (4): 211 kB | 21 kB | 81/87 kB | 35 kB Progress (4): 211 kB | 21 kB | 86/87 kB | 35 kB Progress (4): 211 kB | 21 kB | 87 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 992 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Progress (2): 25 kB | 4.1/14 kB Progress (2): 25 kB | 7.7/14 kB Progress (2): 25 kB | 12/14 kB Progress (2): 25 kB | 14 kB Progress (3): 25 kB | 14 kB | 4.1/37 kB Progress (3): 25 kB | 14 kB | 7.7/37 kB Progress (3): 25 kB | 14 kB | 12/37 kB Progress (3): 25 kB | 14 kB | 16/37 kB Progress (3): 25 kB | 14 kB | 20/37 kB Progress (3): 25 kB | 14 kB | 24/37 kB Progress (3): 25 kB | 14 kB | 28/37 kB Progress (3): 25 kB | 14 kB | 32/37 kB Progress (3): 25 kB | 14 kB | 36/37 kB Progress (3): 25 kB | 14 kB | 37 kB Progress (4): 25 kB | 14 kB | 37 kB | 4.1/122 kB Progress (4): 25 kB | 14 kB | 37 kB | 7.7/122 kB Progress (4): 25 kB | 14 kB | 37 kB | 12/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 128 kB/s) Progress (3): 25 kB | 37 kB | 16/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (3): 25 kB | 37 kB | 20/122 kB Progress (3): 25 kB | 37 kB | 24/122 kB Progress (3): 25 kB | 37 kB | 28/122 kB Progress (3): 25 kB | 37 kB | 32/122 kB Progress (3): 25 kB | 37 kB | 36/122 kB Progress (3): 25 kB | 37 kB | 41/122 kB Progress (3): 25 kB | 37 kB | 45/122 kB Progress (3): 25 kB | 37 kB | 49/122 kB Progress (3): 25 kB | 37 kB | 53/122 kB Progress (3): 25 kB | 37 kB | 57/122 kB Progress (3): 25 kB | 37 kB | 61/122 kB Progress (3): 25 kB | 37 kB | 65/122 kB Progress (3): 25 kB | 37 kB | 69/122 kB Progress (3): 25 kB | 37 kB | 73/122 kB Progress (3): 25 kB | 37 kB | 77/122 kB Progress (3): 25 kB | 37 kB | 81/122 kB Progress (3): 25 kB | 37 kB | 86/122 kB Progress (3): 25 kB | 37 kB | 90/122 kB Progress (3): 25 kB | 37 kB | 94/122 kB Progress (3): 25 kB | 37 kB | 98/122 kB Progress (3): 25 kB | 37 kB | 102/122 kB Progress (3): 25 kB | 37 kB | 106/122 kB Progress (3): 25 kB | 37 kB | 110/122 kB Progress (3): 25 kB | 37 kB | 114/122 kB Progress (4): 25 kB | 37 kB | 114/122 kB | 4.1/29 kB Progress (4): 25 kB | 37 kB | 118/122 kB | 4.1/29 kB Progress (4): 25 kB | 37 kB | 118/122 kB | 7.7/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 7.7/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 12/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 16/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 20/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 24/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 28/29 kB Progress (4): 25 kB | 37 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (4): 25 kB | 122 kB | 29 kB | 4.1/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 7.7/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 12/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 16/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 20/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 24/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 28/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 32/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 36/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 41/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 45/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 49/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 53/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 57/58 kB Progress (4): 25 kB | 122 kB | 29 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 937 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 388 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (1): 4.1/10 kB Progress (1): 7.7/10 kB Progress (1): 10 kB Progress (2): 10 kB | 4.1/33 kB Progress (2): 10 kB | 7.7/33 kB Progress (2): 10 kB | 12/33 kB Progress (2): 10 kB | 16/33 kB Progress (2): 10 kB | 20/33 kB Progress (2): 10 kB | 24/33 kB Progress (2): 10 kB | 28/33 kB Progress (2): 10 kB | 32/33 kB Progress (2): 10 kB | 33 kB Progress (3): 10 kB | 33 kB | 4.1/155 kB Progress (3): 10 kB | 33 kB | 7.7/155 kB Progress (3): 10 kB | 33 kB | 12/155 kB Progress (3): 10 kB | 33 kB | 16/155 kB Progress (3): 10 kB | 33 kB | 20/155 kB Progress (3): 10 kB | 33 kB | 24/155 kB Progress (3): 10 kB | 33 kB | 28/155 kB Progress (3): 10 kB | 33 kB | 32/155 kB Progress (3): 10 kB | 33 kB | 36/155 kB Progress (3): 10 kB | 33 kB | 40/155 kB Progress (3): 10 kB | 33 kB | 44/155 kB Progress (3): 10 kB | 33 kB | 48/155 kB Progress (3): 10 kB | 33 kB | 53/155 kB Progress (3): 10 kB | 33 kB | 57/155 kB Progress (3): 10 kB | 33 kB | 61/155 kB Progress (3): 10 kB | 33 kB | 65/155 kB Progress (3): 10 kB | 33 kB | 69/155 kB Progress (3): 10 kB | 33 kB | 73/155 kB Progress (3): 10 kB | 33 kB | 77/155 kB Progress (3): 10 kB | 33 kB | 81/155 kB Progress (3): 10 kB | 33 kB | 85/155 kB Progress (3): 10 kB | 33 kB | 89/155 kB Progress (3): 10 kB | 33 kB | 94/155 kB Progress (3): 10 kB | 33 kB | 98/155 kB Progress (3): 10 kB | 33 kB | 102/155 kB Progress (3): 10 kB | 33 kB | 106/155 kB Progress (3): 10 kB | 33 kB | 110/155 kB Progress (3): 10 kB | 33 kB | 114/155 kB Progress (3): 10 kB | 33 kB | 118/155 kB Progress (3): 10 kB | 33 kB | 122/155 kB Progress (3): 10 kB | 33 kB | 126/155 kB Progress (3): 10 kB | 33 kB | 130/155 kB Progress (3): 10 kB | 33 kB | 134/155 kB Progress (3): 10 kB | 33 kB | 139/155 kB Progress (3): 10 kB | 33 kB | 143/155 kB Progress (3): 10 kB | 33 kB | 147/155 kB Progress (3): 10 kB | 33 kB | 151/155 kB Progress (3): 10 kB | 33 kB | 155 kB Progress (4): 10 kB | 33 kB | 155 kB | 4.1/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 7.7/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 12/14 kB Progress (4): 10 kB | 33 kB | 155 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 844 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 14 kB | 4.1/32 kB Progress (2): 14 kB | 7.7/32 kB Progress (2): 14 kB | 12/32 kB Progress (2): 14 kB | 16/32 kB Progress (2): 14 kB | 20/32 kB Progress (2): 14 kB | 24/32 kB Progress (2): 14 kB | 28/32 kB Progress (2): 14 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (2): 32 kB | 4.1/4.2 kB Progress (2): 32 kB | 4.2 kB Progress (3): 32 kB | 4.2 kB | 4.1/4.6 kB Progress (3): 32 kB | 4.2 kB | 4.6 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 4.1/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 7.7/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 12/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 16/19 kB Progress (4): 32 kB | 4.2 kB | 4.6 kB | 19 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 4.1/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 7.7/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 12/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 16/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 20/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 24/25 kB Progress (5): 32 kB | 4.2 kB | 4.6 kB | 19 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (2): 25 kB | 4.1/217 kB Progress (2): 25 kB | 7.7/217 kB Progress (2): 25 kB | 12/217 kB Progress (2): 25 kB | 16/217 kB Progress (2): 25 kB | 20/217 kB Progress (2): 25 kB | 24/217 kB Progress (2): 25 kB | 28/217 kB Progress (2): 25 kB | 32/217 kB Progress (2): 25 kB | 36/217 kB Progress (2): 25 kB | 41/217 kB Progress (2): 25 kB | 45/217 kB Progress (2): 25 kB | 49/217 kB Progress (2): 25 kB | 53/217 kB Progress (2): 25 kB | 57/217 kB Progress (2): 25 kB | 61/217 kB Progress (2): 25 kB | 65/217 kB Progress (2): 25 kB | 69/217 kB Progress (2): 25 kB | 73/217 kB Progress (2): 25 kB | 77/217 kB Progress (2): 25 kB | 81/217 kB Progress (2): 25 kB | 86/217 kB Progress (2): 25 kB | 90/217 kB Progress (2): 25 kB | 94/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 108 kB/s) Progress (1): 98/217 kB Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (1): 102/217 kB Progress (1): 106/217 kB Progress (1): 110/217 kB Progress (1): 114/217 kB Progress (1): 118/217 kB Progress (1): 122/217 kB Progress (1): 127/217 kB Progress (1): 131/217 kB Progress (1): 135/217 kB Progress (1): 139/217 kB Progress (1): 143/217 kB Progress (1): 147/217 kB Progress (1): 151/217 kB Progress (1): 155/217 kB Progress (1): 159/217 kB Progress (1): 163/217 kB Progress (1): 167/217 kB Progress (1): 172/217 kB Progress (1): 176/217 kB Progress (1): 180/217 kB Progress (1): 184/217 kB Progress (1): 188/217 kB Progress (1): 192/217 kB Progress (1): 196/217 kB Progress (1): 200/217 kB Progress (1): 204/217 kB Progress (1): 208/217 kB Progress (1): 213/217 kB Progress (1): 217/217 kB Progress (1): 217 kB Progress (2): 217 kB | 4.1/358 kB Progress (2): 217 kB | 7.7/358 kB Progress (2): 217 kB | 12/358 kB Progress (2): 217 kB | 16/358 kB Progress (2): 217 kB | 20/358 kB Progress (2): 217 kB | 24/358 kB Progress (2): 217 kB | 28/358 kB Progress (2): 217 kB | 32/358 kB Progress (2): 217 kB | 36/358 kB Progress (2): 217 kB | 41/358 kB Progress (2): 217 kB | 45/358 kB Progress (2): 217 kB | 49/358 kB Progress (2): 217 kB | 53/358 kB Progress (2): 217 kB | 57/358 kB Progress (2): 217 kB | 61/358 kB Progress (2): 217 kB | 65/358 kB Progress (2): 217 kB | 69/358 kB Progress (2): 217 kB | 73/358 kB Progress (2): 217 kB | 77/358 kB Progress (2): 217 kB | 81/358 kB Progress (2): 217 kB | 86/358 kB Progress (2): 217 kB | 90/358 kB Progress (2): 217 kB | 94/358 kB Progress (2): 217 kB | 98/358 kB Progress (2): 217 kB | 102/358 kB Progress (2): 217 kB | 106/358 kB Progress (2): 217 kB | 110/358 kB Progress (2): 217 kB | 114/358 kB Progress (2): 217 kB | 118/358 kB Progress (2): 217 kB | 122/358 kB Progress (2): 217 kB | 127/358 kB Progress (2): 217 kB | 131/358 kB Progress (2): 217 kB | 135/358 kB Progress (2): 217 kB | 139/358 kB Progress (2): 217 kB | 143/358 kB Progress (2): 217 kB | 147/358 kB Progress (2): 217 kB | 151/358 kB Progress (3): 217 kB | 151/358 kB | 4.1/134 kB Progress (3): 217 kB | 155/358 kB | 4.1/134 kB Progress (3): 217 kB | 155/358 kB | 7.7/134 kB Progress (3): 217 kB | 155/358 kB | 12/134 kB Progress (3): 217 kB | 159/358 kB | 12/134 kB Progress (3): 217 kB | 163/358 kB | 12/134 kB Progress (3): 217 kB | 167/358 kB | 12/134 kB Progress (3): 217 kB | 172/358 kB | 12/134 kB Progress (3): 217 kB | 172/358 kB | 16/134 kB Progress (3): 217 kB | 172/358 kB | 20/134 kB Progress (3): 217 kB | 176/358 kB | 20/134 kB Progress (3): 217 kB | 176/358 kB | 24/134 kB Progress (3): 217 kB | 180/358 kB | 24/134 kB Progress (3): 217 kB | 180/358 kB | 28/134 kB Progress (3): 217 kB | 184/358 kB | 28/134 kB Progress (3): 217 kB | 188/358 kB | 28/134 kB Progress (3): 217 kB | 188/358 kB | 32/134 kB Progress (3): 217 kB | 192/358 kB | 32/134 kB Progress (3): 217 kB | 192/358 kB | 36/134 kB Progress (3): 217 kB | 196/358 kB | 36/134 kB Progress (3): 217 kB | 196/358 kB | 40/134 kB Progress (3): 217 kB | 200/358 kB | 40/134 kB Progress (3): 217 kB | 200/358 kB | 44/134 kB Progress (3): 217 kB | 204/358 kB | 44/134 kB Progress (3): 217 kB | 208/358 kB | 44/134 kB Progress (3): 217 kB | 208/358 kB | 48/134 kB Progress (3): 217 kB | 213/358 kB | 48/134 kB Progress (3): 217 kB | 213/358 kB | 53/134 kB Progress (3): 217 kB | 217/358 kB | 53/134 kB Progress (3): 217 kB | 217/358 kB | 57/134 kB Progress (3): 217 kB | 221/358 kB | 57/134 kB Progress (3): 217 kB | 221/358 kB | 61/134 kB Progress (3): 217 kB | 225/358 kB | 61/134 kB Progress (3): 217 kB | 229/358 kB | 61/134 kB Progress (3): 217 kB | 229/358 kB | 65/134 kB Progress (3): 217 kB | 229/358 kB | 69/134 kB Progress (3): 217 kB | 233/358 kB | 69/134 kB Progress (3): 217 kB | 233/358 kB | 73/134 kB Progress (3): 217 kB | 237/358 kB | 73/134 kB Progress (3): 217 kB | 237/358 kB | 77/134 kB Progress (3): 217 kB | 237/358 kB | 81/134 kB Progress (3): 217 kB | 241/358 kB | 81/134 kB Progress (3): 217 kB | 241/358 kB | 85/134 kB Progress (3): 217 kB | 245/358 kB | 85/134 kB Progress (3): 217 kB | 245/358 kB | 89/134 kB Progress (3): 217 kB | 249/358 kB | 89/134 kB Progress (3): 217 kB | 249/358 kB | 93/134 kB Progress (3): 217 kB | 254/358 kB | 93/134 kB Progress (3): 217 kB | 254/358 kB | 98/134 kB Progress (3): 217 kB | 258/358 kB | 98/134 kB Progress (3): 217 kB | 258/358 kB | 102/134 kB Progress (3): 217 kB | 262/358 kB | 102/134 kB Progress (3): 217 kB | 262/358 kB | 106/134 kB Progress (3): 217 kB | 266/358 kB | 106/134 kB Progress (3): 217 kB | 266/358 kB | 110/134 kB Progress (3): 217 kB | 270/358 kB | 110/134 kB Progress (3): 217 kB | 270/358 kB | 114/134 kB Progress (3): 217 kB | 274/358 kB | 114/134 kB Progress (3): 217 kB | 274/358 kB | 118/134 kB Progress (3): 217 kB | 278/358 kB | 118/134 kB Progress (3): 217 kB | 278/358 kB | 122/134 kB Progress (3): 217 kB | 282/358 kB | 122/134 kB Progress (3): 217 kB | 282/358 kB | 126/134 kB Progress (3): 217 kB | 286/358 kB | 126/134 kB Progress (3): 217 kB | 286/358 kB | 130/134 kB Progress (3): 217 kB | 286/358 kB | 134 kB Progress (3): 217 kB | 290/358 kB | 134 kB Progress (3): 217 kB | 294/358 kB | 134 kB Progress (3): 217 kB | 299/358 kB | 134 kB Progress (3): 217 kB | 303/358 kB | 134 kB Progress (3): 217 kB | 307/358 kB | 134 kB Progress (3): 217 kB | 311/358 kB | 134 kB Progress (3): 217 kB | 315/358 kB | 134 kB Progress (3): 217 kB | 319/358 kB | 134 kB Progress (3): 217 kB | 323/358 kB | 134 kB Progress (3): 217 kB | 327/358 kB | 134 kB Progress (3): 217 kB | 331/358 kB | 134 kB Progress (3): 217 kB | 335/358 kB | 134 kB Progress (3): 217 kB | 340/358 kB | 134 kB Progress (3): 217 kB | 344/358 kB | 134 kB Progress (3): 217 kB | 348/358 kB | 134 kB Progress (3): 217 kB | 352/358 kB | 134 kB Progress (3): 217 kB | 356/358 kB | 134 kB Progress (3): 217 kB | 358 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 836 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 358 kB | 134 kB | 4.1/46 kB Progress (3): 358 kB | 134 kB | 7.7/46 kB Progress (3): 358 kB | 134 kB | 12/46 kB Progress (3): 358 kB | 134 kB | 16/46 kB Progress (4): 358 kB | 134 kB | 16/46 kB | 4.1/45 kB Progress (4): 358 kB | 134 kB | 20/46 kB | 4.1/45 kB Progress (4): 358 kB | 134 kB | 20/46 kB | 7.7/45 kB Progress (4): 358 kB | 134 kB | 24/46 kB | 7.7/45 kB Progress (4): 358 kB | 134 kB | 24/46 kB | 12/45 kB Progress (4): 358 kB | 134 kB | 28/46 kB | 12/45 kB Progress (4): 358 kB | 134 kB | 28/46 kB | 16/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 16/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 20/45 kB Progress (4): 358 kB | 134 kB | 32/46 kB | 24/45 kB Progress (4): 358 kB | 134 kB | 36/46 kB | 24/45 kB Progress (4): 358 kB | 134 kB | 36/46 kB | 28/45 kB Progress (4): 358 kB | 134 kB | 41/46 kB | 28/45 kB Progress (4): 358 kB | 134 kB | 41/46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 45/46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 32/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 36/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 41/45 kB Progress (4): 358 kB | 134 kB | 46 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (4): 134 kB | 46 kB | 45 kB | 4.1/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 7.7/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 20/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 24/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 28/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 32/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 36/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 57/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 61/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 65/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 69/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 73/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 77/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 81/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 90/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 102/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 106/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 110/640 kB Progress (4): 134 kB | 46 kB | 45 kB | 114/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 158 kB/s) Progress (3): 134 kB | 46 kB | 118/640 kB Progress (3): 134 kB | 46 kB | 122/640 kB Progress (3): 134 kB | 46 kB | 127/640 kB Progress (3): 134 kB | 46 kB | 131/640 kB Progress (3): 134 kB | 46 kB | 135/640 kB Progress (3): 134 kB | 46 kB | 139/640 kB Progress (3): 134 kB | 46 kB | 143/640 kB Progress (3): 134 kB | 46 kB | 147/640 kB Progress (3): 134 kB | 46 kB | 151/640 kB Progress (3): 134 kB | 46 kB | 155/640 kB Progress (3): 134 kB | 46 kB | 159/640 kB Progress (3): 134 kB | 46 kB | 163/640 kB Progress (3): 134 kB | 46 kB | 167/640 kB Progress (3): 134 kB | 46 kB | 172/640 kB Progress (3): 134 kB | 46 kB | 176/640 kB Progress (3): 134 kB | 46 kB | 180/640 kB Progress (3): 134 kB | 46 kB | 184/640 kB Progress (3): 134 kB | 46 kB | 188/640 kB Progress (3): 134 kB | 46 kB | 192/640 kB Progress (3): 134 kB | 46 kB | 196/640 kB Progress (3): 134 kB | 46 kB | 200/640 kB Progress (3): 134 kB | 46 kB | 204/640 kB Progress (3): 134 kB | 46 kB | 208/640 kB Progress (3): 134 kB | 46 kB | 213/640 kB Progress (3): 134 kB | 46 kB | 217/640 kB Progress (3): 134 kB | 46 kB | 221/640 kB Progress (3): 134 kB | 46 kB | 225/640 kB Progress (3): 134 kB | 46 kB | 229/640 kB Progress (3): 134 kB | 46 kB | 233/640 kB Progress (3): 134 kB | 46 kB | 237/640 kB Progress (3): 134 kB | 46 kB | 241/640 kB Progress (3): 134 kB | 46 kB | 245/640 kB Progress (3): 134 kB | 46 kB | 249/640 kB Progress (3): 134 kB | 46 kB | 254/640 kB Progress (3): 134 kB | 46 kB | 258/640 kB Progress (3): 134 kB | 46 kB | 262/640 kB Progress (3): 134 kB | 46 kB | 266/640 kB Progress (3): 134 kB | 46 kB | 270/640 kB Progress (3): 134 kB | 46 kB | 274/640 kB Progress (3): 134 kB | 46 kB | 278/640 kB Progress (3): 134 kB | 46 kB | 282/640 kB Progress (3): 134 kB | 46 kB | 286/640 kB Progress (3): 134 kB | 46 kB | 290/640 kB Progress (3): 134 kB | 46 kB | 294/640 kB Progress (3): 134 kB | 46 kB | 299/640 kB Progress (3): 134 kB | 46 kB | 303/640 kB Progress (3): 134 kB | 46 kB | 307/640 kB Progress (3): 134 kB | 46 kB | 311/640 kB Progress (3): 134 kB | 46 kB | 315/640 kB Progress (3): 134 kB | 46 kB | 319/640 kB Progress (3): 134 kB | 46 kB | 323/640 kB Progress (3): 134 kB | 46 kB | 327/640 kB Progress (3): 134 kB | 46 kB | 331/640 kB Progress (3): 134 kB | 46 kB | 335/640 kB Progress (3): 134 kB | 46 kB | 340/640 kB Progress (3): 134 kB | 46 kB | 344/640 kB Progress (3): 134 kB | 46 kB | 348/640 kB Progress (3): 134 kB | 46 kB | 352/640 kB Progress (3): 134 kB | 46 kB | 356/640 kB Progress (3): 134 kB | 46 kB | 360/640 kB Progress (3): 134 kB | 46 kB | 364/640 kB Progress (3): 134 kB | 46 kB | 368/640 kB Progress (3): 134 kB | 46 kB | 372/640 kB Progress (3): 134 kB | 46 kB | 376/640 kB Progress (3): 134 kB | 46 kB | 380/640 kB Progress (3): 134 kB | 46 kB | 385/640 kB Progress (3): 134 kB | 46 kB | 389/640 kB Progress (3): 134 kB | 46 kB | 393/640 kB Progress (3): 134 kB | 46 kB | 397/640 kB Progress (3): 134 kB | 46 kB | 401/640 kB Progress (3): 134 kB | 46 kB | 405/640 kB Progress (3): 134 kB | 46 kB | 409/640 kB Progress (3): 134 kB | 46 kB | 413/640 kB Progress (3): 134 kB | 46 kB | 417/640 kB Progress (3): 134 kB | 46 kB | 421/640 kB Progress (3): 134 kB | 46 kB | 426/640 kB Progress (3): 134 kB | 46 kB | 430/640 kB Progress (3): 134 kB | 46 kB | 434/640 kB Progress (3): 134 kB | 46 kB | 438/640 kB Progress (3): 134 kB | 46 kB | 442/640 kB Progress (3): 134 kB | 46 kB | 446/640 kB Progress (3): 134 kB | 46 kB | 450/640 kB Progress (3): 134 kB | 46 kB | 454/640 kB Progress (3): 134 kB | 46 kB | 458/640 kB Progress (3): 134 kB | 46 kB | 462/640 kB Progress (3): 134 kB | 46 kB | 466/640 kB Progress (3): 134 kB | 46 kB | 471/640 kB Progress (3): 134 kB | 46 kB | 475/640 kB Progress (3): 134 kB | 46 kB | 479/640 kB Progress (3): 134 kB | 46 kB | 483/640 kB Progress (3): 134 kB | 46 kB | 487/640 kB Progress (3): 134 kB | 46 kB | 491/640 kB Progress (3): 134 kB | 46 kB | 495/640 kB Progress (3): 134 kB | 46 kB | 499/640 kB Progress (3): 134 kB | 46 kB | 503/640 kB Progress (3): 134 kB | 46 kB | 507/640 kB Progress (3): 134 kB | 46 kB | 512/640 kB Progress (3): 134 kB | 46 kB | 516/640 kB Progress (3): 134 kB | 46 kB | 520/640 kB Progress (3): 134 kB | 46 kB | 524/640 kB Progress (3): 134 kB | 46 kB | 528/640 kB Progress (3): 134 kB | 46 kB | 532/640 kB Progress (3): 134 kB | 46 kB | 536/640 kB Progress (3): 134 kB | 46 kB | 540/640 kB Progress (3): 134 kB | 46 kB | 544/640 kB Progress (3): 134 kB | 46 kB | 548/640 kB Progress (3): 134 kB | 46 kB | 553/640 kB Progress (3): 134 kB | 46 kB | 557/640 kB Progress (3): 134 kB | 46 kB | 561/640 kB Progress (3): 134 kB | 46 kB | 565/640 kB Progress (3): 134 kB | 46 kB | 569/640 kB Progress (3): 134 kB | 46 kB | 573/640 kB Progress (3): 134 kB | 46 kB | 577/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 463 kB/s) Progress (2): 46 kB | 581/640 kB Progress (2): 46 kB | 585/640 kB Progress (2): 46 kB | 589/640 kB Progress (2): 46 kB | 593/640 kB Progress (2): 46 kB | 598/640 kB Progress (2): 46 kB | 602/640 kB Progress (2): 46 kB | 606/640 kB Progress (2): 46 kB | 610/640 kB Progress (2): 46 kB | 614/640 kB Progress (2): 46 kB | 618/640 kB Progress (2): 46 kB | 622/640 kB Progress (2): 46 kB | 626/640 kB Progress (2): 46 kB | 630/640 kB Progress (2): 46 kB | 634/640 kB Progress (2): 46 kB | 639/640 kB Progress (2): 46 kB | 640 kB Progress (3): 46 kB | 640 kB | 4.1/121 kB Progress (3): 46 kB | 640 kB | 7.7/121 kB Progress (3): 46 kB | 640 kB | 12/121 kB Progress (3): 46 kB | 640 kB | 16/121 kB Progress (3): 46 kB | 640 kB | 20/121 kB Progress (3): 46 kB | 640 kB | 24/121 kB Progress (3): 46 kB | 640 kB | 28/121 kB Progress (3): 46 kB | 640 kB | 32/121 kB Progress (3): 46 kB | 640 kB | 36/121 kB Progress (3): 46 kB | 640 kB | 40/121 kB Progress (3): 46 kB | 640 kB | 44/121 kB Progress (3): 46 kB | 640 kB | 48/121 kB Progress (3): 46 kB | 640 kB | 53/121 kB Progress (3): 46 kB | 640 kB | 57/121 kB Progress (3): 46 kB | 640 kB | 61/121 kB Progress (3): 46 kB | 640 kB | 65/121 kB Progress (3): 46 kB | 640 kB | 69/121 kB Progress (3): 46 kB | 640 kB | 73/121 kB Progress (3): 46 kB | 640 kB | 77/121 kB Progress (3): 46 kB | 640 kB | 81/121 kB Progress (3): 46 kB | 640 kB | 85/121 kB Progress (3): 46 kB | 640 kB | 89/121 kB Progress (3): 46 kB | 640 kB | 94/121 kB Progress (3): 46 kB | 640 kB | 98/121 kB Progress (3): 46 kB | 640 kB | 102/121 kB Progress (3): 46 kB | 640 kB | 106/121 kB Progress (3): 46 kB | 640 kB | 110/121 kB Progress (3): 46 kB | 640 kB | 114/121 kB Progress (3): 46 kB | 640 kB | 118/121 kB Progress (3): 46 kB | 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 154 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 390 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 506 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 428 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 975 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 345 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 514 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 312 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/316 kB Progress (1): 7.7/316 kB Progress (1): 12/316 kB Progress (1): 16/316 kB Progress (1): 20/316 kB Progress (1): 24/316 kB Progress (1): 28/316 kB Progress (1): 32/316 kB Progress (1): 36/316 kB Progress (1): 41/316 kB Progress (1): 45/316 kB Progress (1): 49/316 kB Progress (1): 53/316 kB Progress (1): 57/316 kB Progress (1): 61/316 kB Progress (1): 65/316 kB Progress (1): 69/316 kB Progress (1): 73/316 kB Progress (1): 77/316 kB Progress (1): 81/316 kB Progress (1): 86/316 kB Progress (1): 90/316 kB Progress (1): 94/316 kB Progress (1): 98/316 kB Progress (1): 102/316 kB Progress (1): 106/316 kB Progress (1): 110/316 kB Progress (1): 114/316 kB Progress (1): 118/316 kB Progress (1): 122/316 kB Progress (1): 127/316 kB Progress (1): 131/316 kB Progress (1): 135/316 kB Progress (1): 139/316 kB Progress (1): 143/316 kB Progress (1): 147/316 kB Progress (1): 151/316 kB Progress (1): 155/316 kB Progress (1): 159/316 kB Progress (1): 163/316 kB Progress (1): 167/316 kB Progress (1): 172/316 kB Progress (1): 176/316 kB Progress (1): 180/316 kB Progress (1): 184/316 kB Progress (1): 188/316 kB Progress (1): 192/316 kB Progress (1): 196/316 kB Progress (1): 200/316 kB Progress (1): 204/316 kB Progress (1): 208/316 kB Progress (1): 213/316 kB Progress (1): 217/316 kB Progress (1): 221/316 kB Progress (1): 225/316 kB Progress (1): 229/316 kB Progress (1): 232/316 kB Progress (1): 236/316 kB Progress (1): 240/316 kB Progress (1): 244/316 kB Progress (1): 248/316 kB Progress (1): 253/316 kB Progress (1): 257/316 kB Progress (1): 261/316 kB Progress (1): 265/316 kB Progress (1): 269/316 kB Progress (1): 273/316 kB Progress (1): 277/316 kB Progress (1): 281/316 kB Progress (1): 285/316 kB Progress (1): 289/316 kB Progress (1): 294/316 kB Progress (1): 298/316 kB Progress (1): 302/316 kB Progress (1): 306/316 kB Progress (1): 310/316 kB Progress (1): 314/316 kB Progress (1): 316 kB Progress (2): 316 kB | 4.1/35 kB Progress (2): 316 kB | 7.7/35 kB Progress (2): 316 kB | 12/35 kB Progress (2): 316 kB | 16/35 kB Progress (2): 316 kB | 20/35 kB Progress (2): 316 kB | 24/35 kB Progress (2): 316 kB | 28/35 kB Progress (2): 316 kB | 32/35 kB Progress (2): 316 kB | 35 kB Progress (3): 316 kB | 35 kB | 4.1/118 kB Progress (3): 316 kB | 35 kB | 7.7/118 kB Progress (3): 316 kB | 35 kB | 12/118 kB Progress (3): 316 kB | 35 kB | 16/118 kB Progress (3): 316 kB | 35 kB | 20/118 kB Progress (3): 316 kB | 35 kB | 24/118 kB Progress (3): 316 kB | 35 kB | 28/118 kB Progress (3): 316 kB | 35 kB | 32/118 kB Progress (3): 316 kB | 35 kB | 36/118 kB Progress (3): 316 kB | 35 kB | 41/118 kB Progress (3): 316 kB | 35 kB | 45/118 kB Progress (3): 316 kB | 35 kB | 49/118 kB Progress (3): 316 kB | 35 kB | 53/118 kB Progress (3): 316 kB | 35 kB | 57/118 kB Progress (3): 316 kB | 35 kB | 61/118 kB Progress (3): 316 kB | 35 kB | 65/118 kB Progress (3): 316 kB | 35 kB | 69/118 kB Progress (3): 316 kB | 35 kB | 73/118 kB Progress (3): 316 kB | 35 kB | 77/118 kB Progress (3): 316 kB | 35 kB | 81/118 kB Progress (3): 316 kB | 35 kB | 86/118 kB Progress (3): 316 kB | 35 kB | 90/118 kB Progress (3): 316 kB | 35 kB | 94/118 kB Progress (3): 316 kB | 35 kB | 98/118 kB Progress (3): 316 kB | 35 kB | 102/118 kB Progress (3): 316 kB | 35 kB | 106/118 kB Progress (3): 316 kB | 35 kB | 110/118 kB Progress (3): 316 kB | 35 kB | 114/118 kB Progress (3): 316 kB | 35 kB | 118 kB Progress (4): 316 kB | 35 kB | 118 kB | 4.1/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 7.7/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 12/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 16/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 20/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 24/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 28/31 kB Progress (4): 316 kB | 35 kB | 118 kB | 31 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 4.1/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 7.7/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 12/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 16/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 20/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 24/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 28/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 32/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 36/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 41/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 45/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 49/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 53/263 kB Progress (5): 316 kB | 35 kB | 118 kB | 31 kB | 57/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 826 kB/s) Progress (4): 316 kB | 118 kB | 31 kB | 61/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 316 kB | 118 kB | 31 kB | 65/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 69/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 73/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 77/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 81/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 86/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 90/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 94/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 98/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 102/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 106/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 110/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 114/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 118/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 122/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 127/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 131/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 135/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 139/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 143/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 147/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 151/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 155/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 159/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 163/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 167/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 172/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 176/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 180/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 184/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 188/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 192/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 196/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 200/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 204/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 208/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 213/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 217/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 221/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 225/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 229/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 233/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 237/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 241/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 245/263 kB Progress (4): 316 kB | 118 kB | 31 kB | 249/263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.5 MB/s) Progress (3): 316 kB | 31 kB | 254/263 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (3): 316 kB | 31 kB | 258/263 kB Progress (3): 316 kB | 31 kB | 262/263 kB Progress (3): 316 kB | 31 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 5.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 526 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 263 kB | 4.1/232 kB Progress (2): 263 kB | 7.7/232 kB Progress (2): 263 kB | 12/232 kB Progress (2): 263 kB | 16/232 kB Progress (2): 263 kB | 20/232 kB Progress (2): 263 kB | 24/232 kB Progress (2): 263 kB | 28/232 kB Progress (2): 263 kB | 32/232 kB Progress (2): 263 kB | 36/232 kB Progress (2): 263 kB | 41/232 kB Progress (2): 263 kB | 45/232 kB Progress (2): 263 kB | 49/232 kB Progress (2): 263 kB | 53/232 kB Progress (2): 263 kB | 57/232 kB Progress (2): 263 kB | 61/232 kB Progress (2): 263 kB | 65/232 kB Progress (2): 263 kB | 69/232 kB Progress (2): 263 kB | 73/232 kB Progress (2): 263 kB | 77/232 kB Progress (2): 263 kB | 81/232 kB Progress (2): 263 kB | 86/232 kB Progress (2): 263 kB | 90/232 kB Progress (2): 263 kB | 94/232 kB Progress (2): 263 kB | 98/232 kB Progress (2): 263 kB | 102/232 kB Progress (2): 263 kB | 106/232 kB Progress (2): 263 kB | 110/232 kB Progress (2): 263 kB | 114/232 kB Progress (2): 263 kB | 118/232 kB Progress (2): 263 kB | 122/232 kB Progress (2): 263 kB | 127/232 kB Progress (2): 263 kB | 131/232 kB Progress (2): 263 kB | 135/232 kB Progress (2): 263 kB | 139/232 kB Progress (2): 263 kB | 143/232 kB Progress (2): 263 kB | 147/232 kB Progress (2): 263 kB | 151/232 kB Progress (2): 263 kB | 155/232 kB Progress (2): 263 kB | 159/232 kB Progress (2): 263 kB | 163/232 kB Progress (2): 263 kB | 167/232 kB Progress (2): 263 kB | 172/232 kB Progress (2): 263 kB | 176/232 kB Progress (2): 263 kB | 180/232 kB Progress (2): 263 kB | 184/232 kB Progress (2): 263 kB | 188/232 kB Progress (2): 263 kB | 192/232 kB Progress (2): 263 kB | 196/232 kB Progress (2): 263 kB | 200/232 kB Progress (2): 263 kB | 204/232 kB Progress (2): 263 kB | 208/232 kB Progress (2): 263 kB | 213/232 kB Progress (2): 263 kB | 217/232 kB Progress (2): 263 kB | 221/232 kB Progress (2): 263 kB | 225/232 kB Progress (2): 263 kB | 229/232 kB Progress (2): 263 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 3.9 MB/s) Progress (2): 232 kB | 4.1/38 kB Progress (2): 232 kB | 7.7/38 kB Progress (2): 232 kB | 12/38 kB Progress (2): 232 kB | 16/38 kB Progress (2): 232 kB | 20/38 kB Progress (2): 232 kB | 24/38 kB Progress (2): 232 kB | 28/38 kB Progress (2): 232 kB | 32/38 kB Progress (2): 232 kB | 36/38 kB Progress (2): 232 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.8 MB/s) Progress (2): 38 kB | 4.1/10 kB Progress (2): 38 kB | 7.7/10 kB Progress (2): 38 kB | 10 kB Progress (3): 38 kB | 10 kB | 4.1/14 kB Progress (3): 38 kB | 10 kB | 7.7/14 kB Progress (3): 38 kB | 10 kB | 12/14 kB Progress (3): 38 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 417 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 123 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 75 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 615 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 193 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 843 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 374 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 10 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 417 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/327 kB Progress (1): 7.7/327 kB Progress (1): 12/327 kB Progress (1): 16/327 kB Progress (1): 20/327 kB Progress (1): 24/327 kB Progress (1): 28/327 kB Progress (1): 32/327 kB Progress (1): 36/327 kB Progress (1): 41/327 kB Progress (1): 45/327 kB Progress (1): 49/327 kB Progress (1): 53/327 kB Progress (1): 57/327 kB Progress (1): 61/327 kB Progress (1): 65/327 kB Progress (1): 69/327 kB Progress (1): 73/327 kB Progress (1): 77/327 kB Progress (1): 81/327 kB Progress (1): 86/327 kB Progress (1): 90/327 kB Progress (1): 94/327 kB Progress (1): 98/327 kB Progress (1): 102/327 kB Progress (1): 106/327 kB Progress (1): 110/327 kB Progress (1): 114/327 kB Progress (1): 118/327 kB Progress (1): 122/327 kB Progress (1): 127/327 kB Progress (1): 131/327 kB Progress (1): 135/327 kB Progress (1): 139/327 kB Progress (1): 143/327 kB Progress (1): 147/327 kB Progress (1): 151/327 kB Progress (1): 155/327 kB Progress (1): 159/327 kB Progress (1): 163/327 kB Progress (1): 167/327 kB Progress (1): 172/327 kB Progress (1): 176/327 kB Progress (1): 180/327 kB Progress (1): 184/327 kB Progress (1): 188/327 kB Progress (1): 192/327 kB Progress (1): 196/327 kB Progress (1): 200/327 kB Progress (1): 204/327 kB Progress (1): 208/327 kB Progress (1): 213/327 kB Progress (1): 217/327 kB Progress (1): 221/327 kB Progress (1): 225/327 kB Progress (1): 229/327 kB Progress (1): 233/327 kB Progress (1): 237/327 kB Progress (1): 241/327 kB Progress (1): 245/327 kB Progress (1): 249/327 kB Progress (1): 254/327 kB Progress (1): 258/327 kB Progress (1): 262/327 kB Progress (1): 266/327 kB Progress (1): 270/327 kB Progress (1): 274/327 kB Progress (1): 278/327 kB Progress (1): 282/327 kB Progress (1): 286/327 kB Progress (1): 290/327 kB Progress (1): 294/327 kB Progress (1): 299/327 kB Progress (1): 303/327 kB Progress (1): 307/327 kB Progress (1): 311/327 kB Progress (1): 315/327 kB Progress (1): 319/327 kB Progress (1): 323/327 kB Progress (1): 327 kB Progress (2): 327 kB | 4.1/79 kB Progress (2): 327 kB | 8.2/79 kB Progress (2): 327 kB | 12/79 kB Progress (2): 327 kB | 16/79 kB Progress (2): 327 kB | 20/79 kB Progress (2): 327 kB | 25/79 kB Progress (2): 327 kB | 29/79 kB Progress (2): 327 kB | 33/79 kB Progress (2): 327 kB | 37/79 kB Progress (2): 327 kB | 41/79 kB Progress (2): 327 kB | 45/79 kB Progress (2): 327 kB | 49/79 kB Progress (2): 327 kB | 53/79 kB Progress (2): 327 kB | 57/79 kB Progress (2): 327 kB | 61/79 kB Progress (2): 327 kB | 66/79 kB Progress (2): 327 kB | 70/79 kB Progress (2): 327 kB | 74/79 kB Progress (2): 327 kB | 78/79 kB Progress (2): 327 kB | 79 kB Progress (3): 327 kB | 79 kB | 4.1/26 kB Progress (3): 327 kB | 79 kB | 7.7/26 kB Progress (3): 327 kB | 79 kB | 12/26 kB Progress (3): 327 kB | 79 kB | 16/26 kB Progress (3): 327 kB | 79 kB | 20/26 kB Progress (3): 327 kB | 79 kB | 24/26 kB Progress (3): 327 kB | 79 kB | 26 kB Progress (4): 327 kB | 79 kB | 26 kB | 4.1/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 7.7/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 12/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 16/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 20/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 24/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 28/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 32/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 36/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 41/41 kB Progress (4): 327 kB | 79 kB | 26 kB | 41 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 4.1/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 7.7/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 12/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 16/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 20/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 24/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 28/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 32/36 kB Progress (5): 327 kB | 79 kB | 26 kB | 41 kB | 36 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 8.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 656 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Progress (3): 41 kB | 36 kB | 4.1/211 kB Progress (3): 41 kB | 36 kB | 7.7/211 kB Progress (3): 41 kB | 36 kB | 12/211 kB Progress (3): 41 kB | 36 kB | 16/211 kB Progress (3): 41 kB | 36 kB | 20/211 kB Progress (3): 41 kB | 36 kB | 24/211 kB Progress (3): 41 kB | 36 kB | 28/211 kB Progress (3): 41 kB | 36 kB | 32/211 kB Progress (3): 41 kB | 36 kB | 36/211 kB Progress (3): 41 kB | 36 kB | 41/211 kB Progress (4): 41 kB | 36 kB | 41/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 45/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 45/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 49/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 49/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 53/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 53/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 57/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 61/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 61/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 65/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 65/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 69/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 73/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 77/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 81/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 86/211 kB | 0/1.0 MB Progress (4): 41 kB | 36 kB | 86/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 90/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 90/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 94/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 98/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 98/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 102/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 102/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 106/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 110/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 110/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 114/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 114/211 kB | 0.1/1.0 MB Progress (4): 41 kB | 36 kB | 118/211 kB | 0.1/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 568 kB/s) Progress (3): 41 kB | 122/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 122/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 127/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 131/211 kB | 0.1/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (3): 41 kB | 135/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 135/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 139/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 143/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 143/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 147/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 147/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 151/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 151/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 155/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 155/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 159/211 kB | 0.1/1.0 MB Progress (3): 41 kB | 159/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 163/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 163/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 167/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 167/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 172/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 172/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 176/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 176/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 180/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 180/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 184/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 184/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 188/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 188/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 192/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 192/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 196/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 196/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 200/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 200/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 204/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 204/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 208/211 kB | 0.2/1.0 MB Progress (3): 41 kB | 211 kB | 0.2/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.3/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (3): 41 kB | 211 kB | 0.4/1.0 MB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.4/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.5/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.6/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.7/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.8/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 0.9/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Progress (4): 41 kB | 211 kB | 1.0/1.0 MB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 579 kB/s) Progress (3): 211 kB | 1.0/1.0 MB | 2.5 kB Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (3): 211 kB | 1.0 MB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (2): 1.0 MB | 4.1/58 kB Progress (2): 1.0 MB | 7.7/58 kB Progress (2): 1.0 MB | 12/58 kB Progress (3): 1.0 MB | 12/58 kB | 4.1/116 kB Progress (3): 1.0 MB | 16/58 kB | 4.1/116 kB Progress (3): 1.0 MB | 16/58 kB | 7.7/116 kB Progress (3): 1.0 MB | 16/58 kB | 12/116 kB Progress (3): 1.0 MB | 16/58 kB | 16/116 kB Progress (3): 1.0 MB | 20/58 kB | 16/116 kB Progress (3): 1.0 MB | 24/58 kB | 16/116 kB Progress (3): 1.0 MB | 24/58 kB | 20/116 kB Progress (3): 1.0 MB | 28/58 kB | 20/116 kB Progress (3): 1.0 MB | 28/58 kB | 24/116 kB Progress (3): 1.0 MB | 32/58 kB | 24/116 kB Progress (3): 1.0 MB | 32/58 kB | 28/116 kB Progress (3): 1.0 MB | 32/58 kB | 32/116 kB Progress (3): 1.0 MB | 36/58 kB | 32/116 kB Progress (3): 1.0 MB | 36/58 kB | 36/116 kB Progress (3): 1.0 MB | 41/58 kB | 36/116 kB Progress (3): 1.0 MB | 41/58 kB | 41/116 kB Progress (3): 1.0 MB | 45/58 kB | 41/116 kB Progress (3): 1.0 MB | 45/58 kB | 45/116 kB Progress (3): 1.0 MB | 49/58 kB | 45/116 kB Progress (3): 1.0 MB | 49/58 kB | 49/116 kB Progress (3): 1.0 MB | 53/58 kB | 49/116 kB Progress (3): 1.0 MB | 53/58 kB | 53/116 kB Progress (3): 1.0 MB | 57/58 kB | 53/116 kB Progress (3): 1.0 MB | 57/58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 61/116 kB Progress (3): 1.0 MB | 58 kB | 65/116 kB Progress (3): 1.0 MB | 58 kB | 69/116 kB Progress (3): 1.0 MB | 58 kB | 73/116 kB Progress (3): 1.0 MB | 58 kB | 77/116 kB Progress (3): 1.0 MB | 58 kB | 81/116 kB Progress (3): 1.0 MB | 58 kB | 86/116 kB Progress (3): 1.0 MB | 58 kB | 90/116 kB Progress (3): 1.0 MB | 58 kB | 94/116 kB Progress (3): 1.0 MB | 58 kB | 98/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 10 MB/s) Progress (3): 58 kB | 116 kB | 4.1/85 kB Progress (3): 58 kB | 116 kB | 7.7/85 kB Progress (3): 58 kB | 116 kB | 12/85 kB Progress (3): 58 kB | 116 kB | 16/85 kB Progress (3): 58 kB | 116 kB | 20/85 kB Progress (3): 58 kB | 116 kB | 24/85 kB Progress (3): 58 kB | 116 kB | 28/85 kB Progress (3): 58 kB | 116 kB | 32/85 kB Progress (3): 58 kB | 116 kB | 36/85 kB Progress (3): 58 kB | 116 kB | 41/85 kB Progress (3): 58 kB | 116 kB | 45/85 kB Progress (3): 58 kB | 116 kB | 49/85 kB Progress (3): 58 kB | 116 kB | 53/85 kB Progress (3): 58 kB | 116 kB | 57/85 kB Progress (3): 58 kB | 116 kB | 61/85 kB Progress (3): 58 kB | 116 kB | 65/85 kB Progress (3): 58 kB | 116 kB | 69/85 kB Progress (3): 58 kB | 116 kB | 73/85 kB Progress (3): 58 kB | 116 kB | 77/85 kB Progress (3): 58 kB | 116 kB | 81/85 kB Progress (3): 58 kB | 116 kB | 85 kB Progress (4): 58 kB | 116 kB | 85 kB | 4.1/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 7.7/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 12/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 16/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 20/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 24/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 28/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 32/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 36/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 41/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 45/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 49/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 53/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 57/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 61/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 65/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 69/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 73/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 77/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 81/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 86/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 90/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 94/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 98/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 102/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 106/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 110/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 114/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 118/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 122/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 127/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 131/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 135/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 139/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 143/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 147/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 151/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 155/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 159/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 163/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 167/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 172/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 176/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 180/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 184/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 188/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 192/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 196/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 200/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 204/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 208/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 213/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 217/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 221/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 225/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 229/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 233/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 237/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 241/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 245/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 249/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 254/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 258/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 262/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 266/267 kB Progress (4): 58 kB | 116 kB | 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 500 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 688 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 936 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.0 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 608 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 686 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 262 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 288 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 308 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 664 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 396 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 295 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 391 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 283 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 586 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/202 kB Progress (1): 7.7/202 kB Progress (1): 12/202 kB Progress (1): 16/202 kB Progress (1): 20/202 kB Progress (1): 24/202 kB Progress (1): 28/202 kB Progress (1): 32/202 kB Progress (1): 36/202 kB Progress (1): 40/202 kB Progress (1): 44/202 kB Progress (1): 48/202 kB Progress (1): 53/202 kB Progress (1): 57/202 kB Progress (1): 61/202 kB Progress (1): 65/202 kB Progress (1): 69/202 kB Progress (1): 73/202 kB Progress (1): 77/202 kB Progress (1): 81/202 kB Progress (1): 85/202 kB Progress (1): 89/202 kB Progress (1): 94/202 kB Progress (1): 98/202 kB Progress (1): 102/202 kB Progress (1): 106/202 kB Progress (1): 110/202 kB Progress (1): 114/202 kB Progress (1): 118/202 kB Progress (1): 122/202 kB Progress (1): 126/202 kB Progress (1): 130/202 kB Progress (1): 134/202 kB Progress (1): 139/202 kB Progress (1): 143/202 kB Progress (1): 147/202 kB Progress (1): 151/202 kB Progress (1): 155/202 kB Progress (1): 159/202 kB Progress (1): 163/202 kB Progress (1): 167/202 kB Progress (1): 171/202 kB Progress (1): 175/202 kB Progress (1): 180/202 kB Progress (1): 184/202 kB Progress (1): 188/202 kB Progress (1): 192/202 kB Progress (1): 196/202 kB Progress (1): 200/202 kB Progress (1): 202 kB Progress (2): 202 kB | 4.1/153 kB Progress (2): 202 kB | 7.7/153 kB Progress (2): 202 kB | 12/153 kB Progress (2): 202 kB | 16/153 kB Progress (2): 202 kB | 20/153 kB Progress (2): 202 kB | 24/153 kB Progress (2): 202 kB | 28/153 kB Progress (2): 202 kB | 32/153 kB Progress (3): 202 kB | 32/153 kB | 4.1/165 kB Progress (3): 202 kB | 36/153 kB | 4.1/165 kB Progress (3): 202 kB | 41/153 kB | 4.1/165 kB Progress (3): 202 kB | 41/153 kB | 7.7/165 kB Progress (3): 202 kB | 45/153 kB | 7.7/165 kB Progress (3): 202 kB | 45/153 kB | 12/165 kB Progress (3): 202 kB | 49/153 kB | 12/165 kB Progress (3): 202 kB | 49/153 kB | 16/165 kB Progress (3): 202 kB | 53/153 kB | 16/165 kB Progress (3): 202 kB | 57/153 kB | 16/165 kB Progress (3): 202 kB | 57/153 kB | 20/165 kB Progress (3): 202 kB | 61/153 kB | 20/165 kB Progress (3): 202 kB | 61/153 kB | 24/165 kB Progress (3): 202 kB | 65/153 kB | 24/165 kB Progress (3): 202 kB | 65/153 kB | 28/165 kB Progress (3): 202 kB | 69/153 kB | 28/165 kB Progress (3): 202 kB | 69/153 kB | 32/165 kB Progress (3): 202 kB | 73/153 kB | 32/165 kB Progress (3): 202 kB | 73/153 kB | 36/165 kB Progress (3): 202 kB | 77/153 kB | 36/165 kB Progress (3): 202 kB | 77/153 kB | 40/165 kB Progress (3): 202 kB | 81/153 kB | 40/165 kB Progress (3): 202 kB | 81/153 kB | 44/165 kB Progress (3): 202 kB | 86/153 kB | 44/165 kB Progress (3): 202 kB | 86/153 kB | 48/165 kB Progress (3): 202 kB | 90/153 kB | 48/165 kB Progress (3): 202 kB | 90/153 kB | 53/165 kB Progress (3): 202 kB | 94/153 kB | 53/165 kB Progress (3): 202 kB | 94/153 kB | 57/165 kB Progress (3): 202 kB | 98/153 kB | 57/165 kB Progress (3): 202 kB | 98/153 kB | 61/165 kB Progress (3): 202 kB | 102/153 kB | 61/165 kB Progress (3): 202 kB | 102/153 kB | 65/165 kB Progress (3): 202 kB | 106/153 kB | 65/165 kB Progress (3): 202 kB | 106/153 kB | 69/165 kB Progress (3): 202 kB | 110/153 kB | 69/165 kB Progress (3): 202 kB | 110/153 kB | 73/165 kB Progress (3): 202 kB | 114/153 kB | 73/165 kB Progress (3): 202 kB | 114/153 kB | 77/165 kB Progress (3): 202 kB | 118/153 kB | 77/165 kB Progress (3): 202 kB | 118/153 kB | 81/165 kB Progress (3): 202 kB | 122/153 kB | 81/165 kB Progress (3): 202 kB | 122/153 kB | 85/165 kB Progress (3): 202 kB | 127/153 kB | 85/165 kB Progress (3): 202 kB | 127/153 kB | 89/165 kB Progress (3): 202 kB | 131/153 kB | 89/165 kB Progress (3): 202 kB | 131/153 kB | 93/165 kB Progress (3): 202 kB | 135/153 kB | 93/165 kB Progress (3): 202 kB | 135/153 kB | 98/165 kB Progress (3): 202 kB | 135/153 kB | 102/165 kB Progress (3): 202 kB | 135/153 kB | 106/165 kB Progress (3): 202 kB | 139/153 kB | 106/165 kB Progress (3): 202 kB | 139/153 kB | 110/165 kB Progress (3): 202 kB | 143/153 kB | 110/165 kB Progress (3): 202 kB | 143/153 kB | 114/165 kB Progress (3): 202 kB | 147/153 kB | 114/165 kB Progress (3): 202 kB | 147/153 kB | 118/165 kB Progress (3): 202 kB | 151/153 kB | 118/165 kB Progress (3): 202 kB | 151/153 kB | 122/165 kB Progress (3): 202 kB | 153 kB | 122/165 kB Progress (3): 202 kB | 153 kB | 126/165 kB Progress (3): 202 kB | 153 kB | 130/165 kB Progress (3): 202 kB | 153 kB | 134/165 kB Progress (3): 202 kB | 153 kB | 139/165 kB Progress (3): 202 kB | 153 kB | 143/165 kB Progress (4): 202 kB | 153 kB | 143/165 kB | 4.1/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 4.1/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 7.7/472 kB Progress (4): 202 kB | 153 kB | 147/165 kB | 12/472 kB Progress (4): 202 kB | 153 kB | 151/165 kB | 12/472 kB Progress (4): 202 kB | 153 kB | 151/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 155/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 159/165 kB | 16/472 kB Progress (4): 202 kB | 153 kB | 159/165 kB | 20/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 20/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 24/472 kB Progress (4): 202 kB | 153 kB | 163/165 kB | 28/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 28/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 32/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 36/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 41/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 45/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 49/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 53/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 57/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 61/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 65/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 69/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 73/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 77/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 81/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 86/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 90/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 94/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 98/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 102/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 106/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 110/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 114/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 118/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 122/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 127/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 131/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 135/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 139/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 143/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 147/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 151/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 155/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 159/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 163/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 167/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 172/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 176/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 180/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 184/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 188/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 192/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 196/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 200/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 204/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 208/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 213/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 217/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 221/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 225/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 229/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 233/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 237/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 241/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 245/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 249/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 254/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 258/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 262/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 266/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 270/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 274/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 278/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 282/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 286/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 290/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 294/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 299/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 303/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 307/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 311/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 315/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 319/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 323/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 327/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 331/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 335/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 340/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 344/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 348/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 352/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 356/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 360/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 364/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 368/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 372/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 376/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 380/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 385/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 389/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 393/472 kB Progress (4): 202 kB | 153 kB | 165 kB | 397/472 kB Progress (5): 202 kB | 153 kB | 165 kB | 397/472 kB | 4.1/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 401/472 kB | 4.1/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 401/472 kB | 7.7/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 405/472 kB | 7.7/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 405/472 kB | 12/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 409/472 kB | 12/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 409/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 413/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 417/472 kB | 16/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 417/472 kB | 20/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 421/472 kB | 20/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 421/472 kB | 24/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 426/472 kB | 24/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 426/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 430/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 434/472 kB | 28/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 434/472 kB | 32/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 438/472 kB | 32/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 438/472 kB | 36/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 442/472 kB | 36/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 442/472 kB | 40/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 446/472 kB | 40/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 446/472 kB | 44/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 44/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 48/49 kB Progress (5): 202 kB | 153 kB | 165 kB | 450/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 454/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 458/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 462/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 466/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 471/472 kB | 49 kB Progress (5): 202 kB | 153 kB | 165 kB | 472 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 5.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 889 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 472 kB | 4.1/527 kB Progress (2): 472 kB | 7.7/527 kB Progress (2): 472 kB | 12/527 kB Progress (2): 472 kB | 16/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 8.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (1): 20/527 kB Progress (1): 24/527 kB Progress (1): 28/527 kB Progress (1): 32/527 kB Progress (1): 36/527 kB Progress (1): 40/527 kB Progress (1): 44/527 kB Progress (1): 48/527 kB Progress (1): 53/527 kB Progress (1): 57/527 kB Progress (1): 61/527 kB Progress (1): 65/527 kB Progress (1): 69/527 kB Progress (1): 73/527 kB Progress (1): 77/527 kB Progress (1): 81/527 kB Progress (1): 85/527 kB Progress (1): 89/527 kB Progress (1): 94/527 kB Progress (1): 98/527 kB Progress (1): 102/527 kB Progress (1): 106/527 kB Progress (1): 110/527 kB Progress (1): 114/527 kB Progress (1): 118/527 kB Progress (1): 122/527 kB Progress (1): 126/527 kB Progress (1): 130/527 kB Progress (1): 134/527 kB Progress (1): 139/527 kB Progress (1): 143/527 kB Progress (1): 147/527 kB Progress (1): 151/527 kB Progress (1): 155/527 kB Progress (1): 159/527 kB Progress (1): 163/527 kB Progress (1): 167/527 kB Progress (1): 171/527 kB Progress (1): 175/527 kB Progress (1): 180/527 kB Progress (1): 184/527 kB Progress (1): 188/527 kB Progress (1): 192/527 kB Progress (1): 196/527 kB Progress (1): 200/527 kB Progress (1): 204/527 kB Progress (1): 208/527 kB Progress (1): 212/527 kB Progress (1): 216/527 kB Progress (1): 220/527 kB Progress (1): 225/527 kB Progress (1): 229/527 kB Progress (1): 233/527 kB Progress (1): 237/527 kB Progress (1): 241/527 kB Progress (1): 245/527 kB Progress (1): 249/527 kB Progress (1): 253/527 kB Progress (1): 257/527 kB Progress (1): 261/527 kB Progress (1): 266/527 kB Progress (1): 270/527 kB Progress (1): 274/527 kB Progress (1): 278/527 kB Progress (1): 282/527 kB Progress (1): 286/527 kB Progress (1): 290/527 kB Progress (1): 294/527 kB Progress (1): 298/527 kB Progress (1): 302/527 kB Progress (1): 307/527 kB Progress (1): 311/527 kB Progress (1): 315/527 kB Progress (1): 319/527 kB Progress (1): 323/527 kB Progress (1): 327/527 kB Progress (1): 331/527 kB Progress (1): 335/527 kB Progress (1): 339/527 kB Progress (1): 343/527 kB Progress (1): 347/527 kB Progress (1): 352/527 kB Progress (1): 356/527 kB Progress (1): 360/527 kB Progress (1): 364/527 kB Progress (1): 368/527 kB Progress (1): 372/527 kB Progress (1): 376/527 kB Progress (1): 380/527 kB Progress (1): 384/527 kB Progress (1): 388/527 kB Progress (1): 393/527 kB Progress (1): 397/527 kB Progress (1): 401/527 kB Progress (1): 405/527 kB Progress (1): 409/527 kB Progress (1): 413/527 kB Progress (1): 417/527 kB Progress (1): 421/527 kB Progress (1): 425/527 kB Progress (1): 429/527 kB Progress (1): 433/527 kB Progress (1): 438/527 kB Progress (1): 442/527 kB Progress (1): 446/527 kB Progress (1): 450/527 kB Progress (1): 454/527 kB Progress (1): 458/527 kB Progress (1): 462/527 kB Progress (1): 466/527 kB Progress (1): 470/527 kB Progress (1): 474/527 kB Progress (1): 479/527 kB Progress (1): 483/527 kB Progress (1): 487/527 kB Progress (1): 491/527 kB Progress (1): 495/527 kB Progress (1): 499/527 kB Progress (1): 503/527 kB Progress (1): 507/527 kB Progress (1): 511/527 kB Progress (1): 515/527 kB Progress (1): 519/527 kB Progress (1): 524/527 kB Progress (1): 527 kB Progress (2): 527 kB | 4.1/30 kB Progress (2): 527 kB | 7.7/30 kB Progress (2): 527 kB | 12/30 kB Progress (2): 527 kB | 16/30 kB Progress (2): 527 kB | 20/30 kB Progress (2): 527 kB | 24/30 kB Progress (2): 527 kB | 28/30 kB Progress (2): 527 kB | 30 kB Progress (3): 527 kB | 30 kB | 4.1/47 kB Progress (3): 527 kB | 30 kB | 7.7/47 kB Progress (3): 527 kB | 30 kB | 12/47 kB Progress (3): 527 kB | 30 kB | 16/47 kB Progress (3): 527 kB | 30 kB | 20/47 kB Progress (3): 527 kB | 30 kB | 24/47 kB Progress (3): 527 kB | 30 kB | 28/47 kB Progress (3): 527 kB | 30 kB | 32/47 kB Progress (3): 527 kB | 30 kB | 36/47 kB Progress (3): 527 kB | 30 kB | 40/47 kB Progress (3): 527 kB | 30 kB | 44/47 kB Progress (3): 527 kB | 30 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (3): 30 kB | 47 kB | 4.1/38 kB Progress (3): 30 kB | 47 kB | 7.7/38 kB Progress (3): 30 kB | 47 kB | 12/38 kB Progress (3): 30 kB | 47 kB | 16/38 kB Progress (3): 30 kB | 47 kB | 20/38 kB Progress (3): 30 kB | 47 kB | 24/38 kB Progress (3): 30 kB | 47 kB | 28/38 kB Progress (3): 30 kB | 47 kB | 32/38 kB Progress (3): 30 kB | 47 kB | 36/38 kB Progress (3): 30 kB | 47 kB | 38 kB Progress (4): 30 kB | 47 kB | 38 kB | 4.1/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 7.7/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 12/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 16/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 20/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 24/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 28/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 32/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 36/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 41/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 45/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 49/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 53/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 57/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 61/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 65/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 69/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 73/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 77/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 81/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 86/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 90/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 94/148 kB Progress (4): 30 kB | 47 kB | 38 kB | 98/148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 354 kB/s) Progress (3): 47 kB | 38 kB | 102/148 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (3): 47 kB | 38 kB | 106/148 kB Progress (3): 47 kB | 38 kB | 110/148 kB Progress (3): 47 kB | 38 kB | 114/148 kB Progress (3): 47 kB | 38 kB | 118/148 kB Progress (3): 47 kB | 38 kB | 122/148 kB Progress (3): 47 kB | 38 kB | 127/148 kB Progress (3): 47 kB | 38 kB | 131/148 kB Progress (3): 47 kB | 38 kB | 135/148 kB Progress (3): 47 kB | 38 kB | 139/148 kB Progress (3): 47 kB | 38 kB | 143/148 kB Progress (3): 47 kB | 38 kB | 147/148 kB Progress (3): 47 kB | 38 kB | 148 kB Progress (4): 47 kB | 38 kB | 148 kB | 4.1/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 8.2/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 12/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 16/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 20/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 25/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 29/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 33/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 37/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 41/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 45/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 49/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 51 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 4.1/106 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 7.7/106 kB Progress (5): 47 kB | 38 kB | 148 kB | 51 kB | 12/106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 458 kB/s) Progress (4): 38 kB | 148 kB | 51 kB | 16/106 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (4): 38 kB | 148 kB | 51 kB | 20/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 24/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 28/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 32/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 36/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 41/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 45/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 49/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 53/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 57/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 61/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 65/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 69/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 73/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 77/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 81/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 86/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 90/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 94/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 98/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 102/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 106/106 kB Progress (4): 38 kB | 148 kB | 51 kB | 106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 430 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 886 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (1): 4.1/74 kB Progress (1): 7.7/74 kB Progress (1): 12/74 kB Progress (1): 16/74 kB Progress (1): 20/74 kB Progress (1): 24/74 kB Progress (1): 28/74 kB Progress (1): 32/74 kB Progress (1): 36/74 kB Progress (1): 41/74 kB Progress (1): 45/74 kB Progress (1): 49/74 kB Progress (1): 53/74 kB Progress (1): 57/74 kB Progress (1): 61/74 kB Progress (1): 65/74 kB Progress (1): 69/74 kB Progress (1): 73/74 kB Progress (1): 74 kB Progress (2): 74 kB | 4.1/14 kB Progress (2): 74 kB | 7.7/14 kB Progress (2): 74 kB | 12/14 kB Progress (2): 74 kB | 14 kB Progress (3): 74 kB | 14 kB | 4.1/108 kB Progress (4): 74 kB | 14 kB | 4.1/108 kB | 4.1/61 kB Progress (4): 74 kB | 14 kB | 7.7/108 kB | 4.1/61 kB Progress (4): 74 kB | 14 kB | 7.7/108 kB | 7.7/61 kB Progress (4): 74 kB | 14 kB | 12/108 kB | 7.7/61 kB Progress (4): 74 kB | 14 kB | 12/108 kB | 12/61 kB Progress (4): 74 kB | 14 kB | 16/108 kB | 12/61 kB Progress (4): 74 kB | 14 kB | 16/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 20/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 24/108 kB | 16/61 kB Progress (4): 74 kB | 14 kB | 24/108 kB | 20/61 kB Progress (4): 74 kB | 14 kB | 28/108 kB | 20/61 kB Progress (4): 74 kB | 14 kB | 28/108 kB | 24/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 24/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 28/61 kB Progress (4): 74 kB | 14 kB | 32/108 kB | 32/61 kB Progress (4): 74 kB | 14 kB | 36/108 kB | 32/61 kB Progress (4): 74 kB | 14 kB | 36/108 kB | 36/61 kB Progress (4): 74 kB | 14 kB | 41/108 kB | 36/61 kB Progress (4): 74 kB | 14 kB | 41/108 kB | 41/61 kB Progress (4): 74 kB | 14 kB | 45/108 kB | 41/61 kB Progress (4): 74 kB | 14 kB | 45/108 kB | 45/61 kB Progress (4): 74 kB | 14 kB | 49/108 kB | 45/61 kB Progress (4): 74 kB | 14 kB | 49/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 53/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 57/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 61/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 65/108 kB | 49/61 kB Progress (4): 74 kB | 14 kB | 65/108 kB | 53/61 kB Progress (4): 74 kB | 14 kB | 69/108 kB | 53/61 kB Progress (4): 74 kB | 14 kB | 69/108 kB | 57/61 kB Progress (4): 74 kB | 14 kB | 73/108 kB | 57/61 kB Progress (4): 74 kB | 14 kB | 73/108 kB | 61/61 kB Progress (4): 74 kB | 14 kB | 77/108 kB | 61/61 kB Progress (4): 74 kB | 14 kB | 77/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 81/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 86/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 90/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 94/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 98/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 102/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 106/108 kB | 61 kB Progress (4): 74 kB | 14 kB | 108 kB | 61 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 4.1/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 7.7/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 12/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 16/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 20/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 24/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 28/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 32/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 36/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 41/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 45/46 kB Progress (5): 74 kB | 14 kB | 108 kB | 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 491 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 402 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 670 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (1): 4.1/29 kB Progress (1): 7.7/29 kB Progress (1): 12/29 kB Progress (1): 16/29 kB Progress (1): 20/29 kB Progress (1): 24/29 kB Progress (1): 28/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/52 kB Progress (2): 29 kB | 7.7/52 kB Progress (2): 29 kB | 12/52 kB Progress (2): 29 kB | 16/52 kB Progress (2): 29 kB | 20/52 kB Progress (2): 29 kB | 24/52 kB Progress (2): 29 kB | 28/52 kB Progress (2): 29 kB | 32/52 kB Progress (2): 29 kB | 36/52 kB Progress (2): 29 kB | 41/52 kB Progress (2): 29 kB | 45/52 kB Progress (2): 29 kB | 49/52 kB Progress (2): 29 kB | 52 kB Progress (3): 29 kB | 52 kB | 4.1/4.2 kB Progress (3): 29 kB | 52 kB | 4.2 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 4.1/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 7.7/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 12/13 kB Progress (4): 29 kB | 52 kB | 4.2 kB | 13 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 4.1/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 7.7/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 12/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 16/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 20/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 24/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 28/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 32/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 36/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 41/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 45/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 49/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 53/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 57/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 61/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 65/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 69/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 73/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 77/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 81/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 86/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 90/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 94/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 98/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 102/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 106/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 110/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 114/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 118/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 122/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 127/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 131/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 135/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 139/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 143/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 147/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 151/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 155/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 159/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 163/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 167/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 172/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 176/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 180/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 184/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 188/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 192/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 196/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 200/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 204/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 208/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 213/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 217/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 221/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 225/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 229/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 233/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 237/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 241/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 245/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 249/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 254/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 258/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 262/263 kB Progress (5): 29 kB | 52 kB | 4.2 kB | 13 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 265 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (2): 263 kB | 4.1/120 kB Progress (2): 263 kB | 7.7/120 kB Progress (2): 263 kB | 12/120 kB Progress (2): 263 kB | 16/120 kB Progress (2): 263 kB | 20/120 kB Progress (2): 263 kB | 24/120 kB Progress (2): 263 kB | 28/120 kB Progress (2): 263 kB | 32/120 kB Progress (2): 263 kB | 36/120 kB Progress (2): 263 kB | 41/120 kB Progress (2): 263 kB | 45/120 kB Progress (2): 263 kB | 49/120 kB Progress (2): 263 kB | 53/120 kB Progress (2): 263 kB | 57/120 kB Progress (2): 263 kB | 61/120 kB Progress (2): 263 kB | 65/120 kB Progress (2): 263 kB | 69/120 kB Progress (2): 263 kB | 73/120 kB Progress (2): 263 kB | 77/120 kB Progress (2): 263 kB | 81/120 kB Progress (2): 263 kB | 86/120 kB Progress (2): 263 kB | 90/120 kB Progress (2): 263 kB | 94/120 kB Progress (2): 263 kB | 98/120 kB Progress (2): 263 kB | 102/120 kB Progress (2): 263 kB | 106/120 kB Progress (2): 263 kB | 110/120 kB Progress (2): 263 kB | 114/120 kB Progress (2): 263 kB | 118/120 kB Progress (2): 263 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (2): 120 kB | 4.1/61 kB Progress (2): 120 kB | 7.7/61 kB Progress (2): 120 kB | 12/61 kB Progress (2): 120 kB | 16/61 kB Progress (2): 120 kB | 20/61 kB Progress (2): 120 kB | 24/61 kB Progress (2): 120 kB | 28/61 kB Progress (2): 120 kB | 32/61 kB Progress (2): 120 kB | 36/61 kB Progress (2): 120 kB | 41/61 kB Progress (2): 120 kB | 45/61 kB Progress (2): 120 kB | 49/61 kB Progress (2): 120 kB | 53/61 kB Progress (2): 120 kB | 57/61 kB Progress (2): 120 kB | 61/61 kB Progress (2): 120 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 537 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/164 kB Progress (2): 61 kB | 7.7/164 kB Progress (2): 61 kB | 12/164 kB Progress (2): 61 kB | 16/164 kB Progress (2): 61 kB | 20/164 kB Progress (2): 61 kB | 24/164 kB Progress (2): 61 kB | 28/164 kB Progress (2): 61 kB | 32/164 kB Progress (2): 61 kB | 36/164 kB Progress (2): 61 kB | 41/164 kB Progress (2): 61 kB | 45/164 kB Progress (2): 61 kB | 49/164 kB Progress (2): 61 kB | 53/164 kB Progress (2): 61 kB | 57/164 kB Progress (2): 61 kB | 61/164 kB Progress (2): 61 kB | 65/164 kB Progress (2): 61 kB | 69/164 kB Progress (2): 61 kB | 73/164 kB Progress (2): 61 kB | 77/164 kB Progress (2): 61 kB | 81/164 kB Progress (2): 61 kB | 86/164 kB Progress (2): 61 kB | 90/164 kB Progress (2): 61 kB | 94/164 kB Progress (2): 61 kB | 98/164 kB Progress (2): 61 kB | 102/164 kB Progress (2): 61 kB | 106/164 kB Progress (2): 61 kB | 110/164 kB Progress (2): 61 kB | 114/164 kB Progress (2): 61 kB | 118/164 kB Progress (2): 61 kB | 122/164 kB Progress (2): 61 kB | 127/164 kB Progress (2): 61 kB | 131/164 kB Progress (2): 61 kB | 135/164 kB Progress (2): 61 kB | 139/164 kB Progress (2): 61 kB | 143/164 kB Progress (2): 61 kB | 147/164 kB Progress (2): 61 kB | 151/164 kB Progress (2): 61 kB | 155/164 kB Progress (2): 61 kB | 159/164 kB Progress (2): 61 kB | 163/164 kB Progress (2): 61 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 262 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 4.1/335 kB Progress (2): 164 kB | 7.7/335 kB Progress (2): 164 kB | 12/335 kB Progress (2): 164 kB | 16/335 kB Progress (2): 164 kB | 20/335 kB Progress (2): 164 kB | 24/335 kB Progress (2): 164 kB | 28/335 kB Progress (2): 164 kB | 32/335 kB Progress (2): 164 kB | 36/335 kB Progress (2): 164 kB | 41/335 kB Progress (2): 164 kB | 45/335 kB Progress (2): 164 kB | 49/335 kB Progress (2): 164 kB | 53/335 kB Progress (2): 164 kB | 57/335 kB Progress (2): 164 kB | 61/335 kB Progress (2): 164 kB | 65/335 kB Progress (2): 164 kB | 69/335 kB Progress (2): 164 kB | 73/335 kB Progress (2): 164 kB | 77/335 kB Progress (2): 164 kB | 81/335 kB Progress (2): 164 kB | 86/335 kB Progress (2): 164 kB | 90/335 kB Progress (2): 164 kB | 94/335 kB Progress (2): 164 kB | 98/335 kB Progress (2): 164 kB | 102/335 kB Progress (2): 164 kB | 106/335 kB Progress (2): 164 kB | 110/335 kB Progress (2): 164 kB | 114/335 kB Progress (2): 164 kB | 118/335 kB Progress (2): 164 kB | 122/335 kB Progress (2): 164 kB | 127/335 kB Progress (2): 164 kB | 131/335 kB Progress (2): 164 kB | 135/335 kB Progress (2): 164 kB | 139/335 kB Progress (2): 164 kB | 143/335 kB Progress (2): 164 kB | 147/335 kB Progress (2): 164 kB | 151/335 kB Progress (2): 164 kB | 155/335 kB Progress (2): 164 kB | 159/335 kB Progress (2): 164 kB | 163/335 kB Progress (2): 164 kB | 167/335 kB Progress (2): 164 kB | 172/335 kB Progress (2): 164 kB | 176/335 kB Progress (2): 164 kB | 180/335 kB Progress (2): 164 kB | 184/335 kB Progress (2): 164 kB | 188/335 kB Progress (2): 164 kB | 192/335 kB Progress (2): 164 kB | 196/335 kB Progress (2): 164 kB | 200/335 kB Progress (2): 164 kB | 204/335 kB Progress (2): 164 kB | 208/335 kB Progress (2): 164 kB | 213/335 kB Progress (2): 164 kB | 217/335 kB Progress (2): 164 kB | 221/335 kB Progress (2): 164 kB | 225/335 kB Progress (2): 164 kB | 229/335 kB Progress (2): 164 kB | 233/335 kB Progress (2): 164 kB | 237/335 kB Progress (2): 164 kB | 241/335 kB Progress (2): 164 kB | 245/335 kB Progress (2): 164 kB | 249/335 kB Progress (2): 164 kB | 254/335 kB Progress (2): 164 kB | 258/335 kB Progress (2): 164 kB | 262/335 kB Progress (2): 164 kB | 266/335 kB Progress (2): 164 kB | 270/335 kB Progress (2): 164 kB | 274/335 kB Progress (2): 164 kB | 278/335 kB Progress (2): 164 kB | 282/335 kB Progress (2): 164 kB | 286/335 kB Progress (2): 164 kB | 290/335 kB Progress (2): 164 kB | 294/335 kB Progress (2): 164 kB | 299/335 kB Progress (2): 164 kB | 303/335 kB Progress (2): 164 kB | 307/335 kB Progress (2): 164 kB | 311/335 kB Progress (2): 164 kB | 315/335 kB Progress (2): 164 kB | 319/335 kB Progress (2): 164 kB | 323/335 kB Progress (2): 164 kB | 327/335 kB Progress (2): 164 kB | 331/335 kB Progress (2): 164 kB | 335 kB Progress (3): 164 kB | 335 kB | 4.1/26 kB Progress (3): 164 kB | 335 kB | 7.7/26 kB Progress (3): 164 kB | 335 kB | 12/26 kB Progress (3): 164 kB | 335 kB | 16/26 kB Progress (3): 164 kB | 335 kB | 20/26 kB Progress (3): 164 kB | 335 kB | 24/26 kB Progress (3): 164 kB | 335 kB | 26 kB Progress (4): 164 kB | 335 kB | 26 kB | 4.1/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 7.7/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 12/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 16/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 20/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 24/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 28/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 32/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 36/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 41/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 45/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 49/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 53/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 57/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 61/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 65/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 69/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 73/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 77/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 81/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 86/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 90/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 94/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 98/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 102/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 106/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 110/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 114/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 118/122 kB Progress (4): 164 kB | 335 kB | 26 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 650 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (4): 335 kB | 26 kB | 122 kB | 4.1/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 7.7/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 12/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 16/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 20/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 24/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 28/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 32/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 36/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 41/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 45/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 49/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 53/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 57/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 61/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 65/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 69/72 kB Progress (4): 335 kB | 26 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 464 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (1): 4.1/53 kB Progress (1): 7.7/53 kB Progress (1): 12/53 kB Progress (1): 16/53 kB Progress (1): 20/53 kB Progress (1): 24/53 kB Progress (1): 28/53 kB Progress (1): 32/53 kB Progress (1): 36/53 kB Progress (1): 41/53 kB Progress (1): 45/53 kB Progress (1): 49/53 kB Progress (1): 53 kB Progress (2): 53 kB | 4.1/33 kB Progress (2): 53 kB | 7.7/33 kB Progress (2): 53 kB | 12/33 kB Progress (2): 53 kB | 16/33 kB Progress (2): 53 kB | 20/33 kB Progress (2): 53 kB | 24/33 kB Progress (2): 53 kB | 28/33 kB Progress (2): 53 kB | 32/33 kB Progress (2): 53 kB | 33 kB Progress (3): 53 kB | 33 kB | 4.1/37 kB Progress (3): 53 kB | 33 kB | 7.7/37 kB Progress (3): 53 kB | 33 kB | 12/37 kB Progress (3): 53 kB | 33 kB | 16/37 kB Progress (3): 53 kB | 33 kB | 20/37 kB Progress (3): 53 kB | 33 kB | 24/37 kB Progress (3): 53 kB | 33 kB | 28/37 kB Progress (3): 53 kB | 33 kB | 32/37 kB Progress (3): 53 kB | 33 kB | 36/37 kB Progress (3): 53 kB | 33 kB | 37 kB Progress (4): 53 kB | 33 kB | 37 kB | 4.1/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 7.7/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 12/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 16/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 20/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 24/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 28/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 32/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 36/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 41/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 45/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 49/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 53/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 57/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 61/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 65/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 69/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 73/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 77/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 81/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 86/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 90/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 94/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 98/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 102/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 106/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 110/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 114/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 118/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 122/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 127/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 131/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 135/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 139/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 143/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 147/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 151/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 155/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 159/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 163/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 167/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 172/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 176/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 180/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 184/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 188/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 192/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 196/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 200/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 204/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 208/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 213/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 217/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 221/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 225/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 229/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 233/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 237/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 241/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 245/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 249/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 254/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 258/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 262/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 266/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 270/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 274/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 278/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 282/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 286/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 290/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 294/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 299/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 303/305 kB Progress (4): 53 kB | 33 kB | 37 kB | 305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 927 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (1): 4.1/180 kB Progress (1): 8.2/180 kB Progress (1): 12/180 kB Progress (1): 16/180 kB Progress (2): 16/180 kB | 4.1/134 kB Progress (2): 20/180 kB | 4.1/134 kB Progress (2): 25/180 kB | 4.1/134 kB Progress (2): 25/180 kB | 7.7/134 kB Progress (2): 29/180 kB | 7.7/134 kB Progress (2): 29/180 kB | 12/134 kB Progress (2): 33/180 kB | 12/134 kB Progress (2): 33/180 kB | 16/134 kB Progress (2): 37/180 kB | 16/134 kB Progress (2): 41/180 kB | 16/134 kB Progress (2): 41/180 kB | 20/134 kB Progress (2): 41/180 kB | 24/134 kB Progress (2): 45/180 kB | 24/134 kB Progress (2): 45/180 kB | 28/134 kB Progress (2): 49/180 kB | 28/134 kB Progress (2): 49/180 kB | 32/134 kB Progress (2): 53/180 kB | 32/134 kB Progress (2): 57/180 kB | 32/134 kB Progress (2): 57/180 kB | 36/134 kB Progress (2): 61/180 kB | 36/134 kB Progress (2): 61/180 kB | 41/134 kB Progress (2): 66/180 kB | 41/134 kB Progress (2): 66/180 kB | 45/134 kB Progress (2): 70/180 kB | 45/134 kB Progress (2): 70/180 kB | 49/134 kB Progress (2): 74/180 kB | 49/134 kB Progress (2): 74/180 kB | 53/134 kB Progress (2): 74/180 kB | 57/134 kB Progress (2): 78/180 kB | 57/134 kB Progress (2): 78/180 kB | 61/134 kB Progress (2): 82/180 kB | 61/134 kB Progress (2): 82/180 kB | 65/134 kB Progress (2): 86/180 kB | 65/134 kB Progress (2): 86/180 kB | 69/134 kB Progress (2): 90/180 kB | 69/134 kB Progress (2): 90/180 kB | 73/134 kB Progress (2): 90/180 kB | 77/134 kB Progress (2): 94/180 kB | 77/134 kB Progress (2): 94/180 kB | 81/134 kB Progress (2): 98/180 kB | 81/134 kB Progress (2): 98/180 kB | 86/134 kB Progress (2): 102/180 kB | 86/134 kB Progress (2): 102/180 kB | 90/134 kB Progress (2): 106/180 kB | 90/134 kB Progress (2): 106/180 kB | 94/134 kB Progress (2): 106/180 kB | 98/134 kB Progress (2): 111/180 kB | 98/134 kB Progress (2): 111/180 kB | 102/134 kB Progress (2): 115/180 kB | 102/134 kB Progress (2): 115/180 kB | 106/134 kB Progress (2): 119/180 kB | 106/134 kB Progress (2): 119/180 kB | 110/134 kB Progress (2): 123/180 kB | 110/134 kB Progress (2): 123/180 kB | 114/134 kB Progress (2): 123/180 kB | 118/134 kB Progress (2): 123/180 kB | 122/134 kB Progress (2): 123/180 kB | 127/134 kB Progress (2): 123/180 kB | 131/134 kB Progress (2): 123/180 kB | 134 kB Progress (2): 127/180 kB | 134 kB Progress (2): 131/180 kB | 134 kB Progress (2): 135/180 kB | 134 kB Progress (2): 139/180 kB | 134 kB Progress (2): 143/180 kB | 134 kB Progress (2): 147/180 kB | 134 kB Progress (2): 152/180 kB | 134 kB Progress (2): 156/180 kB | 134 kB Progress (2): 160/180 kB | 134 kB Progress (2): 164/180 kB | 134 kB Progress (2): 168/180 kB | 134 kB Progress (2): 172/180 kB | 134 kB Progress (2): 176/180 kB | 134 kB Progress (2): 180 kB | 134 kB Progress (3): 180 kB | 134 kB | 4.1/215 kB Progress (3): 180 kB | 134 kB | 7.7/215 kB Progress (3): 180 kB | 134 kB | 12/215 kB Progress (3): 180 kB | 134 kB | 16/215 kB Progress (3): 180 kB | 134 kB | 20/215 kB Progress (3): 180 kB | 134 kB | 24/215 kB Progress (3): 180 kB | 134 kB | 28/215 kB Progress (3): 180 kB | 134 kB | 32/215 kB Progress (3): 180 kB | 134 kB | 36/215 kB Progress (3): 180 kB | 134 kB | 41/215 kB Progress (3): 180 kB | 134 kB | 45/215 kB Progress (3): 180 kB | 134 kB | 49/215 kB Progress (3): 180 kB | 134 kB | 53/215 kB Progress (3): 180 kB | 134 kB | 57/215 kB Progress (3): 180 kB | 134 kB | 61/215 kB Progress (3): 180 kB | 134 kB | 65/215 kB Progress (3): 180 kB | 134 kB | 69/215 kB Progress (3): 180 kB | 134 kB | 73/215 kB Progress (3): 180 kB | 134 kB | 77/215 kB Progress (3): 180 kB | 134 kB | 81/215 kB Progress (3): 180 kB | 134 kB | 86/215 kB Progress (3): 180 kB | 134 kB | 90/215 kB Progress (3): 180 kB | 134 kB | 94/215 kB Progress (3): 180 kB | 134 kB | 98/215 kB Progress (3): 180 kB | 134 kB | 102/215 kB Progress (3): 180 kB | 134 kB | 106/215 kB Progress (3): 180 kB | 134 kB | 110/215 kB Progress (3): 180 kB | 134 kB | 114/215 kB Progress (3): 180 kB | 134 kB | 118/215 kB Progress (3): 180 kB | 134 kB | 122/215 kB Progress (3): 180 kB | 134 kB | 127/215 kB Progress (3): 180 kB | 134 kB | 131/215 kB Progress (3): 180 kB | 134 kB | 135/215 kB Progress (3): 180 kB | 134 kB | 139/215 kB Progress (3): 180 kB | 134 kB | 143/215 kB Progress (3): 180 kB | 134 kB | 147/215 kB Progress (3): 180 kB | 134 kB | 151/215 kB Progress (3): 180 kB | 134 kB | 155/215 kB Progress (3): 180 kB | 134 kB | 159/215 kB Progress (3): 180 kB | 134 kB | 163/215 kB Progress (3): 180 kB | 134 kB | 167/215 kB Progress (3): 180 kB | 134 kB | 172/215 kB Progress (3): 180 kB | 134 kB | 176/215 kB Progress (3): 180 kB | 134 kB | 180/215 kB Progress (3): 180 kB | 134 kB | 184/215 kB Progress (3): 180 kB | 134 kB | 188/215 kB Progress (3): 180 kB | 134 kB | 192/215 kB Progress (3): 180 kB | 134 kB | 196/215 kB Progress (3): 180 kB | 134 kB | 200/215 kB Progress (3): 180 kB | 134 kB | 204/215 kB Progress (3): 180 kB | 134 kB | 208/215 kB Progress (3): 180 kB | 134 kB | 213/215 kB Progress (3): 180 kB | 134 kB | 215 kB Progress (4): 180 kB | 134 kB | 215 kB | 4.1/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 7.7/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 12/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 16/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 20/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 24/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 28/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 32/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 36/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 41/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 45/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 49/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 53/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 57/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 61/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 65/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 69/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 73/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 77/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 81/85 kB Progress (4): 180 kB | 134 kB | 215 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 511 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 603 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 372 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.3/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Progress (2): 85 kB | 0.4/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (1): 0.4/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (2): 1.1/2.6 MB | 4.1/4.6 kB Progress (2): 1.1/2.6 MB | 4.1/4.6 kB Progress (2): 1.1/2.6 MB | 4.6 kB Progress (2): 1.1/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.2/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.3/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.4/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 4.1/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 4.1/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 7.7/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 12/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 16/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 16/20 kB Progress (3): 1.9/2.6 MB | 4.6 kB | 20 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.0/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.1/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.2/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.3/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.4/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.5/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6/2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (4): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB Progress (5): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB | 4.1/5.9 kB Progress (5): 2.6 MB | 4.6 kB | 20 kB | 2.2 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.4 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Progress (2): 14 kB | 4.1/8.8 kB Progress (2): 14 kB | 7.7/8.8 kB Progress (2): 14 kB | 8.8 kB Progress (3): 14 kB | 8.8 kB | 4.1/500 kB Progress (3): 14 kB | 8.8 kB | 7.7/500 kB Progress (3): 14 kB | 8.8 kB | 12/500 kB Progress (3): 14 kB | 8.8 kB | 16/500 kB Progress (3): 14 kB | 8.8 kB | 20/500 kB Progress (3): 14 kB | 8.8 kB | 24/500 kB Progress (3): 14 kB | 8.8 kB | 28/500 kB Progress (3): 14 kB | 8.8 kB | 32/500 kB Progress (3): 14 kB | 8.8 kB | 36/500 kB Progress (3): 14 kB | 8.8 kB | 41/500 kB Progress (3): 14 kB | 8.8 kB | 45/500 kB Progress (3): 14 kB | 8.8 kB | 49/500 kB Progress (3): 14 kB | 8.8 kB | 53/500 kB Progress (3): 14 kB | 8.8 kB | 57/500 kB Progress (3): 14 kB | 8.8 kB | 61/500 kB Progress (3): 14 kB | 8.8 kB | 65/500 kB Progress (3): 14 kB | 8.8 kB | 69/500 kB Progress (3): 14 kB | 8.8 kB | 73/500 kB Progress (3): 14 kB | 8.8 kB | 77/500 kB Progress (3): 14 kB | 8.8 kB | 81/500 kB Progress (3): 14 kB | 8.8 kB | 86/500 kB Progress (3): 14 kB | 8.8 kB | 90/500 kB Progress (3): 14 kB | 8.8 kB | 94/500 kB Progress (3): 14 kB | 8.8 kB | 98/500 kB Progress (3): 14 kB | 8.8 kB | 102/500 kB Progress (3): 14 kB | 8.8 kB | 106/500 kB Progress (3): 14 kB | 8.8 kB | 110/500 kB Progress (3): 14 kB | 8.8 kB | 114/500 kB Progress (3): 14 kB | 8.8 kB | 118/500 kB Progress (3): 14 kB | 8.8 kB | 122/500 kB Progress (3): 14 kB | 8.8 kB | 127/500 kB Progress (3): 14 kB | 8.8 kB | 131/500 kB Progress (3): 14 kB | 8.8 kB | 135/500 kB Progress (3): 14 kB | 8.8 kB | 139/500 kB Progress (3): 14 kB | 8.8 kB | 143/500 kB Progress (3): 14 kB | 8.8 kB | 147/500 kB Progress (3): 14 kB | 8.8 kB | 151/500 kB Progress (3): 14 kB | 8.8 kB | 155/500 kB Progress (3): 14 kB | 8.8 kB | 159/500 kB Progress (3): 14 kB | 8.8 kB | 163/500 kB Progress (3): 14 kB | 8.8 kB | 167/500 kB Progress (3): 14 kB | 8.8 kB | 172/500 kB Progress (3): 14 kB | 8.8 kB | 176/500 kB Progress (3): 14 kB | 8.8 kB | 180/500 kB Progress (3): 14 kB | 8.8 kB | 184/500 kB Progress (3): 14 kB | 8.8 kB | 188/500 kB Progress (3): 14 kB | 8.8 kB | 192/500 kB Progress (3): 14 kB | 8.8 kB | 196/500 kB Progress (3): 14 kB | 8.8 kB | 200/500 kB Progress (3): 14 kB | 8.8 kB | 204/500 kB Progress (3): 14 kB | 8.8 kB | 208/500 kB Progress (3): 14 kB | 8.8 kB | 213/500 kB Progress (3): 14 kB | 8.8 kB | 217/500 kB Progress (3): 14 kB | 8.8 kB | 221/500 kB Progress (3): 14 kB | 8.8 kB | 225/500 kB Progress (3): 14 kB | 8.8 kB | 229/500 kB Progress (3): 14 kB | 8.8 kB | 233/500 kB Progress (3): 14 kB | 8.8 kB | 237/500 kB Progress (3): 14 kB | 8.8 kB | 241/500 kB Progress (3): 14 kB | 8.8 kB | 245/500 kB Progress (3): 14 kB | 8.8 kB | 249/500 kB Progress (3): 14 kB | 8.8 kB | 254/500 kB Progress (3): 14 kB | 8.8 kB | 258/500 kB Progress (3): 14 kB | 8.8 kB | 262/500 kB Progress (3): 14 kB | 8.8 kB | 266/500 kB Progress (3): 14 kB | 8.8 kB | 270/500 kB Progress (3): 14 kB | 8.8 kB | 274/500 kB Progress (3): 14 kB | 8.8 kB | 278/500 kB Progress (3): 14 kB | 8.8 kB | 282/500 kB Progress (3): 14 kB | 8.8 kB | 286/500 kB Progress (3): 14 kB | 8.8 kB | 290/500 kB Progress (3): 14 kB | 8.8 kB | 294/500 kB Progress (3): 14 kB | 8.8 kB | 299/500 kB Progress (3): 14 kB | 8.8 kB | 303/500 kB Progress (3): 14 kB | 8.8 kB | 307/500 kB Progress (3): 14 kB | 8.8 kB | 311/500 kB Progress (3): 14 kB | 8.8 kB | 315/500 kB Progress (3): 14 kB | 8.8 kB | 319/500 kB Progress (3): 14 kB | 8.8 kB | 323/500 kB Progress (3): 14 kB | 8.8 kB | 327/500 kB Progress (3): 14 kB | 8.8 kB | 331/500 kB Progress (3): 14 kB | 8.8 kB | 335/500 kB Progress (3): 14 kB | 8.8 kB | 340/500 kB Progress (3): 14 kB | 8.8 kB | 344/500 kB Progress (3): 14 kB | 8.8 kB | 348/500 kB Progress (3): 14 kB | 8.8 kB | 352/500 kB Progress (3): 14 kB | 8.8 kB | 356/500 kB Progress (3): 14 kB | 8.8 kB | 360/500 kB Progress (3): 14 kB | 8.8 kB | 364/500 kB Progress (3): 14 kB | 8.8 kB | 368/500 kB Progress (3): 14 kB | 8.8 kB | 372/500 kB Progress (3): 14 kB | 8.8 kB | 376/500 kB Progress (3): 14 kB | 8.8 kB | 380/500 kB Progress (3): 14 kB | 8.8 kB | 385/500 kB Progress (3): 14 kB | 8.8 kB | 389/500 kB Progress (3): 14 kB | 8.8 kB | 393/500 kB Progress (3): 14 kB | 8.8 kB | 397/500 kB Progress (3): 14 kB | 8.8 kB | 401/500 kB Progress (3): 14 kB | 8.8 kB | 405/500 kB Progress (3): 14 kB | 8.8 kB | 409/500 kB Progress (3): 14 kB | 8.8 kB | 413/500 kB Progress (3): 14 kB | 8.8 kB | 417/500 kB Progress (3): 14 kB | 8.8 kB | 421/500 kB Progress (3): 14 kB | 8.8 kB | 426/500 kB Progress (3): 14 kB | 8.8 kB | 430/500 kB Progress (3): 14 kB | 8.8 kB | 434/500 kB Progress (3): 14 kB | 8.8 kB | 438/500 kB Progress (3): 14 kB | 8.8 kB | 442/500 kB Progress (3): 14 kB | 8.8 kB | 446/500 kB Progress (3): 14 kB | 8.8 kB | 450/500 kB Progress (3): 14 kB | 8.8 kB | 454/500 kB Progress (3): 14 kB | 8.8 kB | 458/500 kB Progress (3): 14 kB | 8.8 kB | 462/500 kB Progress (3): 14 kB | 8.8 kB | 466/500 kB Progress (3): 14 kB | 8.8 kB | 471/500 kB Progress (3): 14 kB | 8.8 kB | 475/500 kB Progress (3): 14 kB | 8.8 kB | 479/500 kB Progress (3): 14 kB | 8.8 kB | 483/500 kB Progress (3): 14 kB | 8.8 kB | 487/500 kB Progress (3): 14 kB | 8.8 kB | 491/500 kB Progress (3): 14 kB | 8.8 kB | 495/500 kB Progress (3): 14 kB | 8.8 kB | 499/500 kB Progress (3): 14 kB | 8.8 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 32 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 19.016 s [INFO] Finished at: 2026-02-10T22:16:15Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="2141ba55580678246c722e07819f9c5ce33e3df7" "org.opencontainers.image.revision"="2141ba55580678246c722e07819f9c5ce33e3df7" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/konflux-test-integration" "quay.expires-after"="6h" "build-date"="2026-02-10T22:15:45Z" "org.opencontainers.image.created"="2026-02-10T22:15:45Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 --> dcb8d10316f9 Successfully tagged quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 [2026-02-10T22:16:17,102735406+00:00] Unsetting proxy [2026-02-10T22:16:17,103977225+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination [2026-02-10T22:16:19,085601780+00:00] End build pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-push: [2026-02-10T22:16:19,179055097+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:16:21,144718486+00:00] Convert image [2026-02-10T22:16:21,145782733+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-lhdm7-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:test-component-pac-xmjyvu-on-pull-request-lhdm7-build-container Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination [2026-02-10T22:16:24,613572757+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Getting image source signatures Copying blob sha256:18f7cbf6f09ad9fb30839edad311ddb6a8208c2142c7ad531e88900fc85f130f Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:dcb8d10316f9eed5442ff723f74601a9b407f60600c87327c97b2ace3e7c44b1 Writing manifest to image destination sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 [2026-02-10T22:16:25,359642666+00:00] End push pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-sbom-syft-generate: [2026-02-10T22:16:26,274642973+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:16:34,205149949+00:00] End sbom-syft-generate pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-prepare-sboms: [2026-02-10T22:16:34,390305072+00:00] Prepare SBOM [2026-02-10T22:16:34,394075630+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:16:35,468 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:16:35,597 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:16:36,612 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:16:36,612 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:16:36,612 [INFO] mobster.log: Contextual workflow completed in 1.03s 2026-02-10 22:16:36,643 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:16:36,705479657+00:00] End prepare-sboms pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-upload-sbom: [2026-02-10T22:16:37,495359009+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4b55d463f596c2f083818f9d952039d011772597791b894e89d7a778ff5bdc53 [2026-02-10T22:16:39,691613278+00:00] End upload-sbom pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: prepare 2026/02/10 22:16:55 Entrypoint initialization pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: place-scripts 2026/02/10 22:16:56 Decoded script /tekton/scripts/script-0-drckg pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-o43d3627d97962de310e32a1a14912516-pod | container step-push: [2026-02-10T22:17:01,594207274+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.pGR4GbRBE5 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:sha256-4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429.dockerfile Dockerfile pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | init container: prepare 2026/02/10 22:16:53 Entrypoint initialization pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | init container: place-scripts 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-0-pw7fb 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-1-rdzkl 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-2-pg9k2 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-3-fr69w 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-4-rj4xf 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-5-7pzqw pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Auth json written to "/auth/auth.json". pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-set-skip-for-bundles: 2026/02/10 22:16:58 INFO Step was skipped due to when expressions were evaluated to false. pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-app-check: time="2026-02-10T22:16:58Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:16:58Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 for platform amd64" time="2026-02-10T22:16:58Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7" time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:17:06Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:17:06Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:17:06Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:17:16Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:17:18Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:17:18Z" level=info msg="This image's tag on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 will be paired with digest sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 37, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 9573, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 2064, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:17:18Z" level=info msg="Preflight result: FAILED" pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761839","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 pod: test-component-pac-xmjyvu-o8ca8e5594caea81365bb21b3980349ef-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761839","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: prepare 2026/02/10 22:16:55 Entrypoint initialization pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: place-scripts 2026/02/10 22:16:55 Decoded script /tekton/scripts/script-0-56dbt 2026/02/10 22:16:55 Decoded script /tekton/scripts/script-1-hg52h pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | init container: working-dir-initializer pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: test-component-pac-xmjyvu INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:17:00+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-oa9c3cff3a29e2fe273cc616601ec8d28-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-apply-tags-pod | init container: prepare 2026/02/10 22:16:51 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:16:54Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7" time="2026-02-10T22:16:54Z" level=info msg="[param] Image digest: sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429" time="2026-02-10T22:16:54Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:16:55Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | init container: prepare 2026/02/10 22:16:51 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | init container: place-scripts 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-0-mlmp2 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-1-h8wnn 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-2-qm6bz 2026/02/10 22:16:52 Decoded script /tekton/scripts/script-3-wr7zq pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429. pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:16:59Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:16:59Z INF libvuln initialized component=libvuln/New 2026-02-10T22:17:00Z INF registered configured scanners component=libindex/New 2026-02-10T22:17:00Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:17:00Z INF index request start component=libindex/Libindex.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 2026-02-10T22:17:00Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 2026-02-10T22:17:00Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=CheckManifest 2026-02-10T22:17:00Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=FetchLayers 2026-02-10T22:17:03Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=ScanLayers 2026-02-10T22:17:03Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:17:03Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:17:04Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=ScanLayers 2026-02-10T22:17:04Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexManifest 2026-02-10T22:17:04Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexFinished 2026-02-10T22:17:04Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 state=IndexFinished 2026-02-10T22:17:04Z INF index request done component=libindex/Libindex.Index manifest=sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 { "manifest_hash": "sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "51af321a-0ba2-4beb-9d64-a7d4d7c03e20": { "id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "54ceb315-8a23-4a20-b623-82adfc643122": { "id": "54ceb315-8a23-4a20-b623-82adfc643122", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "70ca0848-dac1-49ab-8483-f40fd777b20a": { "id": "70ca0848-dac1-49ab-8483-f40fd777b20a", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "8b86475b-6dca-4c33-959a-ee49ff6dbc37": { "id": "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "920bf0f0-2093-4884-a0ac-fbbc07b53ef2": { "id": "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0": { "id": "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "ae69c572-c8a6-4945-98c9-3e4175f71185": { "id": "ae69c572-c8a6-4945-98c9-3e4175f71185", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "8b86475b-6dca-4c33-959a-ee49ff6dbc37" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "8b86475b-6dca-4c33-959a-ee49ff6dbc37", "8b86475b-6dca-4c33-959a-ee49ff6dbc37" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8c0e6032964a572957d38535d96791f9a581fb2d38aadb033000954419bf8cdd", "distribution_id": "", "repository_ids": [ "a8b34371-2c6c-4f0f-8552-e0667fe2e6e0" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "ae69c572-c8a6-4945-98c9-3e4175f71185", "54ceb315-8a23-4a20-b623-82adfc643122" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "51af321a-0ba2-4beb-9d64-a7d4d7c03e20", "repository_ids": [ "920bf0f0-2093-4884-a0ac-fbbc07b53ef2", "70ca0848-dac1-49ab-8483-f40fd777b20a" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: file-libs-5.33-27.el8_10 (CVE-2019-8905), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), expat-2.5.0-1.el8_10 (CVE-2024-28757), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), tar-2:1.30-11.el8_10 (CVE-2025-45582), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: file-libs-5.33-27.el8_10 (CVE-2019-8906), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), pcre2-10.32-3.el8_6 (CVE-2022-41409), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libzstd-1.4.4-1.el8 (CVE-2021-24032), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), gawk-4.2.1-4.el8 (CVE-2023-4156), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "digests": ["sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:17:18+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | init container: prepare 2026/02/10 22:16:53 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | init container: place-scripts 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-0-7k7xw 2026/02/10 22:16:53 Decoded script /tekton/scripts/script-1-b8zsv pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 17.386 sec (0 m 17 s) Start Date: 2026:02:10 22:17:09 End Date: 2026:02:10 22:17:27 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761847","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7", "digests": ["sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429"]}} pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu Attaching to quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 9b40afe0e330 clamscan-ec-test-amd64.json Uploading 5cf55a933afa clamscan-result-amd64.log Uploaded 5cf55a933afa clamscan-result-amd64.log Uploaded 9b40afe0e330 clamscan-ec-test-amd64.json Uploading f1649e25c1f7 application/vnd.oci.image.manifest.v1+json Uploaded f1649e25c1f7 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/integration1-edjj/test-component-pac-xmjyvu:on-pr-2141ba55580678246c722e07819f9c5ce33e3df7@sha256:4d5c04ffc563feea2aceb86c7048e0d8d37827fff5ed089369dd5aba4dadd429 Digest: sha256:f1649e25c1f77041af6a9768dfd17b22970ddf7c9f782e8ce84e7167c0f913e8 pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | init container: prepare 2026/02/10 22:15:11 Entrypoint initialization pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | init container: place-scripts 2026/02/10 22:15:12 Decoded script /tekton/scripts/script-0-9bw6z pod: test-component-pac-xmjyvu-on-pull-request-lhdm7-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to { s: "\n pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: prepare\n2026/02/10 22:15:37 Entrypoint initialization\n\n pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: place-scripts\n2026/02/10 22:15:37 Decoded script /tekton/scripts/script-0-vrjmc\n2026/02/10 22:15:37 Decoded script /tekton/scripts/script-1-w2sd4\n2026/02/10 22:15:37 Decoded script /tekton/scripts/script-2-st4xk\n2026/02/10 22:15:38 Decoded script /tekton/scripts/script-3-jm85g\n2026/02/10 22:15:38 Decoded script /tekton/scripts/script-4-4kfjh\n\n pod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | init container: working-dir-initializer\n\npod: test-component-pac-xmjyvu-o220518c5d844aef2c581cccd77240e1a-pod | container step-build: \n[2026-02-10T22:15:43,035280439+00:00] Validate context path\n[2026-02-10T22:15:43,038521154+00:00] Update CA trust\n[2026-02-10T22:15:43,039580881+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'\n[2026-02-10T22:15:45,029013488+00:00] Prepare Dockerfile\nChecking if /var/workdir/cachi2/output/bom.json exists.\nCould not find prefetched sbom. No content_sets found for ICM\n[2026-02-10T22:15:45,034850368+00:00] Prepare system (architecture: x86_64)\n[2026-02-10T22:15:45,148508316+00:00] Setup prefetched\nTrying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23...\nGetting image source signatures\nChecking if image destination supports signatures\nCopying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3\nCopying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f\nCopying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61\nWriting manifest to image destination\nStoring signatures\n[2026-02-10T22:15:50,032033335+00:00] Unsetting proxy\n{\n \"architecture\": \"x86_64\",\n \"build-date\": \"2026-02-10T22:15:45Z\",\n \"com.redhat.component\": \"openjdk-17-runtime-ubi8-container\",\n \"com.redhat.license_terms\": \"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\",\n \"cpe\": \"cpe:/a:redhat:enterprise_linux:8::appstream\",\n \"description\": \"Image for Red Hat OpenShift providing OpenJDK 17 runtime\",\n \"distribution-scope\": \"public\",\n \"io.buildah.version\": \"1.42.2\",\n \"io.cekit.version\": \"4.13.0.dev0\",\n \"io.k8s.description\": \"Platform for running plain Java applications (fat-jar and flat classpath)\",\n \"io.k8s.display-name\": \"Java Applications\",\n \"io.openshift.expose-services\": \"\",\n \"io.openshift.tags\": \"java\",\n \"maintainer\": \"Red Hat OpenJDK \",\n \"name\": \"ubi8/openjdk-17-runtime\",\n \"org.jboss.product\": \"openjdk\",\n \"org.jboss.product.openjdk.version\": \"17\",\n \"org.jboss.product.version\": \"17\",\n \"org.opencontainers.image.created\": \"2026-02-10T22:15:45Z\",\n \"org.opencontainers.image.documentation\": \"https://rh-openjdk.github.io/redhat-openjdk-containers/\",\n \"org.opencontainers.image.revision\": \"2141ba55580678246c722e07819f9c5ce33e3df7\",\n \"release\": \"4.1770204586\",\n \"summary\": \"Image for Red Hat OpenShift providing OpenJDK 17 runtime\",\n \"url\": \"https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586\",\n \"usage\": \"https://rh-openjdk.github.io/redhat-openjdk-containers/\",\n \"vcs-ref\": \"2141ba55580678246c722e07819f9c5ce33e3df7\",\n \"vcs-type\": \"git\",\n \"vendor\": \"Red Hat, Inc.\",\n \"version\": \"1.23\",\n \"org.opencontainers.image.source\": \"https://github.com/redhat-appstudio-qe/konflux-test-integration\",\n \"quay.expires-after\": \"6h\"\n}\n[2026-02-10T22:15:50,082129668+00:00] Register sub-man\nAdding the entitlement to the build\n[2026-02-10T22:15:50,085428796+00:00] Add secrets\n[2026-02-10T22:15:50,093773913+00:00]... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.EaIZ2fdreL/tests/integration-service/integration.go:104 @ 02/10/26 22:17:34.606 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ • [FAILED] [965.979 seconds] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] with status reporting of Integration tests in CheckRuns when we start creation of a new Component A [It] should lead to build PipelineRunA finishing successfully [integration-service, group-snapshot-creation] /tmp/tmp.EaIZ2fdreL/tests/integration-service/group-snapshots-tests.go:159 Timeline >> PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: ResolvingTaskRef PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: ResolvingTaskRef PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: ResolvingTaskRef PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Running PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-x8gnn reason: Failed attempt 1/3: PipelineRun "go-component-urfrln-on-pull-request-x8gnn" failed: pod: go-component-urfrln-on-pull-request-x8gnn-apply-tags-pod | init container: prepare 2026/02/10 22:08:23 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:08:26Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74" time="2026-02-10T22:08:26Z" level=info msg="[param] Image digest: sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce" time="2026-02-10T22:08:26Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:08:27Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | init container: prepare 2026/02/10 22:05:19 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | init container: place-scripts 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-0-gdjvn 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-1-fs6vz 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-2-lp276 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-3-b4p8h 2026/02/10 22:05:20 Decoded script /tekton/scripts/script-4-p8jzk pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | container step-build: [2026-02-10T22:06:03,151967435+00:00] Validate context path [2026-02-10T22:06:03,155208674+00:00] Update CA trust [2026-02-10T22:06:03,156331211+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:06:05,159029130+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:06:05,164688659+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:06:32,780163304+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-02-10T22:06:51,156177797+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:06:32Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "a03a1c1eabfec99b1d3049cb22a32eb530ef1a74", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "a03a1c1eabfec99b1d3049cb22a32eb530ef1a74", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-02-10T22:06:32Z" } [2026-02-10T22:06:51,203675160+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:06:51,207111654+00:00] Add secrets [2026-02-10T22:06:51,214422446+00:00] Run buildah build [2026-02-10T22:06:51,215513762+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 --label org.opencontainers.image.revision=a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-02-10T22:06:32Z --label org.opencontainers.image.created=2026-02-10T22:06:32Z --annotation org.opencontainers.image.revision=a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-02-10T22:06:32Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.tqfMwp -t quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="a03a1c1eabfec99b1d3049cb22a32eb530ef1a74" "org.opencontainers.image.revision"="a03a1c1eabfec99b1d3049cb22a32eb530ef1a74" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-02-10T22:06:32Z" "org.opencontainers.image.created"="2026-02-10T22:06:32Z" COMMIT quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 --> 11cbbe533701 Successfully tagged quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 11cbbe533701cd31e2d328f55b60e1c743b777231621c7f4801d851870931e90 [2026-02-10T22:07:01,280062896+00:00] Unsetting proxy [2026-02-10T22:07:01,281359869+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:e29264c87ad287d5d4410a2dfb08203ec90dd44b7dcce2140d37ae2eb4c1b3c1 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:11cbbe533701cd31e2d328f55b60e1c743b777231621c7f4801d851870931e90 Writing manifest to image destination [2026-02-10T22:07:07,195219329+00:00] End build pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | container step-push: [2026-02-10T22:07:07,281533818+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:07:09,274279369+00:00] Convert image [2026-02-10T22:07:09,275382122+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-x8gnn-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-x8gnn-build-container Getting image source signatures Copying blob sha256:e29264c87ad287d5d4410a2dfb08203ec90dd44b7dcce2140d37ae2eb4c1b3c1 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying config sha256:11cbbe533701cd31e2d328f55b60e1c743b777231621c7f4801d851870931e90 Writing manifest to image destination [2026-02-10T22:07:22,817113325+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Getting image source signatures Copying blob sha256:e29264c87ad287d5d4410a2dfb08203ec90dd44b7dcce2140d37ae2eb4c1b3c1 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying config sha256:11cbbe533701cd31e2d328f55b60e1c743b777231621c7f4801d851870931e90 Writing manifest to image destination sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28cequay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 [2026-02-10T22:07:23,557685933+00:00] End push pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:07:24,386622622+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:07:46,623181132+00:00] End sbom-syft-generate pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | container step-prepare-sboms: [2026-02-10T22:07:46,758847839+00:00] Prepare SBOM [2026-02-10T22:07:46,762971660+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:07:47,935 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:07:48,391 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-02-10 22:07:49,550 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:07:49,550 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:07:49,552 [INFO] mobster.log: Contextual workflow completed in 1.28s 2026-02-10 22:07:49,689 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:07:49,768535586+00:00] End prepare-sboms pod: go-component-urfrln-on-pull-request-x8gnn-build-container-pod | container step-upload-sbom: [2026-02-10T22:07:50,360700049+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:4fad4381e38f066555b4df09701255ea2e64da19c773ef52579b87a603b00d5c [2026-02-10T22:07:52,803503496+00:00] End upload-sbom pod: go-component-urfrln-on-pull-request-x8gnn-build-image-index-pod | init container: prepare 2026/02/10 22:07:54 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-build-image-index-pod | init container: place-scripts 2026/02/10 22:07:55 Decoded script /tekton/scripts/script-0-pnllt 2026/02/10 22:07:55 Decoded script /tekton/scripts/script-1-l9gll 2026/02/10 22:07:55 Decoded script /tekton/scripts/script-2-54fm8 pod: go-component-urfrln-on-pull-request-x8gnn-build-image-index-pod | container step-build: [2026-02-10T22:07:59,555613972+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' a97207e5d0baf8550221abd88763d7371fd4c8ef39de4b4ae8e6569b39011420 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce. pod: go-component-urfrln-on-pull-request-x8gnn-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-urfrln-on-pull-request-x8gnn-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:08:01,879172044+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | init container: prepare 2026/02/10 22:08:07 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | init container: place-scripts 2026/02/10 22:08:53 Decoded script /tekton/scripts/script-0-5p64l 2026/02/10 22:08:53 Decoded script /tekton/scripts/script-1-d52vv 2026/02/10 22:08:53 Decoded script /tekton/scripts/script-2-xddxq 2026/02/10 22:08:53 Decoded script /tekton/scripts/script-3-xm25l pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce. pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:11:28Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"}] 2026-02-10T22:11:28Z INF libvuln initialized component=libvuln/New 2026-02-10T22:11:29Z INF registered configured scanners component=libindex/New 2026-02-10T22:11:29Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:11:29Z INF index request start component=libindex/Libindex.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce 2026-02-10T22:11:29Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce 2026-02-10T22:11:29Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=CheckManifest 2026-02-10T22:11:29Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=FetchLayers 2026-02-10T22:11:39Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=FetchLayers 2026-02-10T22:11:39Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=FetchLayers 2026-02-10T22:11:39Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=ScanLayers 2026-02-10T22:11:39Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991 manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce path=root/buildinfo/Dockerfile-ubi9-9.1.0-1782 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:39Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975 manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce path=root/buildinfo/Dockerfile-ubi9-s2i-core-1-394 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:39Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581 manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce path=root/buildinfo/Dockerfile-ubi9-s2i-base-1-421 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:39Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670 manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce path=root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:42Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=ScanLayers 2026-02-10T22:11:42Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=IndexManifest 2026-02-10T22:11:42Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=IndexFinished 2026-02-10T22:11:42Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce state=IndexFinished 2026-02-10T22:11:42Z INF index request done component=libindex/Libindex.Index manifest=sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce { "manifest_hash": "sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce", "packages": { "++K+RsmgWfVk2mj1+hzWKA==": { "id": "++K+RsmgWfVk2mj1+hzWKA==", "name": "zlib-devel", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+8O7w8gnK983LoZMdgIWhQ==": { "id": "+8O7w8gnK983LoZMdgIWhQ==", "name": "kernel-headers", "version": "5.14.0-162.18.1.el9_1", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-162.18.1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+LQ46YAn9giMKDZRMCUpfg==": { "id": "+LQ46YAn9giMKDZRMCUpfg==", "name": "perl-lib", "version": "0.65-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Mkqc/Y23wK8i6e0RDbi0w==": { "id": "+Mkqc/Y23wK8i6e0RDbi0w==", "name": "libstdc++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+jCn1wujuDa5B1uNvCdVnw==": { "id": "+jCn1wujuDa5B1uNvCdVnw==", "name": "device-mapper-libs", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/FMjm+UzO0PTaS3Td0lhkw==": { "id": "/FMjm+UzO0PTaS3Td0lhkw==", "name": "pkgconf-pkg-config", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/dbWc/LExxt1O7duWFf9og==": { "id": "/dbWc/LExxt1O7duWFf9og==", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/t0e+LuglIbDcO/k67Hr2A==": { "id": "/t0e+LuglIbDcO/k67Hr2A==", "name": "elfutils-libs", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/th8aUKrkgR3Sw9KSBM+CA==": { "id": "/th8aUKrkgR3Sw9KSBM+CA==", "name": "python3-subscription-manager-rhsm", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0N0D43vK8KV4kQOq2LQn7g==": { "id": "0N0D43vK8KV4kQOq2LQn7g==", "name": "glibc-locale-source", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0QIby1L00NbGeIw8oxRQWQ==": { "id": "0QIby1L00NbGeIw8oxRQWQ==", "name": "zip", "version": "3.0-33.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-33.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0wIoN0pFyBSc9eVtRdIOWA==": { "id": "0wIoN0pFyBSc9eVtRdIOWA==", "name": "python3", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13i0QoQ6Q4yBI5RUf20lXA==": { "id": "13i0QoQ6Q4yBI5RUf20lXA==", "name": "libwebp-devel", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1GZ5tdSeZY3Wi3x9/AVQ2Q==": { "id": "1GZ5tdSeZY3Wi3x9/AVQ2Q==", "name": "binutils-gold", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2REYKadw7TKFiuC+OnoHmA==": { "id": "2REYKadw7TKFiuC+OnoHmA==", "name": "rpm-build-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3688bXyK/nwHthXLLVH24g==": { "id": "3688bXyK/nwHthXLLVH24g==", "name": "perl-overloading", "version": "0.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3DTA/XNFCCDFf6sfX96bGg==": { "id": "3DTA/XNFCCDFf6sfX96bGg==", "name": "perl-Errno", "version": "1.30-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3RQKCmep11B4hkfn96QJTA==": { "id": "3RQKCmep11B4hkfn96QJTA==", "name": "shadow-utils", "version": "2:4.9-5.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3iIPR0bjuCPQ2+48pSdeHg==": { "id": "3iIPR0bjuCPQ2+48pSdeHg==", "name": "perl-IO", "version": "1.43-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Aph2Qer6+KdCecFsU0TXg==": { "id": "4Aph2Qer6+KdCecFsU0TXg==", "name": "systemd-rpm-macros", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4DM2GB9KLL7/xWypPdz7vA==": { "id": "4DM2GB9KLL7/xWypPdz7vA==", "name": "git-core-doc", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ImdKzJ7uZoaviIayzuoUg==": { "id": "4ImdKzJ7uZoaviIayzuoUg==", "name": "nodejs-full-i18n", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NZNFErDrBiBoorV+igTjg==": { "id": "5NZNFErDrBiBoorV+igTjg==", "name": "libtiff-devel", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5uy1J7qi/MafOdYJgaQeGw==": { "id": "5uy1J7qi/MafOdYJgaQeGw==", "name": "virt-what", "version": "1.25-1.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "68hxwX7t9VVTsdLs/0iJBA==": { "id": "68hxwX7t9VVTsdLs/0iJBA==", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "695zXUDPsaaAbh1PGloHag==": { "id": "695zXUDPsaaAbh1PGloHag==", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6VAQWTpZhN9PW7YCmVhxsw==": { "id": "6VAQWTpZhN9PW7YCmVhxsw==", "name": "glibc-headers", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6f28+Af9kIn0OSp9f9j14Q==": { "id": "6f28+Af9kIn0OSp9f9j14Q==", "name": "ubi9/s2i-base", "version": "1-421", "kind": "binary", "source": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7JHS+mBQfJeJoy73lvm4lw==": { "id": "7JHS+mBQfJeJoy73lvm4lw==", "name": "npm", "version": "1:8.19.2-1.16.18.1.3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7Lf3UXydabzw8g7HGZER+w==": { "id": "7Lf3UXydabzw8g7HGZER+w==", "name": "ubi9/s2i-core", "version": "1-394", "kind": "binary", "source": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "84WodsWNE9m9GIrBiKl02g==": { "id": "84WodsWNE9m9GIrBiKl02g==", "name": "python3-cloud-what", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Gh2hioTt5BFisg9eNKeEg==": { "id": "8Gh2hioTt5BFisg9eNKeEg==", "name": "python3-librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8I3zEJ4sFSgk47ZaRLgtDQ==": { "id": "8I3zEJ4sFSgk47ZaRLgtDQ==", "name": "annobin", "version": "10.73-3.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "10.73-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Ky53YwzOPM2pkEIVuuuBg==": { "id": "8Ky53YwzOPM2pkEIVuuuBg==", "name": "glibc-gconv-extra", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8tmJEWGia0UWhhPJb3EyAw==": { "id": "8tmJEWGia0UWhhPJb3EyAw==", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9AmKs/wDQFsVMVHWnqbu+g==": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "9Fy0bRr3ZMu3q8UNrhlOSQ==": { "id": "9Fy0bRr3ZMu3q8UNrhlOSQ==", "name": "man-db", "version": "2.9.3-6.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9WzsXAqqRoLidXM4HaB8/w==": { "id": "9WzsXAqqRoLidXM4HaB8/w==", "name": "delve", "version": "1.8.3-1.el9", "kind": "binary", "source": { "id": "", "name": "delve", "version": "1.8.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9hWn3VgLVkzmMJln7S0UCQ==": { "id": "9hWn3VgLVkzmMJln7S0UCQ==", "name": "libcurl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9sAM/NqMLlsG3N88/yD1Vg==": { "id": "9sAM/NqMLlsG3N88/yD1Vg==", "name": "python3-libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ARxZCHzD7KB2Pu4aHl7POw==": { "id": "ARxZCHzD7KB2Pu4aHl7POw==", "name": "python3-libs", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AZwLZmqkel2BzSMgQsIVGQ==": { "id": "AZwLZmqkel2BzSMgQsIVGQ==", "name": "libselinux", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AdRs6lk9yzTM3HvjeEThKA==": { "id": "AdRs6lk9yzTM3HvjeEThKA==", "name": "systemd", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AxTxyAHzdLVnUL9t8+ZYmg==": { "id": "AxTxyAHzdLVnUL9t8+ZYmg==", "name": "curl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BX+oelClu2v6UOl6tluOEQ==": { "id": "BX+oelClu2v6UOl6tluOEQ==", "name": "crypto-policies-scripts", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C3QbGupU53FFTX0pkfNLrA==": { "id": "C3QbGupU53FFTX0pkfNLrA==", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CjFzfz4zBZj7fcwIrVHCRA==": { "id": "CjFzfz4zBZj7fcwIrVHCRA==", "name": "perl-IPC-Open3", "version": "1.21-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CpC5etTxiNuDvBGQesJNDg==": { "id": "CpC5etTxiNuDvBGQesJNDg==", "name": "libmount", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ct/46Ed7Asmqt98kLc0FLw==": { "id": "Ct/46Ed7Asmqt98kLc0FLw==", "name": "perl-Symbol", "version": "1.08-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/XNnExpupd1bO9ZIJIE9w==": { "id": "D/XNnExpupd1bO9ZIJIE9w==", "name": "perl-AutoLoader", "version": "5.74-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D0GGDit/UxegO+/A5R03SA==": { "id": "D0GGDit/UxegO+/A5R03SA==", "name": "elfutils-default-yama-scope", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DGqCqs+yrHvXs9qsPgn58g==": { "id": "DGqCqs+yrHvXs9qsPgn58g==", "name": "github.com/devfile-samples/devfile-sample-go-basic", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E2+Fh4utKcr7Wyiwzh2bYw==": { "id": "E2+Fh4utKcr7Wyiwzh2bYw==", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7ikPxWehuEw+6yIZODYlQ==": { "id": "E7ikPxWehuEw+6yIZODYlQ==", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EgjLGZKjPtqIaFVLlFAAPg==": { "id": "EgjLGZKjPtqIaFVLlFAAPg==", "name": "openssh-clients", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EuqqL3yIFMd5VRAfuufJgg==": { "id": "EuqqL3yIFMd5VRAfuufJgg==", "name": "glibc-common", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GVmxmNcJqT3ovg+RwjJg1A==": { "id": "GVmxmNcJqT3ovg+RwjJg1A==", "name": "nodejs-docs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GXm2fCeoaq1FqYmMTmMmhQ==": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "H+zLNGeS4JMpmfP42mEhnA==": { "id": "H+zLNGeS4JMpmfP42mEhnA==", "name": "scl-utils", "version": "1:2.0.3-2.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IN2DA8X4LYRmUb07gLqapg==": { "id": "IN2DA8X4LYRmUb07gLqapg==", "name": "dnf-data", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J0HrVYoM3raELvTfJ82QMA==": { "id": "J0HrVYoM3raELvTfJ82QMA==", "name": "perl-vars", "version": "1.05-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JHQdC8JdSGipvO0sCig0cQ==": { "id": "JHQdC8JdSGipvO0sCig0cQ==", "name": "systemd-pam", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JrBk+FMgyv4RrG6esVBCIQ==": { "id": "JrBk+FMgyv4RrG6esVBCIQ==", "name": "cryptsetup-libs", "version": "2.4.3-5.el9_1.1", "kind": "binary", "source": { "id": "", "name": "cryptsetup", "version": "2.4.3-5.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Jt5/Qd9oxegZwQjsNbUyYA==": { "id": "Jt5/Qd9oxegZwQjsNbUyYA==", "name": "emacs-filesystem", "version": "1:27.2-6.el9", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L4diUjusARli24fy/u9lAw==": { "id": "L4diUjusARli24fy/u9lAw==", "name": "perl-NDBM_File", "version": "1.15-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LD9yEwGtdZJl2S96EO58PQ==": { "id": "LD9yEwGtdZJl2S96EO58PQ==", "name": "file-libs", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LR+S3JloJQ5YEViBpmcLkA==": { "id": "LR+S3JloJQ5YEViBpmcLkA==", "name": "pam", "version": "1.5.1-12.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lm5zHfIH4SjtxMBhECD0OQ==": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MJmw8vClC4VAn/J4MfhK2Q==": { "id": "MJmw8vClC4VAn/J4MfhK2Q==", "name": "python3-setuptools-wheel", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N4dB55YYjGYeXRj+vLBatg==": { "id": "N4dB55YYjGYeXRj+vLBatg==", "name": "perl-Class-Struct", "version": "0.66-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O2SZ5NZewmkamADtmBGMpw==": { "id": "O2SZ5NZewmkamADtmBGMpw==", "name": "setup", "version": "2.13.7-7.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OLwWa8SuQNJHUBFuTxkKKA==": { "id": "OLwWa8SuQNJHUBFuTxkKKA==", "name": "cyrus-sasl-lib", "version": "2.1.27-20.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PHkBez1UE90U9LJepncOKQ==": { "id": "PHkBez1UE90U9LJepncOKQ==", "name": "perl-mro", "version": "1.23-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q+exKQZH61PI/8YfpN472w==": { "id": "Q+exKQZH61PI/8YfpN472w==", "name": "glibc-devel", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QCZyKHG3XZk9MlIs9ZFBuA==": { "id": "QCZyKHG3XZk9MlIs9ZFBuA==", "name": "llvm-libs", "version": "14.0.6-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "14.0.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QcnepR4WKBdAhWdMUPrAWA==": { "id": "QcnepR4WKBdAhWdMUPrAWA==", "name": "python3-hawkey", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R7K6A/Ve75xrYpD+6H0Z8w==": { "id": "R7K6A/Ve75xrYpD+6H0Z8w==", "name": "file", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RRIjgvJwJW9jZT+h6lhzrQ==": { "id": "RRIjgvJwJW9jZT+h6lhzrQ==", "name": "nodejs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RhNJQyxUHoA1z70UtgAC4Q==": { "id": "RhNJQyxUHoA1z70UtgAC4Q==", "name": "perl-File-stat", "version": "1.09-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RjsHhFfoWvmQBIu8lxYZjw==": { "id": "RjsHhFfoWvmQBIu8lxYZjw==", "name": "perl-SelectSaver", "version": "1.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Rx4ZYvIz7JT5wbghBsjOTA==": { "id": "Rx4ZYvIz7JT5wbghBsjOTA==", "name": "libsemanage", "version": "3.4-2.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SRyGVMCI95+oD0l3+3YStw==": { "id": "SRyGVMCI95+oD0l3+3YStw==", "name": "dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSnnOPGZCl33DlmR57wC7w==": { "id": "SSnnOPGZCl33DlmR57wC7w==", "name": "python3-dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SV9uo4F9Li9vAHBKYcAlZA==": { "id": "SV9uo4F9Li9vAHBKYcAlZA==", "name": "binutils", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TANtf1h6RhI5yVQQhHFTbg==": { "id": "TANtf1h6RhI5yVQQhHFTbg==", "name": "libstdc++-devel", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "THoW7icQ9Ts4hZAkh5A/WQ==": { "id": "THoW7icQ9Ts4hZAkh5A/WQ==", "name": "perl-if", "version": "0.60.800-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uui1iXuECCOB7NgLQMsJpg==": { "id": "Uui1iXuECCOB7NgLQMsJpg==", "name": "glibc-langpack-en", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UyCrdfN88WUEEECLCIw93w==": { "id": "UyCrdfN88WUEEECLCIw93w==", "name": "keyutils-libs", "version": "1.6.1-4.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VFldiAD+rTFuce+kutFUuA==": { "id": "VFldiAD+rTFuce+kutFUuA==", "name": "openssl", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKbklzwNVEem7m1iQRERDg==": { "id": "VKbklzwNVEem7m1iQRERDg==", "name": "stdlib", "version": "1.18.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.1.0.0.0.0.0.0", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W+js148eF9SSUbrTSIRvOQ==": { "id": "W+js148eF9SSUbrTSIRvOQ==", "name": "libcurl-devel", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WCNTEGU4JEqQUNwdkKkP0Q==": { "id": "WCNTEGU4JEqQUNwdkKkP0Q==", "name": "perl-interpreter", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WIBkwuKReD+vnev0WY88mA==": { "id": "WIBkwuKReD+vnev0WY88mA==", "name": "go-srpm-macros", "version": "3.0.9-9.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.0.9-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WXfnWfq5UvDl4B0hS+0enw==": { "id": "WXfnWfq5UvDl4B0hS+0enw==", "name": "elfutils-debuginfod-client", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WgTBt6b85L1bF7WXV5bQRA==": { "id": "WgTBt6b85L1bF7WXV5bQRA==", "name": "perl-File-Compare", "version": "1.100.600-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WuHt6bav9qTQn9+qCLLu3w==": { "id": "WuHt6bav9qTQn9+qCLLu3w==", "name": "python3-rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XD0JiZBKTweysL9d3sIzpw==": { "id": "XD0JiZBKTweysL9d3sIzpw==", "name": "perl-subs", "version": "1.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XPJI1FEhwhWF1vzFJI8S6g==": { "id": "XPJI1FEhwhWF1vzFJI8S6g==", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XVUHqTgxrtHVNbQOLA/oQA==": { "id": "XVUHqTgxrtHVNbQOLA/oQA==", "name": "librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XmQjRyagIacphhV3vVNJUg==": { "id": "XmQjRyagIacphhV3vVNJUg==", "name": "libuser", "version": "0.63-11.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Xs0UZDLX+3bz2vT+iSJz7Q==": { "id": "Xs0UZDLX+3bz2vT+iSJz7Q==", "name": "glib2", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y2WVn7YbALZNiKrMVF83bA==": { "id": "Y2WVn7YbALZNiKrMVF83bA==", "name": "bsdtar", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "YRfO+WACNVQDTEO1DaRoPw==": { "id": "YRfO+WACNVQDTEO1DaRoPw==", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZEh/5caJmj5WMgoK5/jyfw==": { "id": "ZEh/5caJmj5WMgoK5/jyfw==", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Znd6oNA8HDVHwd3abR/PEg==": { "id": "Znd6oNA8HDVHwd3abR/PEg==", "name": "libblkid-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "aW0vfCmvp3ku6dMkvaoZGw==": { "id": "aW0vfCmvp3ku6dMkvaoZGw==", "name": "perl-base", "version": "2.27-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ao0mLJHwgqEhua26lzg6gQ==": { "id": "ao0mLJHwgqEhua26lzg6gQ==", "name": "glibc-minimal-langpack", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "byfHs8LLvbAc+YzK8+QmXA==": { "id": "byfHs8LLvbAc+YzK8+QmXA==", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+W6x4Mcea6sasJQFpayfg==": { "id": "c+W6x4Mcea6sasJQFpayfg==", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c4cAHnbL6QvzxTWvSxwSUQ==": { "id": "c4cAHnbL6QvzxTWvSxwSUQ==", "name": "golang-bin", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c6MW06Rtj8J56gSpVtmC/w==": { "id": "c6MW06Rtj8J56gSpVtmC/w==", "name": "libselinux-devel", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cPPALpm8EZ1p7Fe1on0nPQ==": { "id": "cPPALpm8EZ1p7Fe1on0nPQ==", "name": "diffutils", "version": "3.7-12.el9", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "3.7-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "caF9WsICRhpk2jJBTv5OsQ==": { "id": "caF9WsICRhpk2jJBTv5OsQ==", "name": "perl-File-Basename", "version": "2.85-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "cj0M8yBzJA8j5tTGHOqDIw==": { "id": "cj0M8yBzJA8j5tTGHOqDIw==", "name": "perl-Fcntl", "version": "1.13-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ckYokpjDEx3hfGxpdtbM6A==": { "id": "ckYokpjDEx3hfGxpdtbM6A==", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "clGQ5Kq/RKZZziBln/4BLA==": { "id": "clGQ5Kq/RKZZziBln/4BLA==", "name": "perl-DynaLoader", "version": "1.47-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dnA+092RxSVxmYLtbm4n5w==": { "id": "dnA+092RxSVxmYLtbm4n5w==", "name": "libmount-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dt/eA+h8BqXPeZvbQ4xjlQ==": { "id": "dt/eA+h8BqXPeZvbQ4xjlQ==", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eJ5VkZHE2z3KyF5sFEKj8g==": { "id": "eJ5VkZHE2z3KyF5sFEKj8g==", "name": "cmake-filesystem", "version": "3.20.2-7.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eMk3cpR3xfyfnR/IUeON3Q==": { "id": "eMk3cpR3xfyfnR/IUeON3Q==", "name": "command-line-arguments", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "eUjbBBk9e6ukjdxq7Ysc5Q==": { "id": "eUjbBBk9e6ukjdxq7Ysc5Q==", "name": "krb5-libs", "version": "1.19.1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.19.1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eckWZv7IBjaLZNS/vZ1gWg==": { "id": "eckWZv7IBjaLZNS/vZ1gWg==", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ey7Cn3NmMZ6qorZvUccGqA==": { "id": "ey7Cn3NmMZ6qorZvUccGqA==", "name": "nodejs-libs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fTz/BbdjDg+PD+HvcMlQ3A==": { "id": "fTz/BbdjDg+PD+HvcMlQ3A==", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ffBZQco1wXO0fddcwHstSQ==": { "id": "ffBZQco1wXO0fddcwHstSQ==", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hGxLNL3q3tYYzz2uKfKB4A==": { "id": "hGxLNL3q3tYYzz2uKfKB4A==", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hHL/OokyETnopazrev0shg==": { "id": "hHL/OokyETnopazrev0shg==", "name": "lua-libs", "version": "5.4.4-2.el9_1", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hNv7ol5w6PGaZXktwlRWPg==": { "id": "hNv7ol5w6PGaZXktwlRWPg==", "name": "libblkid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hasHd85qN7fkJeIIqjjDow==": { "id": "hasHd85qN7fkJeIIqjjDow==", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hvKbzRSMjrg1f3y/PRzGwg==": { "id": "hvKbzRSMjrg1f3y/PRzGwg==", "name": "openssl-devel", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1yNGcAdCbK2SnebCgMUqQ==": { "id": "i1yNGcAdCbK2SnebCgMUqQ==", "name": "systemd-libs", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQnKl0+RxymKc9bhVdyuyQ==": { "id": "iQnKl0+RxymKc9bhVdyuyQ==", "name": "perl-B", "version": "1.80-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "j3oHbOmfE09xNAzoTXpcSg==": { "id": "j3oHbOmfE09xNAzoTXpcSg==", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jADxtb7PiatU9dihVhjp/Q==": { "id": "jADxtb7PiatU9dihVhjp/Q==", "name": "elfutils-libelf", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jSOT/FBECA7xUY+Zv/Ps+Q==": { "id": "jSOT/FBECA7xUY+Zv/Ps+Q==", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kMrprdB/TspYL2Dyt9hBfw==": { "id": "kMrprdB/TspYL2Dyt9hBfw==", "name": "libgomp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ki6pd/LsWsx2BY6b+Np6dQ==": { "id": "ki6pd/LsWsx2BY6b+Np6dQ==", "name": "cpp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kzHnWWgcRX/Do32aQ8TMBQ==": { "id": "kzHnWWgcRX/Do32aQ8TMBQ==", "name": "perl-Git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lxyER9sFQyH/cLua8fAlfw==": { "id": "lxyER9sFQyH/cLua8fAlfw==", "name": "perl-File-Find", "version": "1.37-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mRRefE/Wm2s5CZDmwUJ8jg==": { "id": "mRRefE/Wm2s5CZDmwUJ8jg==", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "me8N6gnEhOLccvD/431aCw==": { "id": "me8N6gnEhOLccvD/431aCw==", "name": "libgcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mqd6XOc7hJ7OKe7FI62YlA==": { "id": "mqd6XOc7hJ7OKe7FI62YlA==", "name": "python3-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ms1/Dytf/YQgRgubY3EyyQ==": { "id": "ms1/Dytf/YQgRgubY3EyyQ==", "name": "libsepol-devel", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "n2BikwI3Mg2dIr4kYK8New==": { "id": "n2BikwI3Mg2dIr4kYK8New==", "name": "pkgconf-m4", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nRx5HCyZ2M4L1LvJSclibw==": { "id": "nRx5HCyZ2M4L1LvJSclibw==", "name": "rsync", "version": "3.2.3-18.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "noZz3cbDBX3Q1ohSWIKe1g==": { "id": "noZz3cbDBX3Q1ohSWIKe1g==", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nwgNWiqPWTP9jQpHdB8CFA==": { "id": "nwgNWiqPWTP9jQpHdB8CFA==", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o3loazzxvm2hQ5N1QRaYvg==": { "id": "o3loazzxvm2hQ5N1QRaYvg==", "name": "glib2-devel", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oCbJhi6fmGrlKcF1SlNuYw==": { "id": "oCbJhi6fmGrlKcF1SlNuYw==", "name": "git-core", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oGWSEEsLb6ToIwJ1tUBkwg==": { "id": "oGWSEEsLb6ToIwJ1tUBkwg==", "name": "perl-File-Copy", "version": "2.34-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oWKtpTsx1ck3WozLlUNKbw==": { "id": "oWKtpTsx1ck3WozLlUNKbw==", "name": "yum", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9BcHmUiqsfiDX2HpNFM5g==": { "id": "p9BcHmUiqsfiDX2HpNFM5g==", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pNbpZqWYymW5Cm1QYLE4uQ==": { "id": "pNbpZqWYymW5Cm1QYLE4uQ==", "name": "device-mapper", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pdyD4GFauXtML8NxA7nURQ==": { "id": "pdyD4GFauXtML8NxA7nURQ==", "name": "python3-dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "peDze6790+ubKa/8hacS+w==": { "id": "peDze6790+ubKa/8hacS+w==", "name": "stdlib", "version": "1.18.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.9.0.0.0.0.0.0", "cpe": "" }, "pff1wMeg2U6ebqlGIkRlMg==": { "id": "pff1wMeg2U6ebqlGIkRlMg==", "name": "git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qIHoKDOcFEbVk0+xQvglbQ==": { "id": "qIHoKDOcFEbVk0+xQvglbQ==", "name": "openssl-libs", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qTTyL80F/2JUAy85WSpobg==": { "id": "qTTyL80F/2JUAy85WSpobg==", "name": "coreutils-single", "version": "8.32-32.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-32.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qijykJ/WFTcI/fd8/RsFmg==": { "id": "qijykJ/WFTcI/fd8/RsFmg==", "name": "ubi9", "version": "9.1.0-1782", "kind": "binary", "source": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rTAf2eiAGJSR1vI+tk12zg==": { "id": "rTAf2eiAGJSR1vI+tk12zg==", "name": "libuuid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rkUaC636uKZYge61PN1dew==": { "id": "rkUaC636uKZYge61PN1dew==", "name": "perl-POSIX", "version": "1.94-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ryPyL0/oZK1jJ8umBZkZBA==": { "id": "ryPyL0/oZK1jJ8umBZkZBA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szNvvFbgC3+nu7+FkWHQxA==": { "id": "szNvvFbgC3+nu7+FkWHQxA==", "name": "perl-overload", "version": "1.31-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "t51FYLdtFZpGFe/8JMUaTQ==": { "id": "t51FYLdtFZpGFe/8JMUaTQ==", "name": "rhel9/go-toolset", "version": "1.18.9-14", "kind": "binary", "source": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "tsX00aIcJlVDdnN8EABj3g==": { "id": "tsX00aIcJlVDdnN8EABj3g==", "name": "perl-Getopt-Std", "version": "1.12-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u+N5u943P15onszlgf+ujA==": { "id": "u+N5u943P15onszlgf+ujA==", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u95OKK2MhRQlEYI4tmvSVQ==": { "id": "u95OKK2MhRQlEYI4tmvSVQ==", "name": "util-linux-core", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uOrv4V08LjQ381I5J7cGpw==": { "id": "uOrv4V08LjQ381I5J7cGpw==", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uWyEe6UPxO05NNzNabxBgA==": { "id": "uWyEe6UPxO05NNzNabxBgA==", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uXpj8krYkomg5XDZ83F2kg==": { "id": "uXpj8krYkomg5XDZ83F2kg==", "name": "perl-libs", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVZXXrZNgHNmTJM7knKqAQ==": { "id": "vVZXXrZNgHNmTJM7knKqAQ==", "name": "libfdisk", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vaBZgtoGX6VZtIwrD9w+EQ==": { "id": "vaBZgtoGX6VZtIwrD9w+EQ==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wXu3MDegq/TfLSbBy6aoBQ==": { "id": "wXu3MDegq/TfLSbBy6aoBQ==", "name": "gcc-c++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wsc0mBnyNwrXYdpo0V+0aw==": { "id": "wsc0mBnyNwrXYdpo0V+0aw==", "name": "perl-FileHandle", "version": "2.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wusWpHXirQF8KfxliQcLkQ==": { "id": "wusWpHXirQF8KfxliQcLkQ==", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xC2PhiBOHiQbniVjaMltjw==": { "id": "xC2PhiBOHiQbniVjaMltjw==", "name": "libpkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xSR/sMJIXbuFPYhZS2ZN2Q==": { "id": "xSR/sMJIXbuFPYhZS2ZN2Q==", "name": "gcc-plugin-annobin", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yLdg/zIMr1LMvkW9tAZlGw==": { "id": "yLdg/zIMr1LMvkW9tAZlGw==", "name": "rpm-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yRjjypPMZa7QJg+DLoMumw==": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "yXx0rhfj7kyXaTrxOLQSfA==": { "id": "yXx0rhfj7kyXaTrxOLQSfA==", "name": "libsmartcols", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "z/d/zUXK6aF2L4H7dfeSZw==": { "id": "z/d/zUXK6aF2L4H7dfeSZw==", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zPYyryKVwACz98/WbfSW6w==": { "id": "zPYyryKVwACz98/WbfSW6w==", "name": "rpm-sign-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zpqzIc9TY4hiXJG024jdBQ==": { "id": "zpqzIc9TY4hiXJG024jdBQ==", "name": "golang-src", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "eda37d2c-a79a-4a75-a427-b72f9dc07e9f": { "id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad": { "id": "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "62f43a06-3e74-4156-87a6-3091fa64e0ef": { "id": "62f43a06-3e74-4156-87a6-3091fa64e0ef", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "6783a361-3845-4d7b-941e-7b69dd796c05": { "id": "6783a361-3845-4d7b-941e-7b69dd796c05", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "6f1c4dac-be99-44e0-b21a-670baf90880b": { "id": "6f1c4dac-be99-44e0-b21a-670baf90880b", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "81ba5841-6194-4032-a3de-17a7bf491ee0": { "id": "81ba5841-6194-4032-a3de-17a7bf491ee0", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "a1db65ef-e78f-462b-98e6-17296d6e6c2f": { "id": "a1db65ef-e78f-462b-98e6-17296d6e6c2f", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "b33e4043-1d8b-4c9d-b2a9-5af5851264ec": { "id": "b33e4043-1d8b-4c9d-b2a9-5af5851264ec", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "b3ae658d-77bb-461d-b704-6635227ccd32": { "id": "b3ae658d-77bb-461d-b704-6635227ccd32", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "dd703e72-24e5-49da-85e2-a93ea691f69e": { "id": "dd703e72-24e5-49da-85e2-a93ea691f69e", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "e7e78998-d880-41f7-9d9f-56c909f07d61": { "id": "e7e78998-d880-41f7-9d9f-56c909f07d61", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "++K+RsmgWfVk2mj1+hzWKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "+8O7w8gnK983LoZMdgIWhQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "+LQ46YAn9giMKDZRMCUpfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "+jCn1wujuDa5B1uNvCdVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "/FMjm+UzO0PTaS3Td0lhkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "/dbWc/LExxt1O7duWFf9og==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "/t0e+LuglIbDcO/k67Hr2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "/th8aUKrkgR3Sw9KSBM+CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "0N0D43vK8KV4kQOq2LQn7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "0QIby1L00NbGeIw8oxRQWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "0wIoN0pFyBSc9eVtRdIOWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "13i0QoQ6Q4yBI5RUf20lXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "2REYKadw7TKFiuC+OnoHmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "3688bXyK/nwHthXLLVH24g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "3DTA/XNFCCDFf6sfX96bGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "3RQKCmep11B4hkfn96QJTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "3iIPR0bjuCPQ2+48pSdeHg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "4Aph2Qer6+KdCecFsU0TXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "4DM2GB9KLL7/xWypPdz7vA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "4ImdKzJ7uZoaviIayzuoUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "5NZNFErDrBiBoorV+igTjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "5uy1J7qi/MafOdYJgaQeGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "68hxwX7t9VVTsdLs/0iJBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "695zXUDPsaaAbh1PGloHag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "6VAQWTpZhN9PW7YCmVhxsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "6f28+Af9kIn0OSp9f9j14Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "7JHS+mBQfJeJoy73lvm4lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "7Lf3UXydabzw8g7HGZER+w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "84WodsWNE9m9GIrBiKl02g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "8Gh2hioTt5BFisg9eNKeEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "8I3zEJ4sFSgk47ZaRLgtDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "8Ky53YwzOPM2pkEIVuuuBg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "8tmJEWGia0UWhhPJb3EyAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "9AmKs/wDQFsVMVHWnqbu+g==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "9Fy0bRr3ZMu3q8UNrhlOSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "9WzsXAqqRoLidXM4HaB8/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "9hWn3VgLVkzmMJln7S0UCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "9sAM/NqMLlsG3N88/yD1Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ARxZCHzD7KB2Pu4aHl7POw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "AZwLZmqkel2BzSMgQsIVGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "AdRs6lk9yzTM3HvjeEThKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "BX+oelClu2v6UOl6tluOEQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "C3QbGupU53FFTX0pkfNLrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "CjFzfz4zBZj7fcwIrVHCRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "CpC5etTxiNuDvBGQesJNDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Ct/46Ed7Asmqt98kLc0FLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "D/XNnExpupd1bO9ZIJIE9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "D0GGDit/UxegO+/A5R03SA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "DGqCqs+yrHvXs9qsPgn58g==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:b986fdd85242411cabea7eed4cd487ea0dbac1c4bee48705f7505cb5d19b1c37", "distribution_id": "", "repository_ids": [ "6783a361-3845-4d7b-941e-7b69dd796c05" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "E7ikPxWehuEw+6yIZODYlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "EgjLGZKjPtqIaFVLlFAAPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "EuqqL3yIFMd5VRAfuufJgg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "GVmxmNcJqT3ovg+RwjJg1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "GXm2fCeoaq1FqYmMTmMmhQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "H+zLNGeS4JMpmfP42mEhnA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "IN2DA8X4LYRmUb07gLqapg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "J0HrVYoM3raELvTfJ82QMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "JHQdC8JdSGipvO0sCig0cQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "JrBk+FMgyv4RrG6esVBCIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "L4diUjusARli24fy/u9lAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "LD9yEwGtdZJl2S96EO58PQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "LR+S3JloJQ5YEViBpmcLkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Lm5zHfIH4SjtxMBhECD0OQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "MJmw8vClC4VAn/J4MfhK2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "N4dB55YYjGYeXRj+vLBatg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "O2SZ5NZewmkamADtmBGMpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "OLwWa8SuQNJHUBFuTxkKKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "PHkBez1UE90U9LJepncOKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Q+exKQZH61PI/8YfpN472w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "QcnepR4WKBdAhWdMUPrAWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "RhNJQyxUHoA1z70UtgAC4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "RjsHhFfoWvmQBIu8lxYZjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Rx4ZYvIz7JT5wbghBsjOTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "SRyGVMCI95+oD0l3+3YStw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "SSnnOPGZCl33DlmR57wC7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "SV9uo4F9Li9vAHBKYcAlZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "TANtf1h6RhI5yVQQhHFTbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Uui1iXuECCOB7NgLQMsJpg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "UyCrdfN88WUEEECLCIw93w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "VFldiAD+rTFuce+kutFUuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "VKbklzwNVEem7m1iQRERDg==": [ { "package_db": "go:usr/bin/dlv", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "6783a361-3845-4d7b-941e-7b69dd796c05" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "W+js148eF9SSUbrTSIRvOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WIBkwuKReD+vnev0WY88mA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WXfnWfq5UvDl4B0hS+0enw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WgTBt6b85L1bF7WXV5bQRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "WuHt6bav9qTQn9+qCLLu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "XD0JiZBKTweysL9d3sIzpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "XPJI1FEhwhWF1vzFJI8S6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "XVUHqTgxrtHVNbQOLA/oQA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "XmQjRyagIacphhV3vVNJUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "Y2WVn7YbALZNiKrMVF83bA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "YRfO+WACNVQDTEO1DaRoPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ZEh/5caJmj5WMgoK5/jyfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "Znd6oNA8HDVHwd3abR/PEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "aW0vfCmvp3ku6dMkvaoZGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ao0mLJHwgqEhua26lzg6gQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "byfHs8LLvbAc+YzK8+QmXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "c+W6x4Mcea6sasJQFpayfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "c6MW06Rtj8J56gSpVtmC/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "cPPALpm8EZ1p7Fe1on0nPQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "caF9WsICRhpk2jJBTv5OsQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "cj0M8yBzJA8j5tTGHOqDIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ckYokpjDEx3hfGxpdtbM6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "clGQ5Kq/RKZZziBln/4BLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "dnA+092RxSVxmYLtbm4n5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "eMk3cpR3xfyfnR/IUeON3Q==": [ { "package_db": "go:usr/lib/golang/pkg/tool/linux_amd64/vet", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "6783a361-3845-4d7b-941e-7b69dd796c05" ] } ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "eckWZv7IBjaLZNS/vZ1gWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "ey7Cn3NmMZ6qorZvUccGqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "ffBZQco1wXO0fddcwHstSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hGxLNL3q3tYYzz2uKfKB4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hHL/OokyETnopazrev0shg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "hNv7ol5w6PGaZXktwlRWPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hasHd85qN7fkJeIIqjjDow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "hvKbzRSMjrg1f3y/PRzGwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "i1yNGcAdCbK2SnebCgMUqQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "iQnKl0+RxymKc9bhVdyuyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "j3oHbOmfE09xNAzoTXpcSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "jADxtb7PiatU9dihVhjp/Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "kMrprdB/TspYL2Dyt9hBfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "lxyER9sFQyH/cLua8fAlfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "me8N6gnEhOLccvD/431aCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "mqd6XOc7hJ7OKe7FI62YlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ms1/Dytf/YQgRgubY3EyyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "n2BikwI3Mg2dIr4kYK8New==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "nRx5HCyZ2M4L1LvJSclibw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "noZz3cbDBX3Q1ohSWIKe1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "nwgNWiqPWTP9jQpHdB8CFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "o3loazzxvm2hQ5N1QRaYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "oCbJhi6fmGrlKcF1SlNuYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "oWKtpTsx1ck3WozLlUNKbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "p9BcHmUiqsfiDX2HpNFM5g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "pNbpZqWYymW5Cm1QYLE4uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "pdyD4GFauXtML8NxA7nURQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "peDze6790+ubKa/8hacS+w==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:b986fdd85242411cabea7eed4cd487ea0dbac1c4bee48705f7505cb5d19b1c37", "distribution_id": "", "repository_ids": [ "6783a361-3845-4d7b-941e-7b69dd796c05" ] } ], "pff1wMeg2U6ebqlGIkRlMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "qIHoKDOcFEbVk0+xQvglbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "qTTyL80F/2JUAy85WSpobg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "qijykJ/WFTcI/fd8/RsFmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "rTAf2eiAGJSR1vI+tk12zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "rkUaC636uKZYge61PN1dew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "ryPyL0/oZK1jJ8umBZkZBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "szNvvFbgC3+nu7+FkWHQxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "t51FYLdtFZpGFe/8JMUaTQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "tsX00aIcJlVDdnN8EABj3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "u+N5u943P15onszlgf+ujA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "u95OKK2MhRQlEYI4tmvSVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "uOrv4V08LjQ381I5J7cGpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "uWyEe6UPxO05NNzNabxBgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "uXpj8krYkomg5XDZ83F2kg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "vVZXXrZNgHNmTJM7knKqAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "wXu3MDegq/TfLSbBy6aoBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "wsc0mBnyNwrXYdpo0V+0aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "wusWpHXirQF8KfxliQcLkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "xC2PhiBOHiQbniVjaMltjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "dd703e72-24e5-49da-85e2-a93ea691f69e", "6f1c4dac-be99-44e0-b21a-670baf90880b" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "yLdg/zIMr1LMvkW9tAZlGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "yRjjypPMZa7QJg+DLoMumw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "b3ae658d-77bb-461d-b704-6635227ccd32", "b3ae658d-77bb-461d-b704-6635227ccd32" ] } ], "yXx0rhfj7kyXaTrxOLQSfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "z/d/zUXK6aF2L4H7dfeSZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ], "zPYyryKVwACz98/WbfSW6w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "81ba5841-6194-4032-a3de-17a7bf491ee0", "a1db65ef-e78f-462b-98e6-17296d6e6c2f" ] } ], "zpqzIc9TY4hiXJG024jdBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "260ebeaa-83b7-4ecc-ba1f-2de9786fe1ad", "62f43a06-3e74-4156-87a6-3091fa64e0ef" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "eda37d2c-a79a-4a75-a427-b72f9dc07e9f", "repository_ids": [ "e7e78998-d880-41f7-9d9f-56c909f07d61", "b33e4043-1d8b-4c9d-b2a9-5af5851264ec" ] } ] }, "vulnerabilities": { "++J1c+9mFiyHFShlJEQFeA==": { "id": "++J1c+9mFiyHFShlJEQFeA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "+0Id+AHw3V8pYW+ywWnP+g==": { "id": "+0Id+AHw3V8pYW+ywWnP+g==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "+0pi5+jw8FdwHp5pZIVTBg==": { "id": "+0pi5+jw8FdwHp5pZIVTBg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "+1zjTJXhgIQ5uwrI0Po3UA==": { "id": "+1zjTJXhgIQ5uwrI0Po3UA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "+63s7h05SP1xmH1EyLoL/Q==": { "id": "+63s7h05SP1xmH1EyLoL/Q==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "+DDOZxWQYsdNCtZZs4LB2w==": { "id": "+DDOZxWQYsdNCtZZs4LB2w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "+Hel9A1WiSK+ZclItesXnQ==": { "id": "+Hel9A1WiSK+ZclItesXnQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+Q1v3N9+IP1xQOJnmQWDyQ==": { "id": "+Q1v3N9+IP1xQOJnmQWDyQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "+Q9jA+OXah1xDhJvsj+1OQ==": { "id": "+Q9jA+OXah1xDhJvsj+1OQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+SOMbfLFiy8gAeP6YTZQLA==": { "id": "+SOMbfLFiy8gAeP6YTZQLA==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "+WB02bbxvRVZgJj5gYjJ7w==": { "id": "+WB02bbxvRVZgJj5gYjJ7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "+YVz742I3o3v3ix+O1wb3g==": { "id": "+YVz742I3o3v3ix+O1wb3g==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "+YsItiFwLsY/quEIP17M6A==": { "id": "+YsItiFwLsY/quEIP17M6A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+do0gu6vrF3ZT5my5V6+CQ==": { "id": "+do0gu6vrF3ZT5my5V6+CQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "+dqw6lT9TwTTzMp6O2vf1w==": { "id": "+dqw6lT9TwTTzMp6O2vf1w==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hNDIOxLd94c7zDMEtwHAQ==": { "id": "+hNDIOxLd94c7zDMEtwHAQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+ieGB56AL1fLbXEZaHIRig==": { "id": "+ieGB56AL1fLbXEZaHIRig==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+pLPiYWkQ9M+8Zi7lKlOZA==": { "id": "+pLPiYWkQ9M+8Zi7lKlOZA==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "+pWnGgJUL0jrC1yhwq+kNw==": { "id": "+pWnGgJUL0jrC1yhwq+kNw==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "+rCn8yfwQj/rMH9c7+J0ww==": { "id": "+rCn8yfwQj/rMH9c7+J0ww==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "+xzMjgQ/BhN1jTBlVwQfIA==": { "id": "+xzMjgQ/BhN1jTBlVwQfIA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+0dqY3HS0Vwp8Izm3R04Q==": { "id": "/+0dqY3HS0Vwp8Izm3R04Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+enDTB16pRyR8XOMcf3ug==": { "id": "/+enDTB16pRyR8XOMcf3ug==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/+t6edjy50ibBAIw8q+CWg==": { "id": "/+t6edjy50ibBAIw8q+CWg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "//2gjbgNV4aF0qefir+7Ng==": { "id": "//2gjbgNV4aF0qefir+7Ng==", "updater": "osv/go", "name": "GO-2024-2963", "description": "Denial of service due to improper 100-continue handling in net/http", "issued": "2024-07-02T20:11:00Z", "links": "https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.12" }, "//NR3gdAYSoDJ/e4qJeTJg==": { "id": "//NR3gdAYSoDJ/e4qJeTJg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:22005", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-12.el9_7", "arch_op": "pattern match" }, "/0WOR5Jn6BKoC/9+5dlz1Q==": { "id": "/0WOR5Jn6BKoC/9+5dlz1Q==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "/E8Khm0ZXy1gRiDom4c+aw==": { "id": "/E8Khm0ZXy1gRiDom4c+aw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/EvgSih2YVXl7ohENLMJIQ==": { "id": "/EvgSih2YVXl7ohENLMJIQ==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "/F62/Gd7cIE4aLRbxVnfCA==": { "id": "/F62/Gd7cIE4aLRbxVnfCA==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "/G3xQo8kmNMyu7hycZYF/A==": { "id": "/G3xQo8kmNMyu7hycZYF/A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/HT2WOXIuvVNrzT1Wp3ntw==": { "id": "/HT2WOXIuvVNrzT1Wp3ntw==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "/KRhrFyFO2WBBj1/Wnbnrg==": { "id": "/KRhrFyFO2WBBj1/Wnbnrg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/MgFHW097IAGIZkNc/Fltw==": { "id": "/MgFHW097IAGIZkNc/Fltw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/SEhubz8W4ZKbKg2+yh86Q==": { "id": "/SEhubz8W4ZKbKg2+yh86Q==", "updater": "rhel-vex", "name": "CVE-2022-30635", "description": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://www.cve.org/CVERecord?id=CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30635.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/U86DUGeHRSAL0GvmlifyA==": { "id": "/U86DUGeHRSAL0GvmlifyA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "/U8Jx7SKI9t4H3q4Xm/KEQ==": { "id": "/U8Jx7SKI9t4H3q4Xm/KEQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "/WghVlKV6eiRYf2iGmk9sQ==": { "id": "/WghVlKV6eiRYf2iGmk9sQ==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/YIHlhDwc0XvwYDDbGEIMg==": { "id": "/YIHlhDwc0XvwYDDbGEIMg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/bIhvJWw2AYMGyJtBaoH6A==": { "id": "/bIhvJWw2AYMGyJtBaoH6A==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/eIvRWSFFmU3q3Ki3j/gKA==": { "id": "/eIvRWSFFmU3q3Ki3j/gKA==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "/kFHc0+JKhJmQT3bM6TpTQ==": { "id": "/kFHc0+JKhJmQT3bM6TpTQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "/l+w9tCELORzNXZA4/qNsw==": { "id": "/l+w9tCELORzNXZA4/qNsw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/m4KubgMsY+Uf3GqqbY5Og==": { "id": "/m4KubgMsY+Uf3GqqbY5Og==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "/pWkiqt8QgDCUksSSa24UQ==": { "id": "/pWkiqt8QgDCUksSSa24UQ==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/rVEaWl0l9u8biVEKbZTFg==": { "id": "/rVEaWl0l9u8biVEKbZTFg==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "00MQS+g+VNjKvRbuFWsWbQ==": { "id": "00MQS+g+VNjKvRbuFWsWbQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "03F5BM6+dlM9pg6rJMb2UA==": { "id": "03F5BM6+dlM9pg6rJMb2UA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "06GjiUkv66Ek9Iq8u3SFSA==": { "id": "06GjiUkv66Ek9Iq8u3SFSA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "081ZZUa7+goThe2JzRBcxw==": { "id": "081ZZUa7+goThe2JzRBcxw==", "updater": "osv/go", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "issued": "2023-03-08T19:30:53Z", "links": "https://go.dev/issue/58647 https://go.dev/cl/471255 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.7" }, "09S7nCU8PMWz5tWquOFCaQ==": { "id": "09S7nCU8PMWz5tWquOFCaQ==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0DSgRHOq1OLwMX3biKMcbA==": { "id": "0DSgRHOq1OLwMX3biKMcbA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "0DVnsi7oVeiCakd5LIvqig==": { "id": "0DVnsi7oVeiCakd5LIvqig==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "0E3jDwz9OiQ7ty2SI9zDYQ==": { "id": "0E3jDwz9OiQ7ty2SI9zDYQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0EBjG0eDRuUxNmTKolYVYQ==": { "id": "0EBjG0eDRuUxNmTKolYVYQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "0EZfEnxlowgJ1Et69rh7Fg==": { "id": "0EZfEnxlowgJ1Et69rh7Fg==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "0Gq5wAUiCXaH50wxZYx9MQ==": { "id": "0Gq5wAUiCXaH50wxZYx9MQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "0ISEnYRRDkbJFXBP9XvdpA==": { "id": "0ISEnYRRDkbJFXBP9XvdpA==", "updater": "rhel-vex", "name": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "issued": "2025-10-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://www.cve.org/CVERecord?id=CVE-2025-11731 https://nvd.nist.gov/vuln/detail/CVE-2025-11731 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11731.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0KjhdYYIURWUfsbpzAdnPQ==": { "id": "0KjhdYYIURWUfsbpzAdnPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "0LMSjLLjEqlpe4LAE1rWJA==": { "id": "0LMSjLLjEqlpe4LAE1rWJA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0LvlxzvH25js4ffWzvLRTQ==": { "id": "0LvlxzvH25js4ffWzvLRTQ==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0MBdby0uigxg//rv2xd7SQ==": { "id": "0MBdby0uigxg//rv2xd7SQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "0MVVcjDKfdLbs80csEfrOw==": { "id": "0MVVcjDKfdLbs80csEfrOw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "0O2I0zrYDyiCiU68WyBLvw==": { "id": "0O2I0zrYDyiCiU68WyBLvw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "0P/5eKFuPPXM3bHgeAHWxw==": { "id": "0P/5eKFuPPXM3bHgeAHWxw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0PMktbRk+B4fdwvvP1VWUg==": { "id": "0PMktbRk+B4fdwvvP1VWUg==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "0QqnWQey4QRkB1tBadW1jg==": { "id": "0QqnWQey4QRkB1tBadW1jg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0RLigWktH24pjgFtIwRH2A==": { "id": "0RLigWktH24pjgFtIwRH2A==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0TUqdQNGOvjHNFjkDen1Sg==": { "id": "0TUqdQNGOvjHNFjkDen1Sg==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "0Tr3QMpqaFB6S//rbJ/Onw==": { "id": "0Tr3QMpqaFB6S//rbJ/Onw==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "0U0p6zwok5l6rbIxjBRN7w==": { "id": "0U0p6zwok5l6rbIxjBRN7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "0UWL07sxLog3CGNaaYYQxQ==": { "id": "0UWL07sxLog3CGNaaYYQxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0UxirvKJMj5gY8fbrSf6sA==": { "id": "0UxirvKJMj5gY8fbrSf6sA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.1.el9_6", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZGrJGNNqDLH/sZXsRkfvA==": { "id": "0ZGrJGNNqDLH/sZXsRkfvA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0ZQtBpkFjRCvM3RNGGREDQ==": { "id": "0ZQtBpkFjRCvM3RNGGREDQ==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0ZniYEExf5hn6bWx9CxbmA==": { "id": "0ZniYEExf5hn6bWx9CxbmA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "0ahYjiLWT0VE+MRcEm8yAQ==": { "id": "0ahYjiLWT0VE+MRcEm8yAQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0bsVwLbC3DjqoPdFlpHGrA==": { "id": "0bsVwLbC3DjqoPdFlpHGrA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0gEzVf04N4WWI36MnLXr1w==": { "id": "0gEzVf04N4WWI36MnLXr1w==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0hxAfeI84l0pzeedcqmGpQ==": { "id": "0hxAfeI84l0pzeedcqmGpQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.1.el9_6", "arch_op": "pattern match" }, "0kDaqIpbO93XpnbaK6KFUg==": { "id": "0kDaqIpbO93XpnbaK6KFUg==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "0nQVynV3NMmwash6dBc+8Q==": { "id": "0nQVynV3NMmwash6dBc+8Q==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "0tfYnYhAiMREOXyqf/1Urw==": { "id": "0tfYnYhAiMREOXyqf/1Urw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0w7yDxNwDisUMkIdlkUTZw==": { "id": "0w7yDxNwDisUMkIdlkUTZw==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "0wSMVHwI5T4EgYqkub8RhA==": { "id": "0wSMVHwI5T4EgYqkub8RhA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "0wh4c9Z6sNxM5NAXtzaMNg==": { "id": "0wh4c9Z6sNxM5NAXtzaMNg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "1/PWApRfYh/rLEOR0JZLsw==": { "id": "1/PWApRfYh/rLEOR0JZLsw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1/xm1gDhSpcAv1vbsLnNhA==": { "id": "1/xm1gDhSpcAv1vbsLnNhA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "10T7L0U8GuP9Qhz3unCqvw==": { "id": "10T7L0U8GuP9Qhz3unCqvw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "12PmpsYpKqbguwokcjBXqw==": { "id": "12PmpsYpKqbguwokcjBXqw==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "1378JmiuKDjVj7PZAMUvLg==": { "id": "1378JmiuKDjVj7PZAMUvLg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "13Dkon5caDMIMuKn79Qskg==": { "id": "13Dkon5caDMIMuKn79Qskg==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "13fIhbDHRYF0KXmxmJIfiA==": { "id": "13fIhbDHRYF0KXmxmJIfiA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14Etv/7765FAI8QbzsokBQ==": { "id": "14Etv/7765FAI8QbzsokBQ==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "15uVNLTcXPHEO0XVoOOwZw==": { "id": "15uVNLTcXPHEO0XVoOOwZw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1BGBx+ICmx9ndSR1J6c9Rw==": { "id": "1BGBx+ICmx9ndSR1J6c9Rw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1CDGyH/KaS7DctjOTuk4Gg==": { "id": "1CDGyH/KaS7DctjOTuk4Gg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ICypZP/7UrDVdoDevopUA==": { "id": "1ICypZP/7UrDVdoDevopUA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "1Iwd54Uz+8MDWoeCI9f7Iw==": { "id": "1Iwd54Uz+8MDWoeCI9f7Iw==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "1KxLqY5vPHnDfUxdviejiw==": { "id": "1KxLqY5vPHnDfUxdviejiw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1LTKa378StuY8O3o3G26jw==": { "id": "1LTKa378StuY8O3o3G26jw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1NnjgULlQBpIVsNocYb9uw==": { "id": "1NnjgULlQBpIVsNocYb9uw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "1PYvw1fdwe6hM2UBdw4Itw==": { "id": "1PYvw1fdwe6hM2UBdw4Itw==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "1QQmDcMkRqvOte/bR8QEuQ==": { "id": "1QQmDcMkRqvOte/bR8QEuQ==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "1SDdOQM609JpOnF4Vx/qwQ==": { "id": "1SDdOQM609JpOnF4Vx/qwQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "1VKGbptJGVhPmMaic8aidg==": { "id": "1VKGbptJGVhPmMaic8aidg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1XBQq3flp6UCNWfTuRjE6g==": { "id": "1XBQq3flp6UCNWfTuRjE6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1XwPa50Si6EKs+Oms8SLUA==": { "id": "1XwPa50Si6EKs+Oms8SLUA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "1aPjlkabj3eUY8WGb+gz+g==": { "id": "1aPjlkabj3eUY8WGb+gz+g==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "1eXmoeT5Qd9M0GiSJ3z2mg==": { "id": "1eXmoeT5Qd9M0GiSJ3z2mg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1nX4t0Z3G1H45fqJox3f4Q==": { "id": "1nX4t0Z3G1H45fqJox3f4Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "1oKL9ZSv1M4CmxUhNFjpmg==": { "id": "1oKL9ZSv1M4CmxUhNFjpmg==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "1q7YjyB3mR25zvqxJ6Zk3w==": { "id": "1q7YjyB3mR25zvqxJ6Zk3w==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "1qsA4RvCYZB2uDwgIo8TuQ==": { "id": "1qsA4RvCYZB2uDwgIo8TuQ==", "updater": "osv/go", "name": "GO-2024-3106", "description": "Stack exhaustion in Decoder.Decode in encoding/gob", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "1sD6TJmtoMKm89Mo2ka5lA==": { "id": "1sD6TJmtoMKm89Mo2ka5lA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1xdBxKyIRMGUr99Qk2jvHw==": { "id": "1xdBxKyIRMGUr99Qk2jvHw==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ylYMOLaPUA6xIkqwKBb9w==": { "id": "1ylYMOLaPUA6xIkqwKBb9w==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "2/I3PyWTnfJdMedKAemp8Q==": { "id": "2/I3PyWTnfJdMedKAemp8Q==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2432H9ZBrMWDJ7HhyQT63A==": { "id": "2432H9ZBrMWDJ7HhyQT63A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "24Paca4PaySz9eM+VJu4ew==": { "id": "24Paca4PaySz9eM+VJu4ew==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "24Ysg4Ma/AJz8Z93D2PzNQ==": { "id": "24Ysg4Ma/AJz8Z93D2PzNQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "26JRymquUeoxtDSKcKSDSg==": { "id": "26JRymquUeoxtDSKcKSDSg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "29Fo/GOP7MILPepOrnMgjA==": { "id": "29Fo/GOP7MILPepOrnMgjA==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "29JfppZedoclZHW2coehcQ==": { "id": "29JfppZedoclZHW2coehcQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2A2BjgErU1GldRQi2g+XQg==": { "id": "2A2BjgErU1GldRQi2g+XQg==", "updater": "rhel-vex", "name": "CVE-2022-45939", "description": "A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.", "issued": "2022-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzilla.redhat.com/show_bug.cgi?id=2149380 https://www.cve.org/CVERecord?id=CVE-2022-45939 https://nvd.nist.gov/vuln/detail/CVE-2022-45939 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-45939.json https://access.redhat.com/errata/RHSA-2023:2366", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9", "arch_op": "pattern match" }, "2DPl1NLEsHotw7kYOPR/8A==": { "id": "2DPl1NLEsHotw7kYOPR/8A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2GOqqUt4mwKng/FA0FV67w==": { "id": "2GOqqUt4mwKng/FA0FV67w==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2IUiS8eDJ2evZHzBkLGqPw==": { "id": "2IUiS8eDJ2evZHzBkLGqPw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "2M5CwoqtCrF9ix+6ghISOg==": { "id": "2M5CwoqtCrF9ix+6ghISOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "2QjZksAOTEJVwk59l2QYOQ==": { "id": "2QjZksAOTEJVwk59l2QYOQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2SApI7oHpcm9Z48+2Hj11w==": { "id": "2SApI7oHpcm9Z48+2Hj11w==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UhjmcPUkGmILpYJPZEiNQ==": { "id": "2UhjmcPUkGmILpYJPZEiNQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2VowcBblBj36IfwmFRwcwg==": { "id": "2VowcBblBj36IfwmFRwcwg==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "2Z/NA7sGgadio/qisfiC3Q==": { "id": "2Z/NA7sGgadio/qisfiC3Q==", "updater": "rhel-vex", "name": "CVE-2022-48339", "description": "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzilla.redhat.com/show_bug.cgi?id=2171989 https://www.cve.org/CVERecord?id=CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48339.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "2bOVXniSdlE0fZB1iot4yQ==": { "id": "2bOVXniSdlE0fZB1iot4yQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2eKcZq74WOmYmPDTZ8L+Jg==": { "id": "2eKcZq74WOmYmPDTZ8L+Jg==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "2j4vw/Ef1McLxa/C6FEQvA==": { "id": "2j4vw/Ef1McLxa/C6FEQvA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "2k/PqFfUaKNy33VkAbVD6g==": { "id": "2k/PqFfUaKNy33VkAbVD6g==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2n2n++65Q4X6kZeNZUZXMw==": { "id": "2n2n++65Q4X6kZeNZUZXMw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "2oTX17kDUCTK4lHB98r0SQ==": { "id": "2oTX17kDUCTK4lHB98r0SQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.1.el9_6", "arch_op": "pattern match" }, "2pofu/QdlV4xoXosgfKRNw==": { "id": "2pofu/QdlV4xoXosgfKRNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2t1KBK7sA8rKgVHavF6SZA==": { "id": "2t1KBK7sA8rKgVHavF6SZA==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "2tFr9TQJkcgsTrNAQX0kdw==": { "id": "2tFr9TQJkcgsTrNAQX0kdw==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "2vdCDySzHer9qKv7EOUGqQ==": { "id": "2vdCDySzHer9qKv7EOUGqQ==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "2vidY7qxU0KDMpAzTaXQCw==": { "id": "2vidY7qxU0KDMpAzTaXQCw==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2vr/twKdnITJOKu9ARCAXQ==": { "id": "2vr/twKdnITJOKu9ARCAXQ==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "2wnmmIxGcmTTQ7kdV4Q55Q==": { "id": "2wnmmIxGcmTTQ7kdV4Q55Q==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "2y2LXrQ+Jdr+fioSazFF4w==": { "id": "2y2LXrQ+Jdr+fioSazFF4w==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "31zk833ZdfHhkO9sg82MSw==": { "id": "31zk833ZdfHhkO9sg82MSw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "32PT0J5usgv3laBJ37g1fA==": { "id": "32PT0J5usgv3laBJ37g1fA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "34lrKmSrRttv8Ef8QZo+Cw==": { "id": "34lrKmSrRttv8Ef8QZo+Cw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "39KBEdrZX0FwGoQxYgkupQ==": { "id": "39KBEdrZX0FwGoQxYgkupQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "3A+d+ITPUBtAGX1jTlLhKg==": { "id": "3A+d+ITPUBtAGX1jTlLhKg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3BY1OD4rYtX6LEFO6X+/Yw==": { "id": "3BY1OD4rYtX6LEFO6X+/Yw==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3CUrg7YVjtx0L5aX+iMRxA==": { "id": "3CUrg7YVjtx0L5aX+iMRxA==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "3D/COcmVFbxgINNliqKHgw==": { "id": "3D/COcmVFbxgINNliqKHgw==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "3E/EPC1OcoKQToPb+efdaQ==": { "id": "3E/EPC1OcoKQToPb+efdaQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "3E5wmOETiTx03Y24iDJEUg==": { "id": "3E5wmOETiTx03Y24iDJEUg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3FdyvSRS+ECfT74KYiCcLA==": { "id": "3FdyvSRS+ECfT74KYiCcLA==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4R28kD2w0Acw7XQvAZ3Q==": { "id": "3O4R28kD2w0Acw7XQvAZ3Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "3S91ZYwiienVlUnFeIzkRw==": { "id": "3S91ZYwiienVlUnFeIzkRw==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "3SaNoRivMP21uU5flMCqrg==": { "id": "3SaNoRivMP21uU5flMCqrg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3a2lYBlaR2GDen/lmTlCyg==": { "id": "3a2lYBlaR2GDen/lmTlCyg==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "3cVM/UH6o+8G2FMQ1Gl/Ww==": { "id": "3cVM/UH6o+8G2FMQ1Gl/Ww==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "3f5N5l71YgnMV/U9whrIuA==": { "id": "3f5N5l71YgnMV/U9whrIuA==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "3hB+Mhm9+7AXsO3nGoz+Pg==": { "id": "3hB+Mhm9+7AXsO3nGoz+Pg==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3k2lNJd2kR3VB6gGhj547g==": { "id": "3k2lNJd2kR3VB6gGhj547g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3wP/Eggf7Bu35MpzNr1Fog==": { "id": "3wP/Eggf7Bu35MpzNr1Fog==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "3wYf+EaP3IAW5wHFWATuaw==": { "id": "3wYf+EaP3IAW5wHFWATuaw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "3wnJ6TxCGJITikNK4m6q+g==": { "id": "3wnJ6TxCGJITikNK4m6q+g==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "43uaBOp3I4s6BbwM75Dtcg==": { "id": "43uaBOp3I4s6BbwM75Dtcg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "49jEi4xCgfg8T8qzhNobIA==": { "id": "49jEi4xCgfg8T8qzhNobIA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4CRDu/yV+Tfg3mSUobPIUg==": { "id": "4CRDu/yV+Tfg3mSUobPIUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4Gs7xCHPPMrNepkQNCPnkg==": { "id": "4Gs7xCHPPMrNepkQNCPnkg==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "4IznDha57aCNWoI0Hc828Q==": { "id": "4IznDha57aCNWoI0Hc828Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4JIGhO7+fAz+LPTFEuBHUg==": { "id": "4JIGhO7+fAz+LPTFEuBHUg==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "4JsZIRvQ+13IMgBIUPH0jA==": { "id": "4JsZIRvQ+13IMgBIUPH0jA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "4K1RYkumn7qw6Pk7lwpfbA==": { "id": "4K1RYkumn7qw6Pk7lwpfbA==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "4K4SQ2PlDqXihbvwEXiB/w==": { "id": "4K4SQ2PlDqXihbvwEXiB/w==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "4K7cGcsZltSw5Ayu8+A5rA==": { "id": "4K7cGcsZltSw5Ayu8+A5rA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4L3dk768qs7Sg3jWyr+5Ug==": { "id": "4L3dk768qs7Sg3jWyr+5Ug==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4MoaZecth+9t4X3jdykhZg==": { "id": "4MoaZecth+9t4X3jdykhZg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "4N3POA/rTFsL9RdGINkq1A==": { "id": "4N3POA/rTFsL9RdGINkq1A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4Oz54fEBFyAJBdTJ/p2wxA==": { "id": "4Oz54fEBFyAJBdTJ/p2wxA==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "4PW1pGs0HJlG6XNR1xk0ZA==": { "id": "4PW1pGs0HJlG6XNR1xk0ZA==", "updater": "osv/go", "name": "GO-2025-3447", "description": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "issued": "2025-02-06T16:38:14Z", "links": "https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.12" }, "4PXcy6CSX2EaPwYEdLkfbw==": { "id": "4PXcy6CSX2EaPwYEdLkfbw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "4QiWtYafAt/cFOvYpyJONw==": { "id": "4QiWtYafAt/cFOvYpyJONw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "4RaJ63cwUpp+QWj0IKysEw==": { "id": "4RaJ63cwUpp+QWj0IKysEw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "4Uca8szOo7gGoVgv+DjeUA==": { "id": "4Uca8szOo7gGoVgv+DjeUA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4Ue6KfIGD2Yqlg6OG87Bzw==": { "id": "4Ue6KfIGD2Yqlg6OG87Bzw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "4Utc/6C5f6+A3gsr9KU/IA==": { "id": "4Utc/6C5f6+A3gsr9KU/IA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "4YMcCEsfWO5KpctoAqwrFQ==": { "id": "4YMcCEsfWO5KpctoAqwrFQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4cQAenzXciR7rLlEmdwZsQ==": { "id": "4cQAenzXciR7rLlEmdwZsQ==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4comqU/5SRuDKC1qqBMlGQ==": { "id": "4comqU/5SRuDKC1qqBMlGQ==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "4eh40PtMaL3JhPlCzb+8jA==": { "id": "4eh40PtMaL3JhPlCzb+8jA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "4evfzAbeD7HXRBHHbDpAwA==": { "id": "4evfzAbeD7HXRBHHbDpAwA==", "updater": "osv/go", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "issued": "2023-07-11T19:19:08Z", "links": "https://go.dev/issue/60374 https://go.dev/cl/506996 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.11" }, "4gO4ls/gy0nmsC3NeXvyVQ==": { "id": "4gO4ls/gy0nmsC3NeXvyVQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.1.el9_6", "arch_op": "pattern match" }, "4hX2FW/Yj9HDbKRBqrhgdg==": { "id": "4hX2FW/Yj9HDbKRBqrhgdg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4iFNln+X4k0SeUiw/ueLUA==": { "id": "4iFNln+X4k0SeUiw/ueLUA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "4rkDoNFFNCrcnkPj+GN2vA==": { "id": "4rkDoNFFNCrcnkPj+GN2vA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4vHE1o0sxmJSfgr6AiAtqA==": { "id": "4vHE1o0sxmJSfgr6AiAtqA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4vS3iu8lvGukFpBFqYCdVg==": { "id": "4vS3iu8lvGukFpBFqYCdVg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "4xxaXkxeYvxr8HgxLSDyHw==": { "id": "4xxaXkxeYvxr8HgxLSDyHw==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "4zvDuRN18ZTgEdA+auow3w==": { "id": "4zvDuRN18ZTgEdA+auow3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "5/L+eT1BzZSWVW4ZLUXszw==": { "id": "5/L+eT1BzZSWVW4ZLUXszw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "5073UNZPtR+lsy1kIMhUEA==": { "id": "5073UNZPtR+lsy1kIMhUEA==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "51jf2IrfzMdepCjAvXkPMw==": { "id": "51jf2IrfzMdepCjAvXkPMw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "55nFlly0ydgYROdIHNoLjg==": { "id": "55nFlly0ydgYROdIHNoLjg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "562erF6ddCIyzi5oV/IzHQ==": { "id": "562erF6ddCIyzi5oV/IzHQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "5AQXXWGtKGeqoPkMqmVzTg==": { "id": "5AQXXWGtKGeqoPkMqmVzTg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "5BXX9+pRVay9wrZAORfhhQ==": { "id": "5BXX9+pRVay9wrZAORfhhQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5Dh9IlEeZc9EPevqDNDlAQ==": { "id": "5Dh9IlEeZc9EPevqDNDlAQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "5EJ0MC7TgiGIlilbbiOvfQ==": { "id": "5EJ0MC7TgiGIlilbbiOvfQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "5EPGtk7Hqn2hqOaxgmNiSQ==": { "id": "5EPGtk7Hqn2hqOaxgmNiSQ==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "5IIoRCBMIgus62mGlE3F9A==": { "id": "5IIoRCBMIgus62mGlE3F9A==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5MGCN705vR5eWycZyFuYJQ==": { "id": "5MGCN705vR5eWycZyFuYJQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5MqCycBYSRDsdNOzvOandQ==": { "id": "5MqCycBYSRDsdNOzvOandQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "5N/eQ/DLmsm7yS6+3apC5A==": { "id": "5N/eQ/DLmsm7yS6+3apC5A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "5RT9+X+8xx3rC02gOnVsjQ==": { "id": "5RT9+X+8xx3rC02gOnVsjQ==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "5TfU8//dfsOlT82byi0lug==": { "id": "5TfU8//dfsOlT82byi0lug==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "5XT+5ghtfmJFJSJCERGwhQ==": { "id": "5XT+5ghtfmJFJSJCERGwhQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5ZJ6PuXfgRMCarpNow00ew==": { "id": "5ZJ6PuXfgRMCarpNow00ew==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ejk3bhFpvIIABy9EwjwqQ==": { "id": "5ejk3bhFpvIIABy9EwjwqQ==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "5fSQkV1bu4GJUiaWjO+PNQ==": { "id": "5fSQkV1bu4GJUiaWjO+PNQ==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "5gK/V8vtqDYoHf1LFdtSbA==": { "id": "5gK/V8vtqDYoHf1LFdtSbA==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "5hOM1HtOhjQV1yizNCgxBg==": { "id": "5hOM1HtOhjQV1yizNCgxBg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "5j7D/WXFLHsZYUeUrskpMA==": { "id": "5j7D/WXFLHsZYUeUrskpMA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "5lHEu4ueMJgetLv/GfKHtg==": { "id": "5lHEu4ueMJgetLv/GfKHtg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5pFK2pddNfoGuwrNwC3BlQ==": { "id": "5pFK2pddNfoGuwrNwC3BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5pINgBOJXOluBJi9rQyioQ==": { "id": "5pINgBOJXOluBJi9rQyioQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ro53BoC7BlAtEu1loQCSw==": { "id": "5ro53BoC7BlAtEu1loQCSw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5sY/WncZRmQ7FUzZZ4kBfQ==": { "id": "5sY/WncZRmQ7FUzZZ4kBfQ==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "5ua6yduRd8slR+XckPuEJw==": { "id": "5ua6yduRd8slR+XckPuEJw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5vR/2ZAfb0swnLBKDl3Bzg==": { "id": "5vR/2ZAfb0swnLBKDl3Bzg==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "5xW5MMwESxiksXgaLrFCnQ==": { "id": "5xW5MMwESxiksXgaLrFCnQ==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "5xY3IHUogqpqvbFwiQURyA==": { "id": "5xY3IHUogqpqvbFwiQURyA==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "5z9ZOzxJREYn5oM+HAm6dA==": { "id": "5z9ZOzxJREYn5oM+HAm6dA==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "5zg9huqgOp8E89z3dxtcHg==": { "id": "5zg9huqgOp8E89z3dxtcHg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6/Rn1WFxVO6aopyr8psGfQ==": { "id": "6/Rn1WFxVO6aopyr8psGfQ==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "63po8QED6nDungBQEqHIyA==": { "id": "63po8QED6nDungBQEqHIyA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "67Q/SCDsFWutXyKWQ9JQdQ==": { "id": "67Q/SCDsFWutXyKWQ9JQdQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "69HZBPjw2QR8kIdKeSUwQg==": { "id": "69HZBPjw2QR8kIdKeSUwQg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6E1YTgmxENPqo7FirtVNvw==": { "id": "6E1YTgmxENPqo7FirtVNvw==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6GzxFtf19XU1Y6ySz6SgYQ==": { "id": "6GzxFtf19XU1Y6ySz6SgYQ==", "updater": "osv/go", "name": "GO-2024-3107", "description": "Stack exhaustion in Parse in go/build/constraint", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6JXvoql3pzMfkGQb7H+Jqg==": { "id": "6JXvoql3pzMfkGQb7H+Jqg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6K5O0xmJnJtZcGmUaZ+P/w==": { "id": "6K5O0xmJnJtZcGmUaZ+P/w==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6PfMuZGMOADiSo4Ifx0/Qw==": { "id": "6PfMuZGMOADiSo4Ifx0/Qw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "6Q0Sg/Y1lskU2n7rbcxAIw==": { "id": "6Q0Sg/Y1lskU2n7rbcxAIw==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6Qa2KBduT2HgJC4kctpUnw==": { "id": "6Qa2KBduT2HgJC4kctpUnw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "6VA82zmenvpHf3qd7c6BQg==": { "id": "6VA82zmenvpHf3qd7c6BQg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "6W4lt5SjUgXnbxNap1O0Cg==": { "id": "6W4lt5SjUgXnbxNap1O0Cg==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6WQjHZdyTC+aVOSwNc3+BQ==": { "id": "6WQjHZdyTC+aVOSwNc3+BQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6XzckJlhvkdWwkN1ERVdzg==": { "id": "6XzckJlhvkdWwkN1ERVdzg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6Za/T764+Wnq0wfxFjEvGw==": { "id": "6Za/T764+Wnq0wfxFjEvGw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6bZ4UNaa9jRLVZoZHQgYtQ==": { "id": "6bZ4UNaa9jRLVZoZHQgYtQ==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6fJcYsi1gPQNv5g1ujEPdA==": { "id": "6fJcYsi1gPQNv5g1ujEPdA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6miUB07ljV2HaYX/rZ1yjg==": { "id": "6miUB07ljV2HaYX/rZ1yjg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6otwEH3RP+2A14zXLvGXpg==": { "id": "6otwEH3RP+2A14zXLvGXpg==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "6pBzw2YiS9JmVvplQUxl2Q==": { "id": "6pBzw2YiS9JmVvplQUxl2Q==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "6pPl5aD/FZ2M/6Yaa588Aw==": { "id": "6pPl5aD/FZ2M/6Yaa588Aw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "6q1zANz+NJU+U0TPL1Xa2g==": { "id": "6q1zANz+NJU+U0TPL1Xa2g==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "6qJXB6OTmGgjS8WJVVTxvQ==": { "id": "6qJXB6OTmGgjS8WJVVTxvQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "6rBlrHxkkFbqVRbyfq+scg==": { "id": "6rBlrHxkkFbqVRbyfq+scg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "6tML+4g9GkMhdrrSDsX4Zw==": { "id": "6tML+4g9GkMhdrrSDsX4Zw==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "6thTxik/0CDWjirwYbVkYw==": { "id": "6thTxik/0CDWjirwYbVkYw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "6ysC6D7BSkYQ7y8vZ1O7HA==": { "id": "6ysC6D7BSkYQ7y8vZ1O7HA==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "7+mdkcJcBwtv88RB9AcmHQ==": { "id": "7+mdkcJcBwtv88RB9AcmHQ==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70+Z8jFk8NJbHxPCoxDRng==": { "id": "70+Z8jFk8NJbHxPCoxDRng==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "70Ajh2QFCXmrQTWVljWbIg==": { "id": "70Ajh2QFCXmrQTWVljWbIg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "70HU3efHkL/3G4Y44qZmGA==": { "id": "70HU3efHkL/3G4Y44qZmGA==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "70rtBro0k4gOrF1v9b0LPQ==": { "id": "70rtBro0k4gOrF1v9b0LPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "71rWwrWl22424P8D9sWBZg==": { "id": "71rWwrWl22424P8D9sWBZg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "72/cPQH5mNLd1/e3j2Vn+Q==": { "id": "72/cPQH5mNLd1/e3j2Vn+Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "748UmdVwB73z0xvCImrQmA==": { "id": "748UmdVwB73z0xvCImrQmA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "74B4VkBJHkNvj2AsRU4uTw==": { "id": "74B4VkBJHkNvj2AsRU4uTw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "75kzXqx/LGJU9hkFlgdGGA==": { "id": "75kzXqx/LGJU9hkFlgdGGA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "76ytKtBeQe8L2T7nxeVp/g==": { "id": "76ytKtBeQe8L2T7nxeVp/g==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "78Ya60ppwS4OL6ZK9P90Qw==": { "id": "78Ya60ppwS4OL6ZK9P90Qw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7B4LUCjMkCM+NcHtyQXyFA==": { "id": "7B4LUCjMkCM+NcHtyQXyFA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "7BER6omsA92tkjpEqGZJLA==": { "id": "7BER6omsA92tkjpEqGZJLA==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "7CqLd0zk1hiFU3yrvTTdyg==": { "id": "7CqLd0zk1hiFU3yrvTTdyg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "7FDf95fwOcyZ1YXNVDIx0A==": { "id": "7FDf95fwOcyZ1YXNVDIx0A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "7HuMMq7XSYKaQG/oWdxnyg==": { "id": "7HuMMq7XSYKaQG/oWdxnyg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "7MUqmqmB2hEWys43ktPpcQ==": { "id": "7MUqmqmB2hEWys43ktPpcQ==", "updater": "rhel-vex", "name": "CVE-2022-28131", "description": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://www.cve.org/CVERecord?id=CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28131.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7NIMWPjl58dCiuwwIe4bGg==": { "id": "7NIMWPjl58dCiuwwIe4bGg==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "7Q0Bus9RTfFy/UrxkfH2sQ==": { "id": "7Q0Bus9RTfFy/UrxkfH2sQ==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "7Q4dYBj4wFa2768mWculSQ==": { "id": "7Q4dYBj4wFa2768mWculSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "7QBYsSaCu8T87GZR3WHxyw==": { "id": "7QBYsSaCu8T87GZR3WHxyw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "7S6xxC9g1Ybp0dqQ63V8tg==": { "id": "7S6xxC9g1Ybp0dqQ63V8tg==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7SutUCP3yRd4o5ryN/dDZA==": { "id": "7SutUCP3yRd4o5ryN/dDZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7SyD51cUTMP7ddBSGNw3Iw==": { "id": "7SyD51cUTMP7ddBSGNw3Iw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "7T9qiwKBE1swIXuW9Zvewg==": { "id": "7T9qiwKBE1swIXuW9Zvewg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7TWJhc3cfFgph89dsQ0nBA==": { "id": "7TWJhc3cfFgph89dsQ0nBA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "7U+8ffRP7ahu1ot4Zj5Zlw==": { "id": "7U+8ffRP7ahu1ot4Zj5Zlw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "7XM4eB5q+q78IrA8abl57g==": { "id": "7XM4eB5q+q78IrA8abl57g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "7ZyXE8z7uZKjHitrjhSWQQ==": { "id": "7ZyXE8z7uZKjHitrjhSWQQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "7aOJwf1br9gIaC1RH6UwDQ==": { "id": "7aOJwf1br9gIaC1RH6UwDQ==", "updater": "osv/go", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "issued": "2022-08-01T22:21:06Z", "links": "https://go.dev/cl/417774 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://go.dev/issue/53871 https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.5" }, "7bYXVEfvDWEIL53s8ARxGg==": { "id": "7bYXVEfvDWEIL53s8ARxGg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "7cHovEEcBoQ92zXTfFigow==": { "id": "7cHovEEcBoQ92zXTfFigow==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7cqLG7sQEqqh9WoHfpekpw==": { "id": "7cqLG7sQEqqh9WoHfpekpw==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7czTMSwqOjLz2LigIYHAeg==": { "id": "7czTMSwqOjLz2LigIYHAeg==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "7df4FOgRU0BSF6P5QJkjaQ==": { "id": "7df4FOgRU0BSF6P5QJkjaQ==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7oEe6HdmVrscCmplGQsEeQ==": { "id": "7oEe6HdmVrscCmplGQsEeQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "7tWeNpgpS6TZ4aQUo8g9NQ==": { "id": "7tWeNpgpS6TZ4aQUo8g9NQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "7uj4PEKyThSRh2msjDtceg==": { "id": "7uj4PEKyThSRh2msjDtceg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7v+kCrIi/mMmyn+o9Uh+oA==": { "id": "7v+kCrIi/mMmyn+o9Uh+oA==", "updater": "rhel-vex", "name": "CVE-2022-48337", "description": "A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzilla.redhat.com/show_bug.cgi?id=2171987 https://www.cve.org/CVERecord?id=CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48337.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "7y5jXLyua18Srex9lNrfkQ==": { "id": "7y5jXLyua18Srex9lNrfkQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "8/mZoUg5ZlBapu2isiHzqg==": { "id": "8/mZoUg5ZlBapu2isiHzqg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "81Pd3WxGavo8vEw0GcfWBQ==": { "id": "81Pd3WxGavo8vEw0GcfWBQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "82S4cf8ecOlHYb8LNQQn+w==": { "id": "82S4cf8ecOlHYb8LNQQn+w==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "830L36AKCoBHnXPHE6R6uQ==": { "id": "830L36AKCoBHnXPHE6R6uQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "842T09LMtibo6aQ7X6A47A==": { "id": "842T09LMtibo6aQ7X6A47A==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.1.el9_6", "arch_op": "pattern match" }, "84g+WJ21VVZ5YgyE9krInA==": { "id": "84g+WJ21VVZ5YgyE9krInA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "87p97+dH2sU2JVQ8vQ+Xuw==": { "id": "87p97+dH2sU2JVQ8vQ+Xuw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BMA6LbX8vjrr4aUcmHB5w==": { "id": "8BMA6LbX8vjrr4aUcmHB5w==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8Efa1m3XsyOFY5vSd2fHNQ==": { "id": "8Efa1m3XsyOFY5vSd2fHNQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "8ImlkqI0B9hvKdKXJLla/w==": { "id": "8ImlkqI0B9hvKdKXJLla/w==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "8Ldq46rf2Z9JTBjkrtfV0g==": { "id": "8Ldq46rf2Z9JTBjkrtfV0g==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8ML0IVFlCjXlypnsSOqB1Q==": { "id": "8ML0IVFlCjXlypnsSOqB1Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8OhIIjb+vwm01NjtGgcnDw==": { "id": "8OhIIjb+vwm01NjtGgcnDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "8QRmG/+fMsQQzP2maaxOag==": { "id": "8QRmG/+fMsQQzP2maaxOag==", "updater": "rhel-vex", "name": "CVE-2025-48386", "description": "A credential handling flaw has been discovered in git. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), which can lead to buffer overflows.", "issued": "2025-07-08T18:23:41Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48386 https://bugzilla.redhat.com/show_bug.cgi?id=2378807 https://www.cve.org/CVERecord?id=CVE-2025-48386 https://nvd.nist.gov/vuln/detail/CVE-2025-48386 https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48386.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Ug8/LJbCT7/mzHPjLi21A==": { "id": "8Ug8/LJbCT7/mzHPjLi21A==", "updater": "osv/go", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "issued": "2023-08-02T17:25:58Z", "links": "https://go.dev/issue/61460 https://go.dev/cl/515257 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.12" }, "8ZrkaQ6B1f36PC2cIg9i6A==": { "id": "8ZrkaQ6B1f36PC2cIg9i6A==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "8Zz8gP9QPTYBttUQXDeNpg==": { "id": "8Zz8gP9QPTYBttUQXDeNpg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "8bMBj5vTG1tOpQ1wuVD1bQ==": { "id": "8bMBj5vTG1tOpQ1wuVD1bQ==", "updater": "osv/go", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "issued": "2022-07-26T21:41:20Z", "links": "https://go.dev/cl/403759 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://go.dev/issue/52574 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "8dqpgv7n5GVlIYVt/hP0Gg==": { "id": "8dqpgv7n5GVlIYVt/hP0Gg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "8eY8PV83CN3R/MV2hK7XHA==": { "id": "8eY8PV83CN3R/MV2hK7XHA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ez1JQpqUyVUQaplF/dpog==": { "id": "8ez1JQpqUyVUQaplF/dpog==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "8gQtKtb/Xr3aGfsLtKyetA==": { "id": "8gQtKtb/Xr3aGfsLtKyetA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8ge47rqVvHaefMV4OlZnlQ==": { "id": "8ge47rqVvHaefMV4OlZnlQ==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kPW6EH9br7BQBK1DHvQsA==": { "id": "8kPW6EH9br7BQBK1DHvQsA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8lLGaMUZk8kOHbicsIjPjw==": { "id": "8lLGaMUZk8kOHbicsIjPjw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "8m+MeF1Vk+YvSROjY2pN5Q==": { "id": "8m+MeF1Vk+YvSROjY2pN5Q==", "updater": "osv/go", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "issued": "2022-09-12T20:23:06Z", "links": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://go.dev/issue/54658 https://go.dev/cl/428735", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.6" }, "8oKavHMm8C7p1QC+rNA0zA==": { "id": "8oKavHMm8C7p1QC+rNA0zA==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "8qeM99NPNtS3R0CIVDnqTw==": { "id": "8qeM99NPNtS3R0CIVDnqTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "8utuZQ/Ix8fDNAmmSZivvQ==": { "id": "8utuZQ/Ix8fDNAmmSZivvQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "8vc1CEh/sS08VpWYipw3xA==": { "id": "8vc1CEh/sS08VpWYipw3xA==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "9/6RhDAFXPVo7L6QeEsy9w==": { "id": "9/6RhDAFXPVo7L6QeEsy9w==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "92O2+eS3W5hGvsWPMPwTRQ==": { "id": "92O2+eS3W5hGvsWPMPwTRQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "936XDvlfcwVB/34fQscf7w==": { "id": "936XDvlfcwVB/34fQscf7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "95p6rGNUFNsCWfXMBirOLg==": { "id": "95p6rGNUFNsCWfXMBirOLg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "96QbNqFHhG4RmHyIqvnk+w==": { "id": "96QbNqFHhG4RmHyIqvnk+w==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "98vR1ByhE/Y9cvB+lRN3LA==": { "id": "98vR1ByhE/Y9cvB+lRN3LA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "99Q540ZW70Bq59gE8MRNHA==": { "id": "99Q540ZW70Bq59gE8MRNHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9Ad5Q6DJD1JusuIjCNfUvQ==": { "id": "9Ad5Q6DJD1JusuIjCNfUvQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9Bnr48B1Gkm5b1u7nixqng==": { "id": "9Bnr48B1Gkm5b1u7nixqng==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "9C6WGntg4UmJkjiylWVxnw==": { "id": "9C6WGntg4UmJkjiylWVxnw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9Ck8qx7KCeVOhknvjhQwsA==": { "id": "9Ck8qx7KCeVOhknvjhQwsA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "9CmH5Y/MDHXGbta8UBA5HQ==": { "id": "9CmH5Y/MDHXGbta8UBA5HQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "9HkrQyk+mvh4YcyBYw6eQg==": { "id": "9HkrQyk+mvh4YcyBYw6eQg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "9M1meEoYiMYlmYR7kKfweg==": { "id": "9M1meEoYiMYlmYR7kKfweg==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "9NxQaPp619Bd0qky1dvzZg==": { "id": "9NxQaPp619Bd0qky1dvzZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9PE6ZiUdIaAWtCsUgesEZA==": { "id": "9PE6ZiUdIaAWtCsUgesEZA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "9QNdmlIziBB9zOcB4elT6A==": { "id": "9QNdmlIziBB9zOcB4elT6A==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9RLVzTylr5Ocdbql97n+1Q==": { "id": "9RLVzTylr5Ocdbql97n+1Q==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "9SrODyBGF+py5BfKYxVllg==": { "id": "9SrODyBGF+py5BfKYxVllg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "9U8BTRqVPM+WCls5RolwuQ==": { "id": "9U8BTRqVPM+WCls5RolwuQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "9UTiJlsfYxfa60iynbYgLg==": { "id": "9UTiJlsfYxfa60iynbYgLg==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "9XbremjCd0rS6zu/GB+mjA==": { "id": "9XbremjCd0rS6zu/GB+mjA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "9Yjf3Ev3R8wbqlhNdfwPQQ==": { "id": "9Yjf3Ev3R8wbqlhNdfwPQQ==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:9448", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-14.el9_6.2", "arch_op": "pattern match" }, "9avTgsTrB6zaN8UjZ37Wow==": { "id": "9avTgsTrB6zaN8UjZ37Wow==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9b3CWaJsQwdqnuBJDBMt8g==": { "id": "9b3CWaJsQwdqnuBJDBMt8g==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9ca/WR2Db6VUKD0h31yyGw==": { "id": "9ca/WR2Db6VUKD0h31yyGw==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9feM+1JJIYgC5OZCglyV3w==": { "id": "9feM+1JJIYgC5OZCglyV3w==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9fvqDo3ARbJLIgwR1oX6QQ==": { "id": "9fvqDo3ARbJLIgwR1oX6QQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "9gB7mQN0y1Zy9EiaXIHFew==": { "id": "9gB7mQN0y1Zy9EiaXIHFew==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "9ia70lNV6NYvmzB7WlbYQw==": { "id": "9ia70lNV6NYvmzB7WlbYQw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "9kpPzhUEkQr6h/4fDNnSuA==": { "id": "9kpPzhUEkQr6h/4fDNnSuA==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "9lAt/24IrVKtsskC+grSQQ==": { "id": "9lAt/24IrVKtsskC+grSQQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "9lOT/bRPy9mu1knhwrLw8Q==": { "id": "9lOT/bRPy9mu1knhwrLw8Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9lOiMN/e99o1oI1dhS9S2Q==": { "id": "9lOiMN/e99o1oI1dhS9S2Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9lqG2xu+85HJHcn8UQyZ2A==": { "id": "9lqG2xu+85HJHcn8UQyZ2A==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "9lxLFgIezXSh1WnSsRhwNQ==": { "id": "9lxLFgIezXSh1WnSsRhwNQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9oQBIjmHHZP7ZEjuqVHO7Q==": { "id": "9oQBIjmHHZP7ZEjuqVHO7Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "9rfGlkZ9WMAUo942FMnq5A==": { "id": "9rfGlkZ9WMAUo942FMnq5A==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "9uaveyIiSEcdU4MrDHbJ2Q==": { "id": "9uaveyIiSEcdU4MrDHbJ2Q==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "9uo4qIbgVv97/yzslhE6/g==": { "id": "9uo4qIbgVv97/yzslhE6/g==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "9vaAmbFDwko+7w/wBDHWvg==": { "id": "9vaAmbFDwko+7w/wBDHWvg==", "updater": "rhel-vex", "name": "CVE-2023-28617", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.", "issued": "2023-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28617 https://bugzilla.redhat.com/show_bug.cgi?id=2180544 https://www.cve.org/CVERecord?id=CVE-2023-28617 https://nvd.nist.gov/vuln/detail/CVE-2023-28617 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28617.json https://access.redhat.com/errata/RHSA-2023:2074", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-6.el9_1.1", "arch_op": "pattern match" }, "9z2MVdoreqGVJcUFUz72OA==": { "id": "9z2MVdoreqGVJcUFUz72OA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "A/za5QfQmT4HYcIQ4RyCzA==": { "id": "A/za5QfQmT4HYcIQ4RyCzA==", "updater": "osv/go", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "A2YTvJXiGwe7aOSqWlEZhQ==": { "id": "A2YTvJXiGwe7aOSqWlEZhQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "A3ZYVQ8Z63tDAx8FSltQHw==": { "id": "A3ZYVQ8Z63tDAx8FSltQHw==", "updater": "rhel-vex", "name": "CVE-2025-7458", "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "issued": "2025-07-29T12:43:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7458 https://bugzilla.redhat.com/show_bug.cgi?id=2384237 https://www.cve.org/CVERecord?id=CVE-2025-7458 https://nvd.nist.gov/vuln/detail/CVE-2025-7458 https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A98JJ8FAQWnMhx8Nb3TYXA==": { "id": "A98JJ8FAQWnMhx8Nb3TYXA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "ABh4yTmrbQSCnnP4F8iX5A==": { "id": "ABh4yTmrbQSCnnP4F8iX5A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AEXyQvL2wFfW+v4I9XmTaQ==": { "id": "AEXyQvL2wFfW+v4I9XmTaQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "AI5OCFigX+y57buhAMK1UA==": { "id": "AI5OCFigX+y57buhAMK1UA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJcMDco3zISLrE/7+42hGA==": { "id": "AJcMDco3zISLrE/7+42hGA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "AJgpOdbNJblqS+xC52p8RA==": { "id": "AJgpOdbNJblqS+xC52p8RA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ANawluW+m7SrGs8Q9Odgow==": { "id": "ANawluW+m7SrGs8Q9Odgow==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "ANxFBq/yNQoElX4dsXb0wA==": { "id": "ANxFBq/yNQoElX4dsXb0wA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "AOVkipVLZLxGjwVCB/7mwg==": { "id": "AOVkipVLZLxGjwVCB/7mwg==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "AQa/gDZ0IemFxWbJIsU4yQ==": { "id": "AQa/gDZ0IemFxWbJIsU4yQ==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "AR31u5jCzWyawCxRWBepmw==": { "id": "AR31u5jCzWyawCxRWBepmw==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "AYXw2VaylssI+NkH09HL4Q==": { "id": "AYXw2VaylssI+NkH09HL4Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "AcbVYbhZ/tTIOm89OCy5kQ==": { "id": "AcbVYbhZ/tTIOm89OCy5kQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AfEBBMV7R48kk4frVmVcAg==": { "id": "AfEBBMV7R48kk4frVmVcAg==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ApGWymi9r75ZlVZNkjnd4w==": { "id": "ApGWymi9r75ZlVZNkjnd4w==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "Ar1hBHxUcHiCnqL+avGJRg==": { "id": "Ar1hBHxUcHiCnqL+avGJRg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AsiuN/8gu7sZ0PJCLihjmw==": { "id": "AsiuN/8gu7sZ0PJCLihjmw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Aspz79uO5bKpApwSqMsL8A==": { "id": "Aspz79uO5bKpApwSqMsL8A==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "AuT5DLBrUT23i8Fkzi5nrA==": { "id": "AuT5DLBrUT23i8Fkzi5nrA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Av6IvPz8z+8JAyypXmkbTA==": { "id": "Av6IvPz8z+8JAyypXmkbTA==", "updater": "rhel-vex", "name": "CVE-2025-23050", "description": "QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.", "issued": "2025-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23050 https://bugzilla.redhat.com/show_bug.cgi?id=2408769 https://www.cve.org/CVERecord?id=CVE-2025-23050 https://nvd.nist.gov/vuln/detail/CVE-2025-23050 https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 https://codereview.qt-project.org/q/QLowEnergyController https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23050.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AyHFH4N7lNUZlwVfgigcMA==": { "id": "AyHFH4N7lNUZlwVfgigcMA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ayn8XyGcXwYPR+J1PSWdHQ==": { "id": "Ayn8XyGcXwYPR+J1PSWdHQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "B+xaJOiguNTw6xGmTB+mZw==": { "id": "B+xaJOiguNTw6xGmTB+mZw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B0ZJnlI3io/AXTPjqyoADA==": { "id": "B0ZJnlI3io/AXTPjqyoADA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "B1FsL93s2G1YxIvrdDvTfg==": { "id": "B1FsL93s2G1YxIvrdDvTfg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "B1THb18jP+rSUaY77CvPng==": { "id": "B1THb18jP+rSUaY77CvPng==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "B1gQIzGtgKR02WiRgVPUgQ==": { "id": "B1gQIzGtgKR02WiRgVPUgQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "B3tKTgCVG9JSLHIgfbUFmw==": { "id": "B3tKTgCVG9JSLHIgfbUFmw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "B6kRennXxnam4nW6s2O9mQ==": { "id": "B6kRennXxnam4nW6s2O9mQ==", "updater": "rhel-vex", "name": "CVE-2022-30633", "description": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://www.cve.org/CVERecord?id=CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30633.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B7rM39vvdeIIjmDnRAuTIQ==": { "id": "B7rM39vvdeIIjmDnRAuTIQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "BBNgt41sCJ+dkDLhh8RM2Q==": { "id": "BBNgt41sCJ+dkDLhh8RM2Q==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "BCUOacmvjky6+oK/3U158Q==": { "id": "BCUOacmvjky6+oK/3U158Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "BCe3MuKRzryFB5SraMhsPw==": { "id": "BCe3MuKRzryFB5SraMhsPw==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "BEXy4ijrTQIkl+xEVZQ61w==": { "id": "BEXy4ijrTQIkl+xEVZQ61w==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BLPjiJKh0zrGI5mH+bPIGw==": { "id": "BLPjiJKh0zrGI5mH+bPIGw==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BXlYoXrAW947O+Adruh7Zw==": { "id": "BXlYoXrAW947O+Adruh7Zw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BceQQXlChHEbiy2YYN7FvA==": { "id": "BceQQXlChHEbiy2YYN7FvA==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "Bd+yU6xHUdyyaw65uiacIw==": { "id": "Bd+yU6xHUdyyaw65uiacIw==", "updater": "osv/go", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "issued": "2023-05-05T21:10:22Z", "links": "https://go.dev/issue/59721 https://go.dev/cl/491616 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BfJzk+M/zKnbrBHcCrvIlA==": { "id": "BfJzk+M/zKnbrBHcCrvIlA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "BgLn2RypgHsjIVj0SLunZg==": { "id": "BgLn2RypgHsjIVj0SLunZg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "BofAiVtqC38hX5ZAkBLTpA==": { "id": "BofAiVtqC38hX5ZAkBLTpA==", "updater": "osv/go", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "issued": "2024-03-05T22:15:00Z", "links": "https://go.dev/issue/65383 https://go.dev/cl/569341 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "Bp0jmZLVDqekxjq/Mq7PPA==": { "id": "Bp0jmZLVDqekxjq/Mq7PPA==", "updater": "rhel-vex", "name": "CVE-2022-1962", "description": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1962 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://www.cve.org/CVERecord?id=CVE-2022-1962 https://nvd.nist.gov/vuln/detail/CVE-2022-1962 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1962.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bp4O+K+hM5aEmCc59xUWdA==": { "id": "Bp4O+K+hM5aEmCc59xUWdA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "BsGuSaqfP6qrCK8KTTY4qw==": { "id": "BsGuSaqfP6qrCK8KTTY4qw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Bu9dxnhmsLXDd3x0oRPHfA==": { "id": "Bu9dxnhmsLXDd3x0oRPHfA==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bua36N02B8W4H7+P8yixkw==": { "id": "Bua36N02B8W4H7+P8yixkw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "BwQexIGmUvV9ONa+9gpe2w==": { "id": "BwQexIGmUvV9ONa+9gpe2w==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ByykkIf8cqMarBUwgOjK0g==": { "id": "ByykkIf8cqMarBUwgOjK0g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BzOgc4nzX2HHoodQY6X6vQ==": { "id": "BzOgc4nzX2HHoodQY6X6vQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Bzc4r1UXMoCf7blNLHkQGw==": { "id": "Bzc4r1UXMoCf7blNLHkQGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "C+2GxqMTQEZYKlJYDQE1Pg==": { "id": "C+2GxqMTQEZYKlJYDQE1Pg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C2ejCCBwa9n29Fq9gpW/sw==": { "id": "C2ejCCBwa9n29Fq9gpW/sw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "C7v5oMuGS9CuS5bfckNF/w==": { "id": "C7v5oMuGS9CuS5bfckNF/w==", "updater": "osv/go", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "issued": "2022-06-09T01:43:37Z", "links": "https://go.dev/cl/402257 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://go.dev/issue/52561 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "C9NKmmH/EbcYxVOEg1uY9g==": { "id": "C9NKmmH/EbcYxVOEg1uY9g==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "CAcAzU3FmPfcBEK+BF1wiQ==": { "id": "CAcAzU3FmPfcBEK+BF1wiQ==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "CBxUpiwpFiagAj3ihqf+vQ==": { "id": "CBxUpiwpFiagAj3ihqf+vQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CCQ15lzJdM5OqfQf0dLnJQ==": { "id": "CCQ15lzJdM5OqfQf0dLnJQ==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "CD0KTiCn+kQ9+lGQdzy4Lw==": { "id": "CD0KTiCn+kQ9+lGQdzy4Lw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "CFRtSPlXDJlgi28bdADXZg==": { "id": "CFRtSPlXDJlgi28bdADXZg==", "updater": "osv/go", "name": "GO-2024-3105", "description": "Stack exhaustion in all Parse functions in go/parser", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "CH/8kg0DShdiNjzv6+DZnA==": { "id": "CH/8kg0DShdiNjzv6+DZnA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CMGu0bZesU9cyPAc2vK34g==": { "id": "CMGu0bZesU9cyPAc2vK34g==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQXGvG5qF0LSGK3lgLUXJg==": { "id": "CQXGvG5qF0LSGK3lgLUXJg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CQY3y5mGXL6FhNg/bhr8Rw==": { "id": "CQY3y5mGXL6FhNg/bhr8Rw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "CSv4lPWUxMcEgRRI/WkPaA==": { "id": "CSv4lPWUxMcEgRRI/WkPaA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CVNFdSU8eHIr3mZk7+SX/Q==": { "id": "CVNFdSU8eHIr3mZk7+SX/Q==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "CW81Lp11K0nBc+3dYegY/g==": { "id": "CW81Lp11K0nBc+3dYegY/g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "CXlZx/1BY/yqrUCuQlON2w==": { "id": "CXlZx/1BY/yqrUCuQlON2w==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "CYbzKTdqzfhVDluEF23Dxg==": { "id": "CYbzKTdqzfhVDluEF23Dxg==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "CYkHBvLQQf6RYY/2Qkr5gw==": { "id": "CYkHBvLQQf6RYY/2Qkr5gw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CaVsGPkqzxcrIauiEFdPpw==": { "id": "CaVsGPkqzxcrIauiEFdPpw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CacO7saUr+KLTbynVQRYzg==": { "id": "CacO7saUr+KLTbynVQRYzg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Cbqd4MLPHY6FcToWh7U3IA==": { "id": "Cbqd4MLPHY6FcToWh7U3IA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "CebQRpRZjOcKyG6X/Hyb9g==": { "id": "CebQRpRZjOcKyG6X/Hyb9g==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cr4I2Hcgcf8xO3Bc2/KIfA==": { "id": "Cr4I2Hcgcf8xO3Bc2/KIfA==", "updater": "osv/go", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "issued": "2023-06-08T20:16:06Z", "links": "https://go.dev/issue/60272 https://go.dev/cl/501223 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.10" }, "CrxvMdhOPgYpnOjfUKfH3Q==": { "id": "CrxvMdhOPgYpnOjfUKfH3Q==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "CuWE9qOLaSI+JhOsCiY03Q==": { "id": "CuWE9qOLaSI+JhOsCiY03Q==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Cxqp3OmZ1TuIow2bpolrUA==": { "id": "Cxqp3OmZ1TuIow2bpolrUA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "D0qSEDt7Rns05A3ywUZLtw==": { "id": "D0qSEDt7Rns05A3ywUZLtw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "D1jz5P28B8rwvnVaChXHiw==": { "id": "D1jz5P28B8rwvnVaChXHiw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "D2PoAhXlfTjf0jSkt9i3qA==": { "id": "D2PoAhXlfTjf0jSkt9i3qA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "D4iEHIlb8qk7qBBIBLV2WA==": { "id": "D4iEHIlb8qk7qBBIBLV2WA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "D5TjVz7ghGYgdoVa5+N8bw==": { "id": "D5TjVz7ghGYgdoVa5+N8bw==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "DAwq8wwWp0GN/p0AvtHE9Q==": { "id": "DAwq8wwWp0GN/p0AvtHE9Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "DCflC/lDsmgt9IFXJM3PyA==": { "id": "DCflC/lDsmgt9IFXJM3PyA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "DDPdyyhkyoDS2Vq0O3We0w==": { "id": "DDPdyyhkyoDS2Vq0O3We0w==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DE3GDsNl2faTwlhxzYBbYw==": { "id": "DE3GDsNl2faTwlhxzYBbYw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DFOoWHynQeFD6fZDvPyKMg==": { "id": "DFOoWHynQeFD6fZDvPyKMg==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "DG5z7r6LqnKlVNwHAxeXgA==": { "id": "DG5z7r6LqnKlVNwHAxeXgA==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "DGtUYJS9TDm0sI7Gw7jCuA==": { "id": "DGtUYJS9TDm0sI7Gw7jCuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "DI5ofU0JT+/wsYx2AeXNiA==": { "id": "DI5ofU0JT+/wsYx2AeXNiA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "DI7HeHo8A/itZHGTOHOQIg==": { "id": "DI7HeHo8A/itZHGTOHOQIg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "DIXgPb+QqAbL75dH7f2Zww==": { "id": "DIXgPb+QqAbL75dH7f2Zww==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DJqdVbXk9Oqvq0nS8VYv5Q==": { "id": "DJqdVbXk9Oqvq0nS8VYv5Q==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DK1x7B/vzgaKlXynN3g1KA==": { "id": "DK1x7B/vzgaKlXynN3g1KA==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "DKQ/Jfye0O77T1m4bCFM9A==": { "id": "DKQ/Jfye0O77T1m4bCFM9A==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DPcSz1MBKzyaMMMhJWVyEA==": { "id": "DPcSz1MBKzyaMMMhJWVyEA==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "DQIgoLb/8+6+HRbr8B6wHw==": { "id": "DQIgoLb/8+6+HRbr8B6wHw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DZWopkvTJiWmVsAADTNOUw==": { "id": "DZWopkvTJiWmVsAADTNOUw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "Daj39cn0p5rpBblQYRpPNw==": { "id": "Daj39cn0p5rpBblQYRpPNw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "DhiTSAV5nEGdAk1xkbjRsw==": { "id": "DhiTSAV5nEGdAk1xkbjRsw==", "updater": "osv/go", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "issued": "2023-02-21T20:44:30Z", "links": "https://go.dev/issue/58006 https://go.dev/cl/468124 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "DjTY6HUnX+COP0+KJxD8lg==": { "id": "DjTY6HUnX+COP0+KJxD8lg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "DjpSix06K6wkPOmaLpbGWg==": { "id": "DjpSix06K6wkPOmaLpbGWg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DlS6uDYchj9S2LQucQuZxw==": { "id": "DlS6uDYchj9S2LQucQuZxw==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Dlv776lHnCBm01HWpf1zZQ==": { "id": "Dlv776lHnCBm01HWpf1zZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "DlzGGXSItv6fZobEGaNWCA==": { "id": "DlzGGXSItv6fZobEGaNWCA==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "Dp0x43cNy9IQTCa5Vb7Uyw==": { "id": "Dp0x43cNy9IQTCa5Vb7Uyw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "DqGYMV65C5QRFD63WuUcpg==": { "id": "DqGYMV65C5QRFD63WuUcpg==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DrIpfcclD2b0iXSNtu+I6Q==": { "id": "DrIpfcclD2b0iXSNtu+I6Q==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "DrL6S4TbqHyLJh/Go9vALA==": { "id": "DrL6S4TbqHyLJh/Go9vALA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "DtCtyEFA0WRhx44S/aRChA==": { "id": "DtCtyEFA0WRhx44S/aRChA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DtWvIa+898xLj3Yf8kKjtA==": { "id": "DtWvIa+898xLj3Yf8kKjtA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DtYmtBkxVMK6KVHn4U+2Yw==": { "id": "DtYmtBkxVMK6KVHn4U+2Yw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "DtkRUkQTzcJrj8ZsC36kqQ==": { "id": "DtkRUkQTzcJrj8ZsC36kqQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DyteGYzEcNMaIwU0U8gq/w==": { "id": "DyteGYzEcNMaIwU0U8gq/w==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "DzB2GvXN7uyOKTXPPshLvg==": { "id": "DzB2GvXN7uyOKTXPPshLvg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E7v1LWpr+8KCE/5szHqf2Q==": { "id": "E7v1LWpr+8KCE/5szHqf2Q==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "E90jB6HCh1KjzQXtmHMUUg==": { "id": "E90jB6HCh1KjzQXtmHMUUg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "EB6fg0YbdpF3FjycPEVN/Q==": { "id": "EB6fg0YbdpF3FjycPEVN/Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EBopL1hbi9GBQGXZUVNCAA==": { "id": "EBopL1hbi9GBQGXZUVNCAA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ECzeIHiPGDDmiEUQjBzFxg==": { "id": "ECzeIHiPGDDmiEUQjBzFxg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "EE23Ay78OLUGxmoM3vXPbA==": { "id": "EE23Ay78OLUGxmoM3vXPbA==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "EEMnwT7ARQJ+dbVETnKljw==": { "id": "EEMnwT7ARQJ+dbVETnKljw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.1.el9_6", "arch_op": "pattern match" }, "EEsEsfQRh24NPMdhg4HPHw==": { "id": "EEsEsfQRh24NPMdhg4HPHw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EFfUhTiwNATI8s7BT2T3xA==": { "id": "EFfUhTiwNATI8s7BT2T3xA==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EGDBCdh3xodxfhx6SFGa1w==": { "id": "EGDBCdh3xodxfhx6SFGa1w==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "EHdSTtZdfwUmOpf3vIeLWQ==": { "id": "EHdSTtZdfwUmOpf3vIeLWQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "ENoYJ+9TEzYG+jTQB5meaw==": { "id": "ENoYJ+9TEzYG+jTQB5meaw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ERpg5QsiyVdbxyySZngvaA==": { "id": "ERpg5QsiyVdbxyySZngvaA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "ETcQXJZrA6IUPRr4MXFUIw==": { "id": "ETcQXJZrA6IUPRr4MXFUIw==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "ETjF+btf4DIblmTTbHaZSA==": { "id": "ETjF+btf4DIblmTTbHaZSA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "EUzfiOQu+qZDEDuD1AbDtA==": { "id": "EUzfiOQu+qZDEDuD1AbDtA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EVXEAewBnzdtEIOYHBpZfA==": { "id": "EVXEAewBnzdtEIOYHBpZfA==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "EX/jsJKUxl+Y92LbkHwIVg==": { "id": "EX/jsJKUxl+Y92LbkHwIVg==", "updater": "osv/go", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "issued": "2023-11-08T22:42:19Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "EXWaDNivW550gBh9Dm6gCQ==": { "id": "EXWaDNivW550gBh9Dm6gCQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EXi8j2JWeu5xYuWml6Ellg==": { "id": "EXi8j2JWeu5xYuWml6Ellg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "EYkM0DDu8tbFKzGysEiO0Q==": { "id": "EYkM0DDu8tbFKzGysEiO0Q==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EZo12eG9Obl1kmhRKBmcvA==": { "id": "EZo12eG9Obl1kmhRKBmcvA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Ec/FYvTTz4riEqnQe1G+Fw==": { "id": "Ec/FYvTTz4riEqnQe1G+Fw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "EcsVvJ09ys7NpdNzv0A9zA==": { "id": "EcsVvJ09ys7NpdNzv0A9zA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "Ee2apAGC0PFcPNtPjyeqbg==": { "id": "Ee2apAGC0PFcPNtPjyeqbg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "EfJCfNem+1eUwnsxx2dNOg==": { "id": "EfJCfNem+1eUwnsxx2dNOg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "EhVqWSecC9djAkoW+k/+hQ==": { "id": "EhVqWSecC9djAkoW+k/+hQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EhcxS6FJz0RDq0+uuwuiEA==": { "id": "EhcxS6FJz0RDq0+uuwuiEA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "EhgsZTFIUAr2YMmtGzoFMQ==": { "id": "EhgsZTFIUAr2YMmtGzoFMQ==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "EjPl60c/5Xt+2Awh7Lu5jw==": { "id": "EjPl60c/5Xt+2Awh7Lu5jw==", "updater": "rhel-vex", "name": "CVE-2025-7546", "description": "A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.", "issued": "2025-07-13T22:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7546 https://bugzilla.redhat.com/show_bug.cgi?id=2379793 https://www.cve.org/CVERecord?id=CVE-2025-7546 https://nvd.nist.gov/vuln/detail/CVE-2025-7546 https://sourceware.org/bugzilla/attachment.cgi?id=16118 https://sourceware.org/bugzilla/show_bug.cgi?id=33050 https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b https://vuldb.com/?ctiid.316244 https://vuldb.com/?id.316244 https://vuldb.com/?submit.614375 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7546.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EpmDyksRTsldGi5rxDcMlA==": { "id": "EpmDyksRTsldGi5rxDcMlA==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Eptc9iAtWcHP72eK8tBCkA==": { "id": "Eptc9iAtWcHP72eK8tBCkA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Ewdn+P1XzA/h+WRvejvm/Q==": { "id": "Ewdn+P1XzA/h+WRvejvm/Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EzveB8rJWscHHRZtJKOdRA==": { "id": "EzveB8rJWscHHRZtJKOdRA==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "F/boCR7kXAGa4+GAELD7Tg==": { "id": "F/boCR7kXAGa4+GAELD7Tg==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F0PQEZy2PTlCGjp9J75Btw==": { "id": "F0PQEZy2PTlCGjp9J75Btw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "F1KNP85q9V8sONVWKuOzrw==": { "id": "F1KNP85q9V8sONVWKuOzrw==", "updater": "osv/go", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "issued": "2023-09-07T16:11:17Z", "links": "https://go.dev/issue/62196 https://go.dev/cl/526156 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "F2QVfam7Idr3v4Y7g3wf/Q==": { "id": "F2QVfam7Idr3v4Y7g3wf/Q==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "F4g8Bboy9/sMyy+EusFlpA==": { "id": "F4g8Bboy9/sMyy+EusFlpA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "F54ap+bUe0qceQi67ZX30w==": { "id": "F54ap+bUe0qceQi67ZX30w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "F6i42vx+GvZ/9LpnToKHcw==": { "id": "F6i42vx+GvZ/9LpnToKHcw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FAgeMhGaGcH9QOhQHw5rhQ==": { "id": "FAgeMhGaGcH9QOhQHw5rhQ==", "updater": "rhel-vex", "name": "CVE-2024-13978", "description": "A flaw was found in libtiff. The `t2p_read_tiff_init` function in the fax2ps component incorrectly handles TIFF files, leading to a null pointer dereference. A local attacker can trigger this condition by providing a specially crafted TIFF file. This can result in an application level denial of service.", "issued": "2025-08-01T21:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13978 https://bugzilla.redhat.com/show_bug.cgi?id=2386059 https://www.cve.org/CVERecord?id=CVE-2024-13978 https://nvd.nist.gov/vuln/detail/CVE-2024-13978 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 https://gitlab.com/libtiff/libtiff/-/issues/649 https://gitlab.com/libtiff/libtiff/-/merge_requests/667 https://vuldb.com/?ctiid.318355 https://vuldb.com/?id.318355 https://vuldb.com/?submit.624562 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13978.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FAoi5hf12Vg9h7NFehHyBg==": { "id": "FAoi5hf12Vg9h7NFehHyBg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.1.el9_6", "arch_op": "pattern match" }, "FE/mnRiATGHgivPxG+13dw==": { "id": "FE/mnRiATGHgivPxG+13dw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FKu6EFoCfpksmq+M7pL02Q==": { "id": "FKu6EFoCfpksmq+M7pL02Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FKuvvzZuxFLoDaTeoDMGIQ==": { "id": "FKuvvzZuxFLoDaTeoDMGIQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FM2lHn17qlO5uIZtM+Ehmg==": { "id": "FM2lHn17qlO5uIZtM+Ehmg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "FMzc9QFitxthf16XR1P0QA==": { "id": "FMzc9QFitxthf16XR1P0QA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "FOhuL+ZLaAMigc1crKc/uA==": { "id": "FOhuL+ZLaAMigc1crKc/uA==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "FPJOQAbsBSaId8RmD/1j8g==": { "id": "FPJOQAbsBSaId8RmD/1j8g==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "FTUrLe1XMNYvUzaxMdsWeQ==": { "id": "FTUrLe1XMNYvUzaxMdsWeQ==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "FUR7T9AnekkZ5hPUz2WP6Q==": { "id": "FUR7T9AnekkZ5hPUz2WP6Q==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "FUeASYCa2REKwmC0CFlz2g==": { "id": "FUeASYCa2REKwmC0CFlz2g==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "FV18DPtJsW6qZZIHDbkGJA==": { "id": "FV18DPtJsW6qZZIHDbkGJA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "FcmkgsiNKCrDAJ6OFK/Y8g==": { "id": "FcmkgsiNKCrDAJ6OFK/Y8g==", "updater": "osv/go", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "issued": "2023-10-11T16:49:53Z", "links": "https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.10" }, "FdtzK6tyT53moDNlzBGPBQ==": { "id": "FdtzK6tyT53moDNlzBGPBQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "FecDYUjbiWlU3PuXl5vs5w==": { "id": "FecDYUjbiWlU3PuXl5vs5w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Fg8qijPO2mYzPczZJG7NiQ==": { "id": "Fg8qijPO2mYzPczZJG7NiQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "FgTFx5g45j7WzA+bfAHPzQ==": { "id": "FgTFx5g45j7WzA+bfAHPzQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "Fi7GXCkkqJvYQw6Co8Nk7A==": { "id": "Fi7GXCkkqJvYQw6Co8Nk7A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "FjB9AnugxBHu7Kwf86C67w==": { "id": "FjB9AnugxBHu7Kwf86C67w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.1.el9_6", "arch_op": "pattern match" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FkUafBj1ekysZyPIbZi5fg==": { "id": "FkUafBj1ekysZyPIbZi5fg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "FkxoK2aSVfPglVllnxzplw==": { "id": "FkxoK2aSVfPglVllnxzplw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "FlgtpglQEkjGT66EnFUHMg==": { "id": "FlgtpglQEkjGT66EnFUHMg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FnsKxnhjNS+E4Y6hrazjUQ==": { "id": "FnsKxnhjNS+E4Y6hrazjUQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FpA1FaTnKUwdPkl0KHAbaw==": { "id": "FpA1FaTnKUwdPkl0KHAbaw==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FrIXKuepXZdWVsQ8gu1YHA==": { "id": "FrIXKuepXZdWVsQ8gu1YHA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FsYbwBEvKH6FW81JU3KSvw==": { "id": "FsYbwBEvKH6FW81JU3KSvw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Ft+9wGiX7gFQHYNS5do1oA==": { "id": "Ft+9wGiX7gFQHYNS5do1oA==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "FtF7hWwlQYu4clVsrpBd0Q==": { "id": "FtF7hWwlQYu4clVsrpBd0Q==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "FwvyPIBVlE1fAIgwJ1H6Sw==": { "id": "FwvyPIBVlE1fAIgwJ1H6Sw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FyNQxVBbour86huhtgTOzA==": { "id": "FyNQxVBbour86huhtgTOzA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "Fys7cTDgnkqkKy/A1tAWPQ==": { "id": "Fys7cTDgnkqkKy/A1tAWPQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "G/EKAYKB/V29JLdsy1wFCA==": { "id": "G/EKAYKB/V29JLdsy1wFCA==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "G/dmoDOpwh0GrsMovfySVw==": { "id": "G/dmoDOpwh0GrsMovfySVw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "G1biuc7MPjr1XA/l1R5EPQ==": { "id": "G1biuc7MPjr1XA/l1R5EPQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G1ju8KSMzz6zOg31bF5lRw==": { "id": "G1ju8KSMzz6zOg31bF5lRw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "G33a+jVnMZNg6liymp9Lyg==": { "id": "G33a+jVnMZNg6liymp9Lyg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-1.el9_7", "arch_op": "pattern match" }, "G77a8vVkDX/8Yt/v29MOhA==": { "id": "G77a8vVkDX/8Yt/v29MOhA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GDAkupnsjiTl71rwzH5RJg==": { "id": "GDAkupnsjiTl71rwzH5RJg==", "updater": "rhel-vex", "name": "CVE-2024-21538", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", "issued": "2024-11-08T05:00:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2324550 https://www.cve.org/CVERecord?id=CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21538.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GEDO3j20WMwIj0JMNMq5Iw==": { "id": "GEDO3j20WMwIj0JMNMq5Iw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "GJ6//hGiIsio2zBFuudd/Q==": { "id": "GJ6//hGiIsio2zBFuudd/Q==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GJy8g/4zoy4CPDvWLZr9kQ==": { "id": "GJy8g/4zoy4CPDvWLZr9kQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "GKtgrnguQJIeMtP51nnNZQ==": { "id": "GKtgrnguQJIeMtP51nnNZQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GVOb0whjVXBMMGVZhZjH0g==": { "id": "GVOb0whjVXBMMGVZhZjH0g==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GVXQ1XPPQkuhZ4SIFGoF+w==": { "id": "GVXQ1XPPQkuhZ4SIFGoF+w==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GW37uYQxwwgJBIDtA/dT2g==": { "id": "GW37uYQxwwgJBIDtA/dT2g==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXObP88ZOLkWQuVeVgHh/g==": { "id": "GXObP88ZOLkWQuVeVgHh/g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "GXVxiDj3UnyxgXg2cz7u0Q==": { "id": "GXVxiDj3UnyxgXg2cz7u0Q==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Ga3lVfExNl500JGwW345sQ==": { "id": "Ga3lVfExNl500JGwW345sQ==", "updater": "osv/go", "name": "GO-2025-3956", "description": "Unexpected paths returned from LookPath in os/exec", "issued": "2025-09-18T18:21:44Z", "links": "https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "GaZVgTbcdJiJMvdUeofqTA==": { "id": "GaZVgTbcdJiJMvdUeofqTA==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "GbZa+XIQtfFHtHWs5gm0wg==": { "id": "GbZa+XIQtfFHtHWs5gm0wg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "GeI10LHPuNgyyt295MOmIQ==": { "id": "GeI10LHPuNgyyt295MOmIQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "Geg0mw2hzdsfDbJ9adcmWg==": { "id": "Geg0mw2hzdsfDbJ9adcmWg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Gn9qNy1ITVhOKz+nUviaSg==": { "id": "Gn9qNy1ITVhOKz+nUviaSg==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GoHez0BYftW2Wj3h0K6Zxw==": { "id": "GoHez0BYftW2Wj3h0K6Zxw==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "GoHsuuxRgbGb3lm852rQmg==": { "id": "GoHsuuxRgbGb3lm852rQmg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GolUr/klMsQNQ9QFMdcAmw==": { "id": "GolUr/klMsQNQ9QFMdcAmw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GpJjElMhBMa2ZIh0g/0hAQ==": { "id": "GpJjElMhBMa2ZIh0g/0hAQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GwJvkFMzYrKrZEvvNMbc6A==": { "id": "GwJvkFMzYrKrZEvvNMbc6A==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "GwdBWjTMLLj14UbkCrmh/A==": { "id": "GwdBWjTMLLj14UbkCrmh/A==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "Gzt3Aov08YmfW0b/CN7tHw==": { "id": "Gzt3Aov08YmfW0b/CN7tHw==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "H+x0VPepDcitQiESaSwIwQ==": { "id": "H+x0VPepDcitQiESaSwIwQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "H003kvHQyN0gsWRXOrXzxA==": { "id": "H003kvHQyN0gsWRXOrXzxA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "H04yzALMJAjmclexKFeS2w==": { "id": "H04yzALMJAjmclexKFeS2w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "H4boG/V+MB7stA7jG8O6Tw==": { "id": "H4boG/V+MB7stA7jG8O6Tw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "H4hIo8QsJ8tJeirBCqwHFQ==": { "id": "H4hIo8QsJ8tJeirBCqwHFQ==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "H5HU/YMXz+3wwSlUv2hOEg==": { "id": "H5HU/YMXz+3wwSlUv2hOEg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "H5vm/YCKZciOb4TXZmGZlg==": { "id": "H5vm/YCKZciOb4TXZmGZlg==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "H7H9wMobv6DOqzUUAdOqGA==": { "id": "H7H9wMobv6DOqzUUAdOqGA==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBDLPf0FBMppxrTwW+gqlA==": { "id": "HBDLPf0FBMppxrTwW+gqlA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "HFchxDnUHv0YgEfYisGA6A==": { "id": "HFchxDnUHv0YgEfYisGA6A==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HHpOVRDbzmY2UhydU+uwcg==": { "id": "HHpOVRDbzmY2UhydU+uwcg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "HMF5qYGPMt4Fb5i6RtdwRA==": { "id": "HMF5qYGPMt4Fb5i6RtdwRA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "HMytRAMTGJlQRfqVbIzzVg==": { "id": "HMytRAMTGJlQRfqVbIzzVg==", "updater": "osv/go", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "issued": "2022-07-25T17:34:18Z", "links": "https://go.dev/cl/409874 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://go.dev/issue/53188 https://go.dev/cl/410714 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "HNWibMRA8AF0jyyBYQthdA==": { "id": "HNWibMRA8AF0jyyBYQthdA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HS96brYtpBiaYpW7OxT5Wg==": { "id": "HS96brYtpBiaYpW7OxT5Wg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "HT2SNCYX7dkF36jwcJ6tBg==": { "id": "HT2SNCYX7dkF36jwcJ6tBg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "HW1HxtJFrKBktMKHARGGeQ==": { "id": "HW1HxtJFrKBktMKHARGGeQ==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "HeemEcWe2JVMYkjGWbuiFA==": { "id": "HeemEcWe2JVMYkjGWbuiFA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "HfjDJmml2JYJ9YjdaPe+zQ==": { "id": "HfjDJmml2JYJ9YjdaPe+zQ==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "HiF486OoQCfE4Hwc8DTxrQ==": { "id": "HiF486OoQCfE4Hwc8DTxrQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "HjJnWaqrr4SaFPjzu8hVkg==": { "id": "HjJnWaqrr4SaFPjzu8hVkg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlmfsCkhcIqBoptvS1F7pQ==": { "id": "HlmfsCkhcIqBoptvS1F7pQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HmZXdUV/ycFcRK+m71pC+w==": { "id": "HmZXdUV/ycFcRK+m71pC+w==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "HnNhAdInEg3yPEHYo7Hl+Q==": { "id": "HnNhAdInEg3yPEHYo7Hl+Q==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "HqbYURF/7TaXoQPMqtdsIA==": { "id": "HqbYURF/7TaXoQPMqtdsIA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "HrQTGWot7zXPyYbisnzShg==": { "id": "HrQTGWot7zXPyYbisnzShg==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "Ht/FCT7E55SLIJNr/AHy9A==": { "id": "Ht/FCT7E55SLIJNr/AHy9A==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "HuVZNoL6F1XG6bLXPdhmWQ==": { "id": "HuVZNoL6F1XG6bLXPdhmWQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxiMqPnG14UzA9oHqqI6Ng==": { "id": "HxiMqPnG14UzA9oHqqI6Ng==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "I1n6/nf1BmKoqYe/GXCV3A==": { "id": "I1n6/nf1BmKoqYe/GXCV3A==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "I2w7mAdeccRvDV/HeaBOoA==": { "id": "I2w7mAdeccRvDV/HeaBOoA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "I3+uP7bb+nPtzRYHH2UUgw==": { "id": "I3+uP7bb+nPtzRYHH2UUgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I362Vwh1x92yigOP2ZDpKA==": { "id": "I362Vwh1x92yigOP2ZDpKA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "I3Zso12Z+9mUcVEvUKWJ8w==": { "id": "I3Zso12Z+9mUcVEvUKWJ8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I44fXMfux3yPYaBHaNxgsg==": { "id": "I44fXMfux3yPYaBHaNxgsg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "I5CKvoKqBhFd1vY7fxFKtQ==": { "id": "I5CKvoKqBhFd1vY7fxFKtQ==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "I9Xc2JiRiPWfOFS5AHY1Ww==": { "id": "I9Xc2JiRiPWfOFS5AHY1Ww==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "IDAwc/hZzIcM4IBkaUT9YA==": { "id": "IDAwc/hZzIcM4IBkaUT9YA==", "updater": "osv/go", "name": "GO-2025-3563", "description": "Request smuggling due to acceptance of invalid chunked data in net/http", "issued": "2025-04-08T19:46:23Z", "links": "https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.8" }, "IDDFCE+x3YM7koS2SvW5fA==": { "id": "IDDFCE+x3YM7koS2SvW5fA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IENtFrOwfEqYX/lp+0u2Gw==": { "id": "IENtFrOwfEqYX/lp+0u2Gw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "IERk9xwccKWSGr20Hb5U6g==": { "id": "IERk9xwccKWSGr20Hb5U6g==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "IGsR1pj6qXRBH+0hYVXsew==": { "id": "IGsR1pj6qXRBH+0hYVXsew==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IH0yoiWyuDmG+HH8h9dKLw==": { "id": "IH0yoiWyuDmG+HH8h9dKLw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IIfJmT1yzMqBOVKMy3nlyQ==": { "id": "IIfJmT1yzMqBOVKMy3nlyQ==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "IL9yoqEJiA7P9oRxQrj7SQ==": { "id": "IL9yoqEJiA7P9oRxQrj7SQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "IRgMJoQA4x1xizY2hEw96w==": { "id": "IRgMJoQA4x1xizY2hEw96w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ISgjA2mi+Q9vbdNEhDKXOA==": { "id": "ISgjA2mi+Q9vbdNEhDKXOA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ITIiuf1dzb05+JHj8h65fg==": { "id": "ITIiuf1dzb05+JHj8h65fg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "IUI8ka2AYA1twZAQi4gL5Q==": { "id": "IUI8ka2AYA1twZAQi4gL5Q==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "IV554NtP1F9KO4IyBit26g==": { "id": "IV554NtP1F9KO4IyBit26g==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IWplUWF011EXddGnkU5Png==": { "id": "IWplUWF011EXddGnkU5Png==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.1.el9_6", "arch_op": "pattern match" }, "IaNq7BGSUI5KW7kcB5RXdQ==": { "id": "IaNq7BGSUI5KW7kcB5RXdQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "IbhdAqkTe4EMzAhoNvBoZw==": { "id": "IbhdAqkTe4EMzAhoNvBoZw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfZDrkeHpfXHfjHzETuKbw==": { "id": "IfZDrkeHpfXHfjHzETuKbw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ih4ScPgmvAttJN/czzciaQ==": { "id": "Ih4ScPgmvAttJN/czzciaQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IkLJJWoz7DjiEwkwHd9+Bw==": { "id": "IkLJJWoz7DjiEwkwHd9+Bw==", "updater": "osv/go", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "issued": "2024-03-05T22:15:40Z", "links": "https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "IoeuDKI/vu/XCDGoDKzX3g==": { "id": "IoeuDKI/vu/XCDGoDKzX3g==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "IqAfwTRGJO3I/HkfDNLMoQ==": { "id": "IqAfwTRGJO3I/HkfDNLMoQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "Ira5htRPGofy9veGMRD7Vg==": { "id": "Ira5htRPGofy9veGMRD7Vg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IsqBfnAxrh9UbW8oQaSR7w==": { "id": "IsqBfnAxrh9UbW8oQaSR7w==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "ItuvzyMGym4CNyVuxWwH3w==": { "id": "ItuvzyMGym4CNyVuxWwH3w==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IxsDQKwy6X02Ak7TSjZKpA==": { "id": "IxsDQKwy6X02Ak7TSjZKpA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "IzDqrZ8Ru35rI4iCSSk/pw==": { "id": "IzDqrZ8Ru35rI4iCSSk/pw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "J+a2wc6cR5fLyNj39ghgVg==": { "id": "J+a2wc6cR5fLyNj39ghgVg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "J/vqYu1qTz7dsS8oVaCTTw==": { "id": "J/vqYu1qTz7dsS8oVaCTTw==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "J1MkSCEBivWCQoYUEvHXOw==": { "id": "J1MkSCEBivWCQoYUEvHXOw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "J1SK5zSFZI94azX3jybBbw==": { "id": "J1SK5zSFZI94azX3jybBbw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J3RGaCFhZHnCvtta/VAJIw==": { "id": "J3RGaCFhZHnCvtta/VAJIw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "J4ecrOEw69avIhhOznG+2w==": { "id": "J4ecrOEw69avIhhOznG+2w==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "J5i8I5ZRQGDUXQI4WkC0FQ==": { "id": "J5i8I5ZRQGDUXQI4WkC0FQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "J6GavUf0zh8+C0zHHTDYfw==": { "id": "J6GavUf0zh8+C0zHHTDYfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "J9wD9ZF9kAJd1nu03TllBQ==": { "id": "J9wD9ZF9kAJd1nu03TllBQ==", "updater": "osv/go", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "issued": "2024-03-05T22:15:02Z", "links": "https://go.dev/issue/65065 https://go.dev/cl/569340 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "JBIWl7TA4AzjcNVfFPjHaw==": { "id": "JBIWl7TA4AzjcNVfFPjHaw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JLZyRakMGnyMKNtD6nnqpQ==": { "id": "JLZyRakMGnyMKNtD6nnqpQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "JLdsQ9mzV76+v5Ttq5j2hA==": { "id": "JLdsQ9mzV76+v5Ttq5j2hA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "JMtxzN1jgVs2Gwo2QsOKnQ==": { "id": "JMtxzN1jgVs2Gwo2QsOKnQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "JMuZ2WXBBx9rW6/jTPLu0A==": { "id": "JMuZ2WXBBx9rW6/jTPLu0A==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "JQe3P/odATa/OKbzn309dw==": { "id": "JQe3P/odATa/OKbzn309dw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "JS6LnmY1PZfE5YxJsCWPPQ==": { "id": "JS6LnmY1PZfE5YxJsCWPPQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "JS9NNql9cJTDkzzfXyJzDQ==": { "id": "JS9NNql9cJTDkzzfXyJzDQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVp8gcuEEeRLeKprUvrBUg==": { "id": "JVp8gcuEEeRLeKprUvrBUg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JWrwO52d5SNbcmJ2KpFaJQ==": { "id": "JWrwO52d5SNbcmJ2KpFaJQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JXQAkdur2asBQ4qeq789Ew==": { "id": "JXQAkdur2asBQ4qeq789Ew==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "JZIEpU7UdEXuAMj6emkt5A==": { "id": "JZIEpU7UdEXuAMj6emkt5A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "JZVeRC2oy93Tv6vLZpVqJQ==": { "id": "JZVeRC2oy93Tv6vLZpVqJQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "JZouihQMnG3T6XSUXqYbkA==": { "id": "JZouihQMnG3T6XSUXqYbkA==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "JegoLVJD+r1CNqau++1Vlw==": { "id": "JegoLVJD+r1CNqau++1Vlw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "JeqcZQqZ6re77qRb9vpAHQ==": { "id": "JeqcZQqZ6re77qRb9vpAHQ==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "JfmoxvDj+qKmecssvuGVyA==": { "id": "JfmoxvDj+qKmecssvuGVyA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JiPLnE3IM4/yPxZ8earXLg==": { "id": "JiPLnE3IM4/yPxZ8earXLg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "JmAt+4wqaQRWn+7jyy1oCQ==": { "id": "JmAt+4wqaQRWn+7jyy1oCQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jo0GiPh7MZcVuLsVDbp7qg==": { "id": "Jo0GiPh7MZcVuLsVDbp7qg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "Jq9s0m8iiaLnslijc1N/kw==": { "id": "Jq9s0m8iiaLnslijc1N/kw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "JrT9jqBaZlLgPCS0RLnpPQ==": { "id": "JrT9jqBaZlLgPCS0RLnpPQ==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "JsF5ac8+OAOWxsV80iUiIw==": { "id": "JsF5ac8+OAOWxsV80iUiIw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.1.el9_6", "arch_op": "pattern match" }, "JtCpNcg8egZjbdozD9CAJQ==": { "id": "JtCpNcg8egZjbdozD9CAJQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JwRn6LaXs4DLH+aotGHcIQ==": { "id": "JwRn6LaXs4DLH+aotGHcIQ==", "updater": "osv/go", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "issued": "2022-07-20T17:02:29Z", "links": "https://go.dev/cl/417066 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "Jx8Savf4pVqPTLt8HsgoXA==": { "id": "Jx8Savf4pVqPTLt8HsgoXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "K/Jzpgc6xwHh47HFu+S8BQ==": { "id": "K/Jzpgc6xwHh47HFu+S8BQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K0/KdAmlvzyf53kjXgfoRA==": { "id": "K0/KdAmlvzyf53kjXgfoRA==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "K12v1aAHn6bz+NiEB1W7GA==": { "id": "K12v1aAHn6bz+NiEB1W7GA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "K5fLrkou5COixf2q2qhQ5Q==": { "id": "K5fLrkou5COixf2q2qhQ5Q==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "KBpYoBBh5AFRsvma/sImeA==": { "id": "KBpYoBBh5AFRsvma/sImeA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KEWGfOVGYNjr6kNjpQx0qg==": { "id": "KEWGfOVGYNjr6kNjpQx0qg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KM/iKSazFyPeIBezQXviSQ==": { "id": "KM/iKSazFyPeIBezQXviSQ==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "KM3euWq+O2CS0VP936TjVg==": { "id": "KM3euWq+O2CS0VP936TjVg==", "updater": "osv/go", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "issued": "2023-12-06T16:22:36Z", "links": "https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.12" }, "KTLyj41W+cHfjH/HBrA7BQ==": { "id": "KTLyj41W+cHfjH/HBrA7BQ==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KXAIwMyIqS4MKyyyosxjhw==": { "id": "KXAIwMyIqS4MKyyyosxjhw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "KXzUsn7IGL3ZRMjBL3QOng==": { "id": "KXzUsn7IGL3ZRMjBL3QOng==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kcd+UQxBw37KfFkRbn1QXw==": { "id": "Kcd+UQxBw37KfFkRbn1QXw==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "KewD59oo2UdDLsWiOrUjzQ==": { "id": "KewD59oo2UdDLsWiOrUjzQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "KhBWOViCuCZdWqrkDlYvOA==": { "id": "KhBWOViCuCZdWqrkDlYvOA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KhtP1/ZJ9jcZ6Whijt7vkw==": { "id": "KhtP1/ZJ9jcZ6Whijt7vkw==", "updater": "osv/go", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "issued": "2023-02-16T22:31:36Z", "links": "https://go.dev/issue/57855 https://go.dev/cl/468135 https://go.dev/cl/468295 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Km0Kj8/PT21DcOVckLYRyA==": { "id": "Km0Kj8/PT21DcOVckLYRyA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Kp6vEAyTjVJyCperHJ2MsQ==": { "id": "Kp6vEAyTjVJyCperHJ2MsQ==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "Kqi7XT4SGpqJzglrXFbYsQ==": { "id": "Kqi7XT4SGpqJzglrXFbYsQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "KwXuJ1mZuqgv14dKI+DdIw==": { "id": "KwXuJ1mZuqgv14dKI+DdIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "L+KHKrPvSxZVeDMiWq92vw==": { "id": "L+KHKrPvSxZVeDMiWq92vw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "L/8naYULbNo7VCB5WzvpDw==": { "id": "L/8naYULbNo7VCB5WzvpDw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "L04cc8NCPjDZYnxYDnO5+A==": { "id": "L04cc8NCPjDZYnxYDnO5+A==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "L0O+Qmwnpkk+Rg/VqN7QWA==": { "id": "L0O+Qmwnpkk+Rg/VqN7QWA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "L2l/2cM7p8mbRx8/RerNPg==": { "id": "L2l/2cM7p8mbRx8/RerNPg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "L309n8CXvBj9wPx3UR7JGQ==": { "id": "L309n8CXvBj9wPx3UR7JGQ==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3Sq7FQbQmRq1R8Dn0eFww==": { "id": "L3Sq7FQbQmRq1R8Dn0eFww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "L5u3G3ilU8/0RtMpJ7kdKQ==": { "id": "L5u3G3ilU8/0RtMpJ7kdKQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "L7bRdQbudZhoHiefk8z45A==": { "id": "L7bRdQbudZhoHiefk8z45A==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "L9hbhq3wsZ5QkKEIo/fhYQ==": { "id": "L9hbhq3wsZ5QkKEIo/fhYQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "LAdEFhGjw+B+5uRqObeXiQ==": { "id": "LAdEFhGjw+B+5uRqObeXiQ==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "LBK9PqJKfCEUpttQCyryqw==": { "id": "LBK9PqJKfCEUpttQCyryqw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "LBzBPjCNeeSOWXyc2o2hnQ==": { "id": "LBzBPjCNeeSOWXyc2o2hnQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "LCRgl8qKc2VcXP1ILfaS6A==": { "id": "LCRgl8qKc2VcXP1ILfaS6A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "LDhDJjeJTHD14xx6vYgQUQ==": { "id": "LDhDJjeJTHD14xx6vYgQUQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LKHvKuMU+ZaZN+c9jQoc8A==": { "id": "LKHvKuMU+ZaZN+c9jQoc8A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "LMcwA00QGnxriAXkZQIhHw==": { "id": "LMcwA00QGnxriAXkZQIhHw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LULa++Og4kM4JJrQxnZj0w==": { "id": "LULa++Og4kM4JJrQxnZj0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.1.el9_6", "arch_op": "pattern match" }, "LUlesLbzv1yf48cLqYDxTg==": { "id": "LUlesLbzv1yf48cLqYDxTg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LXj+7NB7elh/3U/gcE77cw==": { "id": "LXj+7NB7elh/3U/gcE77cw==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Lc7NiV76Y8Ubl6+6Vgd+sw==": { "id": "Lc7NiV76Y8Ubl6+6Vgd+sw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "LcEYljn+QTWUC36NwQCf7w==": { "id": "LcEYljn+QTWUC36NwQCf7w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Lcg+9plLPEAo58BHKBlIGw==": { "id": "Lcg+9plLPEAo58BHKBlIGw==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "LczpEojKeJQxs4tAiPNubw==": { "id": "LczpEojKeJQxs4tAiPNubw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Lex02lwAwiaMkFn9DV9FuA==": { "id": "Lex02lwAwiaMkFn9DV9FuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkG+n79mbPHrPl1sC2ee1w==": { "id": "LkG+n79mbPHrPl1sC2ee1w==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LlIx9R1y9EWEYmMjr1l1rw==": { "id": "LlIx9R1y9EWEYmMjr1l1rw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "Lsd0oY+cRz3Y5y3+G6CYMA==": { "id": "Lsd0oY+cRz3Y5y3+G6CYMA==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "Lw4KgrwWujzRmDjtibR3+Q==": { "id": "Lw4KgrwWujzRmDjtibR3+Q==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "LyEH4RIrJnMwmS9bxL322w==": { "id": "LyEH4RIrJnMwmS9bxL322w==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LzfcsSJMzHmJVjI8xrynCA==": { "id": "LzfcsSJMzHmJVjI8xrynCA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1Z06nydk707qbRpFiKmaA==": { "id": "M1Z06nydk707qbRpFiKmaA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M3xoPIiF+fvDRyYkizrMWQ==": { "id": "M3xoPIiF+fvDRyYkizrMWQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M4/opsM/3qe/3m0zjGkItQ==": { "id": "M4/opsM/3qe/3m0zjGkItQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "M5aJiMv2/MaWINKfor0BrQ==": { "id": "M5aJiMv2/MaWINKfor0BrQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M6ssHrt9pKPpEPr7O0Tc/A==": { "id": "M6ssHrt9pKPpEPr7O0Tc/A==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "M9nh4Ryt6GwPUlLoItHqnA==": { "id": "M9nh4Ryt6GwPUlLoItHqnA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MAL36hvDgZ40KRvk279OJA==": { "id": "MAL36hvDgZ40KRvk279OJA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "MGoFQMcsriBEPanvv9LYcQ==": { "id": "MGoFQMcsriBEPanvv9LYcQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "MJ6xN5o4V2wpv4hjMTwHAA==": { "id": "MJ6xN5o4V2wpv4hjMTwHAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "MJtIM09Jw6pIepBEcf4LwQ==": { "id": "MJtIM09Jw6pIepBEcf4LwQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MOUExK9O9qzIs9ukHaS2ew==": { "id": "MOUExK9O9qzIs9ukHaS2ew==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "MVGmB/UrNlB0PqdbI1X5iA==": { "id": "MVGmB/UrNlB0PqdbI1X5iA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "MYhgpNDg22nk0/HCSwm/gw==": { "id": "MYhgpNDg22nk0/HCSwm/gw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "McBbvTJIAPyP1aOW8M+hzw==": { "id": "McBbvTJIAPyP1aOW8M+hzw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "Mds6YkAImABVZfFVPdan5w==": { "id": "Mds6YkAImABVZfFVPdan5w==", "updater": "osv/go", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "issued": "2022-07-15T23:30:12Z", "links": "https://go.dev/cl/399539 https://go.dev/issue/52313 https://go.dev/cl/400074 https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.2" }, "Mgu68G03r/7Tj/zMomkJZw==": { "id": "Mgu68G03r/7Tj/zMomkJZw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Mhh/p16eoRFTSGC5EJRZEw==": { "id": "Mhh/p16eoRFTSGC5EJRZEw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "Mo/R2a7u4vWlPy8O1jH7HQ==": { "id": "Mo/R2a7u4vWlPy8O1jH7HQ==", "updater": "rhel-vex", "name": "CVE-2024-8244", "description": "The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.", "issued": "2025-08-06T15:32:27Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8244 https://bugzilla.redhat.com/show_bug.cgi?id=2386885 https://www.cve.org/CVERecord?id=CVE-2024-8244 https://nvd.nist.gov/vuln/detail/CVE-2024-8244 https://go.dev/issue/70007 https://pkg.go.dev/vuln/GO-2025-9999 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8244.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Mo4ARlLui4P8nHgMUyYhSw==": { "id": "Mo4ARlLui4P8nHgMUyYhSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Mqs34KD77Q9uZxNX/8mz0Q==": { "id": "Mqs34KD77Q9uZxNX/8mz0Q==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MrRavbeiISRcJtBRJ3ZRsA==": { "id": "MrRavbeiISRcJtBRJ3ZRsA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "MrpKafmPiKoIdSrqC/r3Sg==": { "id": "MrpKafmPiKoIdSrqC/r3Sg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "Mrux1XY1LZVvkWuUp2MCHQ==": { "id": "Mrux1XY1LZVvkWuUp2MCHQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "MtExg9vrmkuo/+/XELnvpA==": { "id": "MtExg9vrmkuo/+/XELnvpA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Mukn5ixgUb/zb+mcMFd16Q==": { "id": "Mukn5ixgUb/zb+mcMFd16Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "Mv7iQu0SgLhcoLH3nS/HZw==": { "id": "Mv7iQu0SgLhcoLH3nS/HZw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "MvPzfqdptyOBxzxR1iCL3g==": { "id": "MvPzfqdptyOBxzxR1iCL3g==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MwRbFLckfwf7ZXLrr6KBUQ==": { "id": "MwRbFLckfwf7ZXLrr6KBUQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N6/VXIOitxRZPgnZMgm+4A==": { "id": "N6/VXIOitxRZPgnZMgm+4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "N6xCmSIsupN7OsJaYpsl6Q==": { "id": "N6xCmSIsupN7OsJaYpsl6Q==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "N6yyVyHeduwThpSSvA2dVQ==": { "id": "N6yyVyHeduwThpSSvA2dVQ==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "NAN7p79skZ+eBA0xQMnnqw==": { "id": "NAN7p79skZ+eBA0xQMnnqw==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ND8tA1FahvMc/ZIGpyoj3g==": { "id": "ND8tA1FahvMc/ZIGpyoj3g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NDTeUbmjAj/XEHx68pTD9A==": { "id": "NDTeUbmjAj/XEHx68pTD9A==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NFJR7P8KL9HNF/dsA5opTw==": { "id": "NFJR7P8KL9HNF/dsA5opTw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NGHtfO55iqBhbAmqujAqHA==": { "id": "NGHtfO55iqBhbAmqujAqHA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "NJhwMDbt0IMvlSLLB4cUVA==": { "id": "NJhwMDbt0IMvlSLLB4cUVA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "NLs2bAzfO2YzrBTddmvvkQ==": { "id": "NLs2bAzfO2YzrBTddmvvkQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "NNyvMdW5UTPp1jGH161XDQ==": { "id": "NNyvMdW5UTPp1jGH161XDQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "NObEgWpn6tAdrn33X3GoKw==": { "id": "NObEgWpn6tAdrn33X3GoKw==", "updater": "rhel-vex", "name": "CVE-2022-32148", "description": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-32148 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://www.cve.org/CVERecord?id=CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-32148.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NPJh6PwkJYtfpkFMxFCfIA==": { "id": "NPJh6PwkJYtfpkFMxFCfIA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NQ+dtAZLrUPoMA29mi1Odg==": { "id": "NQ+dtAZLrUPoMA29mi1Odg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "NUj8ykIgUTA27ShVMCBysA==": { "id": "NUj8ykIgUTA27ShVMCBysA==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NW78+g0sKpejEre7I2lCOA==": { "id": "NW78+g0sKpejEre7I2lCOA==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NWqPMtB06drZmdGhOgqvEA==": { "id": "NWqPMtB06drZmdGhOgqvEA==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NXkuwjwxMseOUUaLQCgnuQ==": { "id": "NXkuwjwxMseOUUaLQCgnuQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "NdlKBrj70+HY4gSgv+wTmA==": { "id": "NdlKBrj70+HY4gSgv+wTmA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NeoXfJYSR9hqSpA4BJOyWQ==": { "id": "NeoXfJYSR9hqSpA4BJOyWQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfM08djkMgc3ukqHI37OMg==": { "id": "NfM08djkMgc3ukqHI37OMg==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfOajNNzWnotxhFpYD5Nfg==": { "id": "NfOajNNzWnotxhFpYD5Nfg==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "NkAsviHzXhNrys9cILlYeQ==": { "id": "NkAsviHzXhNrys9cILlYeQ==", "updater": "osv/go", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "issued": "2023-11-08T22:42:14Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY https://go.dev/issue/64028 https://go.dev/cl/541175 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "Nl5OfrnQ/SPbLIWCvdxEHw==": { "id": "Nl5OfrnQ/SPbLIWCvdxEHw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NoEVAwQMgkCr1UvAm6iQBQ==": { "id": "NoEVAwQMgkCr1UvAm6iQBQ==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "NpKL2jmktUTvYJUFA1mjww==": { "id": "NpKL2jmktUTvYJUFA1mjww==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "NplyvjxiuekBB/5QKoOJbw==": { "id": "NplyvjxiuekBB/5QKoOJbw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "O+NG96g+kK1DtaJEFTfwuA==": { "id": "O+NG96g+kK1DtaJEFTfwuA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "O+a4984RTSUBIVVJsZTw1A==": { "id": "O+a4984RTSUBIVVJsZTw1A==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "O0QnjS+0zUH+vff5xaIpCw==": { "id": "O0QnjS+0zUH+vff5xaIpCw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "O0ZHj1wCkn8EgvHd15dYqA==": { "id": "O0ZHj1wCkn8EgvHd15dYqA==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "O24do/xbIwz1BfQU4lBl5A==": { "id": "O24do/xbIwz1BfQU4lBl5A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "O41Bejc6em2i0QjOrjliKQ==": { "id": "O41Bejc6em2i0QjOrjliKQ==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "O4VudlVyChnCKHP9qhS59g==": { "id": "O4VudlVyChnCKHP9qhS59g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "O7l2OQQ3NRM4VNrd4YvEaA==": { "id": "O7l2OQQ3NRM4VNrd4YvEaA==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "O8btQzgzPf/pU7XfP3wqPw==": { "id": "O8btQzgzPf/pU7XfP3wqPw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "OIcx4C9IsgtrAE0nDs9GdA==": { "id": "OIcx4C9IsgtrAE0nDs9GdA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "OJ5Ok6CMeJ8/3txCizz4cg==": { "id": "OJ5Ok6CMeJ8/3txCizz4cg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "OOCO13z2+atrfqEfCsJ3/w==": { "id": "OOCO13z2+atrfqEfCsJ3/w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "OUOPFj6v5qm/F5KSXf7dVw==": { "id": "OUOPFj6v5qm/F5KSXf7dVw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oaw7/z6QEDwwzKvMQmdriQ==": { "id": "Oaw7/z6QEDwwzKvMQmdriQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OhQ6agVzWuY02NakmnlJmw==": { "id": "OhQ6agVzWuY02NakmnlJmw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "Oi+2EF5+FNNGg+4WyowonQ==": { "id": "Oi+2EF5+FNNGg+4WyowonQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "Ojd6gfhf5HOGBRFGRWmKOg==": { "id": "Ojd6gfhf5HOGBRFGRWmKOg==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ok4YXGXw7Ua7qgtxqZcqhg==": { "id": "Ok4YXGXw7Ua7qgtxqZcqhg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "OleRcJ5uCI7wOsxOqMjRlg==": { "id": "OleRcJ5uCI7wOsxOqMjRlg==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "OlhZuHzjnGJlFRoEEZLvZw==": { "id": "OlhZuHzjnGJlFRoEEZLvZw==", "updater": "rhel-vex", "name": "CVE-2022-1705", "description": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://www.cve.org/CVERecord?id=CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://go.dev/issue/53188 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1705.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OlzUZywb212kcLte3jiS3g==": { "id": "OlzUZywb212kcLte3jiS3g==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "OoUkTYhn9kcAyWK8OpWEvg==": { "id": "OoUkTYhn9kcAyWK8OpWEvg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "OqWPbZZgGqlPCMzbmClfHA==": { "id": "OqWPbZZgGqlPCMzbmClfHA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "OtUtUn02ewCzaijseyEVUA==": { "id": "OtUtUn02ewCzaijseyEVUA==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "OuZBWnWNFHYdTgntdOB15Q==": { "id": "OuZBWnWNFHYdTgntdOB15Q==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "OvvtykNCZtfooZWGyghXfg==": { "id": "OvvtykNCZtfooZWGyghXfg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ox1tNe9huq3q2onFJsX0QA==": { "id": "Ox1tNe9huq3q2onFJsX0QA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "OxOc7/P4x7mjEZNhGnABDA==": { "id": "OxOc7/P4x7mjEZNhGnABDA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "Oz/6eC07LwyvcoelwlI47w==": { "id": "Oz/6eC07LwyvcoelwlI47w==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "P0aqIEFHW71uwsNt2kNw4A==": { "id": "P0aqIEFHW71uwsNt2kNw4A==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "P1K1eUbqwgam0P6f7iB/IA==": { "id": "P1K1eUbqwgam0P6f7iB/IA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "P2LAyAbSFxWVwlNB9c/A2g==": { "id": "P2LAyAbSFxWVwlNB9c/A2g==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "P8ATyyToJgziJaUXIjyPvA==": { "id": "P8ATyyToJgziJaUXIjyPvA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "PAVfrfQyg9ezKUDPbI/Nmw==": { "id": "PAVfrfQyg9ezKUDPbI/Nmw==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "PB44uTo7NGwmA/fjSEQPBA==": { "id": "PB44uTo7NGwmA/fjSEQPBA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "PDkkYuYRnbObAyDWKDapig==": { "id": "PDkkYuYRnbObAyDWKDapig==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "PEaU9hApxjdZ1D4R2OUZpw==": { "id": "PEaU9hApxjdZ1D4R2OUZpw==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "PHRlWl/iCYco+xAVn6SmKQ==": { "id": "PHRlWl/iCYco+xAVn6SmKQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "PJ/Blkuxb9rGhjSw0f3NrA==": { "id": "PJ/Blkuxb9rGhjSw0f3NrA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "PLT6ItGnGibNqyU7ikhmRA==": { "id": "PLT6ItGnGibNqyU7ikhmRA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PMaPI3hRDt0vFaerryvY/g==": { "id": "PMaPI3hRDt0vFaerryvY/g==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "POO0JR6PIxa5cAikhYHhiQ==": { "id": "POO0JR6PIxa5cAikhYHhiQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "POSFLQ5mtdC9jMcn5UF8FA==": { "id": "POSFLQ5mtdC9jMcn5UF8FA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "PRErogcN/aXkh7DLlBPLlw==": { "id": "PRErogcN/aXkh7DLlBPLlw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "PTaioV6jy0S7VQV20A7R+A==": { "id": "PTaioV6jy0S7VQV20A7R+A==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "PYQ8GtvInfQ411U5gwbErQ==": { "id": "PYQ8GtvInfQ411U5gwbErQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Pd5fn59ga3nlH8XsDKvDWA==": { "id": "Pd5fn59ga3nlH8XsDKvDWA==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "PdGhfwK5tePs8ngzFuopoA==": { "id": "PdGhfwK5tePs8ngzFuopoA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "PdNX5RN9keIsqOloxy7mkg==": { "id": "PdNX5RN9keIsqOloxy7mkg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "Pdc4LabMMVIl3+kSdEepMw==": { "id": "Pdc4LabMMVIl3+kSdEepMw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "PgPRtFXcN+6zuIY77w+muQ==": { "id": "PgPRtFXcN+6zuIY77w+muQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PhzQEpAkCFfaNfVzGQzMgg==": { "id": "PhzQEpAkCFfaNfVzGQzMgg==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "PnyZkAM4ZwDECggE7QV89A==": { "id": "PnyZkAM4ZwDECggE7QV89A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Po+GLdyrucAyVatfOmZxGg==": { "id": "Po+GLdyrucAyVatfOmZxGg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PwX0RLPO5W1w6VDjSgcV8A==": { "id": "PwX0RLPO5W1w6VDjSgcV8A==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q1F3DVZZ3gpMNQT3yhbiSg==": { "id": "Q1F3DVZZ3gpMNQT3yhbiSg==", "updater": "rhel-vex", "name": "CVE-2025-10911", "description": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.", "issued": "2025-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10911 https://bugzilla.redhat.com/show_bug.cgi?id=2397838 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://nvd.nist.gov/vuln/detail/CVE-2025-10911 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10911.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2+f0ITzWPp+YCesnwp1Ng==": { "id": "Q2+f0ITzWPp+YCesnwp1Ng==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q9syyD8a/4l/mc50UAvBnQ==": { "id": "Q9syyD8a/4l/mc50UAvBnQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "QBD2bakyMRLlWNUWb7c8Ng==": { "id": "QBD2bakyMRLlWNUWb7c8Ng==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "QBNxNqNCcUL/GHKqOh7Fyw==": { "id": "QBNxNqNCcUL/GHKqOh7Fyw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QDYJ95dZNazClKtqoRJQeQ==": { "id": "QDYJ95dZNazClKtqoRJQeQ==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "QHS4gwmQURKolJEnj/ZMHw==": { "id": "QHS4gwmQURKolJEnj/ZMHw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "QL7KLbo+Ri9Q4aoq0+/c2w==": { "id": "QL7KLbo+Ri9Q4aoq0+/c2w==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "QNVm3dpa9lFJUb6FBjjc1g==": { "id": "QNVm3dpa9lFJUb6FBjjc1g==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "QNeXj0/uAU3vww6deBbkrw==": { "id": "QNeXj0/uAU3vww6deBbkrw==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QSEpEyTM9A7rsX/qx644wQ==": { "id": "QSEpEyTM9A7rsX/qx644wQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QX1bQ/CZA5mRbcqjpTc9aA==": { "id": "QX1bQ/CZA5mRbcqjpTc9aA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QXekSyzWiuaI8YTxDgngHw==": { "id": "QXekSyzWiuaI8YTxDgngHw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "QY4aLgQQjP1oPPp38ArMrQ==": { "id": "QY4aLgQQjP1oPPp38ArMrQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QZ7uKIt3KkZJfzRLCLWsIg==": { "id": "QZ7uKIt3KkZJfzRLCLWsIg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "QZQvSq0tzcJY8GfiU/aXpg==": { "id": "QZQvSq0tzcJY8GfiU/aXpg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgyYiUqrv2nc1+RqO1bM4A==": { "id": "QgyYiUqrv2nc1+RqO1bM4A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "QhESIu1eoXqoSNW7jNhlZg==": { "id": "QhESIu1eoXqoSNW7jNhlZg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.1.el9_6", "arch_op": "pattern match" }, "Qimhraux3dZtFrPRbNJqyw==": { "id": "Qimhraux3dZtFrPRbNJqyw==", "updater": "osv/go", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "issued": "2023-09-07T16:11:59Z", "links": "https://go.dev/issue/62197 https://go.dev/cl/526157 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "QireWdVPs8MzNOJ1scQvdA==": { "id": "QireWdVPs8MzNOJ1scQvdA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QjS6b4li9vRMvS2l49iyfw==": { "id": "QjS6b4li9vRMvS2l49iyfw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Qp7j7oFs4UbVUHVGblDM1w==": { "id": "Qp7j7oFs4UbVUHVGblDM1w==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "QqK1O3FCNB9QbClJ7bZ6YA==": { "id": "QqK1O3FCNB9QbClJ7bZ6YA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "QqNagWxBuciWgmqsaHDwZw==": { "id": "QqNagWxBuciWgmqsaHDwZw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "Qr2/3ufYTxjXiJuEKM7I7w==": { "id": "Qr2/3ufYTxjXiJuEKM7I7w==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "QsR+n6O0ULfYayvahAaltg==": { "id": "QsR+n6O0ULfYayvahAaltg==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "QwkBpizF3mo2JpevPMDeaw==": { "id": "QwkBpizF3mo2JpevPMDeaw==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "QxQ47SEMl+UFCOv8XVwx9A==": { "id": "QxQ47SEMl+UFCOv8XVwx9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "QznSXY89jmEtP62PhxgH1g==": { "id": "QznSXY89jmEtP62PhxgH1g==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "R1Akf7BYKFH+Usf+3IS0Cg==": { "id": "R1Akf7BYKFH+Usf+3IS0Cg==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R6drGbgnzqKGDiX/RNUdqw==": { "id": "R6drGbgnzqKGDiX/RNUdqw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "R7XEe59RfqPZwHJmDbOyww==": { "id": "R7XEe59RfqPZwHJmDbOyww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "R9lgi90skf6A+gEQ2Lu8dg==": { "id": "R9lgi90skf6A+gEQ2Lu8dg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "RA9ILX3H27ou2ro1GzHq8Q==": { "id": "RA9ILX3H27ou2ro1GzHq8Q==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RDlpzaleAPnYWwZyjvoRug==": { "id": "RDlpzaleAPnYWwZyjvoRug==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "RFeq5rwe+sxgyWgUXeEitA==": { "id": "RFeq5rwe+sxgyWgUXeEitA==", "updater": "osv/go", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "issued": "2022-07-20T20:52:06Z", "links": "https://go.dev/cl/417061 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "RJziShukaon2ShF1sKdneQ==": { "id": "RJziShukaon2ShF1sKdneQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "RKG7TR5VLN5EK2rg7nfjuQ==": { "id": "RKG7TR5VLN5EK2rg7nfjuQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "RLGDcCcECNxfaKqTkhDvew==": { "id": "RLGDcCcECNxfaKqTkhDvew==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RPWIFXazUxYQ5Q1rBYTqdg==": { "id": "RPWIFXazUxYQ5Q1rBYTqdg==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RPlldG/r8WWd2UCSZ1vzsg==": { "id": "RPlldG/r8WWd2UCSZ1vzsg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "RReWBnQmCp2XJDUh6xioRQ==": { "id": "RReWBnQmCp2XJDUh6xioRQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RU6xHn/9SV8lotyX3JW1ZQ==": { "id": "RU6xHn/9SV8lotyX3JW1ZQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "RUDcnDBVSmf+/LWMe4Tqgw==": { "id": "RUDcnDBVSmf+/LWMe4Tqgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "RXSYUreBGXQz5Vll3C130A==": { "id": "RXSYUreBGXQz5Vll3C130A==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdY/UQx2FGTtVn1x7G1KkA==": { "id": "RdY/UQx2FGTtVn1x7G1KkA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rf7m+dbWxZxBNm1A9nfdqg==": { "id": "Rf7m+dbWxZxBNm1A9nfdqg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RfXeDDRCykmZZMDXVfaGtg==": { "id": "RfXeDDRCykmZZMDXVfaGtg==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "RgBI11FezD5/LF6u61IQtw==": { "id": "RgBI11FezD5/LF6u61IQtw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "Rm7aeXEOy4+PSaaC/AfGyw==": { "id": "Rm7aeXEOy4+PSaaC/AfGyw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "RnzVpoLf3gQvIDiBFFXm6w==": { "id": "RnzVpoLf3gQvIDiBFFXm6w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rs2w9Uui+dW2Lg48Ml6jpw==": { "id": "Rs2w9Uui+dW2Lg48Ml6jpw==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxiYxX3H5lL8cc7k0ac/mQ==": { "id": "RxiYxX3H5lL8cc7k0ac/mQ==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxmnlWamNxvphCIuarducQ==": { "id": "RxmnlWamNxvphCIuarducQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ry6vRm+cs1w4rnhTcw+4ww==": { "id": "Ry6vRm+cs1w4rnhTcw+4ww==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "Rz0KcMyzx8GC2p+YUZpHPQ==": { "id": "Rz0KcMyzx8GC2p+YUZpHPQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "S01BJ2Ht59Iq71LsHWKLzg==": { "id": "S01BJ2Ht59Iq71LsHWKLzg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "S2g7delheJOLf2DxVbw0Hg==": { "id": "S2g7delheJOLf2DxVbw0Hg==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "S2kC/8+NtHD0EdQuoPqXlg==": { "id": "S2kC/8+NtHD0EdQuoPqXlg==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "S3c04CkV3MUFBzUssTpBSg==": { "id": "S3c04CkV3MUFBzUssTpBSg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S9GgHs7lpMPNDjvswObhPg==": { "id": "S9GgHs7lpMPNDjvswObhPg==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "SBAWrxfXaQ2Ka48xajW62A==": { "id": "SBAWrxfXaQ2Ka48xajW62A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "SFiwTqc+C9HkxslIGbfU0g==": { "id": "SFiwTqc+C9HkxslIGbfU0g==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "SFoELvc6okNKWKi7mExikA==": { "id": "SFoELvc6okNKWKi7mExikA==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "SIPkCsjtWsrsJnfVRjxnKA==": { "id": "SIPkCsjtWsrsJnfVRjxnKA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "SKOD3G/MxX5t9s/HjT+ehg==": { "id": "SKOD3G/MxX5t9s/HjT+ehg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "SKyAPnATFclliIE0mjtq+w==": { "id": "SKyAPnATFclliIE0mjtq+w==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRL0fsSEDtOf7vYyf/BewQ==": { "id": "SRL0fsSEDtOf7vYyf/BewQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SS38Q6SbT7pMry4emWgqdg==": { "id": "SS38Q6SbT7pMry4emWgqdg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "SU1MGh9+Zg3Zuy+khiN0Og==": { "id": "SU1MGh9+Zg3Zuy+khiN0Og==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "SWMi5UoagLshKWAW26MJTw==": { "id": "SWMi5UoagLshKWAW26MJTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SXF95Q57bdA0qf3iy/XSPw==": { "id": "SXF95Q57bdA0qf3iy/XSPw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "SaWdJL5a+HL0ZieRiKpgNA==": { "id": "SaWdJL5a+HL0ZieRiKpgNA==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "Sal0GJMIh5Nqb3U4N6ro0g==": { "id": "Sal0GJMIh5Nqb3U4N6ro0g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SbrfelK/hRkg8QJAv7881A==": { "id": "SbrfelK/hRkg8QJAv7881A==", "updater": "osv/go", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "issued": "2023-02-16T22:24:51Z", "links": "https://go.dev/issue/58001 https://go.dev/cl/468125 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "SduSwzmffGiGJfqQDrSyEA==": { "id": "SduSwzmffGiGJfqQDrSyEA==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Sfn7NNniMfKKkrbS2KIlnA==": { "id": "Sfn7NNniMfKKkrbS2KIlnA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "SjbW0rogoRJo0my37ozMDg==": { "id": "SjbW0rogoRJo0my37ozMDg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Sn+Wd5xIJ9cLZDfoyJlgkw==": { "id": "Sn+Wd5xIJ9cLZDfoyJlgkw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SnI5fUbXuT/Xt+VkGvddww==": { "id": "SnI5fUbXuT/Xt+VkGvddww==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "SnYLkLUk0dFIFA/itR5yrA==": { "id": "SnYLkLUk0dFIFA/itR5yrA==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "SqKI5VB6698Nen4zsScUuw==": { "id": "SqKI5VB6698Nen4zsScUuw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "SsFE9yHqow9BNx1O4nMcCg==": { "id": "SsFE9yHqow9BNx1O4nMcCg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SsNZleqCp7tmOqFZQ6ZaBA==": { "id": "SsNZleqCp7tmOqFZQ6ZaBA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Stfm7ne4Ofst02xkZn9K1w==": { "id": "Stfm7ne4Ofst02xkZn9K1w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Sw8bDdvvxQW2LmbjS6B1hg==": { "id": "Sw8bDdvvxQW2LmbjS6B1hg==", "updater": "rhel-vex", "name": "CVE-2022-30630", "description": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://www.cve.org/CVERecord?id=CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30630.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T1160/hke2bN2YNtHQGAVQ==": { "id": "T1160/hke2bN2YNtHQGAVQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "T2rcJ7DPtdiGNP7r4L5R2g==": { "id": "T2rcJ7DPtdiGNP7r4L5R2g==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "T38zlL6BTag6EVZfMAMcaw==": { "id": "T38zlL6BTag6EVZfMAMcaw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "T4bxk7MHk24P39KEeRKoig==": { "id": "T4bxk7MHk24P39KEeRKoig==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "T5/Q0DOZypWV6o3x9ziKqw==": { "id": "T5/Q0DOZypWV6o3x9ziKqw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "T507T5wFbtPlOW9lG7LxIA==": { "id": "T507T5wFbtPlOW9lG7LxIA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T9nCb/lA5TdipGMhtb6HJA==": { "id": "T9nCb/lA5TdipGMhtb6HJA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TAntNn3gBlGhX3mRHNXfWw==": { "id": "TAntNn3gBlGhX3mRHNXfWw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "TCtup4kp9cBGgmnLMbI+rw==": { "id": "TCtup4kp9cBGgmnLMbI+rw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TFku8MBahkkWbmKYS7dbIQ==": { "id": "TFku8MBahkkWbmKYS7dbIQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "TGe682MVp+b3S1lDl9HTLw==": { "id": "TGe682MVp+b3S1lDl9HTLw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "TGjVfFW0jWP1/Slr8hCo8Q==": { "id": "TGjVfFW0jWP1/Slr8hCo8Q==", "updater": "osv/go", "name": "GO-2025-3751", "description": "Sensitive headers not cleared on cross-origin redirect in net/http", "issued": "2025-06-11T16:23:58Z", "links": "https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "TI1OyePXauC23iR42z7HKg==": { "id": "TI1OyePXauC23iR42z7HKg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TK/tQUH9MhuStrQUTQS1ZQ==": { "id": "TK/tQUH9MhuStrQUTQS1ZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "TN9ZqAQo2vEW/Tx62EpRcg==": { "id": "TN9ZqAQo2vEW/Tx62EpRcg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "TNb7OrRxFn2Bis7zp2oi8A==": { "id": "TNb7OrRxFn2Bis7zp2oi8A==", "updater": "rhel-vex", "name": "CVE-2025-9165", "description": "A memory leak flaw was found in LibTIFF. This vulnerability affects the _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution.", "issued": "2025-08-19T20:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9165 https://bugzilla.redhat.com/show_bug.cgi?id=2389574 https://www.cve.org/CVERecord?id=CVE-2025-9165 https://nvd.nist.gov/vuln/detail/CVE-2025-9165 http://www.libtiff.org/ https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?ctiid.320543 https://vuldb.com/?id.320543 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9165.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TPp/bXEhRpApQLMY2Ppr9g==": { "id": "TPp/bXEhRpApQLMY2Ppr9g==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "TQEoFglRNgkSreqoAySz5A==": { "id": "TQEoFglRNgkSreqoAySz5A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "TRd8qEGSmZkjG+mmOfTmTg==": { "id": "TRd8qEGSmZkjG+mmOfTmTg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "TTh9HGJJgt1I4lhDqtPBIA==": { "id": "TTh9HGJJgt1I4lhDqtPBIA==", "updater": "osv/go", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "issued": "2022-11-01T23:55:57Z", "links": "https://go.dev/issue/56284 https://go.dev/cl/446916 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.8" }, "TU6sUeJdvbpf1Uxt7QBVXQ==": { "id": "TU6sUeJdvbpf1Uxt7QBVXQ==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "TUvm6koxiDQRc/8CJ4TCOA==": { "id": "TUvm6koxiDQRc/8CJ4TCOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ThUekCEizKQbaM9qGtWShw==": { "id": "ThUekCEizKQbaM9qGtWShw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ThjoilITJToSra2xx7nmXA==": { "id": "ThjoilITJToSra2xx7nmXA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "TiGGrcjH9zkR+9PywLxD8Q==": { "id": "TiGGrcjH9zkR+9PywLxD8Q==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ToyZiPOtBFPiNJOZ8QaYng==": { "id": "ToyZiPOtBFPiNJOZ8QaYng==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "TrfUjn7Hi6JPe4l/9tuyAQ==": { "id": "TrfUjn7Hi6JPe4l/9tuyAQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "TsVNXuAeF3PhiRZhIOjjtQ==": { "id": "TsVNXuAeF3PhiRZhIOjjtQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TteHTvD/qC9z9/bg4D+o8w==": { "id": "TteHTvD/qC9z9/bg4D+o8w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.1.el9_6", "arch_op": "pattern match" }, "U/ITon4/vjzN/EsZEGI38Q==": { "id": "U/ITon4/vjzN/EsZEGI38Q==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "U06t0kkLaLeKpn0QxtZUSg==": { "id": "U06t0kkLaLeKpn0QxtZUSg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "U2e7dgKDqk0OlJ2oJw2iuw==": { "id": "U2e7dgKDqk0OlJ2oJw2iuw==", "updater": "osv/go", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "issued": "2022-10-06T16:42:43Z", "links": "https://go.dev/issue/54663 https://go.dev/cl/432976 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "U2w6LmoqKmaGSd6IxLZGKg==": { "id": "U2w6LmoqKmaGSd6IxLZGKg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "U31VkPC5v6K7XIsRFDo19w==": { "id": "U31VkPC5v6K7XIsRFDo19w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "U47k8+SGMpP7nHNJFxv5oA==": { "id": "U47k8+SGMpP7nHNJFxv5oA==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "U61IeOaU1v6bOHJxSPbCCw==": { "id": "U61IeOaU1v6bOHJxSPbCCw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "U7q9649W3+OXGS9kMwowkw==": { "id": "U7q9649W3+OXGS9kMwowkw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U86hsRMcoSpvWp72aUJNFQ==": { "id": "U86hsRMcoSpvWp72aUJNFQ==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UApauQbQz6UZdsAuW9miOQ==": { "id": "UApauQbQz6UZdsAuW9miOQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "UBV+Z4vQ/HB9/cVGq/+u3w==": { "id": "UBV+Z4vQ/HB9/cVGq/+u3w==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UC0U9/zd+klwBmGR1YYVPg==": { "id": "UC0U9/zd+klwBmGR1YYVPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "UEW14H6J4RBSZEjpG6p4bw==": { "id": "UEW14H6J4RBSZEjpG6p4bw==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "UEgRngB2KVq3bhFU/6+13Q==": { "id": "UEgRngB2KVq3bhFU/6+13Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "UH1xPpnVOud+f1gKl26ATQ==": { "id": "UH1xPpnVOud+f1gKl26ATQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "UPjX59r3QHIaBVa54cqtzA==": { "id": "UPjX59r3QHIaBVa54cqtzA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "USroe8+XCxLDwAOkjWfs+Q==": { "id": "USroe8+XCxLDwAOkjWfs+Q==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "UTm7DZVRUmqWWBx0Js7vCA==": { "id": "UTm7DZVRUmqWWBx0Js7vCA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "UV2MuUVVyu0L6wfdUc0Qpg==": { "id": "UV2MuUVVyu0L6wfdUc0Qpg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "UVRy+pWnw+7xa7f2U2B15Q==": { "id": "UVRy+pWnw+7xa7f2U2B15Q==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "UWR5dcXlfiNMz/BIfTGvfQ==": { "id": "UWR5dcXlfiNMz/BIfTGvfQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ub9JoNToSyT09hD5MOIlGA==": { "id": "Ub9JoNToSyT09hD5MOIlGA==", "updater": "rhel-vex", "name": "CVE-2025-8961", "description": "A memory corruption flaw was found in libTIFF. This issue affects the May function of the tiffcrop.c file in the tiffcrop component. This attack needs to be approached locally.", "issued": "2025-08-14T12:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8961 https://bugzilla.redhat.com/show_bug.cgi?id=2388541 https://www.cve.org/CVERecord?id=CVE-2025-8961 https://nvd.nist.gov/vuln/detail/CVE-2025-8961 http://www.libtiff.org/ https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 https://vuldb.com/?ctiid.319955 https://vuldb.com/?id.319955 https://vuldb.com/?submit.627957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8961.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbJne6U4WRZmmyYLeEtt4w==": { "id": "UbJne6U4WRZmmyYLeEtt4w==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "UcI2WjL14mHQYOfXIkpuzA==": { "id": "UcI2WjL14mHQYOfXIkpuzA==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "UcSRaJxHOHBFxbLpeEwTSA==": { "id": "UcSRaJxHOHBFxbLpeEwTSA==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "UeuwcxsDMDrcMU7c13lXsQ==": { "id": "UeuwcxsDMDrcMU7c13lXsQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "Uh6QIejNBmYSJ+kLmnZWzw==": { "id": "Uh6QIejNBmYSJ+kLmnZWzw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "UhBP4F/rEtGjZG3U8Wvp2Q==": { "id": "UhBP4F/rEtGjZG3U8Wvp2Q==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "UiO8eKIdcPJIKIj94tK4ug==": { "id": "UiO8eKIdcPJIKIj94tK4ug==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "UjXmsuFAyS2A1LN7d6S/5w==": { "id": "UjXmsuFAyS2A1LN7d6S/5w==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "UoBD3GwEne6Zwl54oZgCCg==": { "id": "UoBD3GwEne6Zwl54oZgCCg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Us6zMNu9gwaRC0UH2SSoQw==": { "id": "Us6zMNu9gwaRC0UH2SSoQw==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "UsE9/aKvx7HhPwZe6KY1zw==": { "id": "UsE9/aKvx7HhPwZe6KY1zw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "UsTHWG7fBbgk8T9K0i79Ww==": { "id": "UsTHWG7fBbgk8T9K0i79Ww==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "UuV6vmv/pMSyQBUW2Wn3bA==": { "id": "UuV6vmv/pMSyQBUW2Wn3bA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Uy8P+1ImBLgh4EjZYlMO1Q==": { "id": "Uy8P+1ImBLgh4EjZYlMO1Q==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "UykJtPxmRiaRteAhKYbbOQ==": { "id": "UykJtPxmRiaRteAhKYbbOQ==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V+7K8Rg1uux3xnVmyH12/A==": { "id": "V+7K8Rg1uux3xnVmyH12/A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "V0awGVhndNVps/Yhh/P2GQ==": { "id": "V0awGVhndNVps/Yhh/P2GQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "V2C0OnbFKs9wiV3IrUOPew==": { "id": "V2C0OnbFKs9wiV3IrUOPew==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "V8n5VKFkjNZwkLq+W6E59g==": { "id": "V8n5VKFkjNZwkLq+W6E59g==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "V9f8Tc0z/tWsm1egJDudPA==": { "id": "V9f8Tc0z/tWsm1egJDudPA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VDQb6roo+zwBamxPu+hGeQ==": { "id": "VDQb6roo+zwBamxPu+hGeQ==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VDdxJUjxgL4zXvGWC/1xnw==": { "id": "VDdxJUjxgL4zXvGWC/1xnw==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "VDqplxSZcK9CHQ9RjGiEqQ==": { "id": "VDqplxSZcK9CHQ9RjGiEqQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "VGewdTS02tdqYoORYHK7Rg==": { "id": "VGewdTS02tdqYoORYHK7Rg==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "VJAm4vMolMmA2ytzFknQUA==": { "id": "VJAm4vMolMmA2ytzFknQUA==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "VJggyJ1jjyIM3XdMGzsDrg==": { "id": "VJggyJ1jjyIM3XdMGzsDrg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "VMOHtQeyAtpNyzG6HE0XhQ==": { "id": "VMOHtQeyAtpNyzG6HE0XhQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "VMyDbkft4E3T+1eXNk/i7A==": { "id": "VMyDbkft4E3T+1eXNk/i7A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "VNA7ljkMyeRq9SDNO9drHQ==": { "id": "VNA7ljkMyeRq9SDNO9drHQ==", "updater": "osv/go", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "issued": "2023-02-16T19:49:19Z", "links": "https://go.dev/issue/57274 https://go.dev/cl/468123 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "VQ+eWJsUMBep4PD4xfj8Vw==": { "id": "VQ+eWJsUMBep4PD4xfj8Vw==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "VUNwpBj4hvcLARxqxrvCCg==": { "id": "VUNwpBj4hvcLARxqxrvCCg==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "VVUozaap6uAAqX8QCLFGyg==": { "id": "VVUozaap6uAAqX8QCLFGyg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VZxWbc2wJwiwTLhillEtpA==": { "id": "VZxWbc2wJwiwTLhillEtpA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "Vbqm1jpiIiIM2rxq++FdoQ==": { "id": "Vbqm1jpiIiIM2rxq++FdoQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "VcgFEXPgpzLsj5tOjILVtw==": { "id": "VcgFEXPgpzLsj5tOjILVtw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "VdMk4kWMgrdK/5+i3n6XhA==": { "id": "VdMk4kWMgrdK/5+i3n6XhA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "VdavXNeRp4EjkXxldYSiUw==": { "id": "VdavXNeRp4EjkXxldYSiUw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ve1jg9SxTDjeNdfGHjxP2g==": { "id": "Ve1jg9SxTDjeNdfGHjxP2g==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VgTIKWxJpYFkd788UcqT3A==": { "id": "VgTIKWxJpYFkd788UcqT3A==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "VgaIsJDFBatjqT1h+RQLFQ==": { "id": "VgaIsJDFBatjqT1h+RQLFQ==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Vl7X+IopOqzOWh1MyUOYCw==": { "id": "Vl7X+IopOqzOWh1MyUOYCw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "VxNINARrmRd6QnZ2htNesA==": { "id": "VxNINARrmRd6QnZ2htNesA==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "VyeYHICkBiXwLbWKsz4//A==": { "id": "VyeYHICkBiXwLbWKsz4//A==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "W01A5sOetTjsV/4bYawPgA==": { "id": "W01A5sOetTjsV/4bYawPgA==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "W08Ska67/8hV/b3GYflglQ==": { "id": "W08Ska67/8hV/b3GYflglQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W3qe9/KhW5BUF2s+kXxVcA==": { "id": "W3qe9/KhW5BUF2s+kXxVcA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "W5birtu1clZwp55QDPxkAA==": { "id": "W5birtu1clZwp55QDPxkAA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "W9IdHW1dLxMcDTawlof8yw==": { "id": "W9IdHW1dLxMcDTawlof8yw==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "W9Pcn9xdPg78KgFAK5oOyQ==": { "id": "W9Pcn9xdPg78KgFAK5oOyQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WACsy7vAhq3GJRyxAuj7NA==": { "id": "WACsy7vAhq3GJRyxAuj7NA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "WALxwIFXDH8ZvKesDKBFiQ==": { "id": "WALxwIFXDH8ZvKesDKBFiQ==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "WCZXmTnbo+2lbMuZdpH8NA==": { "id": "WCZXmTnbo+2lbMuZdpH8NA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "WFXV6zzHKCX8JuqtokClVw==": { "id": "WFXV6zzHKCX8JuqtokClVw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WGccGAwrqbQSNjycPuaPsA==": { "id": "WGccGAwrqbQSNjycPuaPsA==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WKC52So9Haaq0Y0pkIeTJg==": { "id": "WKC52So9Haaq0Y0pkIeTJg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WLpGLJSV+lV8a0xggVfA3A==": { "id": "WLpGLJSV+lV8a0xggVfA3A==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "WLri8p9NfgX8reKybIYziw==": { "id": "WLri8p9NfgX8reKybIYziw==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "WNA27LqRIql90O1m/PSAgQ==": { "id": "WNA27LqRIql90O1m/PSAgQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "WNRX1UWo4fDLFOhq9mcbIA==": { "id": "WNRX1UWo4fDLFOhq9mcbIA==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "WOIdi+BEnCeSEkfRBmj1AA==": { "id": "WOIdi+BEnCeSEkfRBmj1AA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "WOmMgxwwjpbn/RLQX8HPBg==": { "id": "WOmMgxwwjpbn/RLQX8HPBg==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "WPitnGSVxSl/y97AJTQIFQ==": { "id": "WPitnGSVxSl/y97AJTQIFQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "WU+A3QdBd331DcSM3AXFew==": { "id": "WU+A3QdBd331DcSM3AXFew==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "WV6CLob4bxW/eDgXBTJfxA==": { "id": "WV6CLob4bxW/eDgXBTJfxA==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "WVPPqMDSvwuthc5RexsDjg==": { "id": "WVPPqMDSvwuthc5RexsDjg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WVkwWFZlIInzrX99VsKBBQ==": { "id": "WVkwWFZlIInzrX99VsKBBQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "Wd+GQ3y21/7kl1XV9m/oiQ==": { "id": "Wd+GQ3y21/7kl1XV9m/oiQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "WhaoYkvfheR7Tz30m0/IKA==": { "id": "WhaoYkvfheR7Tz30m0/IKA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "WlLXHoXR9O8Ph+uSZ6aDCg==": { "id": "WlLXHoXR9O8Ph+uSZ6aDCg==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WnkMM/SD0E+7EEac0/vMVg==": { "id": "WnkMM/SD0E+7EEac0/vMVg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "WoF8HAs7BhQT5cycNGL9tw==": { "id": "WoF8HAs7BhQT5cycNGL9tw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WorXACje3vTXq/wv3RUODg==": { "id": "WorXACje3vTXq/wv3RUODg==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "WqlqRQL17MeMqdTx+SuEyw==": { "id": "WqlqRQL17MeMqdTx+SuEyw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ws0fZZUTvLi37jSEx1MM5g==": { "id": "Ws0fZZUTvLi37jSEx1MM5g==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Wv5rERdynoJ/gHM2CtgXiw==": { "id": "Wv5rERdynoJ/gHM2CtgXiw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WwkM3aNBW0LnenEr6xDxWQ==": { "id": "WwkM3aNBW0LnenEr6xDxWQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "Wy87cIX7luFb8A/riFwUyw==": { "id": "Wy87cIX7luFb8A/riFwUyw==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "WzMeKgvORq7XF2Xr4q+JaQ==": { "id": "WzMeKgvORq7XF2Xr4q+JaQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "X+rjva7ecn1JedeVO9IX9w==": { "id": "X+rjva7ecn1JedeVO9IX9w==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X2wqIFGbKlJQpE/DojrwxA==": { "id": "X2wqIFGbKlJQpE/DojrwxA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "X3NBOrSivf9I926V0a2/oQ==": { "id": "X3NBOrSivf9I926V0a2/oQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X3WuoMxfqKQH/0bF7PkAAQ==": { "id": "X3WuoMxfqKQH/0bF7PkAAQ==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X9G3TF69Pz3xUY5yIPno7w==": { "id": "X9G3TF69Pz3xUY5yIPno7w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "X9na4KYJ5u50u+KLDr2iTQ==": { "id": "X9na4KYJ5u50u+KLDr2iTQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "XAIf2EIgyFF5+OA6csVS5w==": { "id": "XAIf2EIgyFF5+OA6csVS5w==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XC3MXlpMb9D+YigNspsXlA==": { "id": "XC3MXlpMb9D+YigNspsXlA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "XEJhztOC2qEngMnVDsmKtA==": { "id": "XEJhztOC2qEngMnVDsmKtA==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XEhX6upCFgCYuF9SSk9Iyg==": { "id": "XEhX6upCFgCYuF9SSk9Iyg==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "XH8pWtqEhhBDhQuq+NWhvQ==": { "id": "XH8pWtqEhhBDhQuq+NWhvQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "XHSXqyF2rScxnK03VnME5Q==": { "id": "XHSXqyF2rScxnK03VnME5Q==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "XIb0YQoMG8k0zzVWHpmvAA==": { "id": "XIb0YQoMG8k0zzVWHpmvAA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XM09w+ZScTz4IEN6LeAUgg==": { "id": "XM09w+ZScTz4IEN6LeAUgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XSCYGr+cvuvD+k3V0XhWSw==": { "id": "XSCYGr+cvuvD+k3V0XhWSw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "XTLakHdORg480i8g31JU6A==": { "id": "XTLakHdORg480i8g31JU6A==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "XVnPYCI1ck0zTs/Cz6Yl5A==": { "id": "XVnPYCI1ck0zTs/Cz6Yl5A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWfDomoStj3uOui0AGO+Tg==": { "id": "XWfDomoStj3uOui0AGO+Tg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "XXYPGOxEabdavz27Qo+rWQ==": { "id": "XXYPGOxEabdavz27Qo+rWQ==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "XXaDpMG90Mb3fV4QxoLqXA==": { "id": "XXaDpMG90Mb3fV4QxoLqXA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "XctMW4QJZO0RsDAv/VoABQ==": { "id": "XctMW4QJZO0RsDAv/VoABQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "XfjE+J06ONMJAg7vkQ3tbQ==": { "id": "XfjE+J06ONMJAg7vkQ3tbQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XhhNgYgTJmDdYc90YuE8vw==": { "id": "XhhNgYgTJmDdYc90YuE8vw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "XjQpmqOxrg5I1zgVKxswFw==": { "id": "XjQpmqOxrg5I1zgVKxswFw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Xrz5/LPkSDdzEfbSbOXzZA==": { "id": "Xrz5/LPkSDdzEfbSbOXzZA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y+LzorqDQD2Povh+kyYSqw==": { "id": "Y+LzorqDQD2Povh+kyYSqw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y08Ni7+TSPQ/xSSRr851zQ==": { "id": "Y08Ni7+TSPQ/xSSRr851zQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Y2pXpR4HKVIWAZ1sDtjo8A==": { "id": "Y2pXpR4HKVIWAZ1sDtjo8A==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Y3PSsgfYVK7+nWpNGBO9lQ==": { "id": "Y3PSsgfYVK7+nWpNGBO9lQ==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y7ypeGdtYfJMJApDHYX9tg==": { "id": "Y7ypeGdtYfJMJApDHYX9tg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "Y9X/nbUFq4l8+xowG5hDkg==": { "id": "Y9X/nbUFq4l8+xowG5hDkg==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "YCFy9R5BUcPVuUEYQkJQ4w==": { "id": "YCFy9R5BUcPVuUEYQkJQ4w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "YHdZ6rml8dKQg9XmpjCrnw==": { "id": "YHdZ6rml8dKQg9XmpjCrnw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "YJkc0fG7G+dwREiIQihS/A==": { "id": "YJkc0fG7G+dwREiIQihS/A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YPJKJ4DYdTXL0BJCCS9pgA==": { "id": "YPJKJ4DYdTXL0BJCCS9pgA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "YPUY4Y/POEizUQSOdGH26g==": { "id": "YPUY4Y/POEizUQSOdGH26g==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "YQVoCJX8BLl6S5wPwmTGtg==": { "id": "YQVoCJX8BLl6S5wPwmTGtg==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YVYIQ/H++AefhUYldlykPg==": { "id": "YVYIQ/H++AefhUYldlykPg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "YZq+CTlAXva/aUDDEFdZNQ==": { "id": "YZq+CTlAXva/aUDDEFdZNQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YfE+7ocdRscmJ75uekg0tA==": { "id": "YfE+7ocdRscmJ75uekg0tA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "YgD8tCzB10z/Jq6XOfCfgQ==": { "id": "YgD8tCzB10z/Jq6XOfCfgQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Ygj77GRBaQkoNVODBO6xEQ==": { "id": "Ygj77GRBaQkoNVODBO6xEQ==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YgwLp863ho/Lz7XdBK6IXw==": { "id": "YgwLp863ho/Lz7XdBK6IXw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.1.el9_6", "arch_op": "pattern match" }, "YjXf6yY9feRqNoLqPt5iEQ==": { "id": "YjXf6yY9feRqNoLqPt5iEQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YlN21JbaOAqORXBYjgJOYA==": { "id": "YlN21JbaOAqORXBYjgJOYA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "YmjsPDVfe7xyjGwOgJunGw==": { "id": "YmjsPDVfe7xyjGwOgJunGw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "YnyGgq68v/XTMEk0yU1qsA==": { "id": "YnyGgq68v/XTMEk0yU1qsA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Yp6L2DOgQNnvp2uXVvH8NA==": { "id": "Yp6L2DOgQNnvp2uXVvH8NA==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YpjyzhR3jAhlzb479lBoJw==": { "id": "YpjyzhR3jAhlzb479lBoJw==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "YuJLEitJYK/0Cuux1rRK+Q==": { "id": "YuJLEitJYK/0Cuux1rRK+Q==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "YvRDVCmqISFAkWCu7WaKkQ==": { "id": "YvRDVCmqISFAkWCu7WaKkQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z5H14Z81HW+BVvKWtV5kDQ==": { "id": "Z5H14Z81HW+BVvKWtV5kDQ==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Z707rrfU/uxs1xujVpKMRA==": { "id": "Z707rrfU/uxs1xujVpKMRA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Z9vlvDewcgZxmJe4Kp3wxA==": { "id": "Z9vlvDewcgZxmJe4Kp3wxA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZAKrc32qORy4LwsxMQgfrw==": { "id": "ZAKrc32qORy4LwsxMQgfrw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "ZAUFPHu5UQZ+B2n+SrWIqQ==": { "id": "ZAUFPHu5UQZ+B2n+SrWIqQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "ZBDjl4GlHR5BEu3WvRQHHQ==": { "id": "ZBDjl4GlHR5BEu3WvRQHHQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ZC2BsE3IgWbuyuu1cz3YMQ==": { "id": "ZC2BsE3IgWbuyuu1cz3YMQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "ZCWnPSXILcJ9aE646DCmag==": { "id": "ZCWnPSXILcJ9aE646DCmag==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZMp4FVCkBvOUuQnhgF/KRQ==": { "id": "ZMp4FVCkBvOUuQnhgF/KRQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ZNESegZx5Vgpkv3OXwE5Cw==": { "id": "ZNESegZx5Vgpkv3OXwE5Cw==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZQsszFOlqLuLyfXZGfRKxQ==": { "id": "ZQsszFOlqLuLyfXZGfRKxQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "ZUoGCxFJ/+PUPUdg60izwg==": { "id": "ZUoGCxFJ/+PUPUdg60izwg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ZZEVbWhAYTXw9FIX3zIAtw==": { "id": "ZZEVbWhAYTXw9FIX3zIAtw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZZLfaN7MH3nRy8BlgA10kg==": { "id": "ZZLfaN7MH3nRy8BlgA10kg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZZj+FChMvULXnT4QSAEvQQ==": { "id": "ZZj+FChMvULXnT4QSAEvQQ==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zc9mVAa+SgrDGA78Zo8GIg==": { "id": "Zc9mVAa+SgrDGA78Zo8GIg==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "ZeLcisCXFaeQKOi8dej/BQ==": { "id": "ZeLcisCXFaeQKOi8dej/BQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zg/5yy5ojZu/q0X+9MCQQA==": { "id": "Zg/5yy5ojZu/q0X+9MCQQA==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZhxWQvKqBGgL77fuUQ4Ghg==": { "id": "ZhxWQvKqBGgL77fuUQ4Ghg==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "ZiZuAbc4Tq3tBRSI53FjWg==": { "id": "ZiZuAbc4Tq3tBRSI53FjWg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Zk3m2J10w4VuwKsJJMXB2Q==": { "id": "Zk3m2J10w4VuwKsJJMXB2Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmOheSIAULld8cF9POTj/w==": { "id": "ZmOheSIAULld8cF9POTj/w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Zn86UzCNWJIJ8FVaY91JYg==": { "id": "Zn86UzCNWJIJ8FVaY91JYg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZoK4/bCJQ036BMFIy2mG8g==": { "id": "ZoK4/bCJQ036BMFIy2mG8g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZpoRIduwcda+XFGXyoaDAA==": { "id": "ZpoRIduwcda+XFGXyoaDAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZrKcftBnwBVZKQlRJoJcLw==": { "id": "ZrKcftBnwBVZKQlRJoJcLw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "ZtlPcxFiuXhGia0ZM6cNBg==": { "id": "ZtlPcxFiuXhGia0ZM6cNBg==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "Zv+LSqi94387CYLrb5PiCw==": { "id": "Zv+LSqi94387CYLrb5PiCw==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "a+77t9fGz9BxOnJlGe2W1Q==": { "id": "a+77t9fGz9BxOnJlGe2W1Q==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "a1E+QseojoZ2Q73j8WWCLg==": { "id": "a1E+QseojoZ2Q73j8WWCLg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a7PsXEXsbw8aTCMWFxM9mg==": { "id": "a7PsXEXsbw8aTCMWFxM9mg==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "a7WPDd2/UqA1rqbo6pjM9Q==": { "id": "a7WPDd2/UqA1rqbo6pjM9Q==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aDJK/oIxfKTdGBwKif3CBA==": { "id": "aDJK/oIxfKTdGBwKif3CBA==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aFDenLkUq0L68+/zzTfPpQ==": { "id": "aFDenLkUq0L68+/zzTfPpQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "aJcuD8I2FFtYOQG27x05WQ==": { "id": "aJcuD8I2FFtYOQG27x05WQ==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "aQ/ax84rpyWNveVTm/MQww==": { "id": "aQ/ax84rpyWNveVTm/MQww==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aR+DKIj7GETMsDtNSfYXNA==": { "id": "aR+DKIj7GETMsDtNSfYXNA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "aUFq3vh1h0/30jIMgLEGbg==": { "id": "aUFq3vh1h0/30jIMgLEGbg==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ac4lX1PsJ8EE0cPV3DeA7Q==": { "id": "ac4lX1PsJ8EE0cPV3DeA7Q==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "ah5gJjq6ntKGHe05l2QLEA==": { "id": "ah5gJjq6ntKGHe05l2QLEA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "akEF6NF80R9wfgwbXmOEDA==": { "id": "akEF6NF80R9wfgwbXmOEDA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "alSeOMnzCu4eh8h4VjVrpA==": { "id": "alSeOMnzCu4eh8h4VjVrpA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "am8Nu2Xz4xTgOxf+V74bZg==": { "id": "am8Nu2Xz4xTgOxf+V74bZg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "anPJmbS134IB2gfGIWKJ0Q==": { "id": "anPJmbS134IB2gfGIWKJ0Q==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ao8l/bKVk/yRH6auM4IE9g==": { "id": "ao8l/bKVk/yRH6auM4IE9g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "aouER1d5ARUcTEP5rjxlQA==": { "id": "aouER1d5ARUcTEP5rjxlQA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "aqaaxa85Ibw3RSMRWLL7yg==": { "id": "aqaaxa85Ibw3RSMRWLL7yg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "arPTXFJYsCT564EgyQClGA==": { "id": "arPTXFJYsCT564EgyQClGA==", "updater": "rhel-vex", "name": "CVE-2021-31535", "description": "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "issued": "2021-05-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31535 https://bugzilla.redhat.com/show_bug.cgi?id=1961822 https://www.cve.org/CVERecord?id=CVE-2021-31535 https://nvd.nist.gov/vuln/detail/CVE-2021-31535 https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31535.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "atAnLiOuVhy8qyEUVNzM2w==": { "id": "atAnLiOuVhy8qyEUVNzM2w==", "updater": "rhel-vex", "name": "CVE-2022-48338", "description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48338.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "b+wJbUYHuGJqeuEtodqG3A==": { "id": "b+wJbUYHuGJqeuEtodqG3A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "b/JoMKSdjTg9hoFgyAsYGg==": { "id": "b/JoMKSdjTg9hoFgyAsYGg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "b0xlBSDO/qp5khqjIfXlSQ==": { "id": "b0xlBSDO/qp5khqjIfXlSQ==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b8cX6Z3ptet250uYs1XjIQ==": { "id": "b8cX6Z3ptet250uYs1XjIQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "b93ucKpooFuvf5DZpkuQ4Q==": { "id": "b93ucKpooFuvf5DZpkuQ4Q==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bDMsFO9+dr7IgrwHxKJ/2g==": { "id": "bDMsFO9+dr7IgrwHxKJ/2g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bDvGK7B1/5BJREOCtiSQyw==": { "id": "bDvGK7B1/5BJREOCtiSQyw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "bKE3ov27WR5dMz8a/M+jUA==": { "id": "bKE3ov27WR5dMz8a/M+jUA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bOMmd0jIpY2e7Cl4owS24g==": { "id": "bOMmd0jIpY2e7Cl4owS24g==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "bVLJeNp3UltT+T1xu6C55A==": { "id": "bVLJeNp3UltT+T1xu6C55A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "bb9X6domCAmA+m40PgE/jg==": { "id": "bb9X6domCAmA+m40PgE/jg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "bdJdbp3pWxo6biBmwKijBQ==": { "id": "bdJdbp3pWxo6biBmwKijBQ==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "be+F+Fkt9wYh4z6YwfNqdw==": { "id": "be+F+Fkt9wYh4z6YwfNqdw==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bfa/XbakkA2/5GrUyvwSyw==": { "id": "bfa/XbakkA2/5GrUyvwSyw==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bj9lurrpBxE/q4lRd2Wp7A==": { "id": "bj9lurrpBxE/q4lRd2Wp7A==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "bjkXZ4ZTp29EFzF+wMw4xw==": { "id": "bjkXZ4ZTp29EFzF+wMw4xw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "bklfMYFV2WKM17hKPU+5BA==": { "id": "bklfMYFV2WKM17hKPU+5BA==", "updater": "osv/go", "name": "GO-2025-3373", "description": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "bmNjdpodhrAjmmeNv8j2ZA==": { "id": "bmNjdpodhrAjmmeNv8j2ZA==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bmwYxyT6fmHIa8FODhI70w==": { "id": "bmwYxyT6fmHIa8FODhI70w==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "bmyf3V3WjS7kQmiAcGoBiQ==": { "id": "bmyf3V3WjS7kQmiAcGoBiQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bpM7BDVV04atOPduc9mI8Q==": { "id": "bpM7BDVV04atOPduc9mI8Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bqEGDVpuXY3j7Kr18B5E4w==": { "id": "bqEGDVpuXY3j7Kr18B5E4w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bqKZTtfId9l8zdFZE/mZZg==": { "id": "bqKZTtfId9l8zdFZE/mZZg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "brTmpkOORx2yJvCnkPzYRw==": { "id": "brTmpkOORx2yJvCnkPzYRw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "by+PAyhAcd2LS2O/tZxbRQ==": { "id": "by+PAyhAcd2LS2O/tZxbRQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by4qEj8r2+yQ8xw2ZHB4/Q==": { "id": "by4qEj8r2+yQ8xw2ZHB4/Q==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "bytYw82gsP7fmiiqIEcGNw==": { "id": "bytYw82gsP7fmiiqIEcGNw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bzewxC8waOXL414yMxKcqQ==": { "id": "bzewxC8waOXL414yMxKcqQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "c+walK0V+dA1g3qnPME4Ow==": { "id": "c+walK0V+dA1g3qnPME4Ow==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "c/+IhJOZwrUFnxH/AA8NiA==": { "id": "c/+IhJOZwrUFnxH/AA8NiA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "c/EuG5G0xeL87UQs3yxxqQ==": { "id": "c/EuG5G0xeL87UQs3yxxqQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "c/TMKje5Txl9grWesV+S0A==": { "id": "c/TMKje5Txl9grWesV+S0A==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "c0R7sQMFyTIRhp8ZTCTmlw==": { "id": "c0R7sQMFyTIRhp8ZTCTmlw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "c3ac46MKEwGXSYV8lTnQoA==": { "id": "c3ac46MKEwGXSYV8lTnQoA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "c3eMx85yv79gfxNsxZXPHQ==": { "id": "c3eMx85yv79gfxNsxZXPHQ==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "c4b8AyMPp1ls7ClKiTCbAg==": { "id": "c4b8AyMPp1ls7ClKiTCbAg==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c9kKQdmqE31JfE8hW1jBfg==": { "id": "c9kKQdmqE31JfE8hW1jBfg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cA4I0UWWtzTwMIMUTfN+Sg==": { "id": "cA4I0UWWtzTwMIMUTfN+Sg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "cBmZwV0l/QLSSsoNwTuUWA==": { "id": "cBmZwV0l/QLSSsoNwTuUWA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "cD+9p+2eb4ubWbn/ynDqrQ==": { "id": "cD+9p+2eb4ubWbn/ynDqrQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.1.el9_6", "arch_op": "pattern match" }, "cJ4BQpErMW3FIQ2vBfopJw==": { "id": "cJ4BQpErMW3FIQ2vBfopJw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "cKtHM3xMrk1VjV0S8Zl4qQ==": { "id": "cKtHM3xMrk1VjV0S8Zl4qQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "cLetPtVgm731iRPvGEIeyw==": { "id": "cLetPtVgm731iRPvGEIeyw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cNsQU/uNFf7PsCWqaKxjAQ==": { "id": "cNsQU/uNFf7PsCWqaKxjAQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "cS8BJbrTN4Z2MOJCTGMR8w==": { "id": "cS8BJbrTN4Z2MOJCTGMR8w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "cSPoRTB3BjDaa16wszdN3g==": { "id": "cSPoRTB3BjDaa16wszdN3g==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cUH9U4T8Wpzm/UIIektEAQ==": { "id": "cUH9U4T8Wpzm/UIIektEAQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "cWbhx4ozV3Pkh4rK/phNRA==": { "id": "cWbhx4ozV3Pkh4rK/phNRA==", "updater": "osv/go", "name": "GO-2025-3420", "description": "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "ca+BSCGp5tEYAgJqvm8GFw==": { "id": "ca+BSCGp5tEYAgJqvm8GFw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cbSiFirRdrVkpUeOLy/CjA==": { "id": "cbSiFirRdrVkpUeOLy/CjA==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "cex7jEfdv/MaWi3px1ZgxQ==": { "id": "cex7jEfdv/MaWi3px1ZgxQ==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "cgUuYY1sKP0jeDPr/wEn4w==": { "id": "cgUuYY1sKP0jeDPr/wEn4w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "cje1a6rWyE5Ko85v8goPNQ==": { "id": "cje1a6rWyE5Ko85v8goPNQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cm/gvI0AVbEJW8SbZVw6fw==": { "id": "cm/gvI0AVbEJW8SbZVw6fw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cr4RGJYSJM2QUssm6cAQ4w==": { "id": "cr4RGJYSJM2QUssm6cAQ4w==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "cv/HKlhaI7EJMBLIaTimwg==": { "id": "cv/HKlhaI7EJMBLIaTimwg==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "cw4W3PskPKPJZy+QzFk5bA==": { "id": "cw4W3PskPKPJZy+QzFk5bA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1fus7ZZWC8VndZJIxm7pQ==": { "id": "d1fus7ZZWC8VndZJIxm7pQ==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1j+WeBwgxUY2DD8tjQwMA==": { "id": "d1j+WeBwgxUY2DD8tjQwMA==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "d2mdhZ97rWRfD+pslcl6uw==": { "id": "d2mdhZ97rWRfD+pslcl6uw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "d8O/Pp2nkWZxFhUyXQucZg==": { "id": "d8O/Pp2nkWZxFhUyXQucZg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "d9qJI4TyihrqXixZ+S73jg==": { "id": "d9qJI4TyihrqXixZ+S73jg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dMO4fX/IkQ2bi0ds65uBZA==": { "id": "dMO4fX/IkQ2bi0ds65uBZA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "dN3ZkuuHRauklH+tfqwFYA==": { "id": "dN3ZkuuHRauklH+tfqwFYA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO3yYWRHtCsx6+NRjjAIsg==": { "id": "dO3yYWRHtCsx6+NRjjAIsg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dPlld/v+ZrL/y3NT/M5t9A==": { "id": "dPlld/v+ZrL/y3NT/M5t9A==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dRNxgKG0w/nM5rSMcvz/kQ==": { "id": "dRNxgKG0w/nM5rSMcvz/kQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "dT4TBdsMnRpAlGfPboRcFg==": { "id": "dT4TBdsMnRpAlGfPboRcFg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "dTT2owdN4FTG/LqoICFf+w==": { "id": "dTT2owdN4FTG/LqoICFf+w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "dWdVOD7SorvI9CNble8XGw==": { "id": "dWdVOD7SorvI9CNble8XGw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "dXgWtIQra5a7FOM/lmTQMQ==": { "id": "dXgWtIQra5a7FOM/lmTQMQ==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dgwlwyboh6/BQfJsyoE8Eg==": { "id": "dgwlwyboh6/BQfJsyoE8Eg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "dhk9SR7XgMlUT1SwbOzs0A==": { "id": "dhk9SR7XgMlUT1SwbOzs0A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dhv7M9LLYIyyRsKi71f6Ew==": { "id": "dhv7M9LLYIyyRsKi71f6Ew==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "dkB2JDRx/pLwN9EbsYh6UA==": { "id": "dkB2JDRx/pLwN9EbsYh6UA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "dkGOl+YKkRksmyjmvQ3FsA==": { "id": "dkGOl+YKkRksmyjmvQ3FsA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dkvelc7KXIcNmlVEKWwOSg==": { "id": "dkvelc7KXIcNmlVEKWwOSg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqYoyBWLAQszVE/IX85oqg==": { "id": "dqYoyBWLAQszVE/IX85oqg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dr+z30s3mVMvpF2iMBJ7YA==": { "id": "dr+z30s3mVMvpF2iMBJ7YA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "du8AOXnNlQgdqsSZceyiaQ==": { "id": "du8AOXnNlQgdqsSZceyiaQ==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "dwNH2KaulTKNFX+9quNpvw==": { "id": "dwNH2KaulTKNFX+9quNpvw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dxRzT6G0UObuWf8SWujnng==": { "id": "dxRzT6G0UObuWf8SWujnng==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "e+8uKOviBSOTR4ltKl/Y5Q==": { "id": "e+8uKOviBSOTR4ltKl/Y5Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e37CxvNgywelF2ouwzqL2Q==": { "id": "e37CxvNgywelF2ouwzqL2Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8Ba4iAzVtDvrookiM9XAg==": { "id": "e8Ba4iAzVtDvrookiM9XAg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "e91QDoc1m7i0h9Urg1XIuQ==": { "id": "e91QDoc1m7i0h9Urg1XIuQ==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "eDxAdI0cgddAZnBSd4FI0Q==": { "id": "eDxAdI0cgddAZnBSd4FI0Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eGYBZQZGb7FuYNSi9wuFzg==": { "id": "eGYBZQZGb7FuYNSi9wuFzg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "eKKwwoH894W3Vae5kYCKtA==": { "id": "eKKwwoH894W3Vae5kYCKtA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "eKvGCJDf1Iytf5g2d8kaFQ==": { "id": "eKvGCJDf1Iytf5g2d8kaFQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eMVMlNYLRzjk+Xt/peAYqg==": { "id": "eMVMlNYLRzjk+Xt/peAYqg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eNUwUuL3W5wSpnxJfClXhg==": { "id": "eNUwUuL3W5wSpnxJfClXhg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "eOOfcRLf3CHL5spaYEPovQ==": { "id": "eOOfcRLf3CHL5spaYEPovQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eT0Z6G4b2zSUUUSLlyL8Tg==": { "id": "eT0Z6G4b2zSUUUSLlyL8Tg==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "eTM7aUBt48fzJjd2YY1Kaw==": { "id": "eTM7aUBt48fzJjd2YY1Kaw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "eXNCnm2O3ulyDBrjgqgngA==": { "id": "eXNCnm2O3ulyDBrjgqgngA==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "eZ2tz3j+u7GWuS6rb2RB7g==": { "id": "eZ2tz3j+u7GWuS6rb2RB7g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "eZDuJI6jaohxUM7fcdYEYA==": { "id": "eZDuJI6jaohxUM7fcdYEYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eaW+XnaOzUpP/JmOZv+wCg==": { "id": "eaW+XnaOzUpP/JmOZv+wCg==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "ecYseAb1rFmqPx4kHRWeQQ==": { "id": "ecYseAb1rFmqPx4kHRWeQQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "edf9qrl//4hhbTQ8nlVN7g==": { "id": "edf9qrl//4hhbTQ8nlVN7g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "eeetX6Vv3iXNMfmjNIPkQg==": { "id": "eeetX6Vv3iXNMfmjNIPkQg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "eejojwYHRaSarkdAMLD2OA==": { "id": "eejojwYHRaSarkdAMLD2OA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eh1RT9v3ol1cjACTvuohFQ==": { "id": "eh1RT9v3ol1cjACTvuohFQ==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "eh73UwgswuQUUBPGmZNxLg==": { "id": "eh73UwgswuQUUBPGmZNxLg==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ekipReKDch8nQkv6wLHVww==": { "id": "ekipReKDch8nQkv6wLHVww==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "eoZiXVXIYF5HZwY9O+NvfQ==": { "id": "eoZiXVXIYF5HZwY9O+NvfQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "eqZVUGTs5pHRR/tV2jQA/Q==": { "id": "eqZVUGTs5pHRR/tV2jQA/Q==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "esWNnTXfVcQMP31EwLadpw==": { "id": "esWNnTXfVcQMP31EwLadpw==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ewA3f3GyFBJhwPX+CvDYtg==": { "id": "ewA3f3GyFBJhwPX+CvDYtg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "f+wdQFOhBCEFYs6UTbgVcw==": { "id": "f+wdQFOhBCEFYs6UTbgVcw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "f5rDGDIgGLk7iLvtlKjm1w==": { "id": "f5rDGDIgGLk7iLvtlKjm1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f6K2rwitLCyOeqkSvuUcFA==": { "id": "f6K2rwitLCyOeqkSvuUcFA==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "f6muqKqBGKMbn75htgvMLQ==": { "id": "f6muqKqBGKMbn75htgvMLQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "f9AAdWBkmOO1/+acrJji3Q==": { "id": "f9AAdWBkmOO1/+acrJji3Q==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "fBIyxzoMf4PtxmiD953WFg==": { "id": "fBIyxzoMf4PtxmiD953WFg==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "fD8Z9mQCc8h27ZwElVMLmA==": { "id": "fD8Z9mQCc8h27ZwElVMLmA==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fDvGbDNJpsxaSncFLSlH5Q==": { "id": "fDvGbDNJpsxaSncFLSlH5Q==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "fEW9HCDGh5vauL1jhvKpFQ==": { "id": "fEW9HCDGh5vauL1jhvKpFQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "fHxgcXxpn2MkgE/aUd2Vkw==": { "id": "fHxgcXxpn2MkgE/aUd2Vkw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "fI1ruEtJ325PbGUQKXuiVA==": { "id": "fI1ruEtJ325PbGUQKXuiVA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fKSzg5ZVW35n1QRKSQYbUA==": { "id": "fKSzg5ZVW35n1QRKSQYbUA==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "fM+r7qYMTXMx81IJhr45YA==": { "id": "fM+r7qYMTXMx81IJhr45YA==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fMQ6kctftYthbGvZli2/sg==": { "id": "fMQ6kctftYthbGvZli2/sg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT2bR3Pvvu+yOGDatxsWcw==": { "id": "fT2bR3Pvvu+yOGDatxsWcw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "fUkL/QrHEZtoCydnxvHQYQ==": { "id": "fUkL/QrHEZtoCydnxvHQYQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "fUlz8/rwVV2PbflGdFYCdw==": { "id": "fUlz8/rwVV2PbflGdFYCdw==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "fVstMFtDcM3yfjjb8mKxrg==": { "id": "fVstMFtDcM3yfjjb8mKxrg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fZX9tMkRg8Ij95v2HLw9Ew==": { "id": "fZX9tMkRg8Ij95v2HLw9Ew==", "updater": "osv/go", "name": "GO-2025-3750", "description": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "issued": "2025-06-11T16:59:06Z", "links": "https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fcEhBEQT+7+nxaOwZEIInQ==": { "id": "fcEhBEQT+7+nxaOwZEIInQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "fcJXnA1/CqZDeUcxpMPyzg==": { "id": "fcJXnA1/CqZDeUcxpMPyzg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "fdA0Wp/waErtsQk4sTTbPQ==": { "id": "fdA0Wp/waErtsQk4sTTbPQ==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fdpDWwmwFLyFeyU+CnbxxQ==": { "id": "fdpDWwmwFLyFeyU+CnbxxQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fezwmAwUNAjVNYh+YY0Wrw==": { "id": "fezwmAwUNAjVNYh+YY0Wrw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "ff3woW6bpDBZXooXnBPlNQ==": { "id": "ff3woW6bpDBZXooXnBPlNQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "fh2y5aivazupTx0EZ+2Cag==": { "id": "fh2y5aivazupTx0EZ+2Cag==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fjsXh+vV+qSWYTJhGoqerg==": { "id": "fjsXh+vV+qSWYTJhGoqerg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "flC/+W9ll6TqBKBRm/YUiA==": { "id": "flC/+W9ll6TqBKBRm/YUiA==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "ftPQfiVA8qRKJwxT2xcXRw==": { "id": "ftPQfiVA8qRKJwxT2xcXRw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fu2viInfwA1Zq9LmALUkzg==": { "id": "fu2viInfwA1Zq9LmALUkzg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "fv3/0oUmGvxLyxCaIIt3kg==": { "id": "fv3/0oUmGvxLyxCaIIt3kg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "fvxiOpnl4vL2UcobmeaYnA==": { "id": "fvxiOpnl4vL2UcobmeaYnA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "fwXkQZwZsVuPtoAZBIG06w==": { "id": "fwXkQZwZsVuPtoAZBIG06w==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "fwfAtjf5gVRneidAp93edQ==": { "id": "fwfAtjf5gVRneidAp93edQ==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fxc/de3PyQgiwjyykMQ4ow==": { "id": "fxc/de3PyQgiwjyykMQ4ow==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fyE+IA6J77V4hC6QL4QCJQ==": { "id": "fyE+IA6J77V4hC6QL4QCJQ==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "g2+VTeiFdddqhRpToXK2Vw==": { "id": "g2+VTeiFdddqhRpToXK2Vw==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "g29pa0L/tOFblhQQDFeJbA==": { "id": "g29pa0L/tOFblhQQDFeJbA==", "updater": "osv/go", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "issued": "2022-07-28T17:25:07Z", "links": "https://go.dev/cl/401595 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://go.dev/issue/52476 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "g3/sX4CO9sGFGMvToQ+how==": { "id": "g3/sX4CO9sGFGMvToQ+how==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g63+znub5tyxpqqmyP8Tjg==": { "id": "g63+znub5tyxpqqmyP8Tjg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g9gU2/SbcO/F9X65zpT4Uw==": { "id": "g9gU2/SbcO/F9X65zpT4Uw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gC8lb/CZmVxLK6PkYWC9cw==": { "id": "gC8lb/CZmVxLK6PkYWC9cw==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCKIolAPxKn/MwnZqQ5viA==": { "id": "gCKIolAPxKn/MwnZqQ5viA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "gEN3j5KPSWh2c+RarvSBNQ==": { "id": "gEN3j5KPSWh2c+RarvSBNQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gIt1VKjk5s7zkgD1H7aLmQ==": { "id": "gIt1VKjk5s7zkgD1H7aLmQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "gJ/fF2D4AXb0sjRGNWgixw==": { "id": "gJ/fF2D4AXb0sjRGNWgixw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gR+h15dyWueqbKII4cPOWg==": { "id": "gR+h15dyWueqbKII4cPOWg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "gZKcOjx7BKTLxDMH6ZvfGw==": { "id": "gZKcOjx7BKTLxDMH6ZvfGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "gZW7OlWAfe3YqvPh9YUqJA==": { "id": "gZW7OlWAfe3YqvPh9YUqJA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "gaDJ+6UMi8jegvsDECsoeg==": { "id": "gaDJ+6UMi8jegvsDECsoeg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "gchW+O287jwZk0Cnma5sKw==": { "id": "gchW+O287jwZk0Cnma5sKw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "gg092DB69lXLcZyDPZ/RtQ==": { "id": "gg092DB69lXLcZyDPZ/RtQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "ggJq5z8YW0kySCUAGUYdXg==": { "id": "ggJq5z8YW0kySCUAGUYdXg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "gh3MdGIod7lYo7rDnSpHLw==": { "id": "gh3MdGIod7lYo7rDnSpHLw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gjn1JHWHaWtPNhKrrRINWw==": { "id": "gjn1JHWHaWtPNhKrrRINWw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "gl5O329psI82Wn7F+BP/pw==": { "id": "gl5O329psI82Wn7F+BP/pw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "glwEUWfaBwNPBrXUJo34tg==": { "id": "glwEUWfaBwNPBrXUJo34tg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gmo+iv72N8R3ZKjUbp9DXg==": { "id": "gmo+iv72N8R3ZKjUbp9DXg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "goLAuNZUT0caQTKiv7m0Fg==": { "id": "goLAuNZUT0caQTKiv7m0Fg==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "gpPTgXxcA95Uk2vaf3/2dw==": { "id": "gpPTgXxcA95Uk2vaf3/2dw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gqWTMUdDL1db9YSLA4qpRQ==": { "id": "gqWTMUdDL1db9YSLA4qpRQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "grZJQsj3BT+fQns8dkci1g==": { "id": "grZJQsj3BT+fQns8dkci1g==", "updater": "osv/go", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "issued": "2022-07-28T17:23:05Z", "links": "https://go.dev/cl/412857 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "gs7k9o3a1jAc/zZ5AEytpQ==": { "id": "gs7k9o3a1jAc/zZ5AEytpQ==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "guovo7cvog/lYbVq887U/w==": { "id": "guovo7cvog/lYbVq887U/w==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "gwO7tO+7wG4yYN77KHpJIg==": { "id": "gwO7tO+7wG4yYN77KHpJIg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "gxC5QcXnizTYqfkIqc6zTA==": { "id": "gxC5QcXnizTYqfkIqc6zTA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h/OVEZRz5ndHYLHsNXXXMg==": { "id": "h/OVEZRz5ndHYLHsNXXXMg==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "h08ca9AawAYymWtiO1A44A==": { "id": "h08ca9AawAYymWtiO1A44A==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h5U/sk69K9TcWs3P9TuKxQ==": { "id": "h5U/sk69K9TcWs3P9TuKxQ==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "h7m1EaKKCwaqq30R6Q/BlQ==": { "id": "h7m1EaKKCwaqq30R6Q/BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "h7rVfEQf7/yrRLndyq6HvA==": { "id": "h7rVfEQf7/yrRLndyq6HvA==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "h8RB92Gx2aWFJ7WtAQ4wDA==": { "id": "h8RB92Gx2aWFJ7WtAQ4wDA==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "h8nlVtUPrGKdJF9xyffy7g==": { "id": "h8nlVtUPrGKdJF9xyffy7g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hECLdfUszFQo2UbzQI3BMQ==": { "id": "hECLdfUszFQo2UbzQI3BMQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "hEt6vsfHYq4kHELEO5xWxA==": { "id": "hEt6vsfHYq4kHELEO5xWxA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "hGz8R5Dny4UCIDPZzXbK3g==": { "id": "hGz8R5Dny4UCIDPZzXbK3g==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hHQvhYHv8KxCCQMiFpmyWg==": { "id": "hHQvhYHv8KxCCQMiFpmyWg==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "hIHRMVndQh85jnW2uCawbw==": { "id": "hIHRMVndQh85jnW2uCawbw==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "hIP4iOnrw2sfStgfnTKJKw==": { "id": "hIP4iOnrw2sfStgfnTKJKw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "hJqH5PsFQ03HT/LzTwaCXA==": { "id": "hJqH5PsFQ03HT/LzTwaCXA==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hK/f5zoJDHjYWcidbJwYsg==": { "id": "hK/f5zoJDHjYWcidbJwYsg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "hMwTXtuK2CPZup51st8vag==": { "id": "hMwTXtuK2CPZup51st8vag==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hOaq2CFtnMvxmr4bZOUh6A==": { "id": "hOaq2CFtnMvxmr4bZOUh6A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "hRSnphgIhBaU8a2RyBPsuA==": { "id": "hRSnphgIhBaU8a2RyBPsuA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "hUC86VV8kD262xFcev0ZiA==": { "id": "hUC86VV8kD262xFcev0ZiA==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hWXaFNGw43ZC0VkI4/s2Pw==": { "id": "hWXaFNGw43ZC0VkI4/s2Pw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hYg6jGCQ5Nuq7UsitAzuiw==": { "id": "hYg6jGCQ5Nuq7UsitAzuiw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "hazOAbpBSQ6ZcoEMkq6UhQ==": { "id": "hazOAbpBSQ6ZcoEMkq6UhQ==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "helnYsRUBV0VLNZe0kvTiA==": { "id": "helnYsRUBV0VLNZe0kvTiA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "hfVFht+buqTExOEVhwr1xQ==": { "id": "hfVFht+buqTExOEVhwr1xQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hgtI79dU1WVsnkd0nzqqTg==": { "id": "hgtI79dU1WVsnkd0nzqqTg==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "hinEteXkZ2xZbWF5lSQDEw==": { "id": "hinEteXkZ2xZbWF5lSQDEw==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "hjzu3I+m68mPWogOfZscVg==": { "id": "hjzu3I+m68mPWogOfZscVg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "hlV8M1lvezTjDMlaNPSTvg==": { "id": "hlV8M1lvezTjDMlaNPSTvg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "hnVuaDEhxbGffMCkOiTy1A==": { "id": "hnVuaDEhxbGffMCkOiTy1A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "htRPPeb7P9MNS47zhEuuaw==": { "id": "htRPPeb7P9MNS47zhEuuaw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "hv1o+8ALinWTDa5cH4j3rA==": { "id": "hv1o+8ALinWTDa5cH4j3rA==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "hwn8HSXSxoAi1TYe+ACqPA==": { "id": "hwn8HSXSxoAi1TYe+ACqPA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "hx3c9WG+Xum3pwxo0+FyRQ==": { "id": "hx3c9WG+Xum3pwxo0+FyRQ==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hzkoKs3QdYyXJMnifzGbxA==": { "id": "hzkoKs3QdYyXJMnifzGbxA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "i+IfpRQo89HWL/sPRoOFsw==": { "id": "i+IfpRQo89HWL/sPRoOFsw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "i1aZclSgDVfSpq3wWatknQ==": { "id": "i1aZclSgDVfSpq3wWatknQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i3BrKsmhYf5wZYkQCBxUGw==": { "id": "i3BrKsmhYf5wZYkQCBxUGw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "iA/QQjWhvxyNLUaetWDlcQ==": { "id": "iA/QQjWhvxyNLUaetWDlcQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "iACEEOg8p4u2oul22eTv+Q==": { "id": "iACEEOg8p4u2oul22eTv+Q==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "iAZzrtYDqIG5uluq/FjhDA==": { "id": "iAZzrtYDqIG5uluq/FjhDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "iE+bfILM7uszXcxvEd6gYA==": { "id": "iE+bfILM7uszXcxvEd6gYA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "iJ/65EjB0RUIoiFFN5HgAw==": { "id": "iJ/65EjB0RUIoiFFN5HgAw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iKVtZrDNXfISjmDp1xYKBQ==": { "id": "iKVtZrDNXfISjmDp1xYKBQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "iL/VOECJBzyFgTCwWDppVw==": { "id": "iL/VOECJBzyFgTCwWDppVw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iMwaCmNtKHrK2+scb+hkxw==": { "id": "iMwaCmNtKHrK2+scb+hkxw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iPCZH9YqKm3Qb2Qeqw32sA==": { "id": "iPCZH9YqKm3Qb2Qeqw32sA==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iQtqv3HeCGvWBf2ImnFK1w==": { "id": "iQtqv3HeCGvWBf2ImnFK1w==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "iRRK+UGfH5YqM+4LOHExpQ==": { "id": "iRRK+UGfH5YqM+4LOHExpQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "iRvSvKSGVLHqIXREJ4Ht/w==": { "id": "iRvSvKSGVLHqIXREJ4Ht/w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "iSsTR9jTS/494HfIgB9pGQ==": { "id": "iSsTR9jTS/494HfIgB9pGQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iUURXijANkMZIH/VbXWyYQ==": { "id": "iUURXijANkMZIH/VbXWyYQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "iWeHI13pT0mygP25w8npPg==": { "id": "iWeHI13pT0mygP25w8npPg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ibGOv13N1m/577Kb32wGxw==": { "id": "ibGOv13N1m/577Kb32wGxw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "ihcyIiYlnktNuXSrEgrQjg==": { "id": "ihcyIiYlnktNuXSrEgrQjg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ijNNBHI8o+gObvRZ97LRdA==": { "id": "ijNNBHI8o+gObvRZ97LRdA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ikYp9FVR/trdSFxeYpqAcA==": { "id": "ikYp9FVR/trdSFxeYpqAcA==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "ipjYj7xm8hx7kmgjjp0cpg==": { "id": "ipjYj7xm8hx7kmgjjp0cpg==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "iveVedfC78Qk/6ltHJ21kQ==": { "id": "iveVedfC78Qk/6ltHJ21kQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixlSuy1zsWjDOO7lFuUNAQ==": { "id": "ixlSuy1zsWjDOO7lFuUNAQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "izYg2kL7sTEI8ASmlxRCdA==": { "id": "izYg2kL7sTEI8ASmlxRCdA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "j/6W06GHqfn2irJJ7LDKTQ==": { "id": "j/6W06GHqfn2irJJ7LDKTQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "j7HjBQaZ5PNpv7JydPZ8OQ==": { "id": "j7HjBQaZ5PNpv7JydPZ8OQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j8vL1GycOevI00+qC9aKmw==": { "id": "j8vL1GycOevI00+qC9aKmw==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "j9SRMWigV/U3u/1hsi7gLA==": { "id": "j9SRMWigV/U3u/1hsi7gLA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jAwMSdGdL8Maby3fRvFUDA==": { "id": "jAwMSdGdL8Maby3fRvFUDA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jDj44frt+6TCj0cwExt14w==": { "id": "jDj44frt+6TCj0cwExt14w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "jL7k69KOM8ZjTH+gwznwQg==": { "id": "jL7k69KOM8ZjTH+gwznwQg==", "updater": "osv/go", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "issued": "2022-10-06T16:42:07Z", "links": "https://go.dev/issue/55949 https://go.dev/cl/439356 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "jVClMHCoFf8RUCB6W2c2cQ==": { "id": "jVClMHCoFf8RUCB6W2c2cQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jY7qsjEMOfcaNJkgI4dijw==": { "id": "jY7qsjEMOfcaNJkgI4dijw==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "jYkhobM1mHtLOwQie8WeWA==": { "id": "jYkhobM1mHtLOwQie8WeWA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "jYmxPZjDM/CNw9uJ4rnMHQ==": { "id": "jYmxPZjDM/CNw9uJ4rnMHQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "jZXEa4mdIQd85t4aOIhsfA==": { "id": "jZXEa4mdIQd85t4aOIhsfA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "jb1tyEUU0h95jkJRbmTeVg==": { "id": "jb1tyEUU0h95jkJRbmTeVg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "jbS9IFs59O0uPYg9IZeksQ==": { "id": "jbS9IFs59O0uPYg9IZeksQ==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "jcBNjU0VQp8W5rs9GaZnrw==": { "id": "jcBNjU0VQp8W5rs9GaZnrw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "jdtzUluiOvXnFmwaOX/6KQ==": { "id": "jdtzUluiOvXnFmwaOX/6KQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "je5QkI9XlXAaLqMv+l8ztQ==": { "id": "je5QkI9XlXAaLqMv+l8ztQ==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jecTmyeay6DKd/7zioYjow==": { "id": "jecTmyeay6DKd/7zioYjow==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "jh1Mqm3BaTYV6MdA+4D74g==": { "id": "jh1Mqm3BaTYV6MdA+4D74g==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlQB8YKpspXbBoHQT0JY7A==": { "id": "jlQB8YKpspXbBoHQT0JY7A==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jlm8MnE+Ua07hmnpXd564A==": { "id": "jlm8MnE+Ua07hmnpXd564A==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "jmCYpsGWnnwiehZQL2tyGg==": { "id": "jmCYpsGWnnwiehZQL2tyGg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "juRvPdedfeoW/YVn4PBM8Q==": { "id": "juRvPdedfeoW/YVn4PBM8Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jvIOr2cGPChl6X44xwkz2w==": { "id": "jvIOr2cGPChl6X44xwkz2w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "jweM09oSTMKt4t5s2Lpg9g==": { "id": "jweM09oSTMKt4t5s2Lpg9g==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "jyRfRwiUvNWAyNlZmv3MkQ==": { "id": "jyRfRwiUvNWAyNlZmv3MkQ==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "k+Eb8x9IQ/IHa5nSq7kcSQ==": { "id": "k+Eb8x9IQ/IHa5nSq7kcSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "k/2DvTn2KLL28Yuh/WFLmw==": { "id": "k/2DvTn2KLL28Yuh/WFLmw==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "k/RAvY71xpuUVrSpsGkYlA==": { "id": "k/RAvY71xpuUVrSpsGkYlA==", "updater": "osv/go", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "issued": "2022-12-07T16:08:45Z", "links": "https://go.dev/issue/56694 https://go.dev/cl/455716 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "k4dDUqBohIhzwbUS8fZiCA==": { "id": "k4dDUqBohIhzwbUS8fZiCA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "k5LjlV1zmKau2rAIOnay6g==": { "id": "k5LjlV1zmKau2rAIOnay6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "k9Yjqv3ifDP4XwsJSZ8XiQ==": { "id": "k9Yjqv3ifDP4XwsJSZ8XiQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kBdyi87P4B1cTF5hLS7ByA==": { "id": "kBdyi87P4B1cTF5hLS7ByA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "kCgZMoKRMbRx90oiE7jJ+w==": { "id": "kCgZMoKRMbRx90oiE7jJ+w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "kCqPC9VTuWeNYsZfiAbN4g==": { "id": "kCqPC9VTuWeNYsZfiAbN4g==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kFbIkTDdc0p9e6ndPrAnHA==": { "id": "kFbIkTDdc0p9e6ndPrAnHA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "kHC7JlgJ1gpjDIHxKgXZuQ==": { "id": "kHC7JlgJ1gpjDIHxKgXZuQ==", "updater": "osv/go", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "issued": "2024-03-05T22:15:04Z", "links": "https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "kJ/PUfmUBn2Ep03yRLItuQ==": { "id": "kJ/PUfmUBn2Ep03yRLItuQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kMB61Eclf1Qb2Suk3JRmXw==": { "id": "kMB61Eclf1Qb2Suk3JRmXw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kQEcZDAS6Ka6J710VZUH9w==": { "id": "kQEcZDAS6Ka6J710VZUH9w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kRGVc4s/SuXPOfCHc7Q9ug==": { "id": "kRGVc4s/SuXPOfCHc7Q9ug==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kRa60N9SRvgjl+iiwZ9fZg==": { "id": "kRa60N9SRvgjl+iiwZ9fZg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "kRj1Frl5pmWWgd5LR0IPyw==": { "id": "kRj1Frl5pmWWgd5LR0IPyw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "kRqkfuoNHXgeW9vp8iyzQw==": { "id": "kRqkfuoNHXgeW9vp8iyzQw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "kTasTqgA/HsT2H85z8VDPw==": { "id": "kTasTqgA/HsT2H85z8VDPw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kVJhm1LYIfhvn92InJZLDQ==": { "id": "kVJhm1LYIfhvn92InJZLDQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "kVjUyjaMJ0bXnwb03Ksw3A==": { "id": "kVjUyjaMJ0bXnwb03Ksw3A==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kXL26w3j4LcAqSQ9tOuWMA==": { "id": "kXL26w3j4LcAqSQ9tOuWMA==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kdSSzkEHTOGF0fpTfXjzcg==": { "id": "kdSSzkEHTOGF0fpTfXjzcg==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "keMF1HAI1OIF8MvJtPZQ+g==": { "id": "keMF1HAI1OIF8MvJtPZQ+g==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kgCv9K1pgDK48LdFtpFN9Q==": { "id": "kgCv9K1pgDK48LdFtpFN9Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "khaGOQZwNAF+Kql1EAlBfw==": { "id": "khaGOQZwNAF+Kql1EAlBfw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "khwtIlYEcWkkzJP1rg7BNg==": { "id": "khwtIlYEcWkkzJP1rg7BNg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "kiHPM08GilYyFXQYDbdefw==": { "id": "kiHPM08GilYyFXQYDbdefw==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "kkBeA26IUhnokem2LDfx1A==": { "id": "kkBeA26IUhnokem2LDfx1A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "kkxgUCDqJw1GL8dK+Je2RA==": { "id": "kkxgUCDqJw1GL8dK+Je2RA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "knD9e5c9mhfEteHg6iIbAQ==": { "id": "knD9e5c9mhfEteHg6iIbAQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "koaJtTt9+fGxG4OSw5hxFA==": { "id": "koaJtTt9+fGxG4OSw5hxFA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.1.el9_6", "arch_op": "pattern match" }, "ktNuCXztDAtRpUWlUtIWUg==": { "id": "ktNuCXztDAtRpUWlUtIWUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ktZZSLvjrHrh7DYZ23sMhw==": { "id": "ktZZSLvjrHrh7DYZ23sMhw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kxjEyJZKMrQwjAj12bH0Ag==": { "id": "kxjEyJZKMrQwjAj12bH0Ag==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ky4IJ5u2Ib7CaDmE7xOysg==": { "id": "ky4IJ5u2Ib7CaDmE7xOysg==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "kyjbj2qojW5SnPuCG4+T3A==": { "id": "kyjbj2qojW5SnPuCG4+T3A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l2fXal/tlhZFSzN3bmiLSg==": { "id": "l2fXal/tlhZFSzN3bmiLSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "l3j9C20yHr6ZHIXLApzl0A==": { "id": "l3j9C20yHr6ZHIXLApzl0A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "l7gfVyLrNH9qcWdXdRt9Kg==": { "id": "l7gfVyLrNH9qcWdXdRt9Kg==", "updater": "rhel-vex", "name": "CVE-2022-30632", "description": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://www.cve.org/CVERecord?id=CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30632.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l8driNMmALQs2/V7+uCq+w==": { "id": "l8driNMmALQs2/V7+uCq+w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.1.el9_6", "arch_op": "pattern match" }, "l8z3hCmcLYlZgxzha0zw+g==": { "id": "l8z3hCmcLYlZgxzha0zw+g==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "lBoi08D0xA11v+agRADO8A==": { "id": "lBoi08D0xA11v+agRADO8A==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "lCd4ciOqH+xVdJTAK6erDg==": { "id": "lCd4ciOqH+xVdJTAK6erDg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "lG2c0hNx+Fgq8Zf8B1rJyw==": { "id": "lG2c0hNx+Fgq8Zf8B1rJyw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "lH27Z8PmZeo/EM/AegpCTA==": { "id": "lH27Z8PmZeo/EM/AegpCTA==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lIzMhy2E3/kAp+LsQCQyCA==": { "id": "lIzMhy2E3/kAp+LsQCQyCA==", "updater": "osv/go", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "issued": "2023-04-05T21:04:28Z", "links": "https://go.dev/issue/58975 https://go.dev/cl/481994 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "lJ8RTw7m+AgAnWW6upSntA==": { "id": "lJ8RTw7m+AgAnWW6upSntA==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJah2RfNfRF+vEQdCucT7w==": { "id": "lJah2RfNfRF+vEQdCucT7w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lM6Cai1zYvH4FYQ8nb6tQg==": { "id": "lM6Cai1zYvH4FYQ8nb6tQg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lO89yYeT5Xt1E5KBgR1OXw==": { "id": "lO89yYeT5Xt1E5KBgR1OXw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "lQ+CMunyB1B/r/pkv6U72w==": { "id": "lQ+CMunyB1B/r/pkv6U72w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.1.el9_6", "arch_op": "pattern match" }, "lWKRi6BgpanbsQgeIct91A==": { "id": "lWKRi6BgpanbsQgeIct91A==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "lWdVDKK0NI1ECjrQyrQZhA==": { "id": "lWdVDKK0NI1ECjrQyrQZhA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lbvVctqpDivb/6OV/xVV+A==": { "id": "lbvVctqpDivb/6OV/xVV+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lc0ErrFagkcQxsv9AGKTjw==": { "id": "lc0ErrFagkcQxsv9AGKTjw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ldTn/Q3i3BpKZ95U4mfrcQ==": { "id": "ldTn/Q3i3BpKZ95U4mfrcQ==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "lgYZVj6kPc0Poy1meDiyZQ==": { "id": "lgYZVj6kPc0Poy1meDiyZQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "lh/EYac7XXFvwJr7gkU1TA==": { "id": "lh/EYac7XXFvwJr7gkU1TA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ljT4JJv6XdYorFfJ6zbfog==": { "id": "ljT4JJv6XdYorFfJ6zbfog==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lnhGLE2iCT1nizqrTioMEA==": { "id": "lnhGLE2iCT1nizqrTioMEA==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "lsfrxxENmZMCtV8uOKkr8Q==": { "id": "lsfrxxENmZMCtV8uOKkr8Q==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "ltoIfsso65jjPxRqV9UMRw==": { "id": "ltoIfsso65jjPxRqV9UMRw==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "ltryu+P4IG4b3EAJKjyGHQ==": { "id": "ltryu+P4IG4b3EAJKjyGHQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "lv4eSxX+AEAW88phUmOolQ==": { "id": "lv4eSxX+AEAW88phUmOolQ==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m+ltkfB6bwuyxpSjgAFr9w==": { "id": "m+ltkfB6bwuyxpSjgAFr9w==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "m/d6QTwNzEzxGSR3T2263Q==": { "id": "m/d6QTwNzEzxGSR3T2263Q==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "m02T5S9rBezyv/+a/R6Fkw==": { "id": "m02T5S9rBezyv/+a/R6Fkw==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m0VRm0XEm9FSwttsQ8QLaQ==": { "id": "m0VRm0XEm9FSwttsQ8QLaQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "m2sL00H9lvJ4xs2UqwHxiQ==": { "id": "m2sL00H9lvJ4xs2UqwHxiQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "m4A081U6rE2WLJ4u/pMkqg==": { "id": "m4A081U6rE2WLJ4u/pMkqg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m5AiZOpiUf+2oOMwsbQnSg==": { "id": "m5AiZOpiUf+2oOMwsbQnSg==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m77LjZYd/4k9LSozG2S2mA==": { "id": "m77LjZYd/4k9LSozG2S2mA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m94VQcvA5qigjAcL/i2L2Q==": { "id": "m94VQcvA5qigjAcL/i2L2Q==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.1.el9_6", "arch_op": "pattern match" }, "mAh/ixYuQOgKvSoO2gk7SQ==": { "id": "mAh/ixYuQOgKvSoO2gk7SQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "mBrf1Yfgr5icNwG8S0edeA==": { "id": "mBrf1Yfgr5icNwG8S0edeA==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "mIzvIMMUHDBMdt3eAx+4Rw==": { "id": "mIzvIMMUHDBMdt3eAx+4Rw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mL/QvlBQrld+4EwXWLYTNQ==": { "id": "mL/QvlBQrld+4EwXWLYTNQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "mPAC5fvINjFbBEv6qTd6tQ==": { "id": "mPAC5fvINjFbBEv6qTd6tQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "mQKKxdEERDHEVyOMhYExEw==": { "id": "mQKKxdEERDHEVyOMhYExEw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "mUXGZjQ6odB/7zYNoJjJRA==": { "id": "mUXGZjQ6odB/7zYNoJjJRA==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "mX276ORRxpj/FeNL+3OrXg==": { "id": "mX276ORRxpj/FeNL+3OrXg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mXfTdwl2racpbSHHHKO6EA==": { "id": "mXfTdwl2racpbSHHHKO6EA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "mbMEAQXpYoMKq7Io1LfrJA==": { "id": "mbMEAQXpYoMKq7Io1LfrJA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "mfYVQsCdSPyqR1UobqhEIw==": { "id": "mfYVQsCdSPyqR1UobqhEIw==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "miA8N3aOifbt6s11v8VS/A==": { "id": "miA8N3aOifbt6s11v8VS/A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "mjI/WzMYY52AQdc1No8ugQ==": { "id": "mjI/WzMYY52AQdc1No8ugQ==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mjV/DAgymXlZYSj9rj04pg==": { "id": "mjV/DAgymXlZYSj9rj04pg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mk/9oG3VlXeyR83vbnlC7g==": { "id": "mk/9oG3VlXeyR83vbnlC7g==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mpDlR2Lk6PsJrTVRdAvAng==": { "id": "mpDlR2Lk6PsJrTVRdAvAng==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "mqxlcVJc3F4dPOTEtUve1Q==": { "id": "mqxlcVJc3F4dPOTEtUve1Q==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "mwpgk/i3GXoSJDpblt44zg==": { "id": "mwpgk/i3GXoSJDpblt44zg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mypK4Oz3YEbjmcF//Lb3ug==": { "id": "mypK4Oz3YEbjmcF//Lb3ug==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "n+8zHdzpUdNYaOfjqM+rvQ==": { "id": "n+8zHdzpUdNYaOfjqM+rvQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "n0AAvWWXPdMdY6hEXZez1A==": { "id": "n0AAvWWXPdMdY6hEXZez1A==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "n2MoI6iOOGKJg6CiwpZkxg==": { "id": "n2MoI6iOOGKJg6CiwpZkxg==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n5bOb2nwIXCE6i6WEpGlzA==": { "id": "n5bOb2nwIXCE6i6WEpGlzA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6Vm6uSXhVeVnZmJCVL4pw==": { "id": "n6Vm6uSXhVeVnZmJCVL4pw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n78TtR5pw5YtOwMk7gVGmg==": { "id": "n78TtR5pw5YtOwMk7gVGmg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "n9h0mZrBntcdO8rut9mZew==": { "id": "n9h0mZrBntcdO8rut9mZew==", "updater": "osv/go", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "issued": "2023-04-05T21:05:27Z", "links": "https://go.dev/issue/59234 https://go.dev/cl/482079 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "nD4gdXb8ND61ypX9fYklTQ==": { "id": "nD4gdXb8ND61ypX9fYklTQ==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "nF1VC5iJhTtrDBwL8mfOiw==": { "id": "nF1VC5iJhTtrDBwL8mfOiw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "nFaODSvvA4RrGIiPJ9FjRA==": { "id": "nFaODSvvA4RrGIiPJ9FjRA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.1.el9_6", "arch_op": "pattern match" }, "nKGJQ32gv73mgVLbPDD8Qg==": { "id": "nKGJQ32gv73mgVLbPDD8Qg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "nLbsKQgcqXqFJTjqeQs6Vg==": { "id": "nLbsKQgcqXqFJTjqeQs6Vg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "nM+XWkmaG537tz4PDM13+w==": { "id": "nM+XWkmaG537tz4PDM13+w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "nNNVXLjFvnegTKkITfCBuA==": { "id": "nNNVXLjFvnegTKkITfCBuA==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "nNzRt87EkCVymyYuDyEW2w==": { "id": "nNzRt87EkCVymyYuDyEW2w==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "nOD1OtMP4aGP/bT3iktDEQ==": { "id": "nOD1OtMP4aGP/bT3iktDEQ==", "updater": "osv/go", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "issued": "2022-12-08T19:01:21Z", "links": "https://go.dev/issue/56350 https://go.dev/cl/455717 https://go.dev/cl/455635 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "nPl1VYR04nooFy6e74yZlg==": { "id": "nPl1VYR04nooFy6e74yZlg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "nRYrn2tFn8hdV0x+2YRPYQ==": { "id": "nRYrn2tFn8hdV0x+2YRPYQ==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "nRlBpDuWR9J0Ttd/BugkSQ==": { "id": "nRlBpDuWR9J0Ttd/BugkSQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "nS4rhARAcjvkSY8dJUFdOA==": { "id": "nS4rhARAcjvkSY8dJUFdOA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "nSAqYkKsqi7arKT9mgba5w==": { "id": "nSAqYkKsqi7arKT9mgba5w==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "nVEuAeNYaydUTqNE5GOm/w==": { "id": "nVEuAeNYaydUTqNE5GOm/w==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "nVgNlf1p1N8UKAkTllJrCA==": { "id": "nVgNlf1p1N8UKAkTllJrCA==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "nW07GBIUhWrN6iKB9MBAkg==": { "id": "nW07GBIUhWrN6iKB9MBAkg==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "naO+9RNjE/hIMaezFHe7IA==": { "id": "naO+9RNjE/hIMaezFHe7IA==", "updater": "osv/go", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "nbtTb8L4YMUxpajoNaatQg==": { "id": "nbtTb8L4YMUxpajoNaatQg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "nfRozYKxaq/cbStnERagAQ==": { "id": "nfRozYKxaq/cbStnERagAQ==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "nhTPOqyx5Hjq5RaQThVb3A==": { "id": "nhTPOqyx5Hjq5RaQThVb3A==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "noShzkxXeZ6xaXHAA8su4g==": { "id": "noShzkxXeZ6xaXHAA8su4g==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "ntPgpTaOsf+PmS8l/Ba/Gw==": { "id": "ntPgpTaOsf+PmS8l/Ba/Gw==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "nxT/hl64jXfWptNxWhmDuA==": { "id": "nxT/hl64jXfWptNxWhmDuA==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "nzSVb3AtyNNflDi2DJAqSg==": { "id": "nzSVb3AtyNNflDi2DJAqSg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "o+oNdKG9C3ouEb/OQo1GOQ==": { "id": "o+oNdKG9C3ouEb/OQo1GOQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "o/JG334q9R0nTyZD1vNw7w==": { "id": "o/JG334q9R0nTyZD1vNw7w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o1V8hGX+jv19u/R1lSOgXA==": { "id": "o1V8hGX+jv19u/R1lSOgXA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "o2Jv7s2Wil4Jz6qK6599ww==": { "id": "o2Jv7s2Wil4Jz6qK6599ww==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "o2RzBkbyaO/aJUexQwQheA==": { "id": "o2RzBkbyaO/aJUexQwQheA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "o3TqxXhqdegYIl51fSMQ1A==": { "id": "o3TqxXhqdegYIl51fSMQ1A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "o52gvb+djtuOAe8fWpXboQ==": { "id": "o52gvb+djtuOAe8fWpXboQ==", "updater": "osv/go", "name": "GO-2025-3849", "description": "Incorrect results returned from Rows.Scan in database/sql", "issued": "2025-08-07T15:07:27Z", "links": "https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "o6arI4B+lOjvgV6k7kauyw==": { "id": "o6arI4B+lOjvgV6k7kauyw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "o7U6pbXnKgxDi4OXl/ryRA==": { "id": "o7U6pbXnKgxDi4OXl/ryRA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o94cfzaEslnrzBtYm19DkA==": { "id": "o94cfzaEslnrzBtYm19DkA==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "oAa5rQ+ettvHgaEihiWA9A==": { "id": "oAa5rQ+ettvHgaEihiWA9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "oBl0IuwDdaD9PwMwSDcQpg==": { "id": "oBl0IuwDdaD9PwMwSDcQpg==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "oCDLcNdeKQmSOcg6w237gw==": { "id": "oCDLcNdeKQmSOcg6w237gw==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "oDGZCaWnkiaSQdz+QhIr5Q==": { "id": "oDGZCaWnkiaSQdz+QhIr5Q==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oEKqq2GIVwWjorWJihmJiw==": { "id": "oEKqq2GIVwWjorWJihmJiw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "oGKMWwqd8g23cJbO7k5MNA==": { "id": "oGKMWwqd8g23cJbO7k5MNA==", "updater": "osv/go", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "issued": "2023-05-05T21:10:24Z", "links": "https://go.dev/issue/59722 https://go.dev/cl/491617 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oGhsPyoyEtiEHT7/0qF+CQ==": { "id": "oGhsPyoyEtiEHT7/0qF+CQ==", "updater": "rhel-vex", "name": "CVE-2025-7545", "description": "A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.", "issued": "2025-07-13T21:44:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7545 https://bugzilla.redhat.com/show_bug.cgi?id=2379785 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7545.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oNps3pS/KBKadK++zlgktA==": { "id": "oNps3pS/KBKadK++zlgktA==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "oPNobp4gxHQj7UMaryNaHw==": { "id": "oPNobp4gxHQj7UMaryNaHw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "oQ3Lediq93z2xbrIoJUi7Q==": { "id": "oQ3Lediq93z2xbrIoJUi7Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oQ8YhXsWl1bwUCG1x+HzDQ==": { "id": "oQ8YhXsWl1bwUCG1x+HzDQ==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "oUbBUuaPbKO68xR8hm0EKg==": { "id": "oUbBUuaPbKO68xR8hm0EKg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "oVI7j6msaWseNIkn6m/3+A==": { "id": "oVI7j6msaWseNIkn6m/3+A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oXbtPoAI0xd/D3jVRZ8E8Q==": { "id": "oXbtPoAI0xd/D3jVRZ8E8Q==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "oYEyIJ07SURdsg7rK6qrYw==": { "id": "oYEyIJ07SURdsg7rK6qrYw==", "updater": "osv/go", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "issued": "2022-10-06T16:26:05Z", "links": "https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "oZ/2a9w+ysaJ6Y0prrNk0g==": { "id": "oZ/2a9w+ysaJ6Y0prrNk0g==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "obSzOBXxlQxURPk04eb+8Q==": { "id": "obSzOBXxlQxURPk04eb+8Q==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "obTTrP5oWTTgSGItpJqyKg==": { "id": "obTTrP5oWTTgSGItpJqyKg==", "updater": "rhel-vex", "name": "CVE-2022-30631", "description": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://www.cve.org/CVERecord?id=CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ohJ0B7EgOJ9MaxYsbvhjIA==": { "id": "ohJ0B7EgOJ9MaxYsbvhjIA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "okRzJuZWda3BPI4wHU6OSg==": { "id": "okRzJuZWda3BPI4wHU6OSg==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "okW8xf+CinO7BWuM9dEk4Q==": { "id": "okW8xf+CinO7BWuM9dEk4Q==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "opnb226IH8+SU+iAVOx8hw==": { "id": "opnb226IH8+SU+iAVOx8hw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osxk1q2jE3TCrr5JCQRhNA==": { "id": "osxk1q2jE3TCrr5JCQRhNA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "owALVsfUiwMtDqenpdt7Zg==": { "id": "owALVsfUiwMtDqenpdt7Zg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "oybDfBRpKC7mq0IkNE/WbA==": { "id": "oybDfBRpKC7mq0IkNE/WbA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ozbcadljjD/zIm3hj6kVaw==": { "id": "ozbcadljjD/zIm3hj6kVaw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "p2+Y5XRhYt7mgZ7H+35S0w==": { "id": "p2+Y5XRhYt7mgZ7H+35S0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.1.el9_6", "arch_op": "pattern match" }, "p2D36zAi5tbYfUPJhBVLhg==": { "id": "p2D36zAi5tbYfUPJhBVLhg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "p4PSGpZ+FENmdQZ22vQ2FQ==": { "id": "p4PSGpZ+FENmdQZ22vQ2FQ==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "p5Ki7Z96ChbT07EZ4WnnKg==": { "id": "p5Ki7Z96ChbT07EZ4WnnKg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "p8XKlr7C/uFXLykQP2132Q==": { "id": "p8XKlr7C/uFXLykQP2132Q==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "pEwkPeffucbY50JSGQdERQ==": { "id": "pEwkPeffucbY50JSGQdERQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "pFXK+S/0lzfxv0ToVY49hA==": { "id": "pFXK+S/0lzfxv0ToVY49hA==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "pGkOHCsusTyFHJ/G9JGXiA==": { "id": "pGkOHCsusTyFHJ/G9JGXiA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "pGvoS/decJ8g3YpAYIFmmw==": { "id": "pGvoS/decJ8g3YpAYIFmmw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "pHq3XsQe5Y157BuUHMufyg==": { "id": "pHq3XsQe5Y157BuUHMufyg==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "pIJllB0DitFR4biXCLWlfQ==": { "id": "pIJllB0DitFR4biXCLWlfQ==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "pLMgO5RHEs1yrujEkb226g==": { "id": "pLMgO5RHEs1yrujEkb226g==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pN9L6/wRgu21CuY/FfnkIA==": { "id": "pN9L6/wRgu21CuY/FfnkIA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "pNsmsBM6zioL8gqkR9CNUA==": { "id": "pNsmsBM6zioL8gqkR9CNUA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pT+67u2xHyxzA5Cl+Ui55Q==": { "id": "pT+67u2xHyxzA5Cl+Ui55Q==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "pTT7g2z3OsAYgdVqJMZOLQ==": { "id": "pTT7g2z3OsAYgdVqJMZOLQ==", "updater": "osv/go", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "issued": "2022-07-20T17:02:04Z", "links": "https://go.dev/cl/417062 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pWQV0Z8XQHYl5n7sHUZBqA==": { "id": "pWQV0Z8XQHYl5n7sHUZBqA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "pX9giWYBuTR0yK974RC2ng==": { "id": "pX9giWYBuTR0yK974RC2ng==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "pd2B9G+4ekvOFTzso0NXCw==": { "id": "pd2B9G+4ekvOFTzso0NXCw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "peuiWx2cfvlg0ej3db5p4Q==": { "id": "peuiWx2cfvlg0ej3db5p4Q==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "pfNYlxG8sY9hFt3528zJoA==": { "id": "pfNYlxG8sY9hFt3528zJoA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pfZcHRowGRRifIIMXAg+9w==": { "id": "pfZcHRowGRRifIIMXAg+9w==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pg+SRV3v3Mv4Yg+0x76+jg==": { "id": "pg+SRV3v3Mv4Yg+0x76+jg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "piA8HykwHgm/u3haFYSPzw==": { "id": "piA8HykwHgm/u3haFYSPzw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pl0eAtev2igDstYhHd6sxw==": { "id": "pl0eAtev2igDstYhHd6sxw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "plTl3JV8fPj1sUiMh31FmQ==": { "id": "plTl3JV8fPj1sUiMh31FmQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "pmYCdyBPlSpsjaT+VrrmLg==": { "id": "pmYCdyBPlSpsjaT+VrrmLg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "pp3PQor2CpTCVnKZusQgwg==": { "id": "pp3PQor2CpTCVnKZusQgwg==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "pp7NHxA1qAOUnsy/IRCLbw==": { "id": "pp7NHxA1qAOUnsy/IRCLbw==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "psR1kVsSZz19yYKHsoaoNg==": { "id": "psR1kVsSZz19yYKHsoaoNg==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "psr6EfqmKkDu2s/af+27mw==": { "id": "psr6EfqmKkDu2s/af+27mw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "pv5Nm8Lwfq3X5Sm3cuoD1g==": { "id": "pv5Nm8Lwfq3X5Sm3cuoD1g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pvm4gwkuqzgisbgZu1oTlQ==": { "id": "pvm4gwkuqzgisbgZu1oTlQ==", "updater": "osv/go", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "issued": "2022-07-20T20:52:22Z", "links": "https://go.dev/cl/417065 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pvtiIO9KHqFscFbvNo86Dw==": { "id": "pvtiIO9KHqFscFbvNo86Dw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "pwFS1oPwyZIRVgVgtAgSPQ==": { "id": "pwFS1oPwyZIRVgVgtAgSPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "pwNeC1oSJCRKeW3NQ1Zwmw==": { "id": "pwNeC1oSJCRKeW3NQ1Zwmw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "pwSWzlcJAuR/J5zikGUxiw==": { "id": "pwSWzlcJAuR/J5zikGUxiw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pxuVFZsuUa8YFBkmcjpnxQ==": { "id": "pxuVFZsuUa8YFBkmcjpnxQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "q29SxeDdhfgnRkudvf3mdA==": { "id": "q29SxeDdhfgnRkudvf3mdA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "q4W6wpO2YbOLS87LUXPVBw==": { "id": "q4W6wpO2YbOLS87LUXPVBw==", "updater": "rhel-vex", "name": "CVE-2025-8851", "description": "A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the context of the affected process.", "issued": "2025-08-11T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8851 https://bugzilla.redhat.com/show_bug.cgi?id=2387618 https://www.cve.org/CVERecord?id=CVE-2025-8851 https://nvd.nist.gov/vuln/detail/CVE-2025-8851 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8851.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q6x8gUSR0HLnQLHLmB4Htw==": { "id": "q6x8gUSR0HLnQLHLmB4Htw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "q7IyWv1MOsi/PXOLUGKElQ==": { "id": "q7IyWv1MOsi/PXOLUGKElQ==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "q9L+6bHSCCXbReRfXEPeTg==": { "id": "q9L+6bHSCCXbReRfXEPeTg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qB1uVwi5ydv4et+JpGcenw==": { "id": "qB1uVwi5ydv4et+JpGcenw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "qEQEeZkI3fZm1RmMiKeYYg==": { "id": "qEQEeZkI3fZm1RmMiKeYYg==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFhnV7djagzTbJn2rH4ndA==": { "id": "qFhnV7djagzTbJn2rH4ndA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "qI12E1AIG5PjZFUHEhSkgw==": { "id": "qI12E1AIG5PjZFUHEhSkgw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qIRy7/v51ILezECGLzLGBw==": { "id": "qIRy7/v51ILezECGLzLGBw==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "qLHoaQ/4ax3G7SRd9aV2yg==": { "id": "qLHoaQ/4ax3G7SRd9aV2yg==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "qMnTnRnGw88RiTP1PFxynA==": { "id": "qMnTnRnGw88RiTP1PFxynA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "qNhEJopIC+OWvXbrkilAfQ==": { "id": "qNhEJopIC+OWvXbrkilAfQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "qOdN56IOMUot4YWCQPjPvA==": { "id": "qOdN56IOMUot4YWCQPjPvA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "qPGxfT+FyuMifHo1C/aY6w==": { "id": "qPGxfT+FyuMifHo1C/aY6w==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "qQxzRYdLEwZ+uwtq33H+Uw==": { "id": "qQxzRYdLEwZ+uwtq33H+Uw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qV/TxipuOJ9b9a/x4IT2cw==": { "id": "qV/TxipuOJ9b9a/x4IT2cw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXBiVfXy4luW+BbyG9z9BQ==": { "id": "qXBiVfXy4luW+BbyG9z9BQ==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qYLCfB1EzRWGloOr+Ke8RA==": { "id": "qYLCfB1EzRWGloOr+Ke8RA==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qZqMILFWCv2+sfRyc+XFfg==": { "id": "qZqMILFWCv2+sfRyc+XFfg==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qaC6F9Z9j5kAaiDeRwL7nA==": { "id": "qaC6F9Z9j5kAaiDeRwL7nA==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "qb5Q/H2wcR/YimCQn+AUYw==": { "id": "qb5Q/H2wcR/YimCQn+AUYw==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "qbsbXExNvRlblIMDPNkFzA==": { "id": "qbsbXExNvRlblIMDPNkFzA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qcGz8bluItM475eimPK89w==": { "id": "qcGz8bluItM475eimPK89w==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "qdWe9wwJNQD9uM1J1li1Vg==": { "id": "qdWe9wwJNQD9uM1J1li1Vg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "qdXDrJ7D0lw6kIY2dy+1KQ==": { "id": "qdXDrJ7D0lw6kIY2dy+1KQ==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "qhSIFNwi876BQWyJqx7TXw==": { "id": "qhSIFNwi876BQWyJqx7TXw==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "qhl/5MtAFFjdvINFEhyFsg==": { "id": "qhl/5MtAFFjdvINFEhyFsg==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "qhxrSy/lodS857k/RFYSFg==": { "id": "qhxrSy/lodS857k/RFYSFg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qj3kMXpJzib/tg7NOcmtdQ==": { "id": "qj3kMXpJzib/tg7NOcmtdQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "qnfP2y61ycFKlR/SBnZ5sw==": { "id": "qnfP2y61ycFKlR/SBnZ5sw==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "qpRD6NPbAOP7sG5S6hInXg==": { "id": "qpRD6NPbAOP7sG5S6hInXg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qr6Jra3xQBxvbIQJAqILNQ==": { "id": "qr6Jra3xQBxvbIQJAqILNQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "qsn7RE1KMH045/wAyIDw7A==": { "id": "qsn7RE1KMH045/wAyIDw7A==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "qtpMNZ+V4szO/Tox+eT3Cg==": { "id": "qtpMNZ+V4szO/Tox+eT3Cg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "quMgsZt2z8hlQ+HzwzaVJQ==": { "id": "quMgsZt2z8hlQ+HzwzaVJQ==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r+NuuQcHZ5hOWGRHanlG0w==": { "id": "r+NuuQcHZ5hOWGRHanlG0w==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "r0yngP+sUJvKraMLgaaWww==": { "id": "r0yngP+sUJvKraMLgaaWww==", "updater": "osv/go", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "issued": "2023-04-05T21:05:07Z", "links": "https://go.dev/issue/59180 https://go.dev/cl/482078 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "r35oOcTyVY7X2QLaChkjdw==": { "id": "r35oOcTyVY7X2QLaChkjdw==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r3htJBqpa1VO27wdQgcGyw==": { "id": "r3htJBqpa1VO27wdQgcGyw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r8kk8OjPGZXkalD/ogI9TQ==": { "id": "r8kk8OjPGZXkalD/ogI9TQ==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "r9W84DjqWVoSeRkzoMmOdA==": { "id": "r9W84DjqWVoSeRkzoMmOdA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "r9qwoudvbxrKUZqCmUc7NA==": { "id": "r9qwoudvbxrKUZqCmUc7NA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rBDj6tuhee896qgiVA2peA==": { "id": "rBDj6tuhee896qgiVA2peA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "rDeZ9YqARbQ/8OcOA5Tn4g==": { "id": "rDeZ9YqARbQ/8OcOA5Tn4g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "rDx7RcnC1Ce961LxuRo53Q==": { "id": "rDx7RcnC1Ce961LxuRo53Q==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rFWIZJAOzhCWoZKNelyFsQ==": { "id": "rFWIZJAOzhCWoZKNelyFsQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "rIk/NHa428tmc6oDgqypQw==": { "id": "rIk/NHa428tmc6oDgqypQw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "rJHkC74NrobNudSijB/y4A==": { "id": "rJHkC74NrobNudSijB/y4A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rKpZxH2tXrNLthuse32FWg==": { "id": "rKpZxH2tXrNLthuse32FWg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "rPXe6sMC/46EZbom2R58Iw==": { "id": "rPXe6sMC/46EZbom2R58Iw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rRfIMqTlNWlpWE9Bi6NGYw==": { "id": "rRfIMqTlNWlpWE9Bi6NGYw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rWYn/Km2lN55sVL7Ui4zmQ==": { "id": "rWYn/Km2lN55sVL7Ui4zmQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "rXJvA1HAsx+E4rVQeqU3qQ==": { "id": "rXJvA1HAsx+E4rVQeqU3qQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ra+5M5K0yyS4TNorJBFVYw==": { "id": "ra+5M5K0yyS4TNorJBFVYw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "rcUIg6JYVsZx379+fVhSVg==": { "id": "rcUIg6JYVsZx379+fVhSVg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "rct+rak3m0uMzU51NldQpg==": { "id": "rct+rak3m0uMzU51NldQpg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rkpLgzhV90FRHYY3ESWHfw==": { "id": "rkpLgzhV90FRHYY3ESWHfw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "rm3fF4UjNztR1JpYwTPaVg==": { "id": "rm3fF4UjNztR1JpYwTPaVg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "roGA0nQUzXWg+M1vb3jr3g==": { "id": "roGA0nQUzXWg+M1vb3jr3g==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "rpqh6K+YqMAxf172QUbycQ==": { "id": "rpqh6K+YqMAxf172QUbycQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "rpwsfSDtxz8KgCjcE5LUgg==": { "id": "rpwsfSDtxz8KgCjcE5LUgg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rpzV0o5XSSiqAfiLvn+7sw==": { "id": "rpzV0o5XSSiqAfiLvn+7sw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.1.el9_6", "arch_op": "pattern match" }, "rtmfAClgZr+pMIYCffofpQ==": { "id": "rtmfAClgZr+pMIYCffofpQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "ruok+KtL5TC6jhvqLAZEzw==": { "id": "ruok+KtL5TC6jhvqLAZEzw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rwX0WRiXvDcxdTv5pslgxw==": { "id": "rwX0WRiXvDcxdTv5pslgxw==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "ryPu/punYtMOzifbFWj3Xg==": { "id": "ryPu/punYtMOzifbFWj3Xg==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "ryv0HUHLJe8DIxGNl9VAgQ==": { "id": "ryv0HUHLJe8DIxGNl9VAgQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "s+/PgMrbczH4dntN+Uku4A==": { "id": "s+/PgMrbczH4dntN+Uku4A==", "updater": "osv/go", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "issued": "2023-04-05T21:04:39Z", "links": "https://go.dev/issue/59153 https://go.dev/cl/482076 https://go.dev/cl/482075 https://go.dev/cl/482077 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "s/wLIAA4VDi9HrbyrnYgbg==": { "id": "s/wLIAA4VDi9HrbyrnYgbg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "s0BW8R7FNYnFn+nWkJnUqQ==": { "id": "s0BW8R7FNYnFn+nWkJnUqQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "s0PUMgVnEtuqOkBdJNAqUA==": { "id": "s0PUMgVnEtuqOkBdJNAqUA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "s20Tn7zOYHvK/n/K8/hWrA==": { "id": "s20Tn7zOYHvK/n/K8/hWrA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s4mktw9S/tOEdbFRu8ZxjA==": { "id": "s4mktw9S/tOEdbFRu8ZxjA==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s6zRbI6E6xMFwOoLRjlPfw==": { "id": "s6zRbI6E6xMFwOoLRjlPfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "s9zla+0u22E+Nq1zlK4A0A==": { "id": "s9zla+0u22E+Nq1zlK4A0A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sEXYrXIRghEOX+5cKfh4HA==": { "id": "sEXYrXIRghEOX+5cKfh4HA==", "updater": "osv/go", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "issued": "2022-07-20T20:52:11Z", "links": "https://go.dev/cl/417067 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "sEY+u8JcXEvFyPiUDTNKow==": { "id": "sEY+u8JcXEvFyPiUDTNKow==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "sFUeaSTxmIP9ksmZtDFy/w==": { "id": "sFUeaSTxmIP9ksmZtDFy/w==", "updater": "rhel-vex", "name": "CVE-2025-9301", "description": "A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.", "issued": "2025-08-21T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9301 https://bugzilla.redhat.com/show_bug.cgi?id=2390085 https://www.cve.org/CVERecord?id=CVE-2025-9301 https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629 https://vuldb.com/?ctiid.320906 https://vuldb.com/?id.320906 https://vuldb.com/?submit.632369 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9301.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "cmake", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGBviOATX07Y4438NYu+Aw==": { "id": "sGBviOATX07Y4438NYu+Aw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "sHu0Ihy6+HrKJvDoll9f5g==": { "id": "sHu0Ihy6+HrKJvDoll9f5g==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "sHvGKpRovk0D6WznAeRDaw==": { "id": "sHvGKpRovk0D6WznAeRDaw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "sJOXRbCL0QuUC1P4v8JTZA==": { "id": "sJOXRbCL0QuUC1P4v8JTZA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sQrexr1vAx+h04KwvoON3w==": { "id": "sQrexr1vAx+h04KwvoON3w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "sQzygdvKruRINz20KeXUpg==": { "id": "sQzygdvKruRINz20KeXUpg==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "sSpyMuxbh/+/Nula2ikXPw==": { "id": "sSpyMuxbh/+/Nula2ikXPw==", "updater": "rhel-vex", "name": "CVE-2017-17973", "description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "issued": "2017-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17973 https://bugzilla.redhat.com/show_bug.cgi?id=1530912 https://www.cve.org/CVERecord?id=CVE-2017-17973 https://nvd.nist.gov/vuln/detail/CVE-2017-17973 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17973.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sTJKOfHbxppSoExQl7mYpQ==": { "id": "sTJKOfHbxppSoExQl7mYpQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "sTWSbUm1UHqZR0zHxPPV1A==": { "id": "sTWSbUm1UHqZR0zHxPPV1A==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sVTwqtGyRA8GgZdyQgXnqw==": { "id": "sVTwqtGyRA8GgZdyQgXnqw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "sWPZolO+x42N83xPk/byrw==": { "id": "sWPZolO+x42N83xPk/byrw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "sXReFixXG4Bn4+eq/AJDBA==": { "id": "sXReFixXG4Bn4+eq/AJDBA==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "sXnCRVNv4i/ZmrJ0YxWonw==": { "id": "sXnCRVNv4i/ZmrJ0YxWonw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "sY8NON9Vp1LES9AwtY+jzA==": { "id": "sY8NON9Vp1LES9AwtY+jzA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "sYa4l6veBD/KmL7osWW7fQ==": { "id": "sYa4l6veBD/KmL7osWW7fQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "sa5mIA5TIgDDEs7v0PwTjQ==": { "id": "sa5mIA5TIgDDEs7v0PwTjQ==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "scmQI6T6oitCtZW5973ovw==": { "id": "scmQI6T6oitCtZW5973ovw==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "sgKxepKQb+uxgfzzrcWS7w==": { "id": "sgKxepKQb+uxgfzzrcWS7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "skjryijgaN9YVeVVq8xZmA==": { "id": "skjryijgaN9YVeVVq8xZmA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sna4IH0E1Ui1jpzpKgnFOg==": { "id": "sna4IH0E1Ui1jpzpKgnFOg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "sosNUrsbT764ZsBIEQm5Tw==": { "id": "sosNUrsbT764ZsBIEQm5Tw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "srkxdJQ82zHIMw9egdZc5w==": { "id": "srkxdJQ82zHIMw9egdZc5w==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "ssYEt3aOFwnaqoufFlsCAw==": { "id": "ssYEt3aOFwnaqoufFlsCAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "svdlbVzNwZE9P/M3GvQ7Xw==": { "id": "svdlbVzNwZE9P/M3GvQ7Xw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "sx5ziSZauoyjmcMB827V/Q==": { "id": "sx5ziSZauoyjmcMB827V/Q==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "sxxGu02J6Xp0UskX/yPO4w==": { "id": "sxxGu02J6Xp0UskX/yPO4w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "szMAuHDpCq8KehOnG/58kg==": { "id": "szMAuHDpCq8KehOnG/58kg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "t+vHm4kt0AB+tq2CG41TQQ==": { "id": "t+vHm4kt0AB+tq2CG41TQQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tC2r7U8qVBEhU9NaT3fMVg==": { "id": "tC2r7U8qVBEhU9NaT3fMVg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "tDVJVtVXjEp2hZmPcOFM9w==": { "id": "tDVJVtVXjEp2hZmPcOFM9w==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "tEG4S6zEddB/Fl32LgLV+A==": { "id": "tEG4S6zEddB/Fl32LgLV+A==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "tJJUE3O+B2dj0YzqLSTtDA==": { "id": "tJJUE3O+B2dj0YzqLSTtDA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "tKVE3VH+DixxL49Cbeit6Q==": { "id": "tKVE3VH+DixxL49Cbeit6Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tLfvNXQJ1ryG1oIjuKoLPQ==": { "id": "tLfvNXQJ1ryG1oIjuKoLPQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tNFH1YUHHwU3vwUWrO3mLQ==": { "id": "tNFH1YUHHwU3vwUWrO3mLQ==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "tQmmf4j1ZMloac9gv7yd7w==": { "id": "tQmmf4j1ZMloac9gv7yd7w==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "tTdsNcqGarFD7KtMB1ag6Q==": { "id": "tTdsNcqGarFD7KtMB1ag6Q==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "tVvgs8QNtuRqLgnWoPIWbw==": { "id": "tVvgs8QNtuRqLgnWoPIWbw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "tW4ew6Bpf68YpYbdwMyYGA==": { "id": "tW4ew6Bpf68YpYbdwMyYGA==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "tZCJ3EMmfQYEKmNY0R6pgg==": { "id": "tZCJ3EMmfQYEKmNY0R6pgg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "tZSfr7Q1QfQP2u7Sjxqmrw==": { "id": "tZSfr7Q1QfQP2u7Sjxqmrw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "taWP10HWuyQrPSEFSUjPPw==": { "id": "taWP10HWuyQrPSEFSUjPPw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tboTb+/fwz1O/l+3w5n9ew==": { "id": "tboTb+/fwz1O/l+3w5n9ew==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "te0mQBJAxCZ9Xzg2xrzQcg==": { "id": "te0mQBJAxCZ9Xzg2xrzQcg==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "tiOci2zd4htCAwtqrJPUhA==": { "id": "tiOci2zd4htCAwtqrJPUhA==", "updater": "rhel-vex", "name": "CVE-2025-9390", "description": "A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.", "issued": "2025-08-24T14:02:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9390 https://bugzilla.redhat.com/show_bug.cgi?id=2390603 https://www.cve.org/CVERecord?id=CVE-2025-9390 https://nvd.nist.gov/vuln/detail/CVE-2025-9390 https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0 https://github.com/vim/vim/issues/17944 https://github.com/vim/vim/pull/17947 https://github.com/vim/vim/releases/tag/v9.1.1616 https://vuldb.com/?ctiid.321223 https://vuldb.com/?id.321223 https://vuldb.com/?submit.630903 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9390.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tjg7NtH3QatPaaScohSsZg==": { "id": "tjg7NtH3QatPaaScohSsZg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "tlbehmhIbT1WwXt6llfQYw==": { "id": "tlbehmhIbT1WwXt6llfQYw==", "updater": "osv/go", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "issued": "2022-07-20T17:01:45Z", "links": "https://go.dev/cl/417063 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "toXp/ZwNqXAUsdXRb/4DVg==": { "id": "toXp/ZwNqXAUsdXRb/4DVg==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "u+eDY1Q5WfNp0Krtzvv+AQ==": { "id": "u+eDY1Q5WfNp0Krtzvv+AQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "u/b1G56mYgMO4E+lYxSxjA==": { "id": "u/b1G56mYgMO4E+lYxSxjA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "u0MfT/CHY1AhIYRRjCtdhw==": { "id": "u0MfT/CHY1AhIYRRjCtdhw==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "u0i6Tc2zpzW8/pMdj7AH4w==": { "id": "u0i6Tc2zpzW8/pMdj7AH4w==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u3VIQ3Bv2EdQNxxr10FAOQ==": { "id": "u3VIQ3Bv2EdQNxxr10FAOQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "u6PjuomLq+nVKrTw/0Jyeg==": { "id": "u6PjuomLq+nVKrTw/0Jyeg==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "uDUK/vmP915z5uyCv2VhVg==": { "id": "uDUK/vmP915z5uyCv2VhVg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFR2NXYHCgkD0jUkHBTh3g==": { "id": "uFR2NXYHCgkD0jUkHBTh3g==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "uFRb2siFSROrNSaSMqsvqQ==": { "id": "uFRb2siFSROrNSaSMqsvqQ==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uGPuYR0b3uiHdpdRa97mfw==": { "id": "uGPuYR0b3uiHdpdRa97mfw==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "uGxAJHfmN99PtsQCJqV/nQ==": { "id": "uGxAJHfmN99PtsQCJqV/nQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "uILMvGS6obqeMj18FLYSbg==": { "id": "uILMvGS6obqeMj18FLYSbg==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "uJDCv1FWYpz7eywFMZ5WnA==": { "id": "uJDCv1FWYpz7eywFMZ5WnA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uOeAKP5ZyZtLLU7CjOuFcw==": { "id": "uOeAKP5ZyZtLLU7CjOuFcw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "uPUYRQErrH0+5XWkYAjsjw==": { "id": "uPUYRQErrH0+5XWkYAjsjw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "uRGTeRjJyz2NEeH/TpkK8Q==": { "id": "uRGTeRjJyz2NEeH/TpkK8Q==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "uTjjTMH3twVH5hmw0Wmskw==": { "id": "uTjjTMH3twVH5hmw0Wmskw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "uW/TgHSIKlO53BnXG1YZSA==": { "id": "uW/TgHSIKlO53BnXG1YZSA==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "uWvHibmfs86jbjyb5h+qpg==": { "id": "uWvHibmfs86jbjyb5h+qpg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "uXRgwaipa8s2OMXjAf1Thg==": { "id": "uXRgwaipa8s2OMXjAf1Thg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ueWEd2PE6kwBx153FL1eIA==": { "id": "ueWEd2PE6kwBx153FL1eIA==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ug2Mk8LI1eIN0hRNT0s8JQ==": { "id": "ug2Mk8LI1eIN0hRNT0s8JQ==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ugAB401UYtKGrqztlPOlZA==": { "id": "ugAB401UYtKGrqztlPOlZA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uhGUZtCY1OXgM1L55/upYA==": { "id": "uhGUZtCY1OXgM1L55/upYA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "uioq0s2+upthXeIfuu8dpA==": { "id": "uioq0s2+upthXeIfuu8dpA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ujzNJ5kQVFINisRmEnkrzA==": { "id": "ujzNJ5kQVFINisRmEnkrzA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ukBMje282PDzxzC8wCZoJA==": { "id": "ukBMje282PDzxzC8wCZoJA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ulsMCA3bm5VANCxYIf54Zw==": { "id": "ulsMCA3bm5VANCxYIf54Zw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ummv/ARHzS4IbQ59dpGtvQ==": { "id": "ummv/ARHzS4IbQ59dpGtvQ==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "urOIF+inUTTF1gL7DeWkzg==": { "id": "urOIF+inUTTF1gL7DeWkzg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "uvaZxZFE7cKBjyjVQ/t6lg==": { "id": "uvaZxZFE7cKBjyjVQ/t6lg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "v+VZolEvt4HU4yiZTpFx+Q==": { "id": "v+VZolEvt4HU4yiZTpFx+Q==", "updater": "osv/go", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "issued": "2024-04-03T21:12:01Z", "links": "https://go.dev/issue/65051 https://go.dev/cl/576155 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.9" }, "v+qPraJNH1peMhjiTk1OgA==": { "id": "v+qPraJNH1peMhjiTk1OgA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "v/LL4YgDGZJlkF77eUtvPw==": { "id": "v/LL4YgDGZJlkF77eUtvPw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "v6t7qJCF3xL8IO0nPwJX1g==": { "id": "v6t7qJCF3xL8IO0nPwJX1g==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "v9nWDWoVTUzEu77hVCL+xw==": { "id": "v9nWDWoVTUzEu77hVCL+xw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "vAAzy4RBfYsNO+V3LlPJ7A==": { "id": "vAAzy4RBfYsNO+V3LlPJ7A==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "vBXrhxnu9HxQSmN5xWhZaQ==": { "id": "vBXrhxnu9HxQSmN5xWhZaQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "vHIEJpBGkCNiUPmahPyLqQ==": { "id": "vHIEJpBGkCNiUPmahPyLqQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "vJceii8mKrpQPBtlAKleGQ==": { "id": "vJceii8mKrpQPBtlAKleGQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "vLDNpmPSXi+t8ebIQHILIw==": { "id": "vLDNpmPSXi+t8ebIQHILIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "vLLr24Ej4L78gTG08XYkRg==": { "id": "vLLr24Ej4L78gTG08XYkRg==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vLgELeoIueNM9KX5ZIMtjg==": { "id": "vLgELeoIueNM9KX5ZIMtjg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "vPDXRcEg4abq9PCqTBFkAg==": { "id": "vPDXRcEg4abq9PCqTBFkAg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "vQedZoMzqBElfCAKIwQo5w==": { "id": "vQedZoMzqBElfCAKIwQo5w==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "vWwpCPVTGndMb9IraxXgGg==": { "id": "vWwpCPVTGndMb9IraxXgGg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "vZzq+XzhXQpcGK6x6C81SQ==": { "id": "vZzq+XzhXQpcGK6x6C81SQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vagSYtfX2ayPhseLZe8kAA==": { "id": "vagSYtfX2ayPhseLZe8kAA==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "vb7DdaxZjPV5NEcCqN9EkQ==": { "id": "vb7DdaxZjPV5NEcCqN9EkQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.1.el9_6", "arch_op": "pattern match" }, "vbUGycVGGL83rd1I5CfHuQ==": { "id": "vbUGycVGGL83rd1I5CfHuQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "vc3i6DfzTVpLFX6x0zKE4A==": { "id": "vc3i6DfzTVpLFX6x0zKE4A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "vceRrCjaQs4/Tb9s36m+gQ==": { "id": "vceRrCjaQs4/Tb9s36m+gQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "vdokiHWKHEv0aYbydeDs5Q==": { "id": "vdokiHWKHEv0aYbydeDs5Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ve8kNOScD+vxLjbMehgbRA==": { "id": "ve8kNOScD+vxLjbMehgbRA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vekzBecfH1YN/Zd4MHsZmA==": { "id": "vekzBecfH1YN/Zd4MHsZmA==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "ves1GfNCYjdCXJceNwT2Lw==": { "id": "ves1GfNCYjdCXJceNwT2Lw==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vgP3FAR9tXjiqUc0mFlRrg==": { "id": "vgP3FAR9tXjiqUc0mFlRrg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.1.el9_6", "arch_op": "pattern match" }, "viJWUTYaczSUI8knrOEDyQ==": { "id": "viJWUTYaczSUI8knrOEDyQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "vn/18J5TIuzcd8MxdMgYlw==": { "id": "vn/18J5TIuzcd8MxdMgYlw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vnBlYA/0lXrfCSSYxgwhSQ==": { "id": "vnBlYA/0lXrfCSSYxgwhSQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vnQE6sVVricZrrWA9Xv5RQ==": { "id": "vnQE6sVVricZrrWA9Xv5RQ==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "vpkqaxRDIkUCRIT3f2sk6Q==": { "id": "vpkqaxRDIkUCRIT3f2sk6Q==", "updater": "osv/go", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "issued": "2024-03-05T22:14:58Z", "links": "https://go.dev/issue/65390 https://go.dev/cl/569339 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "vu4nws6mMs6GJYT1BNu9DQ==": { "id": "vu4nws6mMs6GJYT1BNu9DQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwUe6Dpe5Fb7V8GdyGEhjA==": { "id": "vwUe6Dpe5Fb7V8GdyGEhjA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwdkC2aeXSkn642Di7lXbw==": { "id": "vwdkC2aeXSkn642Di7lXbw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "vy6yzxdusLc9vaaiu2HI2w==": { "id": "vy6yzxdusLc9vaaiu2HI2w==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "vz18/+7m2wxxY2NMQUQ6Yg==": { "id": "vz18/+7m2wxxY2NMQUQ6Yg==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "w/NMuS0o9hChTkNvZhIOtg==": { "id": "w/NMuS0o9hChTkNvZhIOtg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "w/qPRfgu7T1MbY4EuhkWZw==": { "id": "w/qPRfgu7T1MbY4EuhkWZw==", "updater": "osv/go", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "issued": "2022-07-28T17:24:57Z", "links": "https://go.dev/cl/405994 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://go.dev/issue/52814 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w93rRV74Y3Xaae9j4uy2iQ==": { "id": "w93rRV74Y3Xaae9j4uy2iQ==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "wBC264S906jsJ9EHip/24A==": { "id": "wBC264S906jsJ9EHip/24A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wCl622H8UElXM4AFHot1bA==": { "id": "wCl622H8UElXM4AFHot1bA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "wEVnFZ6M5zpBHSw+nqU0rg==": { "id": "wEVnFZ6M5zpBHSw+nqU0rg==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "wEZLQNUZyYD6Rz0ucz5fzQ==": { "id": "wEZLQNUZyYD6Rz0ucz5fzQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.1.el9_6", "arch_op": "pattern match" }, "wG1iwTc5HBr1VKWUstaeHw==": { "id": "wG1iwTc5HBr1VKWUstaeHw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wL88v46Y3XlOQ8xtlmBugA==": { "id": "wL88v46Y3XlOQ8xtlmBugA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "wMpTUDltgKPDv4b44/0Spg==": { "id": "wMpTUDltgKPDv4b44/0Spg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wN+C2Zg1myHVbcMR/36bqA==": { "id": "wN+C2Zg1myHVbcMR/36bqA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "wO2dcFx5JhDjz2K4QDYydw==": { "id": "wO2dcFx5JhDjz2K4QDYydw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "wSNG00q+az+IW0NBCU7MPQ==": { "id": "wSNG00q+az+IW0NBCU7MPQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "wTqPXpGv5suIYx7xVHwxzw==": { "id": "wTqPXpGv5suIYx7xVHwxzw==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "wVu6Drfzxh1KT5UxKndpTQ==": { "id": "wVu6Drfzxh1KT5UxKndpTQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "wXA+dwIpPFBMKZHFylJdgg==": { "id": "wXA+dwIpPFBMKZHFylJdgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "walyEMfvPvVh3KXxCNA/pQ==": { "id": "walyEMfvPvVh3KXxCNA/pQ==", "updater": "osv/go", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "issued": "2023-05-05T21:10:20Z", "links": "https://go.dev/issue/59720 https://go.dev/cl/491615 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "wbgbZuReVn7DfcAmqe3XZA==": { "id": "wbgbZuReVn7DfcAmqe3XZA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "wc5lIWGg0A45t1Tgl/aghw==": { "id": "wc5lIWGg0A45t1Tgl/aghw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "wed5fBK5xYyUEx1EpoQtEg==": { "id": "wed5fBK5xYyUEx1EpoQtEg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "wfyGNkRP1AKTpRqTPf0oQQ==": { "id": "wfyGNkRP1AKTpRqTPf0oQQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "wgjZroGG2ECX8FlIRRqZmw==": { "id": "wgjZroGG2ECX8FlIRRqZmw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "wh8UL6jE02MHJgululn0nA==": { "id": "wh8UL6jE02MHJgululn0nA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "whMVc0u5Lzujkr6AuzQzMw==": { "id": "whMVc0u5Lzujkr6AuzQzMw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "wj5w4kQEe9iH2tb9jj1wEA==": { "id": "wj5w4kQEe9iH2tb9jj1wEA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "wjPVtpb8yNf3j3pc1wfy6A==": { "id": "wjPVtpb8yNf3j3pc1wfy6A==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "wlPwpwE94ExdZ/N5EaE3ow==": { "id": "wlPwpwE94ExdZ/N5EaE3ow==", "updater": "rhel-vex", "name": "CVE-2023-2491", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 https://www.cve.org/CVERecord?id=CVE-2023-2491 https://nvd.nist.gov/vuln/detail/CVE-2023-2491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2491.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "wn4STzMt4ytbVHyERUyNoA==": { "id": "wn4STzMt4ytbVHyERUyNoA==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "wqIGHEm21/U4VCTr0VeLVw==": { "id": "wqIGHEm21/U4VCTr0VeLVw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ws4rNVATNtezkRTpFfdzmA==": { "id": "ws4rNVATNtezkRTpFfdzmA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "x+9X6oSMihxrE4Tni3a4Zw==": { "id": "x+9X6oSMihxrE4Tni3a4Zw==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "x+E+r7arkKvVcXf/ay8rdg==": { "id": "x+E+r7arkKvVcXf/ay8rdg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "x0tnd8GOUfHQCdr5bXMpHA==": { "id": "x0tnd8GOUfHQCdr5bXMpHA==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "x2hzd4kogrK1x2HyIGmxuw==": { "id": "x2hzd4kogrK1x2HyIGmxuw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "x4dqDafgKW8Zo/is+xcVZQ==": { "id": "x4dqDafgKW8Zo/is+xcVZQ==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x5MnAXJPkWBC+zd+i08Svw==": { "id": "x5MnAXJPkWBC+zd+i08Svw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "xDXpto7iDgv1dyFWeDEVcQ==": { "id": "xDXpto7iDgv1dyFWeDEVcQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "xEtBJoALTqnQBn0TOsRe9w==": { "id": "xEtBJoALTqnQBn0TOsRe9w==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "xF20fK5dvutyLkWcMLVDPw==": { "id": "xF20fK5dvutyLkWcMLVDPw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "xIqTu52elcgV5FuN0Fuj4Q==": { "id": "xIqTu52elcgV5FuN0Fuj4Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xKFSWwGN4NIDnytC6SdEvg==": { "id": "xKFSWwGN4NIDnytC6SdEvg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKgvhqTYvQwR5QWUkRuf6Q==": { "id": "xKgvhqTYvQwR5QWUkRuf6Q==", "updater": "osv/go", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "issued": "2022-07-20T20:52:17Z", "links": "https://go.dev/cl/417064 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "xNJWUdryH0nBQB/93HRNuw==": { "id": "xNJWUdryH0nBQB/93HRNuw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "xP/kV8YDeJxssrXaMcjXUg==": { "id": "xP/kV8YDeJxssrXaMcjXUg==", "updater": "osv/go", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "issued": "2023-12-05T16:16:44Z", "links": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.0" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xUBSdDBs0fiKOh6BCZPXOA==": { "id": "xUBSdDBs0fiKOh6BCZPXOA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "xVnM1Y5F9hIYQN1//jfY7Q==": { "id": "xVnM1Y5F9hIYQN1//jfY7Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "xYZxVBz2xY/aoDQPqi4nCQ==": { "id": "xYZxVBz2xY/aoDQPqi4nCQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "xcQReVPnPEIim0iMTZWDwA==": { "id": "xcQReVPnPEIim0iMTZWDwA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "xhnxsdmWc6+n3gUj6yqBpw==": { "id": "xhnxsdmWc6+n3gUj6yqBpw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "xjE2Ua1GOmdwVi+xIIGVeQ==": { "id": "xjE2Ua1GOmdwVi+xIIGVeQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "xmhlBgW9Qhx+a2k3SdfUzA==": { "id": "xmhlBgW9Qhx+a2k3SdfUzA==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "xoMyxEWbrnIOZWHnwVuShQ==": { "id": "xoMyxEWbrnIOZWHnwVuShQ==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "xqLSmaq+0/3ps+9zoCEL9g==": { "id": "xqLSmaq+0/3ps+9zoCEL9g==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "xsP7BCzVmEb3+qivw8mFIQ==": { "id": "xsP7BCzVmEb3+qivw8mFIQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "xsiKeHcIwwzMLDEPFdNSFQ==": { "id": "xsiKeHcIwwzMLDEPFdNSFQ==", "updater": "rhel-vex", "name": "CVE-2020-28362", "description": "A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "issued": "2020-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-28362 https://bugzilla.redhat.com/show_bug.cgi?id=1897635 https://www.cve.org/CVERecord?id=CVE-2020-28362 https://nvd.nist.gov/vuln/detail/CVE-2020-28362 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-28362.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xvZ+aaak6OxbCE7Nu46XhA==": { "id": "xvZ+aaak6OxbCE7Nu46XhA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xxrk6qwvf/BkNdal8rz/jA==": { "id": "xxrk6qwvf/BkNdal8rz/jA==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "xzz0v3ajpuFhN3HDJCDDYg==": { "id": "xzz0v3ajpuFhN3HDJCDDYg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y0c8SsIbu7kpkqoaDhf8/A==": { "id": "y0c8SsIbu7kpkqoaDhf8/A==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "y1Qpo5IDwj5DRizBbMgltw==": { "id": "y1Qpo5IDwj5DRizBbMgltw==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y1VRnBNNx34t1XvqjEl7IQ==": { "id": "y1VRnBNNx34t1XvqjEl7IQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "y5N73UEFT/BHwjJkVAx22A==": { "id": "y5N73UEFT/BHwjJkVAx22A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "y64mIHRpNx52AEpoGbOyzQ==": { "id": "y64mIHRpNx52AEpoGbOyzQ==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y6Uu3YyF1CrzpsmxAF1m9w==": { "id": "y6Uu3YyF1CrzpsmxAF1m9w==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yCrfh+WfD/7UJatf+Ek6jA==": { "id": "yCrfh+WfD/7UJatf+Ek6jA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "yF/CyvOlKzDmpBu26JCuEg==": { "id": "yF/CyvOlKzDmpBu26JCuEg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "yIgeDQgyoDXR+INQbK5bbA==": { "id": "yIgeDQgyoDXR+INQbK5bbA==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "yK3vcSC4PlKQSa9IQKCw1w==": { "id": "yK3vcSC4PlKQSa9IQKCw1w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yNIngFjcdt+ETIv0YvW+4Q==": { "id": "yNIngFjcdt+ETIv0YvW+4Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "yOFL3ef2F8Ux3GMySAVXxg==": { "id": "yOFL3ef2F8Ux3GMySAVXxg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "yRV28i/MrM7mz4Vw1MzWxA==": { "id": "yRV28i/MrM7mz4Vw1MzWxA==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "yU3Lpv2jlcYSr1/M/dL33A==": { "id": "yU3Lpv2jlcYSr1/M/dL33A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yV3QixxBrXQjuo0c4OIL/w==": { "id": "yV3QixxBrXQjuo0c4OIL/w==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ybQbHANLbpeKvvvpnEOh2Q==": { "id": "ybQbHANLbpeKvvvpnEOh2Q==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "ybg9o/djfKR8D2l5wfz/6g==": { "id": "ybg9o/djfKR8D2l5wfz/6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ycihN0043OihPtrAPlFZyA==": { "id": "ycihN0043OihPtrAPlFZyA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.1.el9_6", "arch_op": "pattern match" }, "ydN/9qW+IO/7qUsy09APhw==": { "id": "ydN/9qW+IO/7qUsy09APhw==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ydg80VAiaAwfrueUhGEKNA==": { "id": "ydg80VAiaAwfrueUhGEKNA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "ygPqOnRCEHz9NjTVM+wIZA==": { "id": "ygPqOnRCEHz9NjTVM+wIZA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ymBGTBftPxHJSbwAfx3uNA==": { "id": "ymBGTBftPxHJSbwAfx3uNA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "ynnULh1l7jTnQPnMak7suQ==": { "id": "ynnULh1l7jTnQPnMak7suQ==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "yq06et41/lBQ0nsMvLOG/A==": { "id": "yq06et41/lBQ0nsMvLOG/A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "yrD0ecVnK2Y23POHVpCwiA==": { "id": "yrD0ecVnK2Y23POHVpCwiA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "yrkfySEOvQHtbEYpAUNs0Q==": { "id": "yrkfySEOvQHtbEYpAUNs0Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "yubezWiwTBzlJyfKBBah5A==": { "id": "yubezWiwTBzlJyfKBBah5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yz/zQzn72boszb6Cab3Y9w==": { "id": "yz/zQzn72boszb6Cab3Y9w==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "z/LMTnJeia+du5LSYhMD2w==": { "id": "z/LMTnJeia+du5LSYhMD2w==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "z1fiDjJjV7T+4MZClzquUA==": { "id": "z1fiDjJjV7T+4MZClzquUA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "z1wZ8EsA73QQBAtKsHeNNA==": { "id": "z1wZ8EsA73QQBAtKsHeNNA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "z52r/0OKaWAkLWR5L4SEkQ==": { "id": "z52r/0OKaWAkLWR5L4SEkQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "z6u9MfxJ5450gPIBXVMBZg==": { "id": "z6u9MfxJ5450gPIBXVMBZg==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zBm31RctqcDF3ITqeA/9oA==": { "id": "zBm31RctqcDF3ITqeA/9oA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zEKtVLhCQn3xgvKNhFo2bg==": { "id": "zEKtVLhCQn3xgvKNhFo2bg==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zFG8iDklz8FcuYliYZGkqA==": { "id": "zFG8iDklz8FcuYliYZGkqA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "zFZE1hLph4hR8T7aNvRt0w==": { "id": "zFZE1hLph4hR8T7aNvRt0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.1.el9_6", "arch_op": "pattern match" }, "zH/R3mCgsX+vslxcP7p4cg==": { "id": "zH/R3mCgsX+vslxcP7p4cg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "zLUPO/DSeItPLWNqYd2DSQ==": { "id": "zLUPO/DSeItPLWNqYd2DSQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zNwhU1to6ohdg5Ws/JmM/Q==": { "id": "zNwhU1to6ohdg5Ws/JmM/Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zRaIctSo0IHgkpOD2xBvHw==": { "id": "zRaIctSo0IHgkpOD2xBvHw==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "zdrK/Mitm8rUuLp2HwWnmQ==": { "id": "zdrK/Mitm8rUuLp2HwWnmQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.1.1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "zi+zTCtHwI+xWITxpaOJBw==": { "id": "zi+zTCtHwI+xWITxpaOJBw==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zidvm9MkkP4S62Ofl4+xSQ==": { "id": "zidvm9MkkP4S62Ofl4+xSQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "zjZHjKf2l5+qY9/XYdFMQQ==": { "id": "zjZHjKf2l5+qY9/XYdFMQQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "zmJCk6ssM8yXKzXcDFtbsA==": { "id": "zmJCk6ssM8yXKzXcDFtbsA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "zoCeQAIu1TFmWIYHnlYddg==": { "id": "zoCeQAIu1TFmWIYHnlYddg==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ztlVnn1P+W74ZN9vh2BisQ==": { "id": "ztlVnn1P+W74ZN9vh2BisQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "zwpNi+NBoVUfQ5Ed4vkNug==": { "id": "zwpNi+NBoVUfQ5Ed4vkNug==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+LQ46YAn9giMKDZRMCUpfg==": [ "ZAUFPHu5UQZ+B2n+SrWIqQ==", "wEZLQNUZyYD6Rz0ucz5fzQ==" ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ "FKu6EFoCfpksmq+M7pL02Q==", "XPUXyp+BOEJyEGOgXafi8Q==", "eDxAdI0cgddAZnBSd4FI0Q==" ], "+yIdH2Pb8SGFuXnry3uK/A==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "i1aZclSgDVfSpq3wWatknQ==" ], "/FMjm+UzO0PTaS3Td0lhkw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "/t0e+LuglIbDcO/k67Hr2A==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "/th8aUKrkgR3Sw9KSBM+CA==": [ "s0PUMgVnEtuqOkBdJNAqUA==" ], "0N0D43vK8KV4kQOq2LQn7g==": [ "lbvVctqpDivb/6OV/xVV+A==", "2DPl1NLEsHotw7kYOPR/8A==", "2432H9ZBrMWDJ7HhyQT63A==", "QY4aLgQQjP1oPPp38ArMrQ==", "xYZxVBz2xY/aoDQPqi4nCQ==", "pwFS1oPwyZIRVgVgtAgSPQ==", "IfZDrkeHpfXHfjHzETuKbw==", "cUH9U4T8Wpzm/UIIektEAQ==", "7CqLd0zk1hiFU3yrvTTdyg==", "DCflC/lDsmgt9IFXJM3PyA==", "o3TqxXhqdegYIl51fSMQ1A==", "LcEYljn+QTWUC36NwQCf7w==", "bKE3ov27WR5dMz8a/M+jUA==", "SjbW0rogoRJo0my37ozMDg==", "whMVc0u5Lzujkr6AuzQzMw==", "uhGUZtCY1OXgM1L55/upYA==", "jVClMHCoFf8RUCB6W2c2cQ==", "CSv4lPWUxMcEgRRI/WkPaA==", "aQ/ax84rpyWNveVTm/MQww==", "eMVMlNYLRzjk+Xt/peAYqg==", "Rf7m+dbWxZxBNm1A9nfdqg==", "eOOfcRLf3CHL5spaYEPovQ==", "glwEUWfaBwNPBrXUJo34tg==", "GEDO3j20WMwIj0JMNMq5Iw==", "G77a8vVkDX/8Yt/v29MOhA==", "0UWL07sxLog3CGNaaYYQxQ==", "31zk833ZdfHhkO9sg82MSw==", "ihcyIiYlnktNuXSrEgrQjg==", "Q2+f0ITzWPp+YCesnwp1Ng==", "G/dmoDOpwh0GrsMovfySVw==", "O0QnjS+0zUH+vff5xaIpCw==", "AJcMDco3zISLrE/7+42hGA==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "8utuZQ/Ix8fDNAmmSZivvQ==", "x0tnd8GOUfHQCdr5bXMpHA==", "HjJnWaqrr4SaFPjzu8hVkg==" ], "0wIoN0pFyBSc9eVtRdIOWA==": [ "tZCJ3EMmfQYEKmNY0R6pgg==", "WALxwIFXDH8ZvKesDKBFiQ==", "3wnJ6TxCGJITikNK4m6q+g==", "4JIGhO7+fAz+LPTFEuBHUg==", "PHRlWl/iCYco+xAVn6SmKQ==", "JQe3P/odATa/OKbzn309dw==", "SRL0fsSEDtOf7vYyf/BewQ==", "J6GavUf0zh8+C0zHHTDYfw==", "U61IeOaU1v6bOHJxSPbCCw==", "SU1MGh9+Zg3Zuy+khiN0Og==", "XhhNgYgTJmDdYc90YuE8vw==", "bpM7BDVV04atOPduc9mI8Q==", "kRj1Frl5pmWWgd5LR0IPyw==", "FUR7T9AnekkZ5hPUz2WP6Q==", "tDVJVtVXjEp2hZmPcOFM9w==", "IsqBfnAxrh9UbW8oQaSR7w==", "O+NG96g+kK1DtaJEFTfwuA==", "eNUwUuL3W5wSpnxJfClXhg==", "jbS9IFs59O0uPYg9IZeksQ==", "EzveB8rJWscHHRZtJKOdRA==", "Qp7j7oFs4UbVUHVGblDM1w==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "qpRD6NPbAOP7sG5S6hInXg==", "mUXGZjQ6odB/7zYNoJjJRA==", "Bzc4r1UXMoCf7blNLHkQGw==", "8BMA6LbX8vjrr4aUcmHB5w==", "pd2B9G+4ekvOFTzso0NXCw==", "FgTFx5g45j7WzA+bfAHPzQ==", "nNzRt87EkCVymyYuDyEW2w==", "L04cc8NCPjDZYnxYDnO5+A==", "yrkfySEOvQHtbEYpAUNs0Q==", "/+t6edjy50ibBAIw8q+CWg==", "hECLdfUszFQo2UbzQI3BMQ==", "lJah2RfNfRF+vEQdCucT7w==", "84g+WJ21VVZ5YgyE9krInA==", "y0c8SsIbu7kpkqoaDhf8/A==", "S2g7delheJOLf2DxVbw0Hg==", "0Gq5wAUiCXaH50wxZYx9MQ==", "M9nh4Ryt6GwPUlLoItHqnA==", "fMQ6kctftYthbGvZli2/sg==", "4K1RYkumn7qw6Pk7lwpfbA==", "hHQvhYHv8KxCCQMiFpmyWg==", "Y3PSsgfYVK7+nWpNGBO9lQ==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "ohJ0B7EgOJ9MaxYsbvhjIA==" ], "13i0QoQ6Q4yBI5RUf20lXA==": [ "h7m1EaKKCwaqq30R6Q/BlQ==", "Uy8P+1ImBLgh4EjZYlMO1Q==", "7NIMWPjl58dCiuwwIe4bGg==" ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ "rtmfAClgZr+pMIYCffofpQ==", "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "eT0Z6G4b2zSUUUSLlyL8Tg==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "vy6yzxdusLc9vaaiu2HI2w==", "0MBdby0uigxg//rv2xd7SQ==", "WPitnGSVxSl/y97AJTQIFQ==", "H4boG/V+MB7stA7jG8O6Tw==", "dRNxgKG0w/nM5rSMcvz/kQ==", "cJ4BQpErMW3FIQ2vBfopJw==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "DqGYMV65C5QRFD63WuUcpg==", "1lRtJofWFCTkQi0dreTmvg==", "/rVEaWl0l9u8biVEKbZTFg==", "2vr/twKdnITJOKu9ARCAXQ==", "lKniGV6mBq1xFWJ6V0QVvA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "H4hIo8QsJ8tJeirBCqwHFQ==", "dPlld/v+ZrL/y3NT/M5t9A==" ], "2REYKadw7TKFiuC+OnoHmA==": [ "ijNNBHI8o+gObvRZ97LRdA==", "CH/8kg0DShdiNjzv6+DZnA==", "L3Sq7FQbQmRq1R8Dn0eFww==", "JegoLVJD+r1CNqau++1Vlw==", "2UhjmcPUkGmILpYJPZEiNQ==", "UWR5dcXlfiNMz/BIfTGvfQ==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "Jo0GiPh7MZcVuLsVDbp7qg==", "CMGu0bZesU9cyPAc2vK34g==" ], "3688bXyK/nwHthXLLVH24g==": [ "teVzqeXKz5qAL9KrVUsKAA==", "IWplUWF011EXddGnkU5Png==" ], "3DTA/XNFCCDFf6sfX96bGg==": [ "CQY3y5mGXL6FhNg/bhr8Rw==", "rpzV0o5XSSiqAfiLvn+7sw==" ], "3RQKCmep11B4hkfn96QJTA==": [ "WxO9le6q4ACTs4KnSuckDw==", "QNeXj0/uAU3vww6deBbkrw==" ], "3iIPR0bjuCPQ2+48pSdeHg==": [ "+WB02bbxvRVZgJj5gYjJ7w==", "4gO4ls/gy0nmsC3NeXvyVQ==" ], "4Aph2Qer6+KdCecFsU0TXg==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "AsiuN/8gu7sZ0PJCLihjmw==", "0u9BhQlRGnXqmFj5VxmVgw==" ], "4DM2GB9KLL7/xWypPdz7vA==": [ "8QRmG/+fMsQQzP2maaxOag==", "9b3CWaJsQwdqnuBJDBMt8g==", "f6K2rwitLCyOeqkSvuUcFA==", "VgaIsJDFBatjqT1h+RQLFQ==", "m77LjZYd/4k9LSozG2S2mA==", "KJGsgMArislsisVXSZHY4A==", "pr6wo3A29JKUBSVK/BGExw==", "WIbunUW6+W30QKZc5Tmqzw==", "9UTiJlsfYxfa60iynbYgLg==", "VGewdTS02tdqYoORYHK7Rg==", "0PMktbRk+B4fdwvvP1VWUg==", "V9lyeZvue30g1R6RiITjAw==", "qIRy7/v51ILezECGLzLGBw==", "2vidY7qxU0KDMpAzTaXQCw==", "5z9ZOzxJREYn5oM+HAm6dA==", "E90jB6HCh1KjzQXtmHMUUg==", "iSsTR9jTS/494HfIgB9pGQ==", "2VowcBblBj36IfwmFRwcwg==", "3FdyvSRS+ECfT74KYiCcLA==", "peMVLpnT962hXrm4IDBPqg==", "JTwzSHX5xKxgTtyprecVew==", "2k/PqFfUaKNy33VkAbVD6g==", "1oKL9ZSv1M4CmxUhNFjpmg==" ], "4ImdKzJ7uZoaviIayzuoUg==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "1SDdOQM609JpOnF4Vx/qwQ==", "2j4vw/Ef1McLxa/C6FEQvA==", "iL/VOECJBzyFgTCwWDppVw==", "ITIiuf1dzb05+JHj8h65fg==", "gCKIolAPxKn/MwnZqQ5viA==", "ANxFBq/yNQoElX4dsXb0wA==", "562erF6ddCIyzi5oV/IzHQ==", "81Pd3WxGavo8vEw0GcfWBQ==", "iWeHI13pT0mygP25w8npPg==", "gh3MdGIod7lYo7rDnSpHLw==", "49jEi4xCgfg8T8qzhNobIA==", "NfOajNNzWnotxhFpYD5Nfg==", "5ZJ6PuXfgRMCarpNow00ew==", "hMwTXtuK2CPZup51st8vag==", "uJDCv1FWYpz7eywFMZ5WnA==", "VZxWbc2wJwiwTLhillEtpA==", "dhk9SR7XgMlUT1SwbOzs0A==", "ybQbHANLbpeKvvvpnEOh2Q==", "iUURXijANkMZIH/VbXWyYQ==", "vZzq+XzhXQpcGK6x6C81SQ==", "X+rjva7ecn1JedeVO9IX9w==", "7B4LUCjMkCM+NcHtyQXyFA==", "9z2MVdoreqGVJcUFUz72OA==", "am8Nu2Xz4xTgOxf+V74bZg==", "H5vm/YCKZciOb4TXZmGZlg==", "YpjyzhR3jAhlzb479lBoJw==", "bmNjdpodhrAjmmeNv8j2ZA==", "OOCO13z2+atrfqEfCsJ3/w==", "NplyvjxiuekBB/5QKoOJbw==", "cv/HKlhaI7EJMBLIaTimwg==", "L9hbhq3wsZ5QkKEIo/fhYQ==", "iE+bfILM7uszXcxvEd6gYA==", "VcgFEXPgpzLsj5tOjILVtw==", "kBdyi87P4B1cTF5hLS7ByA==", "71rWwrWl22424P8D9sWBZg==", "bb9X6domCAmA+m40PgE/jg==", "ISgjA2mi+Q9vbdNEhDKXOA==", "3a2lYBlaR2GDen/lmTlCyg==", "hzkoKs3QdYyXJMnifzGbxA==", "WLri8p9NfgX8reKybIYziw==", "3wP/Eggf7Bu35MpzNr1Fog==", "ToyZiPOtBFPiNJOZ8QaYng==", "fezwmAwUNAjVNYh+YY0Wrw==", "EBopL1hbi9GBQGXZUVNCAA==", "GJ6//hGiIsio2zBFuudd/Q==", "GVXQ1XPPQkuhZ4SIFGoF+w==", "0LvlxzvH25js4ffWzvLRTQ==", "/U86DUGeHRSAL0GvmlifyA==", "rkpLgzhV90FRHYY3ESWHfw==", "MrRavbeiISRcJtBRJ3ZRsA==", "VdMk4kWMgrdK/5+i3n6XhA==", "fUkL/QrHEZtoCydnxvHQYQ==", "WU+A3QdBd331DcSM3AXFew==", "TQEoFglRNgkSreqoAySz5A==", "9NxQaPp619Bd0qky1dvzZg==", "MVGmB/UrNlB0PqdbI1X5iA==", "nhTPOqyx5Hjq5RaQThVb3A==", "keMF1HAI1OIF8MvJtPZQ+g==", "EXi8j2JWeu5xYuWml6Ellg==", "VQ+eWJsUMBep4PD4xfj8Vw==", "ND8tA1FahvMc/ZIGpyoj3g==", "78Ya60ppwS4OL6ZK9P90Qw==", "ZCWnPSXILcJ9aE646DCmag==", "UH1xPpnVOud+f1gKl26ATQ==", "WNRX1UWo4fDLFOhq9mcbIA==", "JZIEpU7UdEXuAMj6emkt5A==", "nKGJQ32gv73mgVLbPDD8Qg==", "k9Yjqv3ifDP4XwsJSZ8XiQ==", "7TWJhc3cfFgph89dsQ0nBA==", "jyRfRwiUvNWAyNlZmv3MkQ==", "iMwaCmNtKHrK2+scb+hkxw==", "LMcwA00QGnxriAXkZQIhHw==", "tjg7NtH3QatPaaScohSsZg==", "IRgMJoQA4x1xizY2hEw96w==", "9ia70lNV6NYvmzB7WlbYQw==", "LkG+n79mbPHrPl1sC2ee1w==", "r9W84DjqWVoSeRkzoMmOdA==", "Ira5htRPGofy9veGMRD7Vg==", "dgwlwyboh6/BQfJsyoE8Eg==", "UhBP4F/rEtGjZG3U8Wvp2Q==", "YPJKJ4DYdTXL0BJCCS9pgA==", "eh73UwgswuQUUBPGmZNxLg==", "bytYw82gsP7fmiiqIEcGNw==", "O4VudlVyChnCKHP9qhS59g==", "XfjE+J06ONMJAg7vkQ3tbQ==", "esWNnTXfVcQMP31EwLadpw==", "osxk1q2jE3TCrr5JCQRhNA==", "TI1OyePXauC23iR42z7HKg==", "o6arI4B+lOjvgV6k7kauyw==", "0O2I0zrYDyiCiU68WyBLvw==", "lG2c0hNx+Fgq8Zf8B1rJyw==", "FsYbwBEvKH6FW81JU3KSvw==", "m2sL00H9lvJ4xs2UqwHxiQ==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "sXnCRVNv4i/ZmrJ0YxWonw==", "Uh6QIejNBmYSJ+kLmnZWzw==" ], "5NZNFErDrBiBoorV+igTjg==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "9M1meEoYiMYlmYR7kKfweg==", "ZeLcisCXFaeQKOi8dej/BQ==", "XHSXqyF2rScxnK03VnME5Q==", "QZQvSq0tzcJY8GfiU/aXpg==", "Geg0mw2hzdsfDbJ9adcmWg==", "1QQmDcMkRqvOte/bR8QEuQ==", "w93rRV74Y3Xaae9j4uy2iQ==", "Oaw7/z6QEDwwzKvMQmdriQ==", "N6xCmSIsupN7OsJaYpsl6Q==", "hv1o+8ALinWTDa5cH4j3rA==", "q6x8gUSR0HLnQLHLmB4Htw==", "yz/zQzn72boszb6Cab3Y9w==", "GolUr/klMsQNQ9QFMdcAmw==", "9uaveyIiSEcdU4MrDHbJ2Q==", "X9na4KYJ5u50u+KLDr2iTQ==", "qXBiVfXy4luW+BbyG9z9BQ==", "c3eMx85yv79gfxNsxZXPHQ==", "12PmpsYpKqbguwokcjBXqw==", "wEVnFZ6M5zpBHSw+nqU0rg==", "nD4gdXb8ND61ypX9fYklTQ==", "5vR/2ZAfb0swnLBKDl3Bzg==", "quMgsZt2z8hlQ+HzwzaVJQ==", "70HU3efHkL/3G4Y44qZmGA==", "fUlz8/rwVV2PbflGdFYCdw==", "4K7cGcsZltSw5Ayu8+A5rA==", "ETcQXJZrA6IUPRr4MXFUIw==", "ZZj+FChMvULXnT4QSAEvQQ==", "qLHoaQ/4ax3G7SRd9aV2yg==", "AQa/gDZ0IemFxWbJIsU4yQ==", "ug2Mk8LI1eIN0hRNT0s8JQ==", "O41Bejc6em2i0QjOrjliKQ==", "VJAm4vMolMmA2ytzFknQUA==", "RReWBnQmCp2XJDUh6xioRQ==", "vAAzy4RBfYsNO+V3LlPJ7A==", "2eKcZq74WOmYmPDTZ8L+Jg==", "1PYvw1fdwe6hM2UBdw4Itw==", "qdXDrJ7D0lw6kIY2dy+1KQ==", "jY7qsjEMOfcaNJkgI4dijw==", "K0/KdAmlvzyf53kjXgfoRA==", "LXj+7NB7elh/3U/gcE77cw==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "xQ6R88+x8IssPvOAavmZXw==", "r3RLKNYtYvKarBqnnrlrew==", "Z0bbSkX8e3OUKdJa86CbBw==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "RUDcnDBVSmf+/LWMe4Tqgw==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6VAQWTpZhN9PW7YCmVhxsw==": [ "03F5BM6+dlM9pg6rJMb2UA==", "0P/5eKFuPPXM3bHgeAHWxw==", "JfmoxvDj+qKmecssvuGVyA==", "2bOVXniSdlE0fZB1iot4yQ==", "8gQtKtb/Xr3aGfsLtKyetA==", "bqEGDVpuXY3j7Kr18B5E4w==", "YnyGgq68v/XTMEk0yU1qsA==", "vLDNpmPSXi+t8ebIQHILIw==", "eqZVUGTs5pHRR/tV2jQA/Q==", "sTJKOfHbxppSoExQl7mYpQ==", "PnyZkAM4ZwDECggE7QV89A==", "qI12E1AIG5PjZFUHEhSkgw==", "51jf2IrfzMdepCjAvXkPMw==", "kJ/PUfmUBn2Ep03yRLItuQ==", "1/PWApRfYh/rLEOR0JZLsw==", "wbgbZuReVn7DfcAmqe3XZA==", "Wd+GQ3y21/7kl1XV9m/oiQ==", "fcJXnA1/CqZDeUcxpMPyzg==", "n5bOb2nwIXCE6i6WEpGlzA==", "taWP10HWuyQrPSEFSUjPPw==", "EfJCfNem+1eUwnsxx2dNOg==", "ktNuCXztDAtRpUWlUtIWUg==", "UuV6vmv/pMSyQBUW2Wn3bA==", "f5rDGDIgGLk7iLvtlKjm1w==", "lO89yYeT5Xt1E5KBgR1OXw==", "S3c04CkV3MUFBzUssTpBSg==", "wXA+dwIpPFBMKZHFylJdgg==", "ljT4JJv6XdYorFfJ6zbfog==", "830L36AKCoBHnXPHE6R6uQ==", "4Uca8szOo7gGoVgv+DjeUA==", "knD9e5c9mhfEteHg6iIbAQ==", "BfJzk+M/zKnbrBHcCrvIlA==" ], "7JHS+mBQfJeJoy73lvm4lw==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "jecTmyeay6DKd/7zioYjow==", "XXaDpMG90Mb3fV4QxoLqXA==", "7uj4PEKyThSRh2msjDtceg==", "s9zla+0u22E+Nq1zlK4A0A==", "1aPjlkabj3eUY8WGb+gz+g==", "McBbvTJIAPyP1aOW8M+hzw==", "7ZyXE8z7uZKjHitrjhSWQQ==", "x2hzd4kogrK1x2HyIGmxuw==", "aouER1d5ARUcTEP5rjxlQA==", "gEN3j5KPSWh2c+RarvSBNQ==", "6fJcYsi1gPQNv5g1ujEPdA==", "ktZZSLvjrHrh7DYZ23sMhw==", "0TUqdQNGOvjHNFjkDen1Sg==", "63po8QED6nDungBQEqHIyA==", "NXkuwjwxMseOUUaLQCgnuQ==", "/bIhvJWw2AYMGyJtBaoH6A==", "LUlesLbzv1yf48cLqYDxTg==", "rct+rak3m0uMzU51NldQpg==", "oBl0IuwDdaD9PwMwSDcQpg==", "srkxdJQ82zHIMw9egdZc5w==", "k5LjlV1zmKau2rAIOnay6g==", "edf9qrl//4hhbTQ8nlVN7g==", "ve8kNOScD+vxLjbMehgbRA==", "o+oNdKG9C3ouEb/OQo1GOQ==", "eh1RT9v3ol1cjACTvuohFQ==", "c4b8AyMPp1ls7ClKiTCbAg==", "9C6WGntg4UmJkjiylWVxnw==", "7tWeNpgpS6TZ4aQUo8g9NQ==", "rWYn/Km2lN55sVL7Ui4zmQ==", "QqNagWxBuciWgmqsaHDwZw==", "UV2MuUVVyu0L6wfdUc0Qpg==", "QwkBpizF3mo2JpevPMDeaw==", "fVstMFtDcM3yfjjb8mKxrg==", "qOdN56IOMUot4YWCQPjPvA==", "2wnmmIxGcmTTQ7kdV4Q55Q==", "6bZ4UNaa9jRLVZoZHQgYtQ==", "rXJvA1HAsx+E4rVQeqU3qQ==", "BsGuSaqfP6qrCK8KTTY4qw==", "4eh40PtMaL3JhPlCzb+8jA==", "zdrK/Mitm8rUuLp2HwWnmQ==", "zidvm9MkkP4S62Ofl4+xSQ==", "kXL26w3j4LcAqSQ9tOuWMA==", "o2RzBkbyaO/aJUexQwQheA==", "kVJhm1LYIfhvn92InJZLDQ==", "H7H9wMobv6DOqzUUAdOqGA==", "xVnM1Y5F9hIYQN1//jfY7Q==", "0ZGrJGNNqDLH/sZXsRkfvA==", "VyeYHICkBiXwLbWKsz4//A==", "QX1bQ/CZA5mRbcqjpTc9aA==", "IV554NtP1F9KO4IyBit26g==", "wed5fBK5xYyUEx1EpoQtEg==", "+pWnGgJUL0jrC1yhwq+kNw==", "8/mZoUg5ZlBapu2isiHzqg==", "WnkMM/SD0E+7EEac0/vMVg==", "tboTb+/fwz1O/l+3w5n9ew==", "FMzc9QFitxthf16XR1P0QA==", "9gB7mQN0y1Zy9EiaXIHFew==", "M4/opsM/3qe/3m0zjGkItQ==", "Y7ypeGdtYfJMJApDHYX9tg==", "SnI5fUbXuT/Xt+VkGvddww==", "ftPQfiVA8qRKJwxT2xcXRw==", "/G3xQo8kmNMyu7hycZYF/A==", "06GjiUkv66Ek9Iq8u3SFSA==", "u3VIQ3Bv2EdQNxxr10FAOQ==", "psR1kVsSZz19yYKHsoaoNg==", "T2rcJ7DPtdiGNP7r4L5R2g==", "pmYCdyBPlSpsjaT+VrrmLg==", "9PE6ZiUdIaAWtCsUgesEZA==", "eejojwYHRaSarkdAMLD2OA==", "JZouihQMnG3T6XSUXqYbkA==", "JXQAkdur2asBQ4qeq789Ew==", "pNsmsBM6zioL8gqkR9CNUA==", "bjkXZ4ZTp29EFzF+wMw4xw==", "ZAKrc32qORy4LwsxMQgfrw==", "jh1Mqm3BaTYV6MdA+4D74g==", "7Q0Bus9RTfFy/UrxkfH2sQ==", "D1jz5P28B8rwvnVaChXHiw==", "hx3c9WG+Xum3pwxo0+FyRQ==", "j7HjBQaZ5PNpv7JydPZ8OQ==", "yF/CyvOlKzDmpBu26JCuEg==", "A2YTvJXiGwe7aOSqWlEZhQ==", "W08Ska67/8hV/b3GYflglQ==", "cNsQU/uNFf7PsCWqaKxjAQ==", "98vR1ByhE/Y9cvB+lRN3LA==", "CW81Lp11K0nBc+3dYegY/g==", "hlV8M1lvezTjDMlaNPSTvg==", "OqWPbZZgGqlPCMzbmClfHA==", "9lOT/bRPy9mu1knhwrLw8Q==", "/WghVlKV6eiRYf2iGmk9sQ==", "UsE9/aKvx7HhPwZe6KY1zw==", "1LTKa378StuY8O3o3G26jw==", "r+NuuQcHZ5hOWGRHanlG0w==", "RU6xHn/9SV8lotyX3JW1ZQ==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "q9L+6bHSCCXbReRfXEPeTg==", "29Fo/GOP7MILPepOrnMgjA==", "/E8Khm0ZXy1gRiDom4c+aw==", "yq06et41/lBQ0nsMvLOG/A==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "84WodsWNE9m9GIrBiKl02g==": [ "XctMW4QJZO0RsDAv/VoABQ==" ], "8Ky53YwzOPM2pkEIVuuuBg==": [ "LCRgl8qKc2VcXP1ILfaS6A==", "T9nCb/lA5TdipGMhtb6HJA==", "FnsKxnhjNS+E4Y6hrazjUQ==", "GoHsuuxRgbGb3lm852rQmg==", "mL/QvlBQrld+4EwXWLYTNQ==", "TUvm6koxiDQRc/8CJ4TCOA==", "v9nWDWoVTUzEu77hVCL+xw==", "c/+IhJOZwrUFnxH/AA8NiA==", "uPUYRQErrH0+5XWkYAjsjw==", "YJkc0fG7G+dwREiIQihS/A==", "KewD59oo2UdDLsWiOrUjzQ==", "n+8zHdzpUdNYaOfjqM+rvQ==", "B1gQIzGtgKR02WiRgVPUgQ==", "QireWdVPs8MzNOJ1scQvdA==", "F2QVfam7Idr3v4Y7g3wf/Q==", "ynnULh1l7jTnQPnMak7suQ==", "HuVZNoL6F1XG6bLXPdhmWQ==", "FlgtpglQEkjGT66EnFUHMg==", "n6Vm6uSXhVeVnZmJCVL4pw==", "t+vHm4kt0AB+tq2CG41TQQ==", "ixlSuy1zsWjDOO7lFuUNAQ==", "+rCn8yfwQj/rMH9c7+J0ww==", "IzDqrZ8Ru35rI4iCSSk/pw==", "HxiMqPnG14UzA9oHqqI6Ng==", "JtCpNcg8egZjbdozD9CAJQ==", "rRfIMqTlNWlpWE9Bi6NGYw==", "/l+w9tCELORzNXZA4/qNsw==", "ENoYJ+9TEzYG+jTQB5meaw==", "V9f8Tc0z/tWsm1egJDudPA==", "vu4nws6mMs6GJYT1BNu9DQ==", "nLbsKQgcqXqFJTjqeQs6Vg==", "CXlZx/1BY/yqrUCuQlON2w==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "Fi7GXCkkqJvYQw6Co8Nk7A==", "QsR+n6O0ULfYayvahAaltg==" ], "9WzsXAqqRoLidXM4HaB8/w==": [ "oNps3pS/KBKadK++zlgktA==", "TPp/bXEhRpApQLMY2Ppr9g==", "SnYLkLUk0dFIFA/itR5yrA==", "7U+8ffRP7ahu1ot4Zj5Zlw==", "G33a+jVnMZNg6liymp9Lyg==" ], "9hWn3VgLVkzmMJln7S0UCQ==": [ "rFWIZJAOzhCWoZKNelyFsQ==", "a7WPDd2/UqA1rqbo6pjM9Q==", "EZo12eG9Obl1kmhRKBmcvA==", "76ytKtBeQe8L2T7nxeVp/g==", "QjS6b4li9vRMvS2l49iyfw==", "pxuVFZsuUa8YFBkmcjpnxQ==", "DQIgoLb/8+6+HRbr8B6wHw==", "6WQjHZdyTC+aVOSwNc3+BQ==", "pwNeC1oSJCRKeW3NQ1Zwmw==", "Jq9s0m8iiaLnslijc1N/kw==", "oUbBUuaPbKO68xR8hm0EKg==", "dXgWtIQra5a7FOM/lmTQMQ==", "4PXcy6CSX2EaPwYEdLkfbw==", "IGsR1pj6qXRBH+0hYVXsew==", "AI5OCFigX+y57buhAMK1UA==", "J5i8I5ZRQGDUXQI4WkC0FQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "oXbtPoAI0xd/D3jVRZ8E8Q==", "M5aJiMv2/MaWINKfor0BrQ==", "oAa5rQ+ettvHgaEihiWA9A==", "sQrexr1vAx+h04KwvoON3w==", "J1SK5zSFZI94azX3jybBbw==", "WVkwWFZlIInzrX99VsKBBQ==", "Ewdn+P1XzA/h+WRvejvm/Q==", "4RaJ63cwUpp+QWj0IKysEw==", "wCl622H8UElXM4AFHot1bA==", "tTdsNcqGarFD7KtMB1ag6Q==", "/+enDTB16pRyR8XOMcf3ug==", "Cbqd4MLPHY6FcToWh7U3IA==", "748UmdVwB73z0xvCImrQmA==", "ItuvzyMGym4CNyVuxWwH3w==", "24Paca4PaySz9eM+VJu4ew==", "DrL6S4TbqHyLJh/Go9vALA==" ], "ARxZCHzD7KB2Pu4aHl7POw==": [ "ntPgpTaOsf+PmS8l/Ba/Gw==", "a7PsXEXsbw8aTCMWFxM9mg==", "qaC6F9Z9j5kAaiDeRwL7nA==", "3BY1OD4rYtX6LEFO6X+/Yw==", "72/cPQH5mNLd1/e3j2Vn+Q==", "2QjZksAOTEJVwk59l2QYOQ==", "plTl3JV8fPj1sUiMh31FmQ==", "Lw4KgrwWujzRmDjtibR3+Q==", "2M5CwoqtCrF9ix+6ghISOg==", "ZMp4FVCkBvOUuQnhgF/KRQ==", "OoUkTYhn9kcAyWK8OpWEvg==", "xF20fK5dvutyLkWcMLVDPw==", "uRGTeRjJyz2NEeH/TpkK8Q==", "Gn9qNy1ITVhOKz+nUviaSg==", "W9Pcn9xdPg78KgFAK5oOyQ==", "N6/VXIOitxRZPgnZMgm+4A==", "MvPzfqdptyOBxzxR1iCL3g==", "GbZa+XIQtfFHtHWs5gm0wg==", "HmZXdUV/ycFcRK+m71pC+w==", "f9AAdWBkmOO1/+acrJji3Q==", "JLdsQ9mzV76+v5Ttq5j2hA==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "MrpKafmPiKoIdSrqC/r3Sg==", "VDdxJUjxgL4zXvGWC/1xnw==", "gZKcOjx7BKTLxDMH6ZvfGw==", "9fvqDo3ARbJLIgwR1oX6QQ==", "+do0gu6vrF3ZT5my5V6+CQ==", "+Q1v3N9+IP1xQOJnmQWDyQ==", "Wv5rERdynoJ/gHM2CtgXiw==", "uDUK/vmP915z5uyCv2VhVg==", "9oQBIjmHHZP7ZEjuqVHO7Q==", "6miUB07ljV2HaYX/rZ1yjg==", "JiPLnE3IM4/yPxZ8earXLg==", "U31VkPC5v6K7XIsRFDo19w==", "DZWopkvTJiWmVsAADTNOUw==", "bOMmd0jIpY2e7Cl4owS24g==", "kVjUyjaMJ0bXnwb03Ksw3A==", "3CUrg7YVjtx0L5aX+iMRxA==", "Q9syyD8a/4l/mc50UAvBnQ==", "WCZXmTnbo+2lbMuZdpH8NA==", "qV/TxipuOJ9b9a/x4IT2cw==", "6q1zANz+NJU+U0TPL1Xa2g==", "xUBSdDBs0fiKOh6BCZPXOA==" ], "AdRs6lk9yzTM3HvjeEThKA==": [ "AsiuN/8gu7sZ0PJCLihjmw==", "4JsZIRvQ+13IMgBIUPH0jA==", "P2LAyAbSFxWVwlNB9c/A2g==" ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ "3D/COcmVFbxgINNliqKHgw==", "M1Z06nydk707qbRpFiKmaA==", "QHS4gwmQURKolJEnj/ZMHw==", "p2D36zAi5tbYfUPJhBVLhg==", "7T9qiwKBE1swIXuW9Zvewg==", "WGccGAwrqbQSNjycPuaPsA==", "L2l/2cM7p8mbRx8/RerNPg==", "uvaZxZFE7cKBjyjVQ/t6lg==", "RPlldG/r8WWd2UCSZ1vzsg==", "HS96brYtpBiaYpW7OxT5Wg==", "kkBeA26IUhnokem2LDfx1A==", "aR+DKIj7GETMsDtNSfYXNA==", "urOIF+inUTTF1gL7DeWkzg==", "fEW9HCDGh5vauL1jhvKpFQ==", "HfjDJmml2JYJ9YjdaPe+zQ==", "pT+67u2xHyxzA5Cl+Ui55Q==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "ff3woW6bpDBZXooXnBPlNQ==", "NJhwMDbt0IMvlSLLB4cUVA==", "++J1c+9mFiyHFShlJEQFeA==", "H+x0VPepDcitQiESaSwIwQ==", "KXzUsn7IGL3ZRMjBL3QOng==", "NNyvMdW5UTPp1jGH161XDQ==", "1nX4t0Z3G1H45fqJox3f4Q==", "67Q/SCDsFWutXyKWQ9JQdQ==", "PdGhfwK5tePs8ngzFuopoA==", "dqYoyBWLAQszVE/IX85oqg==", "EYkM0DDu8tbFKzGysEiO0Q==", "be+F+Fkt9wYh4z6YwfNqdw==", "ETjF+btf4DIblmTTbHaZSA==", "gR+h15dyWueqbKII4cPOWg==", "qMnTnRnGw88RiTP1PFxynA==", "0LMSjLLjEqlpe4LAE1rWJA==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "Mgu68G03r/7Tj/zMomkJZw==", "Ok4YXGXw7Ua7qgtxqZcqhg==", "aFDenLkUq0L68+/zzTfPpQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "8Efa1m3XsyOFY5vSd2fHNQ==", "fv3/0oUmGvxLyxCaIIt3kg==", "dTT2owdN4FTG/LqoICFf+w==" ], "CjFzfz4zBZj7fcwIrVHCRA==": [ "GtECMHzRoeZKh1TLvpCt+A==", "FjB9AnugxBHu7Kwf86C67w==" ], "Ct/46Ed7Asmqt98kLc0FLw==": [ "kQq8hvN2yLWiupMaLbRduA==", "vgP3FAR9tXjiqUc0mFlRrg==" ], "D/XNnExpupd1bO9ZIJIE9w==": [ "0W0/E/g2cPvxNF42LmIwRg==", "JsF5ac8+OAOWxsV80iUiIw==" ], "D0GGDit/UxegO+/A5R03SA==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ "W3qe9/KhW5BUF2s+kXxVcA==", "5073UNZPtR+lsy1kIMhUEA==", "GoHez0BYftW2Wj3h0K6Zxw==", "wL88v46Y3XlOQ8xtlmBugA==", "15uVNLTcXPHEO0XVoOOwZw==", "BCe3MuKRzryFB5SraMhsPw==", "PMaPI3hRDt0vFaerryvY/g==", "nSAqYkKsqi7arKT9mgba5w==", "5EPGtk7Hqn2hqOaxgmNiSQ==", "EE23Ay78OLUGxmoM3vXPbA==", "s4mktw9S/tOEdbFRu8ZxjA==", "V+7K8Rg1uux3xnVmyH12/A==", "OxOc7/P4x7mjEZNhGnABDA==", "hazOAbpBSQ6ZcoEMkq6UhQ==", "WorXACje3vTXq/wv3RUODg==", "E7v1LWpr+8KCE/5szHqf2Q==", "mpDlR2Lk6PsJrTVRdAvAng==", "+ieGB56AL1fLbXEZaHIRig==", "PTaioV6jy0S7VQV20A7R+A==", "O0ZHj1wCkn8EgvHd15dYqA==", "hgtI79dU1WVsnkd0nzqqTg==", "OleRcJ5uCI7wOsxOqMjRlg==", "HnNhAdInEg3yPEHYo7Hl+Q==", "R6drGbgnzqKGDiX/RNUdqw==", "nRYrn2tFn8hdV0x+2YRPYQ==", "5j7D/WXFLHsZYUeUrskpMA==" ], "E7ikPxWehuEw+6yIZODYlQ==": [ "b/JoMKSdjTg9hoFgyAsYGg==", "Us6zMNu9gwaRC0UH2SSoQw==", "vn/18J5TIuzcd8MxdMgYlw==", "HeemEcWe2JVMYkjGWbuiFA==", "FtF7hWwlQYu4clVsrpBd0Q==", "1ICypZP/7UrDVdoDevopUA==", "SIPkCsjtWsrsJnfVRjxnKA==", "NpKL2jmktUTvYJUFA1mjww==", "KBpYoBBh5AFRsvma/sImeA==", "rpwsfSDtxz8KgCjcE5LUgg==", "0kDaqIpbO93XpnbaK6KFUg==", "zjZHjKf2l5+qY9/XYdFMQQ==", "ves1GfNCYjdCXJceNwT2Lw==", "6K5O0xmJnJtZcGmUaZ+P/w==", "0MVVcjDKfdLbs80csEfrOw==", "RA9ILX3H27ou2ro1GzHq8Q==", "miA8N3aOifbt6s11v8VS/A==", "QBD2bakyMRLlWNUWb7c8Ng==", "Mhh/p16eoRFTSGC5EJRZEw==", "BzOgc4nzX2HHoodQY6X6vQ==", "wVu6Drfzxh1KT5UxKndpTQ==", "IERk9xwccKWSGr20Hb5U6g==", "pIJllB0DitFR4biXCLWlfQ==", "r8kk8OjPGZXkalD/ogI9TQ==", "29JfppZedoclZHW2coehcQ==", "c3ac46MKEwGXSYV8lTnQoA==", "x4dqDafgKW8Zo/is+xcVZQ==", "mAh/ixYuQOgKvSoO2gk7SQ==", "OuZBWnWNFHYdTgntdOB15Q==", "mypK4Oz3YEbjmcF//Lb3ug==", "X9G3TF69Pz3xUY5yIPno7w==", "JrT9jqBaZlLgPCS0RLnpPQ==", "mk/9oG3VlXeyR83vbnlC7g==", "LyEH4RIrJnMwmS9bxL322w==", "ipjYj7xm8hx7kmgjjp0cpg==", "6VA82zmenvpHf3qd7c6BQg==", "N6yyVyHeduwThpSSvA2dVQ==", "SS38Q6SbT7pMry4emWgqdg==", "SsNZleqCp7tmOqFZQ6ZaBA==", "pwSWzlcJAuR/J5zikGUxiw==", "WOmMgxwwjpbn/RLQX8HPBg==", "+Q9jA+OXah1xDhJvsj+1OQ==", "GwJvkFMzYrKrZEvvNMbc6A==", "2/I3PyWTnfJdMedKAemp8Q==", "svdlbVzNwZE9P/M3GvQ7Xw==", "qhl/5MtAFFjdvINFEhyFsg==", "PAVfrfQyg9ezKUDPbI/Nmw==", "2y2LXrQ+Jdr+fioSazFF4w==", "q29SxeDdhfgnRkudvf3mdA==", "UPjX59r3QHIaBVa54cqtzA==", "09S7nCU8PMWz5tWquOFCaQ==", "n2MoI6iOOGKJg6CiwpZkxg==", "QDYJ95dZNazClKtqoRJQeQ==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "EgjLGZKjPtqIaFVLlFAAPg==": [ "gchW+O287jwZk0Cnma5sKw==", "tVvgs8QNtuRqLgnWoPIWbw==", "7QBYsSaCu8T87GZR3WHxyw==", "BBNgt41sCJ+dkDLhh8RM2Q==", "87p97+dH2sU2JVQ8vQ+Xuw==", "hK/f5zoJDHjYWcidbJwYsg==", "p8XKlr7C/uFXLykQP2132Q==", "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "0wh4c9Z6sNxM5NAXtzaMNg==", "khaGOQZwNAF+Kql1EAlBfw==", "8ZrkaQ6B1f36PC2cIg9i6A==", "T5/Q0DOZypWV6o3x9ziKqw==", "MOUExK9O9qzIs9ukHaS2ew==", "ikYp9FVR/trdSFxeYpqAcA==", "BceQQXlChHEbiy2YYN7FvA==" ], "EuqqL3yIFMd5VRAfuufJgg==": [ "jdtzUluiOvXnFmwaOX/6KQ==", "CBxUpiwpFiagAj3ihqf+vQ==", "tLfvNXQJ1ryG1oIjuKoLPQ==", "1KxLqY5vPHnDfUxdviejiw==", "7SutUCP3yRd4o5ryN/dDZA==", "6JXvoql3pzMfkGQb7H+Jqg==", "o1V8hGX+jv19u/R1lSOgXA==", "m4A081U6rE2WLJ4u/pMkqg==", "DtCtyEFA0WRhx44S/aRChA==", "7Q4dYBj4wFa2768mWculSQ==", "yU3Lpv2jlcYSr1/M/dL33A==", "oDGZCaWnkiaSQdz+QhIr5Q==", "EEsEsfQRh24NPMdhg4HPHw==", "DE3GDsNl2faTwlhxzYBbYw==", "B+xaJOiguNTw6xGmTB+mZw==", "DFOoWHynQeFD6fZDvPyKMg==", "5hOM1HtOhjQV1yizNCgxBg==", "P8ATyyToJgziJaUXIjyPvA==", "ecYseAb1rFmqPx4kHRWeQQ==", "ruok+KtL5TC6jhvqLAZEzw==", "kgCv9K1pgDK48LdFtpFN9Q==", "4CRDu/yV+Tfg3mSUobPIUg==", "Cxqp3OmZ1TuIow2bpolrUA==", "oQ3Lediq93z2xbrIoJUi7Q==", "z52r/0OKaWAkLWR5L4SEkQ==", "Lex02lwAwiaMkFn9DV9FuA==", "VMyDbkft4E3T+1eXNk/i7A==", "yK3vcSC4PlKQSa9IQKCw1w==", "bmyf3V3WjS7kQmiAcGoBiQ==", "YZq+CTlAXva/aUDDEFdZNQ==", "YjXf6yY9feRqNoLqPt5iEQ==", "4QiWtYafAt/cFOvYpyJONw==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "89XrIFUuuXy08LkDR6XMOw==", "g8hJlpBfWMarbfdU+OkQdw==", "SaWdJL5a+HL0ZieRiKpgNA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "z/LMTnJeia+du5LSYhMD2w==" ], "Fy3bplraTnRnJlV5RewauA==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "aJcuD8I2FFtYOQG27x05WQ==", "qhSIFNwi876BQWyJqx7TXw==", "Sfn7NNniMfKKkrbS2KIlnA==" ], "GVmxmNcJqT3ovg+RwjJg1A==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "7BER6omsA92tkjpEqGZJLA==", "szMAuHDpCq8KehOnG/58kg==", "SRtj8i4HsQkjCyC1YPMDYw==", "bmwYxyT6fmHIa8FODhI70w==", "ztlVnn1P+W74ZN9vh2BisQ==", "vQedZoMzqBElfCAKIwQo5w==", "c+walK0V+dA1g3qnPME4Ow==", "v/LL4YgDGZJlkF77eUtvPw==", "5ro53BoC7BlAtEu1loQCSw==", "sosNUrsbT764ZsBIEQm5Tw==", "VUNwpBj4hvcLARxqxrvCCg==", "XSCYGr+cvuvD+k3V0XhWSw==", "MJtIM09Jw6pIepBEcf4LwQ==", "4Utc/6C5f6+A3gsr9KU/IA==", "8kPW6EH9br7BQBK1DHvQsA==", "pp3PQor2CpTCVnKZusQgwg==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "hIP4iOnrw2sfStgfnTKJKw==", "mfYVQsCdSPyqR1UobqhEIw==", "NGHtfO55iqBhbAmqujAqHA==", "E6F4Bsc58fK+0x+N9LY6gA==", "UC0U9/zd+klwBmGR1YYVPg==", "ZMCWgxkMJ4LjF/nj5/+01g==", "fdpDWwmwFLyFeyU+CnbxxQ==", "pFXK+S/0lzfxv0ToVY49hA==", "Pd5fn59ga3nlH8XsDKvDWA==", "03WJApqdfWbzHtZHpqBt1Q==", "d2mdhZ97rWRfD+pslcl6uw==", "RLGDcCcECNxfaKqTkhDvew==", "5BXX9+pRVay9wrZAORfhhQ==", "/0WOR5Jn6BKoC/9+5dlz1Q==", "ekipReKDch8nQkv6wLHVww==", "GjK0gO1QmNQJ/ZsCakqCdA==", "jYmxPZjDM/CNw9uJ4rnMHQ==", "Ox1tNe9huq3q2onFJsX0QA==", "TN9ZqAQo2vEW/Tx62EpRcg==", "tQmmf4j1ZMloac9gv7yd7w==", "5ua6yduRd8slR+XckPuEJw==", "POSFLQ5mtdC9jMcn5UF8FA==", "PB44uTo7NGwmA/fjSEQPBA==", "5TfU8//dfsOlT82byi0lug==", "tNFH1YUHHwU3vwUWrO3mLQ==", "KtIlAO0V0/KiMbIbmHHMGw==", "TK/tQUH9MhuStrQUTQS1ZQ==", "PEaU9hApxjdZ1D4R2OUZpw==", "uGPuYR0b3uiHdpdRa97mfw==", "sHu0Ihy6+HrKJvDoll9f5g==", "ThUekCEizKQbaM9qGtWShw==", "6Qa2KBduT2HgJC4kctpUnw==", "vnBlYA/0lXrfCSSYxgwhSQ==", "9Ck8qx7KCeVOhknvjhQwsA==", "B0ZJnlI3io/AXTPjqyoADA==", "XIb0YQoMG8k0zzVWHpmvAA==", "Hk/EnuFgs+4rtDh2D0OPZg==", "FPJOQAbsBSaId8RmD/1j8g==", "F54ap+bUe0qceQi67ZX30w==", "yIgeDQgyoDXR+INQbK5bbA==", "LFiejdPb02ZvCk9/k6M2OA==", "4xxaXkxeYvxr8HgxLSDyHw==", "ANawluW+m7SrGs8Q9Odgow==", "KWqotAAFzFGFp1GIUjXi0g==", "L+KHKrPvSxZVeDMiWq92vw==", "I362Vwh1x92yigOP2ZDpKA==", "0gEzVf04N4WWI36MnLXr1w==", "SFiwTqc+C9HkxslIGbfU0g==", "SBAWrxfXaQ2Ka48xajW62A==", "Bp4O+K+hM5aEmCc59xUWdA==", "Nsd5wG+dBhUvVktxuz/adg==", "HFchxDnUHv0YgEfYisGA6A==", "95p6rGNUFNsCWfXMBirOLg==", "e2U3+rnCE0yJbEhq/B49zQ==", "EGDBCdh3xodxfhx6SFGa1w==", "9XbremjCd0rS6zu/GB+mjA==", "rTV9bjfy2M3+eJBkP+611w==", "fM+r7qYMTXMx81IJhr45YA==", "W9IdHW1dLxMcDTawlof8yw==", "cLetPtVgm731iRPvGEIeyw==", "S01BJ2Ht59Iq71LsHWKLzg==", "DyteGYzEcNMaIwU0U8gq/w==", "u0MfT/CHY1AhIYRRjCtdhw==", "b3gcqhWrOMtSFjkTMyyWQw==", "AJgpOdbNJblqS+xC52p8RA==", "dpCbBO9jgzvekz9nKJpSRA==", "70+Z8jFk8NJbHxPCoxDRng==", "8BsUEMjLB96UtpRd1ludrg==", "xcQReVPnPEIim0iMTZWDwA==", "ZoK4/bCJQ036BMFIy2mG8g==", "5lHEu4ueMJgetLv/GfKHtg==", "vagSYtfX2ayPhseLZe8kAA==", "guovo7cvog/lYbVq887U/w==", "1eXmoeT5Qd9M0GiSJ3z2mg==", "+63s7h05SP1xmH1EyLoL/Q==", "sGBviOATX07Y4438NYu+Aw==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "WV6CLob4bxW/eDgXBTJfxA==", "cwXdqs9AFOcThYn4e8y3yw==", "oGVW07Zdco+t8LxGqPbEUA==", "oCDLcNdeKQmSOcg6w237gw==", "9b3hAQW/ubh4v6zyl2M5Ig==", "M0WxNlBrWr1WR0ACcsFS3w==" ], "HbglDdnV9yne0i8jQL30HA==": [ "VMOHtQeyAtpNyzG6HE0XhQ==", "fDvGbDNJpsxaSncFLSlH5Q==" ], "J0HrVYoM3raELvTfJ82QMA==": [ "+nrMi8U389zlK2TEsOUGbw==", "cD+9p+2eb4ubWbn/ynDqrQ==" ], "JHQdC8JdSGipvO0sCig0cQ==": [ "UVRy+pWnw+7xa7f2U2B15Q==", "AsiuN/8gu7sZ0PJCLihjmw==", "74B4VkBJHkNvj2AsRU4uTw==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "vekzBecfH1YN/Zd4MHsZmA==" ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ "C0udSo+foVK8TphEaJ9u7g==", "RLfmH4oizoEHB59VpAV6Kg==", "2A2BjgErU1GldRQi2g+XQg==", "Jek37tQeVdKEwtu+6a9/CA==", "9Yjf3Ev3R8wbqlhNdfwPQQ==", "2Z/NA7sGgadio/qisfiC3Q==", "CoMZiX0VsWNhKSQo1NCYkg==", "9vaAmbFDwko+7w/wBDHWvg==", "wlPwpwE94ExdZ/N5EaE3ow==", "7v+kCrIi/mMmyn+o9Uh+oA==", "ZPTYG1GW4N8khhdO0sFXlQ==", "atAnLiOuVhy8qyEUVNzM2w==", "BQivQt20Anl3mLgiJoMKAA==", "noUIfMZn5dUZdEKTi/GsOA==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "dO3yYWRHtCsx6+NRjjAIsg==", "8vc1CEh/sS08VpWYipw3xA==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "L4diUjusARli24fy/u9lAw==": [ "FkUafBj1ekysZyPIbZi5fg==", "l8driNMmALQs2/V7+uCq+w==" ], "LD9yEwGtdZJl2S96EO58PQ==": [ "RgBI11FezD5/LF6u61IQtw==", "yrD0ecVnK2Y23POHVpCwiA==" ], "LR+S3JloJQ5YEViBpmcLkA==": [ "ydg80VAiaAwfrueUhGEKNA==", "toXp/ZwNqXAUsdXRb/4DVg==", "ApGWymi9r75ZlVZNkjnd4w==", "b0xlBSDO/qp5khqjIfXlSQ==", "pp7NHxA1qAOUnsy/IRCLbw==", "iQtqv3HeCGvWBf2ImnFK1w==", "PhzQEpAkCFfaNfVzGQzMgg==", "J4ecrOEw69avIhhOznG+2w==", "dhv7M9LLYIyyRsKi71f6Ew==", "lnhGLE2iCT1nizqrTioMEA==", "ummv/ARHzS4IbQ59dpGtvQ==", "3S91ZYwiienVlUnFeIzkRw==" ], "MJmw8vClC4VAn/J4MfhK2Q==": [ "DWl94vpEWRXsnNv1XWboVA==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "tJJUE3O+B2dj0YzqLSTtDA==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "ydN/9qW+IO/7qUsy09APhw==", "Av6IvPz8z+8JAyypXmkbTA==", "hGz8R5Dny4UCIDPZzXbK3g==", "SPxMxLW2DZ8IvP04UR/H6g==", "kUo4IyXRh1XFppRDAqTNnw==", "WKEI7EQhRkCAgIF18HZjKg==", "gvOYexCvSFjRc1ovPwHsww==" ], "N4dB55YYjGYeXRj+vLBatg==": [ "14EBaSYBL4fLL4zgayhBkg==", "lQ+CMunyB1B/r/pkv6U72w==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "PHkBez1UE90U9LJepncOKQ==": [ "Jx8Savf4pVqPTLt8HsgoXA==", "842T09LMtibo6aQ7X6A47A==" ], "Q+exKQZH61PI/8YfpN472w==": [ "j9SRMWigV/U3u/1hsi7gLA==", "Ih4ScPgmvAttJN/czzciaQ==", "Mo4ARlLui4P8nHgMUyYhSw==", "99Q540ZW70Bq59gE8MRNHA==", "DzB2GvXN7uyOKTXPPshLvg==", "70rtBro0k4gOrF1v9b0LPQ==", "4zvDuRN18ZTgEdA+auow3w==", "pv5Nm8Lwfq3X5Sm3cuoD1g==", "RXSYUreBGXQz5Vll3C130A==", "XM09w+ZScTz4IEN6LeAUgg==", "MJ6xN5o4V2wpv4hjMTwHAA==", "jmCYpsGWnnwiehZQL2tyGg==", "cKtHM3xMrk1VjV0S8Zl4qQ==", "L0O+Qmwnpkk+Rg/VqN7QWA==", "eZDuJI6jaohxUM7fcdYEYA==", "LBK9PqJKfCEUpttQCyryqw==", "LzfcsSJMzHmJVjI8xrynCA==", "rJHkC74NrobNudSijB/y4A==", "F6i42vx+GvZ/9LpnToKHcw==", "8ML0IVFlCjXlypnsSOqB1Q==", "vwUe6Dpe5Fb7V8GdyGEhjA==", "bzewxC8waOXL414yMxKcqQ==", "KhBWOViCuCZdWqrkDlYvOA==", "Po+GLdyrucAyVatfOmZxGg==", "sEY+u8JcXEvFyPiUDTNKow==", "wMpTUDltgKPDv4b44/0Spg==", "k+Eb8x9IQ/IHa5nSq7kcSQ==", "/kFHc0+JKhJmQT3bM6TpTQ==", "rpqh6K+YqMAxf172QUbycQ==", "Y+LzorqDQD2Povh+kyYSqw==", "XjQpmqOxrg5I1zgVKxswFw==", "6Za/T764+Wnq0wfxFjEvGw==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "HOYwG5Rw5KtCLqSTp9IaXQ==", "de6Wm8GcUOvZ/vqX7ogEtQ==", "CAcAzU3FmPfcBEK+BF1wiQ==", "sY8NON9Vp1LES9AwtY+jzA==", "0w7yDxNwDisUMkIdlkUTZw==", "lgYZVj6kPc0Poy1meDiyZQ==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "y9E+Lh5SpPDKe0DW19HLjA==", "AYOaUiAITXfmzrid+CR2Og==", "kCqPC9VTuWeNYsZfiAbN4g==", "YuJLEitJYK/0Cuux1rRK+Q==", "UBV+Z4vQ/HB9/cVGq/+u3w==", "dMO4fX/IkQ2bi0ds65uBZA==" ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ "rIk/NHa428tmc6oDgqypQw==", "1q7YjyB3mR25zvqxJ6Zk3w==" ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "UbJne6U4WRZmmyYLeEtt4w==", "cBmZwV0l/QLSSsoNwTuUWA==", "MYhgpNDg22nk0/HCSwm/gw==", "wO2dcFx5JhDjz2K4QDYydw==", "e37CxvNgywelF2ouwzqL2Q==", "6thTxik/0CDWjirwYbVkYw==", "hwn8HSXSxoAi1TYe+ACqPA==", "jb1tyEUU0h95jkJRbmTeVg==", "eGYBZQZGb7FuYNSi9wuFzg==", "oybDfBRpKC7mq0IkNE/WbA==", "Kcd+UQxBw37KfFkRbn1QXw==", "gl5O329psI82Wn7F+BP/pw==", "0ahYjiLWT0VE+MRcEm8yAQ==", "pl0eAtev2igDstYhHd6sxw==", "5XT+5ghtfmJFJSJCERGwhQ==", "kFbIkTDdc0p9e6ndPrAnHA==", "5N/eQ/DLmsm7yS6+3apC5A==", "owALVsfUiwMtDqenpdt7Zg==", "AuT5DLBrUT23i8Fkzi5nrA==", "0ZniYEExf5hn6bWx9CxbmA==", "HBDLPf0FBMppxrTwW+gqlA==", "Y08Ni7+TSPQ/xSSRr851zQ==", "1CDGyH/KaS7DctjOTuk4Gg==", "IL9yoqEJiA7P9oRxQrj7SQ==", "kxjEyJZKMrQwjAj12bH0Ag==", "5ejk3bhFpvIIABy9EwjwqQ==", "WzMeKgvORq7XF2Xr4q+JaQ==", "6pPl5aD/FZ2M/6Yaa588Aw==", "qYLCfB1EzRWGloOr+Ke8RA==", "QL7KLbo+Ri9Q4aoq0+/c2w==", "Oi+2EF5+FNNGg+4WyowonQ==", "XC3MXlpMb9D+YigNspsXlA==", "NFJR7P8KL9HNF/dsA5opTw==", "HiF486OoQCfE4Hwc8DTxrQ==", "/YIHlhDwc0XvwYDDbGEIMg==", "SFoELvc6okNKWKi7mExikA==", "r9qwoudvbxrKUZqCmUc7NA==", "anPJmbS134IB2gfGIWKJ0Q==", "wc5lIWGg0A45t1Tgl/aghw==", "X2wqIFGbKlJQpE/DojrwxA==", "qr6Jra3xQBxvbIQJAqILNQ==", "z6u9MfxJ5450gPIBXVMBZg==", "kRGVc4s/SuXPOfCHc7Q9ug==", "Dlv776lHnCBm01HWpf1zZQ==", "6/Rn1WFxVO6aopyr8psGfQ==", "UEgRngB2KVq3bhFU/6+13Q==", "SXF95Q57bdA0qf3iy/XSPw==", "qEQEeZkI3fZm1RmMiKeYYg==", "1/xm1gDhSpcAv1vbsLnNhA==", "+1zjTJXhgIQ5uwrI0Po3UA==", "Eptc9iAtWcHP72eK8tBCkA==", "XWfDomoStj3uOui0AGO+Tg==", "0DVnsi7oVeiCakd5LIvqig==", "DjTY6HUnX+COP0+KJxD8lg==", "pWQV0Z8XQHYl5n7sHUZBqA==", "4N3POA/rTFsL9RdGINkq1A==", "gs7k9o3a1jAc/zZ5AEytpQ==", "NPJh6PwkJYtfpkFMxFCfIA==", "HlmfsCkhcIqBoptvS1F7pQ==", "KM/iKSazFyPeIBezQXviSQ==", "F4g8Bboy9/sMyy+EusFlpA==", "zBm31RctqcDF3ITqeA/9oA==", "pfNYlxG8sY9hFt3528zJoA==", "7oEe6HdmVrscCmplGQsEeQ==", "POO0JR6PIxa5cAikhYHhiQ==", "o7U6pbXnKgxDi4OXl/ryRA==", "oQ8YhXsWl1bwUCG1x+HzDQ==", "L5u3G3ilU8/0RtMpJ7kdKQ==", "u/b1G56mYgMO4E+lYxSxjA==", "w/NMuS0o9hChTkNvZhIOtg==", "jYkhobM1mHtLOwQie8WeWA==", "m/d6QTwNzEzxGSR3T2263Q==", "eZ2tz3j+u7GWuS6rb2RB7g==", "ZZEVbWhAYTXw9FIX3zIAtw==", "F0PQEZy2PTlCGjp9J75Btw==", "9kpPzhUEkQr6h/4fDNnSuA==", "yCrfh+WfD/7UJatf+Ek6jA==", "Ht/FCT7E55SLIJNr/AHy9A==", "vBXrhxnu9HxQSmN5xWhZaQ==", "Ee2apAGC0PFcPNtPjyeqbg==", "JS6LnmY1PZfE5YxJsCWPPQ==", "mbMEAQXpYoMKq7Io1LfrJA==", "ByykkIf8cqMarBUwgOjK0g==", "AcbVYbhZ/tTIOm89OCy5kQ==", "43uaBOp3I4s6BbwM75Dtcg==", "6qJXB6OTmGgjS8WJVVTxvQ==", "ujzNJ5kQVFINisRmEnkrzA==", "kTasTqgA/HsT2H85z8VDPw==", "DAwq8wwWp0GN/p0AvtHE9Q==", "V0awGVhndNVps/Yhh/P2GQ==", "psr6EfqmKkDu2s/af+27mw==", "jcBNjU0VQp8W5rs9GaZnrw==", "kdSSzkEHTOGF0fpTfXjzcg==" ], "RhNJQyxUHoA1z70UtgAC4Q==": [ "kwBmjCC7+d5xUliMZJPNWA==", "vb7DdaxZjPV5NEcCqN9EkQ==" ], "RjsHhFfoWvmQBIu8lxYZjw==": [ "iK/w4oP0ry88Fhi1iG/FpA==", "ycihN0043OihPtrAPlFZyA==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "GAn7gWUe2pFr7PbwechqxA==", "AUiFITCnRjRxctzqqbDeeA==" ], "SV9uo4F9Li9vAHBKYcAlZA==": [ "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "2IUiS8eDJ2evZHzBkLGqPw==", "UeuwcxsDMDrcMU7c13lXsQ==" ], "TANtf1h6RhI5yVQQhHFTbg==": [ "QxQ47SEMl+UFCOv8XVwx9A==", "XPUXyp+BOEJyEGOgXafi8Q==", "6rBlrHxkkFbqVRbyfq+scg==" ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ "rd7C8AD7IYUHYPSfAYtKrQ==", "0hxAfeI84l0pzeedcqmGpQ==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "H003kvHQyN0gsWRXOrXzxA==", "QgyYiUqrv2nc1+RqO1bM4A==", "FyNQxVBbour86huhtgTOzA==", "qnfP2y61ycFKlR/SBnZ5sw==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "+SOMbfLFiy8gAeP6YTZQLA==", "7HuMMq7XSYKaQG/oWdxnyg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "Gzt3Aov08YmfW0b/CN7tHw==", "d8O/Pp2nkWZxFhUyXQucZg==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "z1wZ8EsA73QQBAtKsHeNNA==", "1XwPa50Si6EKs+Oms8SLUA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "pX9giWYBuTR0yK974RC2ng==", "qj3kMXpJzib/tg7NOcmtdQ==", "5Dh9IlEeZc9EPevqDNDlAQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "T1160/hke2bN2YNtHQGAVQ==", "gwO7tO+7wG4yYN77KHpJIg==", "pGvoS/decJ8g3YpAYIFmmw==" ], "Uui1iXuECCOB7NgLQMsJpg==": [ "g63+znub5tyxpqqmyP8Tjg==", "B7rM39vvdeIIjmDnRAuTIQ==", "bVLJeNp3UltT+T1xu6C55A==", "e+8uKOviBSOTR4ltKl/Y5Q==", "Pdc4LabMMVIl3+kSdEepMw==", "brTmpkOORx2yJvCnkPzYRw==", "T4bxk7MHk24P39KEeRKoig==", "WNA27LqRIql90O1m/PSAgQ==", "C9NKmmH/EbcYxVOEg1uY9g==", "ZpoRIduwcda+XFGXyoaDAA==", "7XM4eB5q+q78IrA8abl57g==", "JWrwO52d5SNbcmJ2KpFaJQ==", "EUzfiOQu+qZDEDuD1AbDtA==", "9lOiMN/e99o1oI1dhS9S2Q==", "fxc/de3PyQgiwjyykMQ4ow==", "XVnPYCI1ck0zTs/Cz6Yl5A==", "ao8l/bKVk/yRH6auM4IE9g==", "2pofu/QdlV4xoXosgfKRNw==", "zNwhU1to6ohdg5Ws/JmM/Q==", "lM6Cai1zYvH4FYQ8nb6tQg==", "MtExg9vrmkuo/+/XELnvpA==", "0QqnWQey4QRkB1tBadW1jg==", "WoF8HAs7BhQT5cycNGL9tw==", "PLT6ItGnGibNqyU7ikhmRA==", "ewA3f3GyFBJhwPX+CvDYtg==", "Nl5OfrnQ/SPbLIWCvdxEHw==", "ybg9o/djfKR8D2l5wfz/6g==", "UApauQbQz6UZdsAuW9miOQ==", "nRlBpDuWR9J0Ttd/BugkSQ==", "70Ajh2QFCXmrQTWVljWbIg==", "U7q9649W3+OXGS9kMwowkw==", "0wSMVHwI5T4EgYqkub8RhA==" ], "VFldiAD+rTFuce+kutFUuA==": [ "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "qNhEJopIC+OWvXbrkilAfQ==", "+YsItiFwLsY/quEIP17M6A==", "3cVM/UH6o+8G2FMQ1Gl/Ww==", "O24do/xbIwz1BfQU4lBl5A==", "zi+zTCtHwI+xWITxpaOJBw==", "69HZBPjw2QR8kIdKeSUwQg==", "24Ysg4Ma/AJz8Z93D2PzNQ==", "tZSfr7Q1QfQP2u7Sjxqmrw==", "iACEEOg8p4u2oul22eTv+Q==", "55nFlly0ydgYROdIHNoLjg==", "sJOXRbCL0QuUC1P4v8JTZA==", "CebQRpRZjOcKyG6X/Hyb9g==", "W5birtu1clZwp55QDPxkAA==", "FUeASYCa2REKwmC0CFlz2g==", "iRvSvKSGVLHqIXREJ4Ht/w==", "ABh4yTmrbQSCnnP4F8iX5A==", "mX276ORRxpj/FeNL+3OrXg==", "aqaaxa85Ibw3RSMRWLL7yg==", "rBDj6tuhee896qgiVA2peA==", "khwtIlYEcWkkzJP1rg7BNg==", "zLUPO/DSeItPLWNqYd2DSQ==", "mXfTdwl2racpbSHHHKO6EA==", "UoBD3GwEne6Zwl54oZgCCg==", "Zg/5yy5ojZu/q0X+9MCQQA==", "GXVxiDj3UnyxgXg2cz7u0Q==", "xIqTu52elcgV5FuN0Fuj4Q==", "m+ltkfB6bwuyxpSjgAFr9w==", "5pFK2pddNfoGuwrNwC3BlQ==", "rDeZ9YqARbQ/8OcOA5Tn4g==", "s0BW8R7FNYnFn+nWkJnUqQ==", "gZW7OlWAfe3YqvPh9YUqJA==", "I1n6/nf1BmKoqYe/GXCV3A==", "b93ucKpooFuvf5DZpkuQ4Q==", "pfZcHRowGRRifIIMXAg+9w==", "Z9vlvDewcgZxmJe4Kp3wxA==", "BCUOacmvjky6+oK/3U158Q==", "Y9X/nbUFq4l8+xowG5hDkg==", "xzz0v3ajpuFhN3HDJCDDYg==", "3A+d+ITPUBtAGX1jTlLhKg==", "+xzMjgQ/BhN1jTBlVwQfIA==", "akEF6NF80R9wfgwbXmOEDA==", "iA/QQjWhvxyNLUaetWDlcQ==" ], "VKbklzwNVEem7m1iQRERDg==": [ "C7v5oMuGS9CuS5bfckNF/w==", "Mds6YkAImABVZfFVPdan5w==", "tlbehmhIbT1WwXt6llfQYw==", "grZJQsj3BT+fQns8dkci1g==", "pTT7g2z3OsAYgdVqJMZOLQ==", "JwRn6LaXs4DLH+aotGHcIQ==", "RFeq5rwe+sxgyWgUXeEitA==", "sEXYrXIRghEOX+5cKfh4HA==", "HMytRAMTGJlQRfqVbIzzVg==", "xKgvhqTYvQwR5QWUkRuf6Q==", "pvm4gwkuqzgisbgZu1oTlQ==", "w/qPRfgu7T1MbY4EuhkWZw==", "8bMBj5vTG1tOpQ1wuVD1bQ==", "g29pa0L/tOFblhQQDFeJbA==", "7aOJwf1br9gIaC1RH6UwDQ==", "8m+MeF1Vk+YvSROjY2pN5Q==", "oYEyIJ07SURdsg7rK6qrYw==", "U2e7dgKDqk0OlJ2oJw2iuw==", "jL7k69KOM8ZjTH+gwznwQg==", "TTh9HGJJgt1I4lhDqtPBIA==", "k/RAvY71xpuUVrSpsGkYlA==", "nOD1OtMP4aGP/bT3iktDEQ==", "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "W+js148eF9SSUbrTSIRvOQ==": [ "EHdSTtZdfwUmOpf3vIeLWQ==", "5EJ0MC7TgiGIlilbbiOvfQ==", "dN3ZkuuHRauklH+tfqwFYA==", "Ry6vRm+cs1w4rnhTcw+4ww==", "yV3QixxBrXQjuo0c4OIL/w==", "kCgZMoKRMbRx90oiE7jJ+w==", "PYQ8GtvInfQ411U5gwbErQ==", "Vbqm1jpiIiIM2rxq++FdoQ==", "8ez1JQpqUyVUQaplF/dpog==", "2n2n++65Q4X6kZeNZUZXMw==", "GpJjElMhBMa2ZIh0g/0hAQ==", "lWKRi6BgpanbsQgeIct91A==", "Ws0fZZUTvLi37jSEx1MM5g==", "IH0yoiWyuDmG+HH8h9dKLw==", "NdlKBrj70+HY4gSgv+wTmA==", "1ylYMOLaPUA6xIkqwKBb9w==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "JLZyRakMGnyMKNtD6nnqpQ==", "8lLGaMUZk8kOHbicsIjPjw==", "lh/EYac7XXFvwJr7gkU1TA==", "RnzVpoLf3gQvIDiBFFXm6w==", "ZZLfaN7MH3nRy8BlgA10kg==", "Stfm7ne4Ofst02xkZn9K1w==", "P1K1eUbqwgam0P6f7iB/IA==", "wjPVtpb8yNf3j3pc1wfy6A==", "kRa60N9SRvgjl+iiwZ9fZg==", "zFG8iDklz8FcuYliYZGkqA==", "d9qJI4TyihrqXixZ+S73jg==", "/m4KubgMsY+Uf3GqqbY5Og==", "82S4cf8ecOlHYb8LNQQn+w==", "I44fXMfux3yPYaBHaNxgsg==", "UsTHWG7fBbgk8T9K0i79Ww==", "WwkM3aNBW0LnenEr6xDxWQ==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ "3O4R28kD2w0Acw7XQvAZ3Q==", "gmo+iv72N8R3ZKjUbp9DXg==" ], "WIBkwuKReD+vnev0WY88mA==": [ "Mo/R2a7u4vWlPy8O1jH7HQ==", "//NR3gdAYSoDJ/e4qJeTJg==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "4MoaZecth+9t4X3jdykhZg==", "0U0p6zwok5l6rbIxjBRN7w==" ], "WXfnWfq5UvDl4B0hS+0enw==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "WgTBt6b85L1bF7WXV5bQRA==": [ "LMrJ8zW3vxlqJrvFMbbCGA==", "YgwLp863ho/Lz7XdBK6IXw==" ], "WuHt6bav9qTQn9+qCLLu3w==": [ "ZmOheSIAULld8cF9POTj/w==", "ulsMCA3bm5VANCxYIf54Zw==", "TRd8qEGSmZkjG+mmOfTmTg==", "vLgELeoIueNM9KX5ZIMtjg==", "ssYEt3aOFwnaqoufFlsCAw==", "ZUoGCxFJ/+PUPUdg60izwg==" ], "XD0JiZBKTweysL9d3sIzpw==": [ "eERb0a2u5NJoo8XHmwI23A==", "LULa++Og4kM4JJrQxnZj0w==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "4rkDoNFFNCrcnkPj+GN2vA==", "fvxiOpnl4vL2UcobmeaYnA==", "1NnjgULlQBpIVsNocYb9uw==", "QNVm3dpa9lFJUb6FBjjc1g==", "vbUGycVGGL83rd1I5CfHuQ==", "NoEVAwQMgkCr1UvAm6iQBQ==", "RfXeDDRCykmZZMDXVfaGtg==", "VgTIKWxJpYFkd788UcqT3A==", "cex7jEfdv/MaWi3px1ZgxQ==", "ozbcadljjD/zIm3hj6kVaw==", "P0aqIEFHW71uwsNt2kNw4A==", "xoMyxEWbrnIOZWHnwVuShQ==", "by4qEj8r2+yQ8xw2ZHB4/Q==", "4YMcCEsfWO5KpctoAqwrFQ==", "uioq0s2+upthXeIfuu8dpA==", "zmJCk6ssM8yXKzXcDFtbsA==", "4hX2FW/Yj9HDbKRBqrhgdg==", "A98JJ8FAQWnMhx8Nb3TYXA==", "kQEcZDAS6Ka6J710VZUH9w==", "9rfGlkZ9WMAUo942FMnq5A==", "TU6sUeJdvbpf1Uxt7QBVXQ==", "hYg6jGCQ5Nuq7UsitAzuiw==", "vwdkC2aeXSkn642Di7lXbw==", "r35oOcTyVY7X2QLaChkjdw==", "ZrKcftBnwBVZKQlRJoJcLw==", "lBoi08D0xA11v+agRADO8A==" ], "XX1gx35T8rMzed7p4qESdA==": [ "cSPoRTB3BjDaa16wszdN3g==", "rKpZxH2tXrNLthuse32FWg==" ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "5xW5MMwESxiksXgaLrFCnQ==", "GaZVgTbcdJiJMvdUeofqTA==", "8Zz8gP9QPTYBttUQXDeNpg==", "e8Ba4iAzVtDvrookiM9XAg==", "nNNVXLjFvnegTKkITfCBuA==", "FdtzK6tyT53moDNlzBGPBQ==", "sHvGKpRovk0D6WznAeRDaw==", "iveVedfC78Qk/6ltHJ21kQ==", "9SrODyBGF+py5BfKYxVllg==", "x+E+r7arkKvVcXf/ay8rdg==", "oVI7j6msaWseNIkn6m/3+A==", "5/L+eT1BzZSWVW4ZLUXszw==" ], "Y2WVn7YbALZNiKrMVF83bA==": [ "GJy8g/4zoy4CPDvWLZr9kQ==", "34lrKmSrRttv8Ef8QZo+Cw==", "uGxAJHfmN99PtsQCJqV/nQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "Rm7aeXEOy4+PSaaC/AfGyw==", "O8btQzgzPf/pU7XfP3wqPw==", "9lxLFgIezXSh1WnSsRhwNQ==" ], "YRfO+WACNVQDTEO1DaRoPw==": [ "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "KEWGfOVGYNjr6kNjpQx0qg==", "D4iEHIlb8qk7qBBIBLV2WA==", "fcEhBEQT+7+nxaOwZEIInQ==", "9CmH5Y/MDHXGbta8UBA5HQ==", "NLs2bAzfO2YzrBTddmvvkQ==", "9ca/WR2Db6VUKD0h31yyGw==" ], "ZEh/5caJmj5WMgoK5/jyfw==": [ "KTLyj41W+cHfjH/HBrA7BQ==", "fHxgcXxpn2MkgE/aUd2Vkw==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "Lcg+9plLPEAo58BHKBlIGw==", "QznSXY89jmEtP62PhxgH1g==", "JBIWl7TA4AzjcNVfFPjHaw==", "vc3i6DfzTVpLFX6x0zKE4A==" ], "aW0vfCmvp3ku6dMkvaoZGw==": [ "FAES1XlWFCETbKQytoq57Q==", "2oTX17kDUCTK4lHB98r0SQ==" ], "ao0mLJHwgqEhua26lzg6gQ==": [ "helnYsRUBV0VLNZe0kvTiA==", "L/8naYULbNo7VCB5WzvpDw==", "4L3dk768qs7Sg3jWyr+5Ug==", "hEt6vsfHYq4kHELEO5xWxA==", "mIzvIMMUHDBMdt3eAx+4Rw==", "okW8xf+CinO7BWuM9dEk4Q==", "KwXuJ1mZuqgv14dKI+DdIw==", "l3j9C20yHr6ZHIXLApzl0A==", "9Bnr48B1Gkm5b1u7nixqng==", "wBC264S906jsJ9EHip/24A==", "DGtUYJS9TDm0sI7Gw7jCuA==", "alSeOMnzCu4eh8h4VjVrpA==", "ZQsszFOlqLuLyfXZGfRKxQ==", "1sD6TJmtoMKm89Mo2ka5lA==", "0bsVwLbC3DjqoPdFlpHGrA==", "USroe8+XCxLDwAOkjWfs+Q==", "FrIXKuepXZdWVsQ8gu1YHA==", "mjV/DAgymXlZYSj9rj04pg==", "lc0ErrFagkcQxsv9AGKTjw==", "eKvGCJDf1Iytf5g2d8kaFQ==", "5MGCN705vR5eWycZyFuYJQ==", "H04yzALMJAjmclexKFeS2w==", "qQxzRYdLEwZ+uwtq33H+Uw==", "8qeM99NPNtS3R0CIVDnqTw==", "DjpSix06K6wkPOmaLpbGWg==", "c9kKQdmqE31JfE8hW1jBfg==", "wSNG00q+az+IW0NBCU7MPQ==", "OvvtykNCZtfooZWGyghXfg==", "EB6fg0YbdpF3FjycPEVN/Q==", "g3/sX4CO9sGFGMvToQ+how==", "AyHFH4N7lNUZlwVfgigcMA==", "FV18DPtJsW6qZZIHDbkGJA==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "/rVEaWl0l9u8biVEKbZTFg==", "ymBGTBftPxHJSbwAfx3uNA==", "1VKGbptJGVhPmMaic8aidg==", "dkB2JDRx/pLwN9EbsYh6UA==", "xhnxsdmWc6+n3gUj6yqBpw==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "J/vqYu1qTz7dsS8oVaCTTw==", "vJceii8mKrpQPBtlAKleGQ==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "YmjsPDVfe7xyjGwOgJunGw==", "QXekSyzWiuaI8YTxDgngHw==", "H5HU/YMXz+3wwSlUv2hOEg==", "WKC52So9Haaq0Y0pkIeTJg==", "qsn7RE1KMH045/wAyIDw7A==", "ZtlPcxFiuXhGia0ZM6cNBg==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "WACsy7vAhq3GJRyxAuj7NA==", "wn4STzMt4ytbVHyERUyNoA==", "1Iwd54Uz+8MDWoeCI9f7Iw==", "ThjoilITJToSra2xx7nmXA==", "ltryu+P4IG4b3EAJKjyGHQ==", "75kzXqx/LGJU9hkFlgdGGA==" ], "byfHs8LLvbAc+YzK8+QmXA==": [ "0EBjG0eDRuUxNmTKolYVYQ==", "VdavXNeRp4EjkXxldYSiUw==", "EXWaDNivW550gBh9Dm6gCQ==", "gJ/fF2D4AXb0sjRGNWgixw==", "GVOb0whjVXBMMGVZhZjH0g==", "8OhIIjb+vwm01NjtGgcnDw==", "SWMi5UoagLshKWAW26MJTw==", "SsFE9yHqow9BNx1O4nMcCg==", "eoZiXVXIYF5HZwY9O+NvfQ==", "5zg9huqgOp8E89z3dxtcHg==", "1XBQq3flp6UCNWfTuRjE6g==", "kMB61Eclf1Qb2Suk3JRmXw==", "8eY8PV83CN3R/MV2hK7XHA==", "V2C0OnbFKs9wiV3IrUOPew==", "gqWTMUdDL1db9YSLA4qpRQ==", "wqIGHEm21/U4VCTr0VeLVw==", "FKuvvzZuxFLoDaTeoDMGIQ==", "OUOPFj6v5qm/F5KSXf7dVw==", "yubezWiwTBzlJyfKBBah5A==", "qbsbXExNvRlblIMDPNkFzA==", "juRvPdedfeoW/YVn4PBM8Q==", "k4dDUqBohIhzwbUS8fZiCA==", "4IznDha57aCNWoI0Hc828Q==", "1BGBx+ICmx9ndSR1J6c9Rw==", "DDPdyyhkyoDS2Vq0O3We0w==", "SKyAPnATFclliIE0mjtq+w==", "ukBMje282PDzxzC8wCZoJA==", "cm/gvI0AVbEJW8SbZVw6fw==", "vHIEJpBGkCNiUPmahPyLqQ==", "C+2GxqMTQEZYKlJYDQE1Pg==", "ZBDjl4GlHR5BEu3WvRQHHQ==", "y5N73UEFT/BHwjJkVAx22A==" ], "c+W6x4Mcea6sasJQFpayfg==": [ "ryPu/punYtMOzifbFWj3Xg==", "cr4RGJYSJM2QUssm6cAQ4w==", "XH8pWtqEhhBDhQuq+NWhvQ==" ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ "/KRhrFyFO2WBBj1/Wnbnrg==", "4iFNln+X4k0SeUiw/ueLUA==", "sQzygdvKruRINz20KeXUpg==", "0DSgRHOq1OLwMX3biKMcbA==", "UcI2WjL14mHQYOfXIkpuzA==", "e91QDoc1m7i0h9Urg1XIuQ==", "UTm7DZVRUmqWWBx0Js7vCA==", "HW1HxtJFrKBktMKHARGGeQ==", "9lAt/24IrVKtsskC+grSQQ==", "sa5mIA5TIgDDEs7v0PwTjQ==", "5sY/WncZRmQ7FUzZZ4kBfQ==", "b8cX6Z3ptet250uYs1XjIQ==", "h/OVEZRz5ndHYLHsNXXXMg==", "d1j+WeBwgxUY2DD8tjQwMA==", "Ec/FYvTTz4riEqnQe1G+Fw==", "7SyD51cUTMP7ddBSGNw3Iw==", "LKHvKuMU+ZaZN+c9jQoc8A==", "Dp0x43cNy9IQTCa5Vb7Uyw==", "9U8BTRqVPM+WCls5RolwuQ==", "c/TMKje5Txl9grWesV+S0A==", "Ayn8XyGcXwYPR+J1PSWdHQ==", "O7l2OQQ3NRM4VNrd4YvEaA==", "SqKI5VB6698Nen4zsScUuw==", "pHq3XsQe5Y157BuUHMufyg==", "CuWE9qOLaSI+JhOsCiY03Q==", "nzSVb3AtyNNflDi2DJAqSg==", "DI7HeHo8A/itZHGTOHOQIg==", "RKG7TR5VLN5EK2rg7nfjuQ==", "flC/+W9ll6TqBKBRm/YUiA==", "U86hsRMcoSpvWp72aUJNFQ==", "h5U/sk69K9TcWs3P9TuKxQ==", "8ImlkqI0B9hvKdKXJLla/w==", "lH27Z8PmZeo/EM/AegpCTA==", "W01A5sOetTjsV/4bYawPgA==", "DlS6uDYchj9S2LQucQuZxw==", "xxrk6qwvf/BkNdal8rz/jA==", "x+9X6oSMihxrE4Tni3a4Zw==", "hjzu3I+m68mPWogOfZscVg==", "WOIdi+BEnCeSEkfRBmj1AA==", "nfRozYKxaq/cbStnERagAQ==", "+DDOZxWQYsdNCtZZs4LB2w==", "Fys7cTDgnkqkKy/A1tAWPQ==", "Bua36N02B8W4H7+P8yixkw==", "nVEuAeNYaydUTqNE5GOm/w==", "96QbNqFHhG4RmHyIqvnk+w==", "0ZQtBpkFjRCvM3RNGGREDQ==", "UjXmsuFAyS2A1LN7d6S/5w==", "yOFL3ef2F8Ux3GMySAVXxg==", "5RT9+X+8xx3rC02gOnVsjQ==", "Km0Kj8/PT21DcOVckLYRyA==", "DrIpfcclD2b0iXSNtu+I6Q==", "Z5H14Z81HW+BVvKWtV5kDQ==", "hIHRMVndQh85jnW2uCawbw==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "OJ5Ok6CMeJ8/3txCizz4cg==", "x5MnAXJPkWBC+zd+i08Svw==", "vdokiHWKHEv0aYbydeDs5Q==", "opnb226IH8+SU+iAVOx8hw==" ], "caF9WsICRhpk2jJBTv5OsQ==": [ "x4y353xwTKkgu0582Qh5wg==", "m94VQcvA5qigjAcL/i2L2Q==" ], "cj0M8yBzJA8j5tTGHOqDIw==": [ "5AQXXWGtKGeqoPkMqmVzTg==", "FAoi5hf12Vg9h7NFehHyBg==" ], "clGQ5Kq/RKZZziBln/4BLA==": [ "R9lgi90skf6A+gEQ2Lu8dg==", "koaJtTt9+fGxG4OSw5hxFA==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "M6ssHrt9pKPpEPr7O0Tc/A==", "ac4lX1PsJ8EE0cPV3DeA7Q==", "/rVEaWl0l9u8biVEKbZTFg==", "EcsVvJ09ys7NpdNzv0A9zA==", "IbhdAqkTe4EMzAhoNvBoZw==" ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "pvtiIO9KHqFscFbvNo86Dw==", "iAZzrtYDqIG5uluq/FjhDA==", "q7IyWv1MOsi/PXOLUGKElQ==", "zH/R3mCgsX+vslxcP7p4cg==", "cS8BJbrTN4Z2MOJCTGMR8w==", "rcUIg6JYVsZx379+fVhSVg==", "uWvHibmfs86jbjyb5h+qpg==", "sXReFixXG4Bn4+eq/AJDBA==", "XEhX6upCFgCYuF9SSk9Iyg==", "HrQTGWot7zXPyYbisnzShg==", "SKOD3G/MxX5t9s/HjT+ehg==", "jvIOr2cGPChl6X44xwkz2w==", "gIt1VKjk5s7zkgD1H7aLmQ==", "nPl1VYR04nooFy6e74yZlg==" ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ "sFUeaSTxmIP9ksmZtDFy/w==" ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ "bDvGK7B1/5BJREOCtiSQyw==", "BwQexIGmUvV9ONa+9gpe2w==", "xmhlBgW9Qhx+a2k3SdfUzA==", "lv4eSxX+AEAW88phUmOolQ==", "L7bRdQbudZhoHiefk8z45A==", "14Etv/7765FAI8QbzsokBQ==", "0Tr3QMpqaFB6S//rbJ/Onw==", "GeI10LHPuNgyyt295MOmIQ==", "wj5w4kQEe9iH2tb9jj1wEA==", "9RLVzTylr5Ocdbql97n+1Q==", "C2ejCCBwa9n29Fq9gpW/sw==", "ZC2BsE3IgWbuyuu1cz3YMQ==", "y1VRnBNNx34t1XvqjEl7IQ==", "qB1uVwi5ydv4et+JpGcenw==", "s6zRbI6E6xMFwOoLRjlPfw==", "fwXkQZwZsVuPtoAZBIG06w==", "fjsXh+vV+qSWYTJhGoqerg==", "+pLPiYWkQ9M+8Zi7lKlOZA==", "RDlpzaleAPnYWwZyjvoRug==", "dkvelc7KXIcNmlVEKWwOSg==", "NUj8ykIgUTA27ShVMCBysA==", "MwRbFLckfwf7ZXLrr6KBUQ==" ], "eckWZv7IBjaLZNS/vZ1gWg==": [ "h8RB92Gx2aWFJ7WtAQ4wDA==" ], "ey7Cn3NmMZ6qorZvUccGqA==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "viJWUTYaczSUI8knrOEDyQ==", "AYXw2VaylssI+NkH09HL4Q==", "Fg8qijPO2mYzPczZJG7NiQ==", "bqKZTtfId9l8zdFZE/mZZg==", "PRErogcN/aXkh7DLlBPLlw==", "uOeAKP5ZyZtLLU7CjOuFcw==", "mqxlcVJc3F4dPOTEtUve1Q==", "0E3jDwz9OiQ7ty2SI9zDYQ==", "scmQI6T6oitCtZW5973ovw==", "mQKKxdEERDHEVyOMhYExEw==", "0RLigWktH24pjgFtIwRH2A==", "4vS3iu8lvGukFpBFqYCdVg==", "ra+5M5K0yyS4TNorJBFVYw==", "LBzBPjCNeeSOWXyc2o2hnQ==", "xvZ+aaak6OxbCE7Nu46XhA==", "roGA0nQUzXWg+M1vb3jr3g==", "5pINgBOJXOluBJi9rQyioQ==", "39KBEdrZX0FwGoQxYgkupQ==", "cje1a6rWyE5Ko85v8goPNQ==", "7FDf95fwOcyZ1YXNVDIx0A==", "IqAfwTRGJO3I/HkfDNLMoQ==", "9HkrQyk+mvh4YcyBYw6eQg==", "kiHPM08GilYyFXQYDbdefw==", "pGkOHCsusTyFHJ/G9JGXiA==", "xDXpto7iDgv1dyFWeDEVcQ==", "IaNq7BGSUI5KW7kcB5RXdQ==", "wfyGNkRP1AKTpRqTPf0oQQ==", "HT2SNCYX7dkF36jwcJ6tBg==", "3wYf+EaP3IAW5wHFWATuaw==", "wN+C2Zg1myHVbcMR/36bqA==", "QZ7uKIt3KkZJfzRLCLWsIg==", "ECzeIHiPGDDmiEUQjBzFxg==", "wgjZroGG2ECX8FlIRRqZmw==" ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ "EhgsZTFIUAr2YMmtGzoFMQ==", "EhcxS6FJz0RDq0+uuwuiEA==", "fyE+IA6J77V4hC6QL4QCJQ==", "gg092DB69lXLcZyDPZ/RtQ==", "nS4rhARAcjvkSY8dJUFdOA==", "g2+VTeiFdddqhRpToXK2Vw==", "9/6RhDAFXPVo7L6QeEsy9w==", "Zv+LSqi94387CYLrb5PiCw==", "ltoIfsso65jjPxRqV9UMRw==", "UcSRaJxHOHBFxbLpeEwTSA==", "Zc9mVAa+SgrDGA78Zo8GIg==", "S2kC/8+NtHD0EdQuoPqXlg==", "Vl7X+IopOqzOWh1MyUOYCw==", "LczpEojKeJQxs4tAiPNubw==", "sVTwqtGyRA8GgZdyQgXnqw==", "l8z3hCmcLYlZgxzha0zw+g==", "nVgNlf1p1N8UKAkTllJrCA==", "AR31u5jCzWyawCxRWBepmw==", "7bYXVEfvDWEIL53s8ARxGg==", "3SaNoRivMP21uU5flMCqrg==", "YPUY4Y/POEizUQSOdGH26g==", "du8AOXnNlQgdqsSZceyiaQ==", "7czTMSwqOjLz2LigIYHAeg==", "vceRrCjaQs4/Tb9s36m+gQ==", "p5Ki7Z96ChbT07EZ4WnnKg==", "ERpg5QsiyVdbxyySZngvaA==", "U06t0kkLaLeKpn0QxtZUSg==", "YHdZ6rml8dKQg9XmpjCrnw==", "AfEBBMV7R48kk4frVmVcAg==", "cgUuYY1sKP0jeDPr/wEn4w==", "+dqw6lT9TwTTzMp6O2vf1w==", "sx5ziSZauoyjmcMB827V/Q==", "7df4FOgRU0BSF6P5QJkjaQ==", "DG5z7r6LqnKlVNwHAxeXgA==", "rwX0WRiXvDcxdTv5pslgxw==", "+YVz742I3o3v3ix+O1wb3g==", "peuiWx2cfvlg0ej3db5p4Q==", "qcGz8bluItM475eimPK89w==", "7MUqmqmB2hEWys43ktPpcQ==", "xsiKeHcIwwzMLDEPFdNSFQ==", "NWqPMtB06drZmdGhOgqvEA==", "7cqLG7sQEqqh9WoHfpekpw==", "EFfUhTiwNATI8s7BT2T3xA==", "hJqH5PsFQ03HT/LzTwaCXA==", "Yp6L2DOgQNnvp2uXVvH8NA==", "l7gfVyLrNH9qcWdXdRt9Kg==", "UykJtPxmRiaRteAhKYbbOQ==", "BLPjiJKh0zrGI5mH+bPIGw==", "Sw8bDdvvxQW2LmbjS6B1hg==", "obTTrP5oWTTgSGItpJqyKg==", "OlhZuHzjnGJlFRoEEZLvZw==", "B6kRennXxnam4nW6s2O9mQ==", "je5QkI9XlXAaLqMv+l8ztQ==", "3hB+Mhm9+7AXsO3nGoz+Pg==", "XEJhztOC2qEngMnVDsmKtA==", "NObEgWpn6tAdrn33X3GoKw==", "/SEhubz8W4ZKbKg2+yh86Q==", "Bp0jmZLVDqekxjq/Mq7PPA==" ], "hGxLNL3q3tYYzz2uKfKB4A==": [ "y1Qpo5IDwj5DRizBbMgltw==", "DKQ/Jfye0O77T1m4bCFM9A==", "0EZfEnxlowgJ1Et69rh7Fg==", "5xY3IHUogqpqvbFwiQURyA==", "MAL36hvDgZ40KRvk279OJA==", "Xrz5/LPkSDdzEfbSbOXzZA==", "Aspz79uO5bKpApwSqMsL8A==", "TrfUjn7Hi6JPe4l/9tuyAQ==", "te0mQBJAxCZ9Xzg2xrzQcg==", "f6muqKqBGKMbn75htgvMLQ==", "/F62/Gd7cIE4aLRbxVnfCA==", "wTqPXpGv5suIYx7xVHwxzw==", "iRRK+UGfH5YqM+4LOHExpQ==", "4Ue6KfIGD2Yqlg6OG87Bzw==", "u+eDY1Q5WfNp0Krtzvv+AQ==", "RJziShukaon2ShF1sKdneQ==", "PDkkYuYRnbObAyDWKDapig==", "ldTn/Q3i3BpKZ95U4mfrcQ==", "J3RGaCFhZHnCvtta/VAJIw==" ], "hHL/OokyETnopazrev0shg==": [ "OtUtUn02ewCzaijseyEVUA==", "u6PjuomLq+nVKrTw/0Jyeg==" ], "hYEisV19Dxn4PvCvxJFm5A==": [ "Ygj77GRBaQkoNVODBO6xEQ==" ], "hasHd85qN7fkJeIIqjjDow==": [ "XPUXyp+BOEJyEGOgXafi8Q==", "92O2+eS3W5hGvsWPMPwTRQ==", "FecDYUjbiWlU3PuXl5vs5w==" ], "hvKbzRSMjrg1f3y/PRzGwg==": [ "7y5jXLyua18Srex9lNrfkQ==", "CYkHBvLQQf6RYY/2Qkr5gw==", "Rz0KcMyzx8GC2p+YUZpHPQ==", "oPNobp4gxHQj7UMaryNaHw==", "VVUozaap6uAAqX8QCLFGyg==", "gC8lb/CZmVxLK6PkYWC9cw==", "mwpgk/i3GXoSJDpblt44zg==", "WFXV6zzHKCX8JuqtokClVw==", "pEwkPeffucbY50JSGQdERQ==", "NQ+dtAZLrUPoMA29mi1Odg==", "Zn86UzCNWJIJ8FVaY91JYg==", "b+wJbUYHuGJqeuEtodqG3A==", "z1fiDjJjV7T+4MZClzquUA==", "vLLr24Ej4L78gTG08XYkRg==", "HqbYURF/7TaXoQPMqtdsIA==", "IDDFCE+x3YM7koS2SvW5fA==", "WVPPqMDSvwuthc5RexsDjg==", "LAdEFhGjw+B+5uRqObeXiQ==", "+hNDIOxLd94c7zDMEtwHAQ==", "FwvyPIBVlE1fAIgwJ1H6Sw==", "Zk3m2J10w4VuwKsJJMXB2Q==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "DIXgPb+QqAbL75dH7f2Zww==", "CQXGvG5qF0LSGK3lgLUXJg==", "gaDJ+6UMi8jegvsDECsoeg==", "nW07GBIUhWrN6iKB9MBAkg==", "NW78+g0sKpejEre7I2lCOA==", "6XzckJlhvkdWwkN1ERVdzg==", "j/6W06GHqfn2irJJ7LDKTQ==", "ueWEd2PE6kwBx153FL1eIA==", "Qr2/3ufYTxjXiJuEKM7I7w==", "J+a2wc6cR5fLyNj39ghgVg==", "T38zlL6BTag6EVZfMAMcaw==", "hOaq2CFtnMvxmr4bZOUh6A==", "f+wdQFOhBCEFYs6UTbgVcw==", "Z707rrfU/uxs1xujVpKMRA==", "UiO8eKIdcPJIKIj94tK4ug==", "hnVuaDEhxbGffMCkOiTy1A==", "fu2viInfwA1Zq9LmALUkzg==", "V8n5VKFkjNZwkLq+W6E59g==", "jlm8MnE+Ua07hmnpXd564A==", "JVp8gcuEEeRLeKprUvrBUg==", "oEKqq2GIVwWjorWJihmJiw==" ], "i1yNGcAdCbK2SnebCgMUqQ==": [ "I9Xc2JiRiPWfOFS5AHY1Ww==", "AsiuN/8gu7sZ0PJCLihjmw==", "pN9L6/wRgu21CuY/FfnkIA==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "xNJWUdryH0nBQB/93HRNuw==", "hfVFht+buqTExOEVhwr1xQ==" ], "iQnKl0+RxymKc9bhVdyuyQ==": [ "FM2lHn17qlO5uIZtM+Ehmg==", "zFZE1hLph4hR8T7aNvRt0w==" ], "jADxtb7PiatU9dihVhjp/Q==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ "dwNH2KaulTKNFX+9quNpvw==", "sxxGu02J6Xp0UskX/yPO4w==", "R7XEe59RfqPZwHJmDbOyww==", "6PfMuZGMOADiSo4Ifx0/Qw==", "eTM7aUBt48fzJjd2YY1Kaw==", "+Hel9A1WiSK+ZclItesXnQ==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "kEe4Kuw3hXrzhJ/JDjR7wg==", "LiT2UIJJCX7RQxuKZd5BaQ==", "i1iqh+iGOleBv5v21I50xw==" ], "kMrprdB/TspYL2Dyt9hBfw==": [ "nbtTb8L4YMUxpajoNaatQg==", "XPUXyp+BOEJyEGOgXafi8Q==", "qdWe9wwJNQD9uM1J1li1Vg==" ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ "CacO7saUr+KLTbynVQRYzg==", "XPUXyp+BOEJyEGOgXafi8Q==", "I3Zso12Z+9mUcVEvUKWJ8w==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "todSxpG0ADSu6dX8ZW+q4A==", "/rGrv6ID1FHztWkSNUU0Yw==", "ugk8bc5JAs//Hgj923HTXA==", "B/+SfhbeumQponnHheNEVg==" ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ "8QRmG/+fMsQQzP2maaxOag==", "O+a4984RTSUBIVVJsZTw1A==", "cA4I0UWWtzTwMIMUTfN+Sg==", "vPDXRcEg4abq9PCqTBFkAg==", "Ojd6gfhf5HOGBRFGRWmKOg==", "QTcHwvmTXpVKkHS0xdfb9g==", "SmczXqxeZRCcJykxG3Abrg==", "+wnQC0tYj+uyZzMNgN2bcw==", "kkxgUCDqJw1GL8dK+Je2RA==", "Mv7iQu0SgLhcoLH3nS/HZw==", "KXAIwMyIqS4MKyyyosxjhw==", "H8XwHNDIkW12mW+y74dsdQ==", "vnQE6sVVricZrrWA9Xv5RQ==", "I2w7mAdeccRvDV/HeaBOoA==", "ZNESegZx5Vgpkv3OXwE5Cw==", "MGoFQMcsriBEPanvv9LYcQ==", "uILMvGS6obqeMj18FLYSbg==", "6tML+4g9GkMhdrrSDsX4Zw==", "noShzkxXeZ6xaXHAA8su4g==", "Q2EySKz2roj2mYOhGJQA3A==", "AdhtRMEnBdpFFyeSlUP6fA==", "4comqU/5SRuDKC1qqBMlGQ==", "dWdVOD7SorvI9CNble8XGw==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "gpPTgXxcA95Uk2vaf3/2dw==", "TsVNXuAeF3PhiRZhIOjjtQ==", "DtkRUkQTzcJrj8ZsC36kqQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "CYbzKTdqzfhVDluEF23Dxg==", "TGe682MVp+b3S1lDl9HTLw==", "D2PoAhXlfTjf0jSkt9i3qA==", "n78TtR5pw5YtOwMk7gVGmg==", "yNIngFjcdt+ETIv0YvW+4Q==", "jDj44frt+6TCj0cwExt14w==", "BXlYoXrAW947O+Adruh7Zw==", "uW/TgHSIKlO53BnXG1YZSA==", "Daj39cn0p5rpBblQYRpPNw==", "PJ/Blkuxb9rGhjSw0f3NrA==", "IxsDQKwy6X02Ak7TSjZKpA==", "9uo4qIbgVv97/yzslhE6/g==", "uFR2NXYHCgkD0jUkHBTh3g==", "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "dr+z30s3mVMvpF2iMBJ7YA==", "n0AAvWWXPdMdY6hEXZez1A==", "uTjjTMH3twVH5hmw0Wmskw==", "eKKwwoH894W3Vae5kYCKtA==", "tKVE3VH+DixxL49Cbeit6Q==", "S9GgHs7lpMPNDjvswObhPg==", "J1MkSCEBivWCQoYUEvHXOw==", "qPGxfT+FyuMifHo1C/aY6w==", "pg+SRV3v3Mv4Yg+0x76+jg==", "32PT0J5usgv3laBJ37g1fA==", "bdJdbp3pWxo6biBmwKijBQ==", "YfE+7ocdRscmJ75uekg0tA==", "6E1YTgmxENPqo7FirtVNvw==" ], "lxyER9sFQyH/cLua8fAlfw==": [ "/MWzwBJlhhNbF+zp0zgq+A==", "p2+Y5XRhYt7mgZ7H+35S0w==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "G/EKAYKB/V29JLdsy1wFCA==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "8dqpgv7n5GVlIYVt/hP0Gg==", "v+qPraJNH1peMhjiTk1OgA==", "fBIyxzoMf4PtxmiD953WFg==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "tW4ew6Bpf68YpYbdwMyYGA==", "sgKxepKQb+uxgfzzrcWS7w==" ], "me8N6gnEhOLccvD/431aCw==": [ "sna4IH0E1Ui1jpzpKgnFOg==", "XPUXyp+BOEJyEGOgXafi8Q==", "bDMsFO9+dr7IgrwHxKJ/2g==" ], "mqd6XOc7hJ7OKe7FI62YlA==": [ "a5tv38r7RoeoKCznzGbyPQ==" ], "n2BikwI3Mg2dIr4kYK8New==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "nRx5HCyZ2M4L1LvJSclibw==": [ "6GILJqctNxTbZFPR6fLtoA==", "d1fus7ZZWC8VndZJIxm7pQ==", "D5TjVz7ghGYgdoVa5+N8bw==", "Mrux1XY1LZVvkWuUp2MCHQ==", "nF1VC5iJhTtrDBwL8mfOiw==", "2vdCDySzHer9qKv7EOUGqQ==", "Ft+9wGiX7gFQHYNS5do1oA==", "jZXEa4mdIQd85t4aOIhsfA==", "TAntNn3gBlGhX3mRHNXfWw==", "fKSzg5ZVW35n1QRKSQYbUA==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "noZz3cbDBX3Q1ohSWIKe1g==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "PwX0RLPO5W1w6VDjSgcV8A==", "RxmnlWamNxvphCIuarducQ==", "EVXEAewBnzdtEIOYHBpZfA==", "eeetX6Vv3iXNMfmjNIPkQg==", "NAN7p79skZ+eBA0xQMnnqw==", "hinEteXkZ2xZbWF5lSQDEw==", "cw4W3PskPKPJZy+QzFk5bA==", "/U8Jx7SKI9t4H3q4Xm/KEQ==", "TCtup4kp9cBGgmnLMbI+rw==", "AOVkipVLZLxGjwVCB/7mwg==", "NDTeUbmjAj/XEHx68pTD9A==", "rm3fF4UjNztR1JpYwTPaVg==", "i+IfpRQo89HWL/sPRoOFsw==", "CCQ15lzJdM5OqfQf0dLnJQ==", "GwdBWjTMLLj14UbkCrmh/A==", "k/2DvTn2KLL28Yuh/WFLmw==", "kRqkfuoNHXgeW9vp8iyzQw==", "tEG4S6zEddB/Fl32LgLV+A==", "4K4SQ2PlDqXihbvwEXiB/w==", "DPcSz1MBKzyaMMMhJWVyEA==", "EpmDyksRTsldGi5rxDcMlA==", "iJ/65EjB0RUIoiFFN5HgAw==", "vz18/+7m2wxxY2NMQUQ6Yg==", "eaW+XnaOzUpP/JmOZv+wCg==", "0nQVynV3NMmwash6dBc+8Q==", "vWwpCPVTGndMb9IraxXgGg==", "o94cfzaEslnrzBtYm19DkA==", "I5CKvoKqBhFd1vY7fxFKtQ==", "2t1KBK7sA8rKgVHavF6SZA==", "aUFq3vh1h0/30jIMgLEGbg==", "3f5N5l71YgnMV/U9whrIuA==", "obSzOBXxlQxURPk04eb+8Q==", "xjE2Ua1GOmdwVi+xIIGVeQ==", "CrxvMdhOPgYpnOjfUKfH3Q==", "XTLakHdORg480i8g31JU6A==", "zwpNi+NBoVUfQ5Ed4vkNug==", "cbSiFirRdrVkpUeOLy/CjA==", "YVYIQ/H++AefhUYldlykPg==", "AEXyQvL2wFfW+v4I9XmTaQ==", "SduSwzmffGiGJfqQDrSyEA==" ], "nwgNWiqPWTP9jQpHdB8CFA==": [ "c/EuG5G0xeL87UQs3yxxqQ==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "o3loazzxvm2hQ5N1QRaYvg==": [ "eXNCnm2O3ulyDBrjgqgngA==", "U2w6LmoqKmaGSd6IxLZGKg==", "FTUrLe1XMNYvUzaxMdsWeQ==", "VDqplxSZcK9CHQ9RjGiEqQ==", "TFku8MBahkkWbmKYS7dbIQ==", "c0R7sQMFyTIRhp8ZTCTmlw==", "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "DtYmtBkxVMK6KVHn4U+2Yw==", "B3tKTgCVG9JSLHIgfbUFmw==", "U47k8+SGMpP7nHNJFxv5oA==", "2GOqqUt4mwKng/FA0FV67w==", "mPAC5fvINjFbBEv6qTd6tQ==", "LDhDJjeJTHD14xx6vYgQUQ==" ], "oCbJhi6fmGrlKcF1SlNuYw==": [ "8QRmG/+fMsQQzP2maaxOag==", "XXYPGOxEabdavz27Qo+rWQ==", "VJggyJ1jjyIM3XdMGzsDrg==", "1378JmiuKDjVj7PZAMUvLg==", "HNWibMRA8AF0jyyBYQthdA==", "OIcx4C9IsgtrAE0nDs9GdA==", "13fIhbDHRYF0KXmxmJIfiA==", "qFhnV7djagzTbJn2rH4ndA==", "qb5Q/H2wcR/YimCQn+AUYw==", "OhQ6agVzWuY02NakmnlJmw==", "p4PSGpZ+FENmdQZ22vQ2FQ==", "/eIvRWSFFmU3q3Ki3j/gKA==", "nxT/hl64jXfWptNxWhmDuA==", "ygPqOnRCEHz9NjTVM+wIZA==", "4Gs7xCHPPMrNepkQNCPnkg==", "ZiZuAbc4Tq3tBRSI53FjWg==", "YgD8tCzB10z/Jq6XOfCfgQ==", "/pWkiqt8QgDCUksSSa24UQ==", "JMuZ2WXBBx9rW6/jTPLu0A==", "bfa/XbakkA2/5GrUyvwSyw==", "Oz/6eC07LwyvcoelwlI47w==", "Wy87cIX7luFb8A/riFwUyw==", "WqlqRQL17MeMqdTx+SuEyw==" ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ "l2+nQ26t0lYvVluseJErUQ==", "0UxirvKJMj5gY8fbrSf6sA==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "ugAB401UYtKGrqztlPOlZA==", "LlIx9R1y9EWEYmMjr1l1rw==" ], "om/hnbn42itSjLCSeL6+2A==": [ "JmAt+4wqaQRWn+7jyy1oCQ==", "QBNxNqNCcUL/GHKqOh7Fyw==" ], "p9BcHmUiqsfiDX2HpNFM5g==": [ "4Oz54fEBFyAJBdTJ/p2wxA==", "OlzUZywb212kcLte3jiS3g==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "dKzgwwkG/spsYd8PVvrk6A==", "iPCZH9YqKm3Qb2Qeqw32sA==" ], "peDze6790+ubKa/8hacS+w==": [ "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "pff1wMeg2U6ebqlGIkRlMg==": [ "8QRmG/+fMsQQzP2maaxOag==", "DK1x7B/vzgaKlXynN3g1KA==", "5fSQkV1bu4GJUiaWjO+PNQ==", "U/ITon4/vjzN/EsZEGI38Q==", "m02T5S9rBezyv/+a/R6Fkw==", "goLAuNZUT0caQTKiv7m0Fg==", "s/wLIAA4VDi9HrbyrnYgbg==", "R1Akf7BYKFH+Usf+3IS0Cg==", "fI1ruEtJ325PbGUQKXuiVA==", "+0Id+AHw3V8pYW+ywWnP+g==", "IENtFrOwfEqYX/lp+0u2Gw==", "Y2pXpR4HKVIWAZ1sDtjo8A==", "WLpGLJSV+lV8a0xggVfA3A==", "a+77t9fGz9BxOnJlGe2W1Q==", "9feM+1JJIYgC5OZCglyV3w==", "JZVeRC2oy93Tv6vLZpVqJQ==", "9Ad5Q6DJD1JusuIjCNfUvQ==", "mBrf1Yfgr5icNwG8S0edeA==", "B1THb18jP+rSUaY77CvPng==", "8oKavHMm8C7p1QC+rNA0zA==", "CD0KTiCn+kQ9+lGQdzy4Lw==", "fD8Z9mQCc8h27ZwElVMLmA==", "u0i6Tc2zpzW8/pMdj7AH4w==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "FOhuL+ZLaAMigc1crKc/uA==", "ryv0HUHLJe8DIxGNl9VAgQ==" ], "qIHoKDOcFEbVk0+xQvglbQ==": [ "K5fLrkou5COixf2q2qhQ5Q==", "K/Jzpgc6xwHh47HFu+S8BQ==", "FkxoK2aSVfPglVllnxzplw==", "kyjbj2qojW5SnPuCG4+T3A==", "B1FsL93s2G1YxIvrdDvTfg==", "QSEpEyTM9A7rsX/qx644wQ==", "JS9NNql9cJTDkzzfXyJzDQ==", "m0VRm0XEm9FSwttsQ8QLaQ==", "3E/EPC1OcoKQToPb+efdaQ==", "QqK1O3FCNB9QbClJ7bZ6YA==", "VDQb6roo+zwBamxPu+hGeQ==", "YvRDVCmqISFAkWCu7WaKkQ==", "wG1iwTc5HBr1VKWUstaeHw==", "piA8HykwHgm/u3haFYSPzw==", "YCFy9R5BUcPVuUEYQkJQ4w==", "gxC5QcXnizTYqfkIqc6zTA==", "wh8UL6jE02MHJgululn0nA==", "sTWSbUm1UHqZR0zHxPPV1A==", "ca+BSCGp5tEYAgJqvm8GFw==", "Sal0GJMIh5Nqb3U4N6ro0g==", "g9gU2/SbcO/F9X65zpT4Uw==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "PgPRtFXcN+6zuIY77w+muQ==", "xsP7BCzVmEb3+qivw8mFIQ==", "l2fXal/tlhZFSzN3bmiLSg==", "D0qSEDt7Rns05A3ywUZLtw==", "/+0dqY3HS0Vwp8Izm3R04Q==", "K12v1aAHn6bz+NiEB1W7GA==", "M3xoPIiF+fvDRyYkizrMWQ==", "5IIoRCBMIgus62mGlE3F9A==", "ZhxWQvKqBGgL77fuUQ4Ghg==", "lsfrxxENmZMCtV8uOKkr8Q==", "26JRymquUeoxtDSKcKSDSg==", "0KjhdYYIURWUfsbpzAdnPQ==", "8Ldq46rf2Z9JTBjkrtfV0g==", "EhVqWSecC9djAkoW+k/+hQ==", "Lc7NiV76Y8Ubl6+6Vgd+sw==", "dkGOl+YKkRksmyjmvQ3FsA==", "PdNX5RN9keIsqOloxy7mkg==", "uXRgwaipa8s2OMXjAf1Thg==", "HHpOVRDbzmY2UhydU+uwcg==", "6pBzw2YiS9JmVvplQUxl2Q==", "T507T5wFbtPlOW9lG7LxIA==" ], "qTTyL80F/2JUAy85WSpobg==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "rkUaC636uKZYge61PN1dew==": [ "lCd4ciOqH+xVdJTAK6erDg==", "nFaODSvvA4RrGIiPJ9FjRA==" ], "ryPyL0/oZK1jJ8umBZkZBA==": [ "ky4IJ5u2Ib7CaDmE7xOysg==", "7+mdkcJcBwtv88RB9AcmHQ==" ], "szNvvFbgC3+nu7+FkWHQxA==": [ "QQ1upjXEDW7OiB4aR8O/8A==", "QhESIu1eoXqoSNW7jNhlZg==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "HMF5qYGPMt4Fb5i6RtdwRA==", "tC2r7U8qVBEhU9NaT3fMVg==" ], "tsX00aIcJlVDdnN8EABj3g==": [ "SSAJUNd+iNG0Dh0JEHjSXA==", "EEMnwT7ARQJ+dbVETnKljw==" ], "uXpj8krYkomg5XDZ83F2kg==": [ "936XDvlfcwVB/34fQscf7w==", "qtpMNZ+V4szO/Tox+eT3Cg==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "i3BrKsmhYf5wZYkQCBxUGw==", "/EvgSih2YVXl7ohENLMJIQ==" ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ "Mukn5ixgUb/zb+mcMFd16Q==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "wXu3MDegq/TfLSbBy6aoBQ==": [ "3k2lNJd2kR3VB6gGhj547g==", "XPUXyp+BOEJyEGOgXafi8Q==", "Kqi7XT4SGpqJzglrXFbYsQ==" ], "wsc0mBnyNwrXYdpo0V+0aw==": [ "YSdK7PYtLQ7JLXu7W4mdRQ==", "TteHTvD/qC9z9/bg4D+o8w==" ], "xC2PhiBOHiQbniVjaMltjw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ "5MqCycBYSRDsdNOzvOandQ==", "XPUXyp+BOEJyEGOgXafi8Q==", "WhaoYkvfheR7Tz30m0/IKA==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "s20Tn7zOYHvK/n/K8/hWrA==", "+0pi5+jw8FdwHp5pZIVTBg==", "hRSnphgIhBaU8a2RyBPsuA==" ], "yLdg/zIMr1LMvkW9tAZlGw==": [ "0tfYnYhAiMREOXyqf/1Urw==", "fT2bR3Pvvu+yOGDatxsWcw==", "h8nlVtUPrGKdJF9xyffy7g==", "ggJq5z8YW0kySCUAGUYdXg==", "skjryijgaN9YVeVVq8xZmA==", "j8vL1GycOevI00+qC9aKmw==" ], "z/d/zUXK6aF2L4H7dfeSZw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "zPYyryKVwACz98/WbfSW6w==": [ "jlQB8YKpspXbBoHQT0JY7A==", "hWXaFNGw43ZC0VkI4/s2Pw==", "YlN21JbaOAqORXBYjgJOYA==", "CaVsGPkqzxcrIauiEFdPpw==", "o/JG334q9R0nTyZD1vNw7w==", "GXObP88ZOLkWQuVeVgHh/g==" ], "zpqzIc9TY4hiXJG024jdBQ==": [ "dT4TBdsMnRpAlGfPboRcFg==", "okRzJuZWda3BPI4wHU6OSg==", "rPXe6sMC/46EZbom2R58Iw==", "GKtgrnguQJIeMtP51nnNZQ==", "jweM09oSTMKt4t5s2Lpg9g==", "2tFr9TQJkcgsTrNAQX0kdw==", "rDx7RcnC1Ce961LxuRo53Q==", "6W4lt5SjUgXnbxNap1O0Cg==", "JMtxzN1jgVs2Gwo2QsOKnQ==", "BgLn2RypgHsjIVj0SLunZg==", "/HT2WOXIuvVNrzT1Wp3ntw==", "iKVtZrDNXfISjmDp1xYKBQ==", "JeqcZQqZ6re77qRb9vpAHQ==", "v6t7qJCF3xL8IO0nPwJX1g==", "10T7L0U8GuP9Qhz3unCqvw==", "DlzGGXSItv6fZobEGaNWCA==", "IoeuDKI/vu/XCDGoDKzX3g==", "6otwEH3RP+2A14zXLvGXpg==", "xEtBJoALTqnQBn0TOsRe9w==", "sWPZolO+x42N83xPk/byrw==", "o2Jv7s2Wil4Jz6qK6599ww==", "CVNFdSU8eHIr3mZk7+SX/Q==", "G1ju8KSMzz6zOg31bF5lRw==", "h7rVfEQf7/yrRLndyq6HvA==", "NeoXfJYSR9hqSpA4BJOyWQ==", "a1E+QseojoZ2Q73j8WWCLg==", "3E5wmOETiTx03Y24iDJEUg==", "yRV28i/MrM7mz4Vw1MzWxA==", "Kp6vEAyTjVJyCperHJ2MsQ==", "9lqG2xu+85HJHcn8UQyZ2A==", "nM+XWkmaG537tz4PDM13+w==", "zRaIctSo0IHgkpOD2xBvHw==", "UEW14H6J4RBSZEjpG6p4bw==", "bj9lurrpBxE/q4lRd2Wp7A==", "sYa4l6veBD/KmL7osWW7fQ==", "dxRzT6G0UObuWf8SWujnng==", "izYg2kL7sTEI8ASmlxRCdA==", "6Q0Sg/Y1lskU2n7rbcxAIw==", "r3htJBqpa1VO27wdQgcGyw==", "ibGOv13N1m/577Kb32wGxw==", "Lsd0oY+cRz3Y5y3+G6CYMA==", "00MQS+g+VNjKvRbuFWsWbQ==", "htRPPeb7P9MNS47zhEuuaw==", "NfM08djkMgc3ukqHI37OMg==", "gjn1JHWHaWtPNhKrrRINWw==", "IUI8ka2AYA1twZAQi4gL5Q==", "IIfJmT1yzMqBOVKMy3nlyQ==", "5gK/V8vtqDYoHf1LFdtSbA==", "DI5ofU0JT+/wsYx2AeXNiA==", "YQVoCJX8BLl6S5wPwmTGtg==", "6ysC6D7BSkYQ7y8vZ1O7HA==", "xqLSmaq+0/3ps+9zoCEL9g==", "VxNINARrmRd6QnZ2htNesA==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ] }, "enrichments": {} } pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: go-component-urfrln-on-pull-request-x8gnn-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 3, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: python3-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), rsync-3.2.3-18.el9 (CVE-2024-12085), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-38545), bsdtar-3.5.3-3.el9 (CVE-2025-5914), libwebp-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-12797), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), delve-1.8.3-1.el9 (CVE-2024-34156), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), libwebp-devel-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libdnf-plugin-subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), libnghttp2-1.43.0-5.el9 (CVE-2023-44487), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-12797), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-6965), libeconf-0.4.1-2.el9 (CVE-2023-30079), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), python3-cloud-what-1.29.30.1-1.el9_1 (CVE-2023-3899), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), pam-1.5.1-12.el9 (CVE-2024-10963, CVE-2025-6020, CVE-2025-8941), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), perl-Git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), go-toolset-1.18.9-1.el9_1 (CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libtiff-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), libpq-13.5-1.el9 (CVE-2025-1094), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), glibc-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-6965), openssl-1:3.0.1-47.el9_1 (CVE-2024-12797), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libpq-devel-13.5-1.el9 (CVE-2025-1094), krb5-libs-1.19.1-24.el9_1 (CVE-2023-39975, CVE-2024-3596), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), less-590-1.el9_0 (CVE-2024-32487), golang-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), openssh-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), libarchive-3.5.3-3.el9 (CVE-2025-5914), openssh-clients-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), nodejs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), python3-subscription-manager-rhsm-1.29.30.1-1.el9_1 (CVE-2023-3899), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), freetype-2.10.4-9.el9 (CVE-2025-27363), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), sqlite-3.34.1-6.el9_1 (CVE-2025-6965), golang-bin-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), libtiff-devel-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), emacs-filesystem-1:27.2-6.el9 (CVE-2023-2491, CVE-2023-28617, CVE-2025-1244), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2024-6345), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2024-6345), git-core-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), golang-src-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), glibc-common-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 228 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: expat-2.4.9-1.el9_1.1 (CVE-2025-59375)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: python3-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), perl-overloading-0.02-479.el9 (CVE-2023-47038, CVE-2025-40909), rsync-3.2.3-18.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747), perl-vars-1.05-479.el9 (CVE-2023-47038, CVE-2025-40909), dmidecode-1:3.3-7.el9 (CVE-2023-30630), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), bsdtar-3.5.3-3.el9 (CVE-2025-25724), libjpeg-turbo-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), perl-base-2.27-479.el9 (CVE-2023-47038, CVE-2025-40909), python3-idna-2.10-7.el9 (CVE-2024-3651), systemd-rpm-macros-250-12.el9_1.3 (CVE-2023-7008), perl-File-Find-1.37-479.el9 (CVE-2023-47038, CVE-2025-40909), glib2-devel-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), openssl-libs-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), delve-1.8.3-1.el9 (CVE-2024-45336, CVE-2025-22866, CVE-2025-58183), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), perl-SelectSaver-1.02-479.el9 (CVE-2023-47038, CVE-2025-40909), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2025-22150, CVE-2025-23085, CVE-2025-31498), gnutls-3.7.6-12.el9_0 (CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), libstdc++-devel-11.3.1-2.1.el9 (CVE-2020-11023), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2020-11023), rpm-sign-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), openssl-devel-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), perl-Class-Struct-0.66-479.el9 (CVE-2023-47038, CVE-2025-40909), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), perl-POSIX-1.94-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-IPC-Open3-1.21-479.el9 (CVE-2023-47038, CVE-2025-40909), binutils-2.35.2-24.el9 (CVE-2022-4285), expat-2.4.9-1.el9_1.1 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), rpm-build-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), libicu-67.1-9.el9 (CVE-2025-5222), libeconf-0.4.1-2.el9 (CVE-2023-22652), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), perl-Getopt-Std-1.12-479.el9 (CVE-2023-47038, CVE-2025-40909), libicu-devel-67.1-9.el9 (CVE-2025-5222), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), pam-1.5.1-12.el9 (CVE-2024-10041, CVE-2024-22365), perl-Fcntl-1.13-479.el9 (CVE-2023-47038, CVE-2025-40909), go-srpm-macros-3.0.9-9.el9 (CVE-2025-47906), perl-libs-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), perl-Git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-FileHandle-2.03-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-Symbol-1.08-479.el9 (CVE-2023-47038, CVE-2025-40909), go-toolset-1.18.9-1.el9_1 (CVE-2023-29402, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), libgomp-11.3.1-2.1.el9 (CVE-2020-11023), systemd-250-12.el9_1.3 (CVE-2023-7008), pixman-0.40.0-5.el9 (CVE-2022-44638), rpm-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), perl-AutoLoader-5.74-479.el9 (CVE-2023-47038, CVE-2025-40909), cpp-11.3.1-2.1.el9 (CVE-2020-11023), libtiff-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), libgcrypt-1.10.0-8.el9_0 (CVE-2024-2236), libgcc-11.3.1-2.1.el9 (CVE-2020-11023), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), libjpeg-turbo-devel-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), binutils-gold-2.35.2-24.el9 (CVE-2022-4285), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-File-Basename-2.85-479.el9 (CVE-2023-47038, CVE-2025-40909), git-core-doc-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-mro-1.23-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-IO-1.43-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Compare-1.100.600-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libstdc++-11.3.1-2.1.el9 (CVE-2020-11023), wget-1.21.1-7.el9 (CVE-2024-38428), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), systemd-pam-250-12.el9_1.3 (CVE-2023-7008), openssl-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), gcc-11.3.1-2.1.el9 (CVE-2020-11023), perl-File-stat-1.09-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-if-0.60.800-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-lib-0.65-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), krb5-libs-1.19.1-24.el9_1 (CVE-2020-17049, CVE-2023-36054, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528, CVE-2025-3576), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), perl-overload-1.31-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-Errno-1.30-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), golang-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), python3-rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), openssh-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), perl-DynaLoader-1.47-479.el9 (CVE-2023-47038, CVE-2025-40909), gmp-1:6.2.0-10.el9 (CVE-2021-43618), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), libarchive-3.5.3-3.el9 (CVE-2025-25724), openssh-clients-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), nodejs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-interpreter-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), gcc-c++-11.3.1-2.1.el9 (CVE-2020-11023), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), golang-bin-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), perl-File-Copy-2.34-479.el9 (CVE-2023-47038, CVE-2025-40909), bzip2-1.0.8-8.el9 (CVE-2019-12900), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), emacs-filesystem-1:27.2-6.el9 (CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), libcap-2.48-8.el9 (CVE-2023-2603), git-core-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), perl-NDBM_File-1.15-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-B-1.80-479.el9 (CVE-2023-47038, CVE-2025-40909), glib2-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), systemd-libs-250-12.el9_1.3 (CVE-2023-7008), rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-subs-1.03-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), golang-src-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), glibc-common-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 701 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: python3-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libX11-devel-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), rsync-3.2.3-18.el9 (CVE-2024-12086, CVE-2025-10158), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), bsdtar-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), systemd-rpm-macros-250-12.el9_1.3 (CVE-2025-4598), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), libX11-common-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-9714), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-52099), gdb-headless-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), binutils-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5683), tar-2:1.34-6.el9_1 (CVE-2025-45582), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), go-srpm-macros-3.0.9-9.el9 (CVE-2024-8244), libxml2-2.9.13-3.el9_1 (CVE-2025-9714), perl-Git-2.31.1-3.el9_1 (CVE-2025-48386), go-toolset-1.18.9-1.el9_1 (CVE-2020-28362, CVE-2021-3115, CVE-2021-42574, CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), systemd-250-12.el9_1.3 (CVE-2025-4598), libtiff-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), libpq-13.5-1.el9 (CVE-2025-4207), binutils-gold-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), gdb-gdbserver-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), git-core-doc-2.31.1-3.el9_1 (CVE-2025-48386), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-52099), systemd-pam-250-12.el9_1.3 (CVE-2025-4598), libxslt-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), libX11-xcb-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), python3-pip-wheel-21.2.3-6.el9 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), libpq-devel-13.5-1.el9 (CVE-2025-4207), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), coreutils-single-8.32-32.el9 (CVE-2025-5278), golang-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), openssh-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), gdb-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), libarchive-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), openssh-clients-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), nodejs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), lz4-libs-1.9.3-5.el9 (CVE-2025-62813), sqlite-3.34.1-6.el9_1 (CVE-2025-52099), golang-bin-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), git-core-2.31.1-3.el9_1 (CVE-2025-48386), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), curl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), systemd-libs-250-12.el9_1.3 (CVE-2025-4598), git-2.31.1-3.el9_1 (CVE-2025-48386), golang-src-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), libX11-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 207 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: python3-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), bsdtar-3.5.3-3.el9 (CVE-2022-36227), glib2-devel-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), openssl-libs-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), delve-1.8.3-1.el9 (CVE-2024-45341), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2024-25629, CVE-2025-23165), openssl-devel-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), gdb-headless-10.2-10.el9 (CVE-2021-3826), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), ncurses-6.2-8.20210508.el9 (CVE-2022-29458), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458), python3-libs-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), perl-Git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), go-toolset-1.18.9-1.el9_1 (CVE-2024-45341), libtiff-4.4.0-5.el9_1 (CVE-2023-6228), procps-ng-3.3.17-8.el9 (CVE-2023-4016), libpq-13.5-1.el9 (CVE-2022-41862), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), glibc-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), openssl-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), lua-libs-5.4.4-2.el9_1 (CVE-2022-28805), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), libpq-devel-13.5-1.el9 (CVE-2022-41862), krb5-libs-1.19.1-24.el9_1 (CVE-2024-26458, CVE-2024-26461), glibc-locale-source-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), golang-1.18.9-1.el9_1 (CVE-2024-45341), file-libs-5.39-10.el9 (CVE-2022-48554), gdb-10.2-10.el9 (CVE-2021-3826), libarchive-3.5.3-3.el9 (CVE-2022-36227), shadow-utils-2:4.9-5.el9 (CVE-2023-4641, CVE-2024-56433), nodejs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), glibc-headers-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-devel-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), golang-bin-1.18.9-1.el9_1 (CVE-2024-45341), file-5.39-10.el9 (CVE-2022-48554), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-6228), libcap-2.48-8.el9 (CVE-2023-2602), git-core-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), curl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glib2-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), golang-src-1.18.9-1.el9_1 (CVE-2024-45341), glibc-common-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 187 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: python3-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), libX11-devel-1.7.0-7.el9 (CVE-2022-3555), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), bsdtar-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), glib2-devel-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libX11-common-1.7.0-7.el9 (CVE-2022-3555), pkgconf-pkg-config-1.7.3-9.el9 (CVE-2023-24056), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), gawk-5.1.0-6.el9 (CVE-2023-4156), libstdc++-devel-11.3.1-2.1.el9 (CVE-2022-27943), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2022-27943), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), sqlite-libs-3.34.1-6.el9_1 (CVE-2024-0232), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), binutils-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), qt5-srpm-macros-5.15.3-1.el9 (CVE-2025-23050), ncurses-base-6.2-8.20210508.el9 (CVE-2023-50495), ncurses-6.2-8.20210508.el9 (CVE-2023-50495), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-50495), tar-2:1.34-6.el9_1 (CVE-2023-39804), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), libgomp-11.3.1-2.1.el9 (CVE-2022-27943), cpp-11.3.1-2.1.el9 (CVE-2022-27943), libtiff-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), libgcc-11.3.1-2.1.el9 (CVE-2022-27943), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), binutils-gold-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), pcre2-devel-10.40-2.el9 (CVE-2022-41409), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), elfutils-debuginfod-client-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), libstdc++-11.3.1-2.1.el9 (CVE-2022-27943), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), sqlite-devel-3.34.1-6.el9_1 (CVE-2024-0232), pkgconf-1.7.3-9.el9 (CVE-2023-24056), elfutils-libs-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), openssl-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), gcc-11.3.1-2.1.el9 (CVE-2022-27943), libxslt-1.1.34-9.el9 (CVE-2025-11731), libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), elfutils-libelf-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libxslt-devel-1.1.34-9.el9 (CVE-2025-11731), libarchive-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), patch-2.7.6-16.el9 (CVE-2021-45261), libpng-2:1.6.37-12.el9 (CVE-2022-3857), nodejs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), pkgconf-m4-1.7.3-9.el9 (CVE-2023-24056), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258), gcc-c++-11.3.1-2.1.el9 (CVE-2022-27943), sqlite-3.34.1-6.el9_1 (CVE-2024-0232), libpkgconf-1.7.3-9.el9 (CVE-2023-24056), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), emacs-filesystem-1:27.2-6.el9 (CVE-2017-1000383), pcre2-10.40-2.el9 (CVE-2022-41409), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), curl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), glib2-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), cmake-filesystem-3.20.2-7.el9 (CVE-2025-9301), elfutils-default-yama-scope-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), libX11-1.7.0-7.el9 (CVE-2022-3555)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 444 } }, { "msg": "Found packages with unknown vulnerabilities. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-1.2.0-3.el9 (CVE-2023-5129), libwebp-devel-1.2.0-3.el9 (CVE-2023-5129)", "name": "clair_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } } ] } ] {"vulnerabilities":{"critical":0,"high":228,"medium":701,"low":187,"unknown":2},"unpatched_vulnerabilities":{"critical":0,"high":1,"medium":207,"low":444,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74", "digests": ["sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:12:21+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-x8gnn-clamav-scan-pod | init container: prepare 2026/02/10 22:08:54 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-clamav-scan-pod | init container: place-scripts 2026/02/10 22:08:58 Decoded script /tekton/scripts/script-0-74fdk 2026/02/10 22:08:59 Decoded script /tekton/scripts/script-1-szbmq pod: go-component-urfrln-on-pull-request-x8gnn-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 39.304 sec (0 m 39 s) Start Date: 2026:02:10 22:09:26 End Date: 2026:02:10 22:10:05 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761405","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761405","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761405","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74", "digests": ["sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce"]}} pod: go-component-urfrln-on-pull-request-x8gnn-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 4ecccb51a992 clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 4ff6b1814226 clamscan-result-amd64.log Uploaded 4ff6b1814226 clamscan-result-amd64.log Uploaded 4ecccb51a992 clamscan-ec-test-amd64.json Uploading 369d6fbac718 application/vnd.oci.image.manifest.v1+json Uploaded 369d6fbac718 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce Digest: sha256:369d6fbac718d9670d4002011b354c947460d725274554750a423e2e7d35d7a2 pod: go-component-urfrln-on-pull-request-x8gnn-clone-repository-pod | init container: prepare 2026/02/10 22:04:50 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-clone-repository-pod | init container: place-scripts 2026/02/10 22:04:51 Decoded script /tekton/scripts/script-0-cm52l 2026/02/10 22:04:51 Decoded script /tekton/scripts/script-1-7lnw9 pod: go-component-urfrln-on-pull-request-x8gnn-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761097.9219418,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761098.1003056,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761098.100348,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761098.1240804,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 directly. pod: go-component-urfrln-on-pull-request-x8gnn-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-urfrln-on-pull-request-x8gnn-init-pod | init container: prepare 2026/02/10 22:04:14 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-init-pod | init container: place-scripts 2026/02/10 22:04:15 Decoded script /tekton/scripts/script-0-8w78g pod: go-component-urfrln-on-pull-request-x8gnn-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: go-component-urfrln-on-pull-request-x8gnn-push-dockerfile-pod | init container: prepare 2026/02/10 22:08:54 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-0-vhc5r pod: go-component-urfrln-on-pull-request-x8gnn-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-x8gnn-push-dockerfile-pod | container step-push: [2026-02-10T22:09:01,460053552+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.4cRNjw2dD6 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:sha256-0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce.dockerfile Dockerfile pod: go-component-urfrln-on-pull-request-x8gnn-sast-shell-check-pod | init container: prepare 2026/02/10 22:08:54 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-0-c7q9k 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-1-ckfcv pod: go-component-urfrln-on-pull-request-x8gnn-sast-shell-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-x8gnn-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-124.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-85.json ./shellcheck-results/sc-86.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:09:03+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull-request-x8gnn-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Uploading 3b606a9dd3a1 shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 3b606a9dd3a1 shellcheck-results.sarif Uploading 82413ff68801 application/vnd.oci.image.manifest.v1+json Uploaded 82413ff68801 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce Digest: sha256:82413ff68801d11a2fd74a1999e3a4520cfbf05dc10fc46a6b6f7de04c717ea9 No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull-request-x8gnn-sast-snyk-check-pod | init container: prepare 2026/02/10 22:08:54 Entrypoint initialization pod: go-component-urfrln-on-pull-request-x8gnn-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-0-jgdqr 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-1-brgf6 pod: go-component-urfrln-on-pull-request-x8gnn-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-x8gnn-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-urfrln INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-x8gnn-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | init container: prepare 2026/02/10 22:08:09 Entrypoint initialization pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | init container: place-scripts 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-0-7w8jm 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-1-fpg8l 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-2-jpbh4 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-3-9hwfd 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-4-n95p5 2026/02/10 22:08:09 Decoded script /tekton/scripts/script-5-njsnr pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Auth json written to "/auth/auth.json". pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-set-skip-for-bundles: 2026/02/10 22:10:27 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-app-check: time="2026-02-10T22:10:27Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:10:27Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 for platform amd64" time="2026-02-10T22:10:27Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74" time="2026-02-10T22:11:28Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:11:28Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:11:28Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:11:28Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:11:28Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:11:28Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:11:28Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:11:56Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:11:56Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:11:56Z" level=info msg="This image's tag on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 will be paired with digest sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 107, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 27792, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 125, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:11:57Z" level=info msg="Preflight result: FAILED" pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761517","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 pod: go-component-urfrln-on-pull01ee4a58679d084f946d1e76b1cd40b8-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761517","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: go-component-urfrln-on-pull5a53d9a7783228956e10140674b3b356-pod | init container: prepare 2026/02/10 22:05:01 Entrypoint initialization pod: go-component-urfrln-on-pull5a53d9a7783228956e10140674b3b356-pod | init container: place-scripts 2026/02/10 22:05:01 Decoded script /tekton/scripts/script-0-g8b9b 2026/02/10 22:05:01 Decoded script /tekton/scripts/script-1-xcqzb pod: go-component-urfrln-on-pull5a53d9a7783228956e10140674b3b356-pod | container step-sanitize-config-file-with-yq: pod: go-component-urfrln-on-pull5a53d9a7783228956e10140674b3b356-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: go-component-urfrln-on-pulle9dcfb74c24a1fe80706f1a79696de66-pod | init container: prepare 2026/02/10 22:08:54 Entrypoint initialization pod: go-component-urfrln-on-pulle9dcfb74c24a1fe80706f1a79696de66-pod | init container: place-scripts 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-0-4mqpx 2026/02/10 22:08:54 Decoded script /tekton/scripts/script-1-wzs6q pod: go-component-urfrln-on-pulle9dcfb74c24a1fe80706f1a79696de66-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pulle9dcfb74c24a1fe80706f1a79696de66-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:09:03+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:09:03+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pulle9dcfb74c24a1fe80706f1a79696de66-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Uploading 1da9b99b8b41 sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 31eb8dce30ea application/vnd.oci.image.manifest.v1+json Uploaded 31eb8dce30ea application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-a03a1c1eabfec99b1d3049cb22a32eb530ef1a74@sha256:0a1279e309523ef93719efb9765d24a177c6308778c7799d29f74b2a204e28ce Digest: sha256:31eb8dce30ea10d4a0dc200e1afcc66bef92b72d5c129a4302249da4defb560a No excluded-findings.json exists. Skipping upload. PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Running PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-8q8bl reason: Failed attempt 2/3: PipelineRun "go-component-urfrln-on-pull-request-8q8bl" failed: pod: go-component-urfrln-on-pull-request-8q8bl-apply-tags-pod | init container: prepare 2026/02/10 22:14:48 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:14:51Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96" time="2026-02-10T22:14:51Z" level=info msg="[param] Image digest: sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54" time="2026-02-10T22:14:51Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:14:51Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | init container: prepare 2026/02/10 22:13:17 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | init container: place-scripts 2026/02/10 22:13:17 Decoded script /tekton/scripts/script-0-5zp2m 2026/02/10 22:13:17 Decoded script /tekton/scripts/script-1-89576 2026/02/10 22:13:17 Decoded script /tekton/scripts/script-2-d8rtq 2026/02/10 22:13:17 Decoded script /tekton/scripts/script-3-9hldk 2026/02/10 22:13:17 Decoded script /tekton/scripts/script-4-dw6d7 pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | container step-build: [2026-02-10T22:13:21,989260493+00:00] Validate context path [2026-02-10T22:13:21,992560071+00:00] Update CA trust [2026-02-10T22:13:21,993616341+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:13:23,989512539+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:13:23,996227521+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:13:29,073921959+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-02-10T22:13:41,900666738+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:13:29Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-02-10T22:13:29Z" } [2026-02-10T22:13:41,945300692+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:13:41,948567534+00:00] Add secrets [2026-02-10T22:13:41,955864987+00:00] Run buildah build [2026-02-10T22:13:41,956944975+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 --label org.opencontainers.image.revision=dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-02-10T22:13:29Z --label org.opencontainers.image.created=2026-02-10T22:13:29Z --annotation org.opencontainers.image.revision=dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-02-10T22:13:29Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.anyrI0 -t quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96" "org.opencontainers.image.revision"="dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-02-10T22:13:29Z" "org.opencontainers.image.created"="2026-02-10T22:13:29Z" COMMIT quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 --> 78203c4f54d8 Successfully tagged quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 78203c4f54d8e03da02587ce246e7166c51c18143ae68d2551cf55375848c1b5 [2026-02-10T22:13:46,037002610+00:00] Unsetting proxy [2026-02-10T22:13:46,038257146+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:d3fa76ceba874f13de7f6b06ba17f4ce71d0615b959d02ff011a0e861e5ce454 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying config sha256:78203c4f54d8e03da02587ce246e7166c51c18143ae68d2551cf55375848c1b5 Writing manifest to image destination [2026-02-10T22:13:53,502403943+00:00] End build pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | container step-push: [2026-02-10T22:13:54,148300315+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:13:56,212588298+00:00] Convert image [2026-02-10T22:13:56,213658527+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-8q8bl-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-8q8bl-build-container Getting image source signatures Copying blob sha256:d3fa76ceba874f13de7f6b06ba17f4ce71d0615b959d02ff011a0e861e5ce454 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:78203c4f54d8e03da02587ce246e7166c51c18143ae68d2551cf55375848c1b5 Writing manifest to image destination [2026-02-10T22:14:08,406790762+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Getting image source signatures Copying blob sha256:d3fa76ceba874f13de7f6b06ba17f4ce71d0615b959d02ff011a0e861e5ce454 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying config sha256:78203c4f54d8e03da02587ce246e7166c51c18143ae68d2551cf55375848c1b5 Writing manifest to image destination sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 [2026-02-10T22:14:09,262418128+00:00] End push pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:14:10,252134925+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:14:30,565170715+00:00] End sbom-syft-generate pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | container step-prepare-sboms: [2026-02-10T22:14:31,368573780+00:00] Prepare SBOM [2026-02-10T22:14:31,372310220+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:14:32,456 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:14:32,892 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-02-10 22:14:34,133 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:14:34,133 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:14:34,135 [INFO] mobster.log: Contextual workflow completed in 1.35s 2026-02-10 22:14:34,269 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:14:34,345805916+00:00] End prepare-sboms pod: go-component-urfrln-on-pull-request-8q8bl-build-container-pod | container step-upload-sbom: [2026-02-10T22:14:34,468579895+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:405b79179edbf42b8195f9a1cf7b297fc8b67351da6b492d5e13adf5508bddb2 [2026-02-10T22:14:36,818317619+00:00] End upload-sbom pod: go-component-urfrln-on-pull-request-8q8bl-build-image-index-pod | init container: prepare 2026/02/10 22:14:38 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-build-image-index-pod | init container: place-scripts 2026/02/10 22:14:39 Decoded script /tekton/scripts/script-0-4l76x 2026/02/10 22:14:39 Decoded script /tekton/scripts/script-1-dmzmt 2026/02/10 22:14:39 Decoded script /tekton/scripts/script-2-5r6c5 pod: go-component-urfrln-on-pull-request-8q8bl-build-image-index-pod | container step-build: [2026-02-10T22:14:42,480823346+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 6da29c753851c70e421c86970194c010cb6f1eb8064f83356b105f7b65fdae32 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54. pod: go-component-urfrln-on-pull-request-8q8bl-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-urfrln-on-pull-request-8q8bl-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:14:44,710729123+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | init container: prepare 2026/02/10 22:14:48 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | init container: place-scripts 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-0-92g7r 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-1-t5vdb 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-2-mcnmk 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-3-kljl4 pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54. pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:14:55Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"}] 2026-02-10T22:14:55Z INF libvuln initialized component=libvuln/New 2026-02-10T22:14:57Z INF registered configured scanners component=libindex/New 2026-02-10T22:14:57Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:14:57Z INF index request start component=libindex/Libindex.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 2026-02-10T22:14:57Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 2026-02-10T22:14:57Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=CheckManifest 2026-02-10T22:14:57Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=FetchLayers 2026-02-10T22:15:07Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=FetchLayers 2026-02-10T22:15:07Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=FetchLayers 2026-02-10T22:15:07Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=ScanLayers 2026-02-10T22:15:07Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991 manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 path=root/buildinfo/Dockerfile-ubi9-9.1.0-1782 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:15:07Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975 manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 path=root/buildinfo/Dockerfile-ubi9-s2i-core-1-394 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:15:07Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581 manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 path=root/buildinfo/Dockerfile-ubi9-s2i-base-1-421 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:15:08Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670 manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 path=root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:15:11Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=ScanLayers 2026-02-10T22:15:11Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=IndexManifest 2026-02-10T22:15:11Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=IndexFinished 2026-02-10T22:15:11Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 state=IndexFinished 2026-02-10T22:15:11Z INF index request done component=libindex/Libindex.Index manifest=sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 { "manifest_hash": "sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54", "packages": { "++K+RsmgWfVk2mj1+hzWKA==": { "id": "++K+RsmgWfVk2mj1+hzWKA==", "name": "zlib-devel", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+8O7w8gnK983LoZMdgIWhQ==": { "id": "+8O7w8gnK983LoZMdgIWhQ==", "name": "kernel-headers", "version": "5.14.0-162.18.1.el9_1", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-162.18.1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+LQ46YAn9giMKDZRMCUpfg==": { "id": "+LQ46YAn9giMKDZRMCUpfg==", "name": "perl-lib", "version": "0.65-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Mkqc/Y23wK8i6e0RDbi0w==": { "id": "+Mkqc/Y23wK8i6e0RDbi0w==", "name": "libstdc++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+jCn1wujuDa5B1uNvCdVnw==": { "id": "+jCn1wujuDa5B1uNvCdVnw==", "name": "device-mapper-libs", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/FMjm+UzO0PTaS3Td0lhkw==": { "id": "/FMjm+UzO0PTaS3Td0lhkw==", "name": "pkgconf-pkg-config", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/dbWc/LExxt1O7duWFf9og==": { "id": "/dbWc/LExxt1O7duWFf9og==", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/t0e+LuglIbDcO/k67Hr2A==": { "id": "/t0e+LuglIbDcO/k67Hr2A==", "name": "elfutils-libs", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/th8aUKrkgR3Sw9KSBM+CA==": { "id": "/th8aUKrkgR3Sw9KSBM+CA==", "name": "python3-subscription-manager-rhsm", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0N0D43vK8KV4kQOq2LQn7g==": { "id": "0N0D43vK8KV4kQOq2LQn7g==", "name": "glibc-locale-source", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0QIby1L00NbGeIw8oxRQWQ==": { "id": "0QIby1L00NbGeIw8oxRQWQ==", "name": "zip", "version": "3.0-33.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-33.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0wIoN0pFyBSc9eVtRdIOWA==": { "id": "0wIoN0pFyBSc9eVtRdIOWA==", "name": "python3", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13i0QoQ6Q4yBI5RUf20lXA==": { "id": "13i0QoQ6Q4yBI5RUf20lXA==", "name": "libwebp-devel", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1GZ5tdSeZY3Wi3x9/AVQ2Q==": { "id": "1GZ5tdSeZY3Wi3x9/AVQ2Q==", "name": "binutils-gold", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2REYKadw7TKFiuC+OnoHmA==": { "id": "2REYKadw7TKFiuC+OnoHmA==", "name": "rpm-build-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3688bXyK/nwHthXLLVH24g==": { "id": "3688bXyK/nwHthXLLVH24g==", "name": "perl-overloading", "version": "0.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3DTA/XNFCCDFf6sfX96bGg==": { "id": "3DTA/XNFCCDFf6sfX96bGg==", "name": "perl-Errno", "version": "1.30-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3RQKCmep11B4hkfn96QJTA==": { "id": "3RQKCmep11B4hkfn96QJTA==", "name": "shadow-utils", "version": "2:4.9-5.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3iIPR0bjuCPQ2+48pSdeHg==": { "id": "3iIPR0bjuCPQ2+48pSdeHg==", "name": "perl-IO", "version": "1.43-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Aph2Qer6+KdCecFsU0TXg==": { "id": "4Aph2Qer6+KdCecFsU0TXg==", "name": "systemd-rpm-macros", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4DM2GB9KLL7/xWypPdz7vA==": { "id": "4DM2GB9KLL7/xWypPdz7vA==", "name": "git-core-doc", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ImdKzJ7uZoaviIayzuoUg==": { "id": "4ImdKzJ7uZoaviIayzuoUg==", "name": "nodejs-full-i18n", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NZNFErDrBiBoorV+igTjg==": { "id": "5NZNFErDrBiBoorV+igTjg==", "name": "libtiff-devel", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5uy1J7qi/MafOdYJgaQeGw==": { "id": "5uy1J7qi/MafOdYJgaQeGw==", "name": "virt-what", "version": "1.25-1.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "68hxwX7t9VVTsdLs/0iJBA==": { "id": "68hxwX7t9VVTsdLs/0iJBA==", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "695zXUDPsaaAbh1PGloHag==": { "id": "695zXUDPsaaAbh1PGloHag==", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6VAQWTpZhN9PW7YCmVhxsw==": { "id": "6VAQWTpZhN9PW7YCmVhxsw==", "name": "glibc-headers", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6f28+Af9kIn0OSp9f9j14Q==": { "id": "6f28+Af9kIn0OSp9f9j14Q==", "name": "ubi9/s2i-base", "version": "1-421", "kind": "binary", "source": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7JHS+mBQfJeJoy73lvm4lw==": { "id": "7JHS+mBQfJeJoy73lvm4lw==", "name": "npm", "version": "1:8.19.2-1.16.18.1.3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7Lf3UXydabzw8g7HGZER+w==": { "id": "7Lf3UXydabzw8g7HGZER+w==", "name": "ubi9/s2i-core", "version": "1-394", "kind": "binary", "source": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "84WodsWNE9m9GIrBiKl02g==": { "id": "84WodsWNE9m9GIrBiKl02g==", "name": "python3-cloud-what", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Gh2hioTt5BFisg9eNKeEg==": { "id": "8Gh2hioTt5BFisg9eNKeEg==", "name": "python3-librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8I3zEJ4sFSgk47ZaRLgtDQ==": { "id": "8I3zEJ4sFSgk47ZaRLgtDQ==", "name": "annobin", "version": "10.73-3.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "10.73-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Ky53YwzOPM2pkEIVuuuBg==": { "id": "8Ky53YwzOPM2pkEIVuuuBg==", "name": "glibc-gconv-extra", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8tmJEWGia0UWhhPJb3EyAw==": { "id": "8tmJEWGia0UWhhPJb3EyAw==", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9AmKs/wDQFsVMVHWnqbu+g==": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "9Fy0bRr3ZMu3q8UNrhlOSQ==": { "id": "9Fy0bRr3ZMu3q8UNrhlOSQ==", "name": "man-db", "version": "2.9.3-6.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9WzsXAqqRoLidXM4HaB8/w==": { "id": "9WzsXAqqRoLidXM4HaB8/w==", "name": "delve", "version": "1.8.3-1.el9", "kind": "binary", "source": { "id": "", "name": "delve", "version": "1.8.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9hWn3VgLVkzmMJln7S0UCQ==": { "id": "9hWn3VgLVkzmMJln7S0UCQ==", "name": "libcurl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9sAM/NqMLlsG3N88/yD1Vg==": { "id": "9sAM/NqMLlsG3N88/yD1Vg==", "name": "python3-libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ARxZCHzD7KB2Pu4aHl7POw==": { "id": "ARxZCHzD7KB2Pu4aHl7POw==", "name": "python3-libs", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AZwLZmqkel2BzSMgQsIVGQ==": { "id": "AZwLZmqkel2BzSMgQsIVGQ==", "name": "libselinux", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AdRs6lk9yzTM3HvjeEThKA==": { "id": "AdRs6lk9yzTM3HvjeEThKA==", "name": "systemd", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AxTxyAHzdLVnUL9t8+ZYmg==": { "id": "AxTxyAHzdLVnUL9t8+ZYmg==", "name": "curl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BX+oelClu2v6UOl6tluOEQ==": { "id": "BX+oelClu2v6UOl6tluOEQ==", "name": "crypto-policies-scripts", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C3QbGupU53FFTX0pkfNLrA==": { "id": "C3QbGupU53FFTX0pkfNLrA==", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CjFzfz4zBZj7fcwIrVHCRA==": { "id": "CjFzfz4zBZj7fcwIrVHCRA==", "name": "perl-IPC-Open3", "version": "1.21-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CpC5etTxiNuDvBGQesJNDg==": { "id": "CpC5etTxiNuDvBGQesJNDg==", "name": "libmount", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ct/46Ed7Asmqt98kLc0FLw==": { "id": "Ct/46Ed7Asmqt98kLc0FLw==", "name": "perl-Symbol", "version": "1.08-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/XNnExpupd1bO9ZIJIE9w==": { "id": "D/XNnExpupd1bO9ZIJIE9w==", "name": "perl-AutoLoader", "version": "5.74-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D0GGDit/UxegO+/A5R03SA==": { "id": "D0GGDit/UxegO+/A5R03SA==", "name": "elfutils-default-yama-scope", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DGqCqs+yrHvXs9qsPgn58g==": { "id": "DGqCqs+yrHvXs9qsPgn58g==", "name": "github.com/devfile-samples/devfile-sample-go-basic", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E2+Fh4utKcr7Wyiwzh2bYw==": { "id": "E2+Fh4utKcr7Wyiwzh2bYw==", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7ikPxWehuEw+6yIZODYlQ==": { "id": "E7ikPxWehuEw+6yIZODYlQ==", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EgjLGZKjPtqIaFVLlFAAPg==": { "id": "EgjLGZKjPtqIaFVLlFAAPg==", "name": "openssh-clients", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EuqqL3yIFMd5VRAfuufJgg==": { "id": "EuqqL3yIFMd5VRAfuufJgg==", "name": "glibc-common", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GVmxmNcJqT3ovg+RwjJg1A==": { "id": "GVmxmNcJqT3ovg+RwjJg1A==", "name": "nodejs-docs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GXm2fCeoaq1FqYmMTmMmhQ==": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "H+zLNGeS4JMpmfP42mEhnA==": { "id": "H+zLNGeS4JMpmfP42mEhnA==", "name": "scl-utils", "version": "1:2.0.3-2.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IN2DA8X4LYRmUb07gLqapg==": { "id": "IN2DA8X4LYRmUb07gLqapg==", "name": "dnf-data", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J0HrVYoM3raELvTfJ82QMA==": { "id": "J0HrVYoM3raELvTfJ82QMA==", "name": "perl-vars", "version": "1.05-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JHQdC8JdSGipvO0sCig0cQ==": { "id": "JHQdC8JdSGipvO0sCig0cQ==", "name": "systemd-pam", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JrBk+FMgyv4RrG6esVBCIQ==": { "id": "JrBk+FMgyv4RrG6esVBCIQ==", "name": "cryptsetup-libs", "version": "2.4.3-5.el9_1.1", "kind": "binary", "source": { "id": "", "name": "cryptsetup", "version": "2.4.3-5.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Jt5/Qd9oxegZwQjsNbUyYA==": { "id": "Jt5/Qd9oxegZwQjsNbUyYA==", "name": "emacs-filesystem", "version": "1:27.2-6.el9", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L4diUjusARli24fy/u9lAw==": { "id": "L4diUjusARli24fy/u9lAw==", "name": "perl-NDBM_File", "version": "1.15-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LD9yEwGtdZJl2S96EO58PQ==": { "id": "LD9yEwGtdZJl2S96EO58PQ==", "name": "file-libs", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LR+S3JloJQ5YEViBpmcLkA==": { "id": "LR+S3JloJQ5YEViBpmcLkA==", "name": "pam", "version": "1.5.1-12.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lm5zHfIH4SjtxMBhECD0OQ==": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MJmw8vClC4VAn/J4MfhK2Q==": { "id": "MJmw8vClC4VAn/J4MfhK2Q==", "name": "python3-setuptools-wheel", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N4dB55YYjGYeXRj+vLBatg==": { "id": "N4dB55YYjGYeXRj+vLBatg==", "name": "perl-Class-Struct", "version": "0.66-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O2SZ5NZewmkamADtmBGMpw==": { "id": "O2SZ5NZewmkamADtmBGMpw==", "name": "setup", "version": "2.13.7-7.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OLwWa8SuQNJHUBFuTxkKKA==": { "id": "OLwWa8SuQNJHUBFuTxkKKA==", "name": "cyrus-sasl-lib", "version": "2.1.27-20.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PHkBez1UE90U9LJepncOKQ==": { "id": "PHkBez1UE90U9LJepncOKQ==", "name": "perl-mro", "version": "1.23-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q+exKQZH61PI/8YfpN472w==": { "id": "Q+exKQZH61PI/8YfpN472w==", "name": "glibc-devel", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QCZyKHG3XZk9MlIs9ZFBuA==": { "id": "QCZyKHG3XZk9MlIs9ZFBuA==", "name": "llvm-libs", "version": "14.0.6-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "14.0.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QcnepR4WKBdAhWdMUPrAWA==": { "id": "QcnepR4WKBdAhWdMUPrAWA==", "name": "python3-hawkey", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R7K6A/Ve75xrYpD+6H0Z8w==": { "id": "R7K6A/Ve75xrYpD+6H0Z8w==", "name": "file", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RRIjgvJwJW9jZT+h6lhzrQ==": { "id": "RRIjgvJwJW9jZT+h6lhzrQ==", "name": "nodejs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RhNJQyxUHoA1z70UtgAC4Q==": { "id": "RhNJQyxUHoA1z70UtgAC4Q==", "name": "perl-File-stat", "version": "1.09-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RjsHhFfoWvmQBIu8lxYZjw==": { "id": "RjsHhFfoWvmQBIu8lxYZjw==", "name": "perl-SelectSaver", "version": "1.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Rx4ZYvIz7JT5wbghBsjOTA==": { "id": "Rx4ZYvIz7JT5wbghBsjOTA==", "name": "libsemanage", "version": "3.4-2.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SRyGVMCI95+oD0l3+3YStw==": { "id": "SRyGVMCI95+oD0l3+3YStw==", "name": "dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSnnOPGZCl33DlmR57wC7w==": { "id": "SSnnOPGZCl33DlmR57wC7w==", "name": "python3-dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SV9uo4F9Li9vAHBKYcAlZA==": { "id": "SV9uo4F9Li9vAHBKYcAlZA==", "name": "binutils", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TANtf1h6RhI5yVQQhHFTbg==": { "id": "TANtf1h6RhI5yVQQhHFTbg==", "name": "libstdc++-devel", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "THoW7icQ9Ts4hZAkh5A/WQ==": { "id": "THoW7icQ9Ts4hZAkh5A/WQ==", "name": "perl-if", "version": "0.60.800-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uui1iXuECCOB7NgLQMsJpg==": { "id": "Uui1iXuECCOB7NgLQMsJpg==", "name": "glibc-langpack-en", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UyCrdfN88WUEEECLCIw93w==": { "id": "UyCrdfN88WUEEECLCIw93w==", "name": "keyutils-libs", "version": "1.6.1-4.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VFldiAD+rTFuce+kutFUuA==": { "id": "VFldiAD+rTFuce+kutFUuA==", "name": "openssl", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKbklzwNVEem7m1iQRERDg==": { "id": "VKbklzwNVEem7m1iQRERDg==", "name": "stdlib", "version": "1.18.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.1.0.0.0.0.0.0", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W+js148eF9SSUbrTSIRvOQ==": { "id": "W+js148eF9SSUbrTSIRvOQ==", "name": "libcurl-devel", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WCNTEGU4JEqQUNwdkKkP0Q==": { "id": "WCNTEGU4JEqQUNwdkKkP0Q==", "name": "perl-interpreter", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WIBkwuKReD+vnev0WY88mA==": { "id": "WIBkwuKReD+vnev0WY88mA==", "name": "go-srpm-macros", "version": "3.0.9-9.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.0.9-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WXfnWfq5UvDl4B0hS+0enw==": { "id": "WXfnWfq5UvDl4B0hS+0enw==", "name": "elfutils-debuginfod-client", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WgTBt6b85L1bF7WXV5bQRA==": { "id": "WgTBt6b85L1bF7WXV5bQRA==", "name": "perl-File-Compare", "version": "1.100.600-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WuHt6bav9qTQn9+qCLLu3w==": { "id": "WuHt6bav9qTQn9+qCLLu3w==", "name": "python3-rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XD0JiZBKTweysL9d3sIzpw==": { "id": "XD0JiZBKTweysL9d3sIzpw==", "name": "perl-subs", "version": "1.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XPJI1FEhwhWF1vzFJI8S6g==": { "id": "XPJI1FEhwhWF1vzFJI8S6g==", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XVUHqTgxrtHVNbQOLA/oQA==": { "id": "XVUHqTgxrtHVNbQOLA/oQA==", "name": "librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XmQjRyagIacphhV3vVNJUg==": { "id": "XmQjRyagIacphhV3vVNJUg==", "name": "libuser", "version": "0.63-11.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Xs0UZDLX+3bz2vT+iSJz7Q==": { "id": "Xs0UZDLX+3bz2vT+iSJz7Q==", "name": "glib2", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y2WVn7YbALZNiKrMVF83bA==": { "id": "Y2WVn7YbALZNiKrMVF83bA==", "name": "bsdtar", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "YRfO+WACNVQDTEO1DaRoPw==": { "id": "YRfO+WACNVQDTEO1DaRoPw==", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZEh/5caJmj5WMgoK5/jyfw==": { "id": "ZEh/5caJmj5WMgoK5/jyfw==", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Znd6oNA8HDVHwd3abR/PEg==": { "id": "Znd6oNA8HDVHwd3abR/PEg==", "name": "libblkid-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "aW0vfCmvp3ku6dMkvaoZGw==": { "id": "aW0vfCmvp3ku6dMkvaoZGw==", "name": "perl-base", "version": "2.27-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ao0mLJHwgqEhua26lzg6gQ==": { "id": "ao0mLJHwgqEhua26lzg6gQ==", "name": "glibc-minimal-langpack", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "byfHs8LLvbAc+YzK8+QmXA==": { "id": "byfHs8LLvbAc+YzK8+QmXA==", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+W6x4Mcea6sasJQFpayfg==": { "id": "c+W6x4Mcea6sasJQFpayfg==", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c4cAHnbL6QvzxTWvSxwSUQ==": { "id": "c4cAHnbL6QvzxTWvSxwSUQ==", "name": "golang-bin", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c6MW06Rtj8J56gSpVtmC/w==": { "id": "c6MW06Rtj8J56gSpVtmC/w==", "name": "libselinux-devel", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cPPALpm8EZ1p7Fe1on0nPQ==": { "id": "cPPALpm8EZ1p7Fe1on0nPQ==", "name": "diffutils", "version": "3.7-12.el9", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "3.7-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "caF9WsICRhpk2jJBTv5OsQ==": { "id": "caF9WsICRhpk2jJBTv5OsQ==", "name": "perl-File-Basename", "version": "2.85-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "cj0M8yBzJA8j5tTGHOqDIw==": { "id": "cj0M8yBzJA8j5tTGHOqDIw==", "name": "perl-Fcntl", "version": "1.13-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ckYokpjDEx3hfGxpdtbM6A==": { "id": "ckYokpjDEx3hfGxpdtbM6A==", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "clGQ5Kq/RKZZziBln/4BLA==": { "id": "clGQ5Kq/RKZZziBln/4BLA==", "name": "perl-DynaLoader", "version": "1.47-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dnA+092RxSVxmYLtbm4n5w==": { "id": "dnA+092RxSVxmYLtbm4n5w==", "name": "libmount-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dt/eA+h8BqXPeZvbQ4xjlQ==": { "id": "dt/eA+h8BqXPeZvbQ4xjlQ==", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eJ5VkZHE2z3KyF5sFEKj8g==": { "id": "eJ5VkZHE2z3KyF5sFEKj8g==", "name": "cmake-filesystem", "version": "3.20.2-7.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eMk3cpR3xfyfnR/IUeON3Q==": { "id": "eMk3cpR3xfyfnR/IUeON3Q==", "name": "command-line-arguments", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "eUjbBBk9e6ukjdxq7Ysc5Q==": { "id": "eUjbBBk9e6ukjdxq7Ysc5Q==", "name": "krb5-libs", "version": "1.19.1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.19.1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eckWZv7IBjaLZNS/vZ1gWg==": { "id": "eckWZv7IBjaLZNS/vZ1gWg==", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ey7Cn3NmMZ6qorZvUccGqA==": { "id": "ey7Cn3NmMZ6qorZvUccGqA==", "name": "nodejs-libs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fTz/BbdjDg+PD+HvcMlQ3A==": { "id": "fTz/BbdjDg+PD+HvcMlQ3A==", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ffBZQco1wXO0fddcwHstSQ==": { "id": "ffBZQco1wXO0fddcwHstSQ==", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hGxLNL3q3tYYzz2uKfKB4A==": { "id": "hGxLNL3q3tYYzz2uKfKB4A==", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hHL/OokyETnopazrev0shg==": { "id": "hHL/OokyETnopazrev0shg==", "name": "lua-libs", "version": "5.4.4-2.el9_1", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hNv7ol5w6PGaZXktwlRWPg==": { "id": "hNv7ol5w6PGaZXktwlRWPg==", "name": "libblkid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hasHd85qN7fkJeIIqjjDow==": { "id": "hasHd85qN7fkJeIIqjjDow==", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hvKbzRSMjrg1f3y/PRzGwg==": { "id": "hvKbzRSMjrg1f3y/PRzGwg==", "name": "openssl-devel", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1yNGcAdCbK2SnebCgMUqQ==": { "id": "i1yNGcAdCbK2SnebCgMUqQ==", "name": "systemd-libs", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQnKl0+RxymKc9bhVdyuyQ==": { "id": "iQnKl0+RxymKc9bhVdyuyQ==", "name": "perl-B", "version": "1.80-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "j3oHbOmfE09xNAzoTXpcSg==": { "id": "j3oHbOmfE09xNAzoTXpcSg==", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jADxtb7PiatU9dihVhjp/Q==": { "id": "jADxtb7PiatU9dihVhjp/Q==", "name": "elfutils-libelf", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jSOT/FBECA7xUY+Zv/Ps+Q==": { "id": "jSOT/FBECA7xUY+Zv/Ps+Q==", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kMrprdB/TspYL2Dyt9hBfw==": { "id": "kMrprdB/TspYL2Dyt9hBfw==", "name": "libgomp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ki6pd/LsWsx2BY6b+Np6dQ==": { "id": "ki6pd/LsWsx2BY6b+Np6dQ==", "name": "cpp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kzHnWWgcRX/Do32aQ8TMBQ==": { "id": "kzHnWWgcRX/Do32aQ8TMBQ==", "name": "perl-Git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lxyER9sFQyH/cLua8fAlfw==": { "id": "lxyER9sFQyH/cLua8fAlfw==", "name": "perl-File-Find", "version": "1.37-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mRRefE/Wm2s5CZDmwUJ8jg==": { "id": "mRRefE/Wm2s5CZDmwUJ8jg==", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "me8N6gnEhOLccvD/431aCw==": { "id": "me8N6gnEhOLccvD/431aCw==", "name": "libgcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mqd6XOc7hJ7OKe7FI62YlA==": { "id": "mqd6XOc7hJ7OKe7FI62YlA==", "name": "python3-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ms1/Dytf/YQgRgubY3EyyQ==": { "id": "ms1/Dytf/YQgRgubY3EyyQ==", "name": "libsepol-devel", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "n2BikwI3Mg2dIr4kYK8New==": { "id": "n2BikwI3Mg2dIr4kYK8New==", "name": "pkgconf-m4", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nRx5HCyZ2M4L1LvJSclibw==": { "id": "nRx5HCyZ2M4L1LvJSclibw==", "name": "rsync", "version": "3.2.3-18.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "noZz3cbDBX3Q1ohSWIKe1g==": { "id": "noZz3cbDBX3Q1ohSWIKe1g==", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nwgNWiqPWTP9jQpHdB8CFA==": { "id": "nwgNWiqPWTP9jQpHdB8CFA==", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o3loazzxvm2hQ5N1QRaYvg==": { "id": "o3loazzxvm2hQ5N1QRaYvg==", "name": "glib2-devel", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oCbJhi6fmGrlKcF1SlNuYw==": { "id": "oCbJhi6fmGrlKcF1SlNuYw==", "name": "git-core", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oGWSEEsLb6ToIwJ1tUBkwg==": { "id": "oGWSEEsLb6ToIwJ1tUBkwg==", "name": "perl-File-Copy", "version": "2.34-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oWKtpTsx1ck3WozLlUNKbw==": { "id": "oWKtpTsx1ck3WozLlUNKbw==", "name": "yum", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9BcHmUiqsfiDX2HpNFM5g==": { "id": "p9BcHmUiqsfiDX2HpNFM5g==", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pNbpZqWYymW5Cm1QYLE4uQ==": { "id": "pNbpZqWYymW5Cm1QYLE4uQ==", "name": "device-mapper", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pdyD4GFauXtML8NxA7nURQ==": { "id": "pdyD4GFauXtML8NxA7nURQ==", "name": "python3-dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "peDze6790+ubKa/8hacS+w==": { "id": "peDze6790+ubKa/8hacS+w==", "name": "stdlib", "version": "1.18.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.9.0.0.0.0.0.0", "cpe": "" }, "pff1wMeg2U6ebqlGIkRlMg==": { "id": "pff1wMeg2U6ebqlGIkRlMg==", "name": "git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qIHoKDOcFEbVk0+xQvglbQ==": { "id": "qIHoKDOcFEbVk0+xQvglbQ==", "name": "openssl-libs", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qTTyL80F/2JUAy85WSpobg==": { "id": "qTTyL80F/2JUAy85WSpobg==", "name": "coreutils-single", "version": "8.32-32.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-32.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qijykJ/WFTcI/fd8/RsFmg==": { "id": "qijykJ/WFTcI/fd8/RsFmg==", "name": "ubi9", "version": "9.1.0-1782", "kind": "binary", "source": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rTAf2eiAGJSR1vI+tk12zg==": { "id": "rTAf2eiAGJSR1vI+tk12zg==", "name": "libuuid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rkUaC636uKZYge61PN1dew==": { "id": "rkUaC636uKZYge61PN1dew==", "name": "perl-POSIX", "version": "1.94-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ryPyL0/oZK1jJ8umBZkZBA==": { "id": "ryPyL0/oZK1jJ8umBZkZBA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szNvvFbgC3+nu7+FkWHQxA==": { "id": "szNvvFbgC3+nu7+FkWHQxA==", "name": "perl-overload", "version": "1.31-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "t51FYLdtFZpGFe/8JMUaTQ==": { "id": "t51FYLdtFZpGFe/8JMUaTQ==", "name": "rhel9/go-toolset", "version": "1.18.9-14", "kind": "binary", "source": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "tsX00aIcJlVDdnN8EABj3g==": { "id": "tsX00aIcJlVDdnN8EABj3g==", "name": "perl-Getopt-Std", "version": "1.12-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u+N5u943P15onszlgf+ujA==": { "id": "u+N5u943P15onszlgf+ujA==", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u95OKK2MhRQlEYI4tmvSVQ==": { "id": "u95OKK2MhRQlEYI4tmvSVQ==", "name": "util-linux-core", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uOrv4V08LjQ381I5J7cGpw==": { "id": "uOrv4V08LjQ381I5J7cGpw==", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uWyEe6UPxO05NNzNabxBgA==": { "id": "uWyEe6UPxO05NNzNabxBgA==", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uXpj8krYkomg5XDZ83F2kg==": { "id": "uXpj8krYkomg5XDZ83F2kg==", "name": "perl-libs", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVZXXrZNgHNmTJM7knKqAQ==": { "id": "vVZXXrZNgHNmTJM7knKqAQ==", "name": "libfdisk", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vaBZgtoGX6VZtIwrD9w+EQ==": { "id": "vaBZgtoGX6VZtIwrD9w+EQ==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wXu3MDegq/TfLSbBy6aoBQ==": { "id": "wXu3MDegq/TfLSbBy6aoBQ==", "name": "gcc-c++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wsc0mBnyNwrXYdpo0V+0aw==": { "id": "wsc0mBnyNwrXYdpo0V+0aw==", "name": "perl-FileHandle", "version": "2.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wusWpHXirQF8KfxliQcLkQ==": { "id": "wusWpHXirQF8KfxliQcLkQ==", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xC2PhiBOHiQbniVjaMltjw==": { "id": "xC2PhiBOHiQbniVjaMltjw==", "name": "libpkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xSR/sMJIXbuFPYhZS2ZN2Q==": { "id": "xSR/sMJIXbuFPYhZS2ZN2Q==", "name": "gcc-plugin-annobin", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yLdg/zIMr1LMvkW9tAZlGw==": { "id": "yLdg/zIMr1LMvkW9tAZlGw==", "name": "rpm-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yRjjypPMZa7QJg+DLoMumw==": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "yXx0rhfj7kyXaTrxOLQSfA==": { "id": "yXx0rhfj7kyXaTrxOLQSfA==", "name": "libsmartcols", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "z/d/zUXK6aF2L4H7dfeSZw==": { "id": "z/d/zUXK6aF2L4H7dfeSZw==", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zPYyryKVwACz98/WbfSW6w==": { "id": "zPYyryKVwACz98/WbfSW6w==", "name": "rpm-sign-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zpqzIc9TY4hiXJG024jdBQ==": { "id": "zpqzIc9TY4hiXJG024jdBQ==", "name": "golang-src", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "3f659b6d-628e-47e5-a677-dfea25ce22b3": { "id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "04c1d057-97cf-43e1-8fd0-8fecee86d846": { "id": "04c1d057-97cf-43e1-8fd0-8fecee86d846", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "0888d4dc-690f-4173-a8db-ef8cbdedb756": { "id": "0888d4dc-690f-4173-a8db-ef8cbdedb756", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "1809f798-1e7a-41bc-ae33-089c635aac32": { "id": "1809f798-1e7a-41bc-ae33-089c635aac32", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "18a3592d-0af8-4611-933f-a3d918892904": { "id": "18a3592d-0af8-4611-933f-a3d918892904", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "1a47e348-391b-45d6-b8fc-191a32c5f256": { "id": "1a47e348-391b-45d6-b8fc-191a32c5f256", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "324e79d1-a49e-4b31-9ea1-27180820fa23": { "id": "324e79d1-a49e-4b31-9ea1-27180820fa23", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "3e8e60f3-27ec-4475-a1d1-85fa699ae198": { "id": "3e8e60f3-27ec-4475-a1d1-85fa699ae198", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "5f83c78f-c403-48e7-a726-5f871730a415": { "id": "5f83c78f-c403-48e7-a726-5f871730a415", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "78e02e19-78c9-439b-8464-423ef9ab8283": { "id": "78e02e19-78c9-439b-8464-423ef9ab8283", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0": { "id": "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "++K+RsmgWfVk2mj1+hzWKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "+8O7w8gnK983LoZMdgIWhQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "+LQ46YAn9giMKDZRMCUpfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "+jCn1wujuDa5B1uNvCdVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "/FMjm+UzO0PTaS3Td0lhkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "/dbWc/LExxt1O7duWFf9og==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "/t0e+LuglIbDcO/k67Hr2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "/th8aUKrkgR3Sw9KSBM+CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "0N0D43vK8KV4kQOq2LQn7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "0QIby1L00NbGeIw8oxRQWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "0wIoN0pFyBSc9eVtRdIOWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "13i0QoQ6Q4yBI5RUf20lXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "2REYKadw7TKFiuC+OnoHmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "3688bXyK/nwHthXLLVH24g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "3DTA/XNFCCDFf6sfX96bGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "3RQKCmep11B4hkfn96QJTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "3iIPR0bjuCPQ2+48pSdeHg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "4Aph2Qer6+KdCecFsU0TXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "4DM2GB9KLL7/xWypPdz7vA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "4ImdKzJ7uZoaviIayzuoUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "5NZNFErDrBiBoorV+igTjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "5uy1J7qi/MafOdYJgaQeGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "68hxwX7t9VVTsdLs/0iJBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "695zXUDPsaaAbh1PGloHag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "6VAQWTpZhN9PW7YCmVhxsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "6f28+Af9kIn0OSp9f9j14Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "7JHS+mBQfJeJoy73lvm4lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "7Lf3UXydabzw8g7HGZER+w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "84WodsWNE9m9GIrBiKl02g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "8Gh2hioTt5BFisg9eNKeEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "8I3zEJ4sFSgk47ZaRLgtDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "8Ky53YwzOPM2pkEIVuuuBg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "8tmJEWGia0UWhhPJb3EyAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "9AmKs/wDQFsVMVHWnqbu+g==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "9Fy0bRr3ZMu3q8UNrhlOSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "9WzsXAqqRoLidXM4HaB8/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "9hWn3VgLVkzmMJln7S0UCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "9sAM/NqMLlsG3N88/yD1Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ARxZCHzD7KB2Pu4aHl7POw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "AZwLZmqkel2BzSMgQsIVGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "AdRs6lk9yzTM3HvjeEThKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "BX+oelClu2v6UOl6tluOEQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "C3QbGupU53FFTX0pkfNLrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "CjFzfz4zBZj7fcwIrVHCRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "CpC5etTxiNuDvBGQesJNDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Ct/46Ed7Asmqt98kLc0FLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "D/XNnExpupd1bO9ZIJIE9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "D0GGDit/UxegO+/A5R03SA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "DGqCqs+yrHvXs9qsPgn58g==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:161480d70dca25a2b4e96968eb431f25346315e0516dd21489f8af211fca09b8", "distribution_id": "", "repository_ids": [ "18a3592d-0af8-4611-933f-a3d918892904" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "E7ikPxWehuEw+6yIZODYlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "EgjLGZKjPtqIaFVLlFAAPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "EuqqL3yIFMd5VRAfuufJgg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "GVmxmNcJqT3ovg+RwjJg1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "GXm2fCeoaq1FqYmMTmMmhQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "H+zLNGeS4JMpmfP42mEhnA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "IN2DA8X4LYRmUb07gLqapg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "J0HrVYoM3raELvTfJ82QMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "JHQdC8JdSGipvO0sCig0cQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "JrBk+FMgyv4RrG6esVBCIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "L4diUjusARli24fy/u9lAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "LD9yEwGtdZJl2S96EO58PQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "LR+S3JloJQ5YEViBpmcLkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Lm5zHfIH4SjtxMBhECD0OQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "MJmw8vClC4VAn/J4MfhK2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "N4dB55YYjGYeXRj+vLBatg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "O2SZ5NZewmkamADtmBGMpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "OLwWa8SuQNJHUBFuTxkKKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "PHkBez1UE90U9LJepncOKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Q+exKQZH61PI/8YfpN472w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "QcnepR4WKBdAhWdMUPrAWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "RhNJQyxUHoA1z70UtgAC4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "RjsHhFfoWvmQBIu8lxYZjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Rx4ZYvIz7JT5wbghBsjOTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "SRyGVMCI95+oD0l3+3YStw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "SSnnOPGZCl33DlmR57wC7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "SV9uo4F9Li9vAHBKYcAlZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "TANtf1h6RhI5yVQQhHFTbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Uui1iXuECCOB7NgLQMsJpg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "UyCrdfN88WUEEECLCIw93w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "VFldiAD+rTFuce+kutFUuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "VKbklzwNVEem7m1iQRERDg==": [ { "package_db": "go:usr/bin/dlv", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "18a3592d-0af8-4611-933f-a3d918892904" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "W+js148eF9SSUbrTSIRvOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WIBkwuKReD+vnev0WY88mA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WXfnWfq5UvDl4B0hS+0enw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WgTBt6b85L1bF7WXV5bQRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "WuHt6bav9qTQn9+qCLLu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "XD0JiZBKTweysL9d3sIzpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "XPJI1FEhwhWF1vzFJI8S6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "XVUHqTgxrtHVNbQOLA/oQA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "XmQjRyagIacphhV3vVNJUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "Y2WVn7YbALZNiKrMVF83bA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "YRfO+WACNVQDTEO1DaRoPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ZEh/5caJmj5WMgoK5/jyfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "Znd6oNA8HDVHwd3abR/PEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "aW0vfCmvp3ku6dMkvaoZGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ao0mLJHwgqEhua26lzg6gQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "byfHs8LLvbAc+YzK8+QmXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "c+W6x4Mcea6sasJQFpayfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "c6MW06Rtj8J56gSpVtmC/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "cPPALpm8EZ1p7Fe1on0nPQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "caF9WsICRhpk2jJBTv5OsQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "cj0M8yBzJA8j5tTGHOqDIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ckYokpjDEx3hfGxpdtbM6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "clGQ5Kq/RKZZziBln/4BLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "dnA+092RxSVxmYLtbm4n5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "eMk3cpR3xfyfnR/IUeON3Q==": [ { "package_db": "go:usr/lib/golang/pkg/tool/linux_amd64/vet", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "18a3592d-0af8-4611-933f-a3d918892904" ] } ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "eckWZv7IBjaLZNS/vZ1gWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "ey7Cn3NmMZ6qorZvUccGqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "ffBZQco1wXO0fddcwHstSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hGxLNL3q3tYYzz2uKfKB4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hHL/OokyETnopazrev0shg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "hNv7ol5w6PGaZXktwlRWPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hasHd85qN7fkJeIIqjjDow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "hvKbzRSMjrg1f3y/PRzGwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "i1yNGcAdCbK2SnebCgMUqQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "iQnKl0+RxymKc9bhVdyuyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "j3oHbOmfE09xNAzoTXpcSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "jADxtb7PiatU9dihVhjp/Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "kMrprdB/TspYL2Dyt9hBfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "lxyER9sFQyH/cLua8fAlfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "me8N6gnEhOLccvD/431aCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "mqd6XOc7hJ7OKe7FI62YlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ms1/Dytf/YQgRgubY3EyyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "n2BikwI3Mg2dIr4kYK8New==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "nRx5HCyZ2M4L1LvJSclibw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "noZz3cbDBX3Q1ohSWIKe1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "nwgNWiqPWTP9jQpHdB8CFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "o3loazzxvm2hQ5N1QRaYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "oCbJhi6fmGrlKcF1SlNuYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "oWKtpTsx1ck3WozLlUNKbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "p9BcHmUiqsfiDX2HpNFM5g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "pNbpZqWYymW5Cm1QYLE4uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "pdyD4GFauXtML8NxA7nURQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "peDze6790+ubKa/8hacS+w==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:161480d70dca25a2b4e96968eb431f25346315e0516dd21489f8af211fca09b8", "distribution_id": "", "repository_ids": [ "18a3592d-0af8-4611-933f-a3d918892904" ] } ], "pff1wMeg2U6ebqlGIkRlMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "qIHoKDOcFEbVk0+xQvglbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "qTTyL80F/2JUAy85WSpobg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "qijykJ/WFTcI/fd8/RsFmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "rTAf2eiAGJSR1vI+tk12zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "rkUaC636uKZYge61PN1dew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "ryPyL0/oZK1jJ8umBZkZBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "szNvvFbgC3+nu7+FkWHQxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "t51FYLdtFZpGFe/8JMUaTQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "tsX00aIcJlVDdnN8EABj3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "u+N5u943P15onszlgf+ujA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "u95OKK2MhRQlEYI4tmvSVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "uOrv4V08LjQ381I5J7cGpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "uWyEe6UPxO05NNzNabxBgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "uXpj8krYkomg5XDZ83F2kg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "vVZXXrZNgHNmTJM7knKqAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "wXu3MDegq/TfLSbBy6aoBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "wsc0mBnyNwrXYdpo0V+0aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "wusWpHXirQF8KfxliQcLkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "xC2PhiBOHiQbniVjaMltjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "5f83c78f-c403-48e7-a726-5f871730a415", "0888d4dc-690f-4173-a8db-ef8cbdedb756" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "yLdg/zIMr1LMvkW9tAZlGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "yRjjypPMZa7QJg+DLoMumw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "04c1d057-97cf-43e1-8fd0-8fecee86d846", "04c1d057-97cf-43e1-8fd0-8fecee86d846" ] } ], "yXx0rhfj7kyXaTrxOLQSfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "z/d/zUXK6aF2L4H7dfeSZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ], "zPYyryKVwACz98/WbfSW6w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "a9dba9a2-17c2-46dc-8d89-cc8f8cf4f7e0", "324e79d1-a49e-4b31-9ea1-27180820fa23" ] } ], "zpqzIc9TY4hiXJG024jdBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "1a47e348-391b-45d6-b8fc-191a32c5f256", "1809f798-1e7a-41bc-ae33-089c635aac32" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "3f659b6d-628e-47e5-a677-dfea25ce22b3", "repository_ids": [ "78e02e19-78c9-439b-8464-423ef9ab8283", "3e8e60f3-27ec-4475-a1d1-85fa699ae198" ] } ] }, "vulnerabilities": { "++J1c+9mFiyHFShlJEQFeA==": { "id": "++J1c+9mFiyHFShlJEQFeA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "+0Id+AHw3V8pYW+ywWnP+g==": { "id": "+0Id+AHw3V8pYW+ywWnP+g==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "+0pi5+jw8FdwHp5pZIVTBg==": { "id": "+0pi5+jw8FdwHp5pZIVTBg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "+1zjTJXhgIQ5uwrI0Po3UA==": { "id": "+1zjTJXhgIQ5uwrI0Po3UA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "+63s7h05SP1xmH1EyLoL/Q==": { "id": "+63s7h05SP1xmH1EyLoL/Q==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "+DDOZxWQYsdNCtZZs4LB2w==": { "id": "+DDOZxWQYsdNCtZZs4LB2w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "+Hel9A1WiSK+ZclItesXnQ==": { "id": "+Hel9A1WiSK+ZclItesXnQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+Q1v3N9+IP1xQOJnmQWDyQ==": { "id": "+Q1v3N9+IP1xQOJnmQWDyQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "+Q9jA+OXah1xDhJvsj+1OQ==": { "id": "+Q9jA+OXah1xDhJvsj+1OQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+SOMbfLFiy8gAeP6YTZQLA==": { "id": "+SOMbfLFiy8gAeP6YTZQLA==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "+WB02bbxvRVZgJj5gYjJ7w==": { "id": "+WB02bbxvRVZgJj5gYjJ7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "+YVz742I3o3v3ix+O1wb3g==": { "id": "+YVz742I3o3v3ix+O1wb3g==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "+YsItiFwLsY/quEIP17M6A==": { "id": "+YsItiFwLsY/quEIP17M6A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+do0gu6vrF3ZT5my5V6+CQ==": { "id": "+do0gu6vrF3ZT5my5V6+CQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "+dqw6lT9TwTTzMp6O2vf1w==": { "id": "+dqw6lT9TwTTzMp6O2vf1w==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hNDIOxLd94c7zDMEtwHAQ==": { "id": "+hNDIOxLd94c7zDMEtwHAQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+ieGB56AL1fLbXEZaHIRig==": { "id": "+ieGB56AL1fLbXEZaHIRig==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+pLPiYWkQ9M+8Zi7lKlOZA==": { "id": "+pLPiYWkQ9M+8Zi7lKlOZA==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "+pWnGgJUL0jrC1yhwq+kNw==": { "id": "+pWnGgJUL0jrC1yhwq+kNw==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "+rCn8yfwQj/rMH9c7+J0ww==": { "id": "+rCn8yfwQj/rMH9c7+J0ww==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "+xzMjgQ/BhN1jTBlVwQfIA==": { "id": "+xzMjgQ/BhN1jTBlVwQfIA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+0dqY3HS0Vwp8Izm3R04Q==": { "id": "/+0dqY3HS0Vwp8Izm3R04Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+enDTB16pRyR8XOMcf3ug==": { "id": "/+enDTB16pRyR8XOMcf3ug==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/+t6edjy50ibBAIw8q+CWg==": { "id": "/+t6edjy50ibBAIw8q+CWg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "//2gjbgNV4aF0qefir+7Ng==": { "id": "//2gjbgNV4aF0qefir+7Ng==", "updater": "osv/go", "name": "GO-2024-2963", "description": "Denial of service due to improper 100-continue handling in net/http", "issued": "2024-07-02T20:11:00Z", "links": "https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.12" }, "//NR3gdAYSoDJ/e4qJeTJg==": { "id": "//NR3gdAYSoDJ/e4qJeTJg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:22005", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-12.el9_7", "arch_op": "pattern match" }, "/0WOR5Jn6BKoC/9+5dlz1Q==": { "id": "/0WOR5Jn6BKoC/9+5dlz1Q==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "/E8Khm0ZXy1gRiDom4c+aw==": { "id": "/E8Khm0ZXy1gRiDom4c+aw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/EvgSih2YVXl7ohENLMJIQ==": { "id": "/EvgSih2YVXl7ohENLMJIQ==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "/F62/Gd7cIE4aLRbxVnfCA==": { "id": "/F62/Gd7cIE4aLRbxVnfCA==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "/G3xQo8kmNMyu7hycZYF/A==": { "id": "/G3xQo8kmNMyu7hycZYF/A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/HT2WOXIuvVNrzT1Wp3ntw==": { "id": "/HT2WOXIuvVNrzT1Wp3ntw==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "/KRhrFyFO2WBBj1/Wnbnrg==": { "id": "/KRhrFyFO2WBBj1/Wnbnrg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/MgFHW097IAGIZkNc/Fltw==": { "id": "/MgFHW097IAGIZkNc/Fltw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/SEhubz8W4ZKbKg2+yh86Q==": { "id": "/SEhubz8W4ZKbKg2+yh86Q==", "updater": "rhel-vex", "name": "CVE-2022-30635", "description": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://www.cve.org/CVERecord?id=CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30635.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/U86DUGeHRSAL0GvmlifyA==": { "id": "/U86DUGeHRSAL0GvmlifyA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "/U8Jx7SKI9t4H3q4Xm/KEQ==": { "id": "/U8Jx7SKI9t4H3q4Xm/KEQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "/WghVlKV6eiRYf2iGmk9sQ==": { "id": "/WghVlKV6eiRYf2iGmk9sQ==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/YIHlhDwc0XvwYDDbGEIMg==": { "id": "/YIHlhDwc0XvwYDDbGEIMg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/bIhvJWw2AYMGyJtBaoH6A==": { "id": "/bIhvJWw2AYMGyJtBaoH6A==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/eIvRWSFFmU3q3Ki3j/gKA==": { "id": "/eIvRWSFFmU3q3Ki3j/gKA==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "/kFHc0+JKhJmQT3bM6TpTQ==": { "id": "/kFHc0+JKhJmQT3bM6TpTQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "/l+w9tCELORzNXZA4/qNsw==": { "id": "/l+w9tCELORzNXZA4/qNsw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/m4KubgMsY+Uf3GqqbY5Og==": { "id": "/m4KubgMsY+Uf3GqqbY5Og==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "/pWkiqt8QgDCUksSSa24UQ==": { "id": "/pWkiqt8QgDCUksSSa24UQ==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/rVEaWl0l9u8biVEKbZTFg==": { "id": "/rVEaWl0l9u8biVEKbZTFg==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "00MQS+g+VNjKvRbuFWsWbQ==": { "id": "00MQS+g+VNjKvRbuFWsWbQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "03F5BM6+dlM9pg6rJMb2UA==": { "id": "03F5BM6+dlM9pg6rJMb2UA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "06GjiUkv66Ek9Iq8u3SFSA==": { "id": "06GjiUkv66Ek9Iq8u3SFSA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "081ZZUa7+goThe2JzRBcxw==": { "id": "081ZZUa7+goThe2JzRBcxw==", "updater": "osv/go", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "issued": "2023-03-08T19:30:53Z", "links": "https://go.dev/issue/58647 https://go.dev/cl/471255 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.7" }, "09S7nCU8PMWz5tWquOFCaQ==": { "id": "09S7nCU8PMWz5tWquOFCaQ==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0DSgRHOq1OLwMX3biKMcbA==": { "id": "0DSgRHOq1OLwMX3biKMcbA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "0DVnsi7oVeiCakd5LIvqig==": { "id": "0DVnsi7oVeiCakd5LIvqig==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "0E3jDwz9OiQ7ty2SI9zDYQ==": { "id": "0E3jDwz9OiQ7ty2SI9zDYQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0EBjG0eDRuUxNmTKolYVYQ==": { "id": "0EBjG0eDRuUxNmTKolYVYQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "0EZfEnxlowgJ1Et69rh7Fg==": { "id": "0EZfEnxlowgJ1Et69rh7Fg==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "0Gq5wAUiCXaH50wxZYx9MQ==": { "id": "0Gq5wAUiCXaH50wxZYx9MQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "0ISEnYRRDkbJFXBP9XvdpA==": { "id": "0ISEnYRRDkbJFXBP9XvdpA==", "updater": "rhel-vex", "name": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "issued": "2025-10-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://www.cve.org/CVERecord?id=CVE-2025-11731 https://nvd.nist.gov/vuln/detail/CVE-2025-11731 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11731.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0KjhdYYIURWUfsbpzAdnPQ==": { "id": "0KjhdYYIURWUfsbpzAdnPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "0LMSjLLjEqlpe4LAE1rWJA==": { "id": "0LMSjLLjEqlpe4LAE1rWJA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0LvlxzvH25js4ffWzvLRTQ==": { "id": "0LvlxzvH25js4ffWzvLRTQ==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0MBdby0uigxg//rv2xd7SQ==": { "id": "0MBdby0uigxg//rv2xd7SQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "0MVVcjDKfdLbs80csEfrOw==": { "id": "0MVVcjDKfdLbs80csEfrOw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "0O2I0zrYDyiCiU68WyBLvw==": { "id": "0O2I0zrYDyiCiU68WyBLvw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "0P/5eKFuPPXM3bHgeAHWxw==": { "id": "0P/5eKFuPPXM3bHgeAHWxw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0PMktbRk+B4fdwvvP1VWUg==": { "id": "0PMktbRk+B4fdwvvP1VWUg==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "0QqnWQey4QRkB1tBadW1jg==": { "id": "0QqnWQey4QRkB1tBadW1jg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0RLigWktH24pjgFtIwRH2A==": { "id": "0RLigWktH24pjgFtIwRH2A==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0TUqdQNGOvjHNFjkDen1Sg==": { "id": "0TUqdQNGOvjHNFjkDen1Sg==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "0Tr3QMpqaFB6S//rbJ/Onw==": { "id": "0Tr3QMpqaFB6S//rbJ/Onw==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "0U0p6zwok5l6rbIxjBRN7w==": { "id": "0U0p6zwok5l6rbIxjBRN7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "0UWL07sxLog3CGNaaYYQxQ==": { "id": "0UWL07sxLog3CGNaaYYQxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0UxirvKJMj5gY8fbrSf6sA==": { "id": "0UxirvKJMj5gY8fbrSf6sA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.1.el9_6", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZGrJGNNqDLH/sZXsRkfvA==": { "id": "0ZGrJGNNqDLH/sZXsRkfvA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0ZQtBpkFjRCvM3RNGGREDQ==": { "id": "0ZQtBpkFjRCvM3RNGGREDQ==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0ZniYEExf5hn6bWx9CxbmA==": { "id": "0ZniYEExf5hn6bWx9CxbmA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "0ahYjiLWT0VE+MRcEm8yAQ==": { "id": "0ahYjiLWT0VE+MRcEm8yAQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0bsVwLbC3DjqoPdFlpHGrA==": { "id": "0bsVwLbC3DjqoPdFlpHGrA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0gEzVf04N4WWI36MnLXr1w==": { "id": "0gEzVf04N4WWI36MnLXr1w==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0hxAfeI84l0pzeedcqmGpQ==": { "id": "0hxAfeI84l0pzeedcqmGpQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.1.el9_6", "arch_op": "pattern match" }, "0kDaqIpbO93XpnbaK6KFUg==": { "id": "0kDaqIpbO93XpnbaK6KFUg==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "0nQVynV3NMmwash6dBc+8Q==": { "id": "0nQVynV3NMmwash6dBc+8Q==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "0tfYnYhAiMREOXyqf/1Urw==": { "id": "0tfYnYhAiMREOXyqf/1Urw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0w7yDxNwDisUMkIdlkUTZw==": { "id": "0w7yDxNwDisUMkIdlkUTZw==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "0wSMVHwI5T4EgYqkub8RhA==": { "id": "0wSMVHwI5T4EgYqkub8RhA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "0wh4c9Z6sNxM5NAXtzaMNg==": { "id": "0wh4c9Z6sNxM5NAXtzaMNg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "1/PWApRfYh/rLEOR0JZLsw==": { "id": "1/PWApRfYh/rLEOR0JZLsw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1/xm1gDhSpcAv1vbsLnNhA==": { "id": "1/xm1gDhSpcAv1vbsLnNhA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "10T7L0U8GuP9Qhz3unCqvw==": { "id": "10T7L0U8GuP9Qhz3unCqvw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "12PmpsYpKqbguwokcjBXqw==": { "id": "12PmpsYpKqbguwokcjBXqw==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "1378JmiuKDjVj7PZAMUvLg==": { "id": "1378JmiuKDjVj7PZAMUvLg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "13Dkon5caDMIMuKn79Qskg==": { "id": "13Dkon5caDMIMuKn79Qskg==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "13fIhbDHRYF0KXmxmJIfiA==": { "id": "13fIhbDHRYF0KXmxmJIfiA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14Etv/7765FAI8QbzsokBQ==": { "id": "14Etv/7765FAI8QbzsokBQ==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "15uVNLTcXPHEO0XVoOOwZw==": { "id": "15uVNLTcXPHEO0XVoOOwZw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1BGBx+ICmx9ndSR1J6c9Rw==": { "id": "1BGBx+ICmx9ndSR1J6c9Rw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1CDGyH/KaS7DctjOTuk4Gg==": { "id": "1CDGyH/KaS7DctjOTuk4Gg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ICypZP/7UrDVdoDevopUA==": { "id": "1ICypZP/7UrDVdoDevopUA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "1Iwd54Uz+8MDWoeCI9f7Iw==": { "id": "1Iwd54Uz+8MDWoeCI9f7Iw==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "1KxLqY5vPHnDfUxdviejiw==": { "id": "1KxLqY5vPHnDfUxdviejiw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1LTKa378StuY8O3o3G26jw==": { "id": "1LTKa378StuY8O3o3G26jw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1NnjgULlQBpIVsNocYb9uw==": { "id": "1NnjgULlQBpIVsNocYb9uw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "1PYvw1fdwe6hM2UBdw4Itw==": { "id": "1PYvw1fdwe6hM2UBdw4Itw==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "1QQmDcMkRqvOte/bR8QEuQ==": { "id": "1QQmDcMkRqvOte/bR8QEuQ==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "1SDdOQM609JpOnF4Vx/qwQ==": { "id": "1SDdOQM609JpOnF4Vx/qwQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "1VKGbptJGVhPmMaic8aidg==": { "id": "1VKGbptJGVhPmMaic8aidg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1XBQq3flp6UCNWfTuRjE6g==": { "id": "1XBQq3flp6UCNWfTuRjE6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1XwPa50Si6EKs+Oms8SLUA==": { "id": "1XwPa50Si6EKs+Oms8SLUA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "1aPjlkabj3eUY8WGb+gz+g==": { "id": "1aPjlkabj3eUY8WGb+gz+g==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "1eXmoeT5Qd9M0GiSJ3z2mg==": { "id": "1eXmoeT5Qd9M0GiSJ3z2mg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1nX4t0Z3G1H45fqJox3f4Q==": { "id": "1nX4t0Z3G1H45fqJox3f4Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "1oKL9ZSv1M4CmxUhNFjpmg==": { "id": "1oKL9ZSv1M4CmxUhNFjpmg==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "1q7YjyB3mR25zvqxJ6Zk3w==": { "id": "1q7YjyB3mR25zvqxJ6Zk3w==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "1qsA4RvCYZB2uDwgIo8TuQ==": { "id": "1qsA4RvCYZB2uDwgIo8TuQ==", "updater": "osv/go", "name": "GO-2024-3106", "description": "Stack exhaustion in Decoder.Decode in encoding/gob", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "1sD6TJmtoMKm89Mo2ka5lA==": { "id": "1sD6TJmtoMKm89Mo2ka5lA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1xdBxKyIRMGUr99Qk2jvHw==": { "id": "1xdBxKyIRMGUr99Qk2jvHw==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ylYMOLaPUA6xIkqwKBb9w==": { "id": "1ylYMOLaPUA6xIkqwKBb9w==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "2/I3PyWTnfJdMedKAemp8Q==": { "id": "2/I3PyWTnfJdMedKAemp8Q==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2432H9ZBrMWDJ7HhyQT63A==": { "id": "2432H9ZBrMWDJ7HhyQT63A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "24Paca4PaySz9eM+VJu4ew==": { "id": "24Paca4PaySz9eM+VJu4ew==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "24Ysg4Ma/AJz8Z93D2PzNQ==": { "id": "24Ysg4Ma/AJz8Z93D2PzNQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "26JRymquUeoxtDSKcKSDSg==": { "id": "26JRymquUeoxtDSKcKSDSg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "29Fo/GOP7MILPepOrnMgjA==": { "id": "29Fo/GOP7MILPepOrnMgjA==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "29JfppZedoclZHW2coehcQ==": { "id": "29JfppZedoclZHW2coehcQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2A2BjgErU1GldRQi2g+XQg==": { "id": "2A2BjgErU1GldRQi2g+XQg==", "updater": "rhel-vex", "name": "CVE-2022-45939", "description": "A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.", "issued": "2022-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzilla.redhat.com/show_bug.cgi?id=2149380 https://www.cve.org/CVERecord?id=CVE-2022-45939 https://nvd.nist.gov/vuln/detail/CVE-2022-45939 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-45939.json https://access.redhat.com/errata/RHSA-2023:2366", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9", "arch_op": "pattern match" }, "2DPl1NLEsHotw7kYOPR/8A==": { "id": "2DPl1NLEsHotw7kYOPR/8A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2GOqqUt4mwKng/FA0FV67w==": { "id": "2GOqqUt4mwKng/FA0FV67w==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2IUiS8eDJ2evZHzBkLGqPw==": { "id": "2IUiS8eDJ2evZHzBkLGqPw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "2M5CwoqtCrF9ix+6ghISOg==": { "id": "2M5CwoqtCrF9ix+6ghISOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "2QjZksAOTEJVwk59l2QYOQ==": { "id": "2QjZksAOTEJVwk59l2QYOQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2SApI7oHpcm9Z48+2Hj11w==": { "id": "2SApI7oHpcm9Z48+2Hj11w==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UhjmcPUkGmILpYJPZEiNQ==": { "id": "2UhjmcPUkGmILpYJPZEiNQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2VowcBblBj36IfwmFRwcwg==": { "id": "2VowcBblBj36IfwmFRwcwg==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "2Z/NA7sGgadio/qisfiC3Q==": { "id": "2Z/NA7sGgadio/qisfiC3Q==", "updater": "rhel-vex", "name": "CVE-2022-48339", "description": "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzilla.redhat.com/show_bug.cgi?id=2171989 https://www.cve.org/CVERecord?id=CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48339.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "2bOVXniSdlE0fZB1iot4yQ==": { "id": "2bOVXniSdlE0fZB1iot4yQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2eKcZq74WOmYmPDTZ8L+Jg==": { "id": "2eKcZq74WOmYmPDTZ8L+Jg==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "2j4vw/Ef1McLxa/C6FEQvA==": { "id": "2j4vw/Ef1McLxa/C6FEQvA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "2k/PqFfUaKNy33VkAbVD6g==": { "id": "2k/PqFfUaKNy33VkAbVD6g==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2n2n++65Q4X6kZeNZUZXMw==": { "id": "2n2n++65Q4X6kZeNZUZXMw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "2oTX17kDUCTK4lHB98r0SQ==": { "id": "2oTX17kDUCTK4lHB98r0SQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.1.el9_6", "arch_op": "pattern match" }, "2pofu/QdlV4xoXosgfKRNw==": { "id": "2pofu/QdlV4xoXosgfKRNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2t1KBK7sA8rKgVHavF6SZA==": { "id": "2t1KBK7sA8rKgVHavF6SZA==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "2tFr9TQJkcgsTrNAQX0kdw==": { "id": "2tFr9TQJkcgsTrNAQX0kdw==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "2vdCDySzHer9qKv7EOUGqQ==": { "id": "2vdCDySzHer9qKv7EOUGqQ==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "2vidY7qxU0KDMpAzTaXQCw==": { "id": "2vidY7qxU0KDMpAzTaXQCw==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2vr/twKdnITJOKu9ARCAXQ==": { "id": "2vr/twKdnITJOKu9ARCAXQ==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "2wnmmIxGcmTTQ7kdV4Q55Q==": { "id": "2wnmmIxGcmTTQ7kdV4Q55Q==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "2y2LXrQ+Jdr+fioSazFF4w==": { "id": "2y2LXrQ+Jdr+fioSazFF4w==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "31zk833ZdfHhkO9sg82MSw==": { "id": "31zk833ZdfHhkO9sg82MSw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "32PT0J5usgv3laBJ37g1fA==": { "id": "32PT0J5usgv3laBJ37g1fA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "34lrKmSrRttv8Ef8QZo+Cw==": { "id": "34lrKmSrRttv8Ef8QZo+Cw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "39KBEdrZX0FwGoQxYgkupQ==": { "id": "39KBEdrZX0FwGoQxYgkupQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "3A+d+ITPUBtAGX1jTlLhKg==": { "id": "3A+d+ITPUBtAGX1jTlLhKg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3BY1OD4rYtX6LEFO6X+/Yw==": { "id": "3BY1OD4rYtX6LEFO6X+/Yw==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3CUrg7YVjtx0L5aX+iMRxA==": { "id": "3CUrg7YVjtx0L5aX+iMRxA==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "3D/COcmVFbxgINNliqKHgw==": { "id": "3D/COcmVFbxgINNliqKHgw==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "3E/EPC1OcoKQToPb+efdaQ==": { "id": "3E/EPC1OcoKQToPb+efdaQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "3E5wmOETiTx03Y24iDJEUg==": { "id": "3E5wmOETiTx03Y24iDJEUg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3FdyvSRS+ECfT74KYiCcLA==": { "id": "3FdyvSRS+ECfT74KYiCcLA==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4R28kD2w0Acw7XQvAZ3Q==": { "id": "3O4R28kD2w0Acw7XQvAZ3Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "3S91ZYwiienVlUnFeIzkRw==": { "id": "3S91ZYwiienVlUnFeIzkRw==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "3SaNoRivMP21uU5flMCqrg==": { "id": "3SaNoRivMP21uU5flMCqrg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3a2lYBlaR2GDen/lmTlCyg==": { "id": "3a2lYBlaR2GDen/lmTlCyg==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "3cVM/UH6o+8G2FMQ1Gl/Ww==": { "id": "3cVM/UH6o+8G2FMQ1Gl/Ww==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "3f5N5l71YgnMV/U9whrIuA==": { "id": "3f5N5l71YgnMV/U9whrIuA==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "3hB+Mhm9+7AXsO3nGoz+Pg==": { "id": "3hB+Mhm9+7AXsO3nGoz+Pg==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3k2lNJd2kR3VB6gGhj547g==": { "id": "3k2lNJd2kR3VB6gGhj547g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3wP/Eggf7Bu35MpzNr1Fog==": { "id": "3wP/Eggf7Bu35MpzNr1Fog==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "3wYf+EaP3IAW5wHFWATuaw==": { "id": "3wYf+EaP3IAW5wHFWATuaw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "3wnJ6TxCGJITikNK4m6q+g==": { "id": "3wnJ6TxCGJITikNK4m6q+g==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "43uaBOp3I4s6BbwM75Dtcg==": { "id": "43uaBOp3I4s6BbwM75Dtcg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "49jEi4xCgfg8T8qzhNobIA==": { "id": "49jEi4xCgfg8T8qzhNobIA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4CRDu/yV+Tfg3mSUobPIUg==": { "id": "4CRDu/yV+Tfg3mSUobPIUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4Gs7xCHPPMrNepkQNCPnkg==": { "id": "4Gs7xCHPPMrNepkQNCPnkg==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "4IznDha57aCNWoI0Hc828Q==": { "id": "4IznDha57aCNWoI0Hc828Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4JIGhO7+fAz+LPTFEuBHUg==": { "id": "4JIGhO7+fAz+LPTFEuBHUg==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "4JsZIRvQ+13IMgBIUPH0jA==": { "id": "4JsZIRvQ+13IMgBIUPH0jA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "4K1RYkumn7qw6Pk7lwpfbA==": { "id": "4K1RYkumn7qw6Pk7lwpfbA==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "4K4SQ2PlDqXihbvwEXiB/w==": { "id": "4K4SQ2PlDqXihbvwEXiB/w==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "4K7cGcsZltSw5Ayu8+A5rA==": { "id": "4K7cGcsZltSw5Ayu8+A5rA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4L3dk768qs7Sg3jWyr+5Ug==": { "id": "4L3dk768qs7Sg3jWyr+5Ug==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4MoaZecth+9t4X3jdykhZg==": { "id": "4MoaZecth+9t4X3jdykhZg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "4N3POA/rTFsL9RdGINkq1A==": { "id": "4N3POA/rTFsL9RdGINkq1A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4Oz54fEBFyAJBdTJ/p2wxA==": { "id": "4Oz54fEBFyAJBdTJ/p2wxA==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "4PW1pGs0HJlG6XNR1xk0ZA==": { "id": "4PW1pGs0HJlG6XNR1xk0ZA==", "updater": "osv/go", "name": "GO-2025-3447", "description": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "issued": "2025-02-06T16:38:14Z", "links": "https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.12" }, "4PXcy6CSX2EaPwYEdLkfbw==": { "id": "4PXcy6CSX2EaPwYEdLkfbw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "4QiWtYafAt/cFOvYpyJONw==": { "id": "4QiWtYafAt/cFOvYpyJONw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "4RaJ63cwUpp+QWj0IKysEw==": { "id": "4RaJ63cwUpp+QWj0IKysEw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "4Uca8szOo7gGoVgv+DjeUA==": { "id": "4Uca8szOo7gGoVgv+DjeUA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4Ue6KfIGD2Yqlg6OG87Bzw==": { "id": "4Ue6KfIGD2Yqlg6OG87Bzw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "4Utc/6C5f6+A3gsr9KU/IA==": { "id": "4Utc/6C5f6+A3gsr9KU/IA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "4YMcCEsfWO5KpctoAqwrFQ==": { "id": "4YMcCEsfWO5KpctoAqwrFQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4cQAenzXciR7rLlEmdwZsQ==": { "id": "4cQAenzXciR7rLlEmdwZsQ==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4comqU/5SRuDKC1qqBMlGQ==": { "id": "4comqU/5SRuDKC1qqBMlGQ==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "4eh40PtMaL3JhPlCzb+8jA==": { "id": "4eh40PtMaL3JhPlCzb+8jA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "4evfzAbeD7HXRBHHbDpAwA==": { "id": "4evfzAbeD7HXRBHHbDpAwA==", "updater": "osv/go", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "issued": "2023-07-11T19:19:08Z", "links": "https://go.dev/issue/60374 https://go.dev/cl/506996 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.11" }, "4gO4ls/gy0nmsC3NeXvyVQ==": { "id": "4gO4ls/gy0nmsC3NeXvyVQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.1.el9_6", "arch_op": "pattern match" }, "4hX2FW/Yj9HDbKRBqrhgdg==": { "id": "4hX2FW/Yj9HDbKRBqrhgdg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4iFNln+X4k0SeUiw/ueLUA==": { "id": "4iFNln+X4k0SeUiw/ueLUA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "4rkDoNFFNCrcnkPj+GN2vA==": { "id": "4rkDoNFFNCrcnkPj+GN2vA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4vHE1o0sxmJSfgr6AiAtqA==": { "id": "4vHE1o0sxmJSfgr6AiAtqA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4vS3iu8lvGukFpBFqYCdVg==": { "id": "4vS3iu8lvGukFpBFqYCdVg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "4xxaXkxeYvxr8HgxLSDyHw==": { "id": "4xxaXkxeYvxr8HgxLSDyHw==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "4zvDuRN18ZTgEdA+auow3w==": { "id": "4zvDuRN18ZTgEdA+auow3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "5/L+eT1BzZSWVW4ZLUXszw==": { "id": "5/L+eT1BzZSWVW4ZLUXszw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "5073UNZPtR+lsy1kIMhUEA==": { "id": "5073UNZPtR+lsy1kIMhUEA==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "51jf2IrfzMdepCjAvXkPMw==": { "id": "51jf2IrfzMdepCjAvXkPMw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "55nFlly0ydgYROdIHNoLjg==": { "id": "55nFlly0ydgYROdIHNoLjg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "562erF6ddCIyzi5oV/IzHQ==": { "id": "562erF6ddCIyzi5oV/IzHQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "5AQXXWGtKGeqoPkMqmVzTg==": { "id": "5AQXXWGtKGeqoPkMqmVzTg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "5BXX9+pRVay9wrZAORfhhQ==": { "id": "5BXX9+pRVay9wrZAORfhhQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5Dh9IlEeZc9EPevqDNDlAQ==": { "id": "5Dh9IlEeZc9EPevqDNDlAQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "5EJ0MC7TgiGIlilbbiOvfQ==": { "id": "5EJ0MC7TgiGIlilbbiOvfQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "5EPGtk7Hqn2hqOaxgmNiSQ==": { "id": "5EPGtk7Hqn2hqOaxgmNiSQ==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "5IIoRCBMIgus62mGlE3F9A==": { "id": "5IIoRCBMIgus62mGlE3F9A==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5MGCN705vR5eWycZyFuYJQ==": { "id": "5MGCN705vR5eWycZyFuYJQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5MqCycBYSRDsdNOzvOandQ==": { "id": "5MqCycBYSRDsdNOzvOandQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "5N/eQ/DLmsm7yS6+3apC5A==": { "id": "5N/eQ/DLmsm7yS6+3apC5A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "5RT9+X+8xx3rC02gOnVsjQ==": { "id": "5RT9+X+8xx3rC02gOnVsjQ==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "5TfU8//dfsOlT82byi0lug==": { "id": "5TfU8//dfsOlT82byi0lug==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "5XT+5ghtfmJFJSJCERGwhQ==": { "id": "5XT+5ghtfmJFJSJCERGwhQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5ZJ6PuXfgRMCarpNow00ew==": { "id": "5ZJ6PuXfgRMCarpNow00ew==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ejk3bhFpvIIABy9EwjwqQ==": { "id": "5ejk3bhFpvIIABy9EwjwqQ==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "5fSQkV1bu4GJUiaWjO+PNQ==": { "id": "5fSQkV1bu4GJUiaWjO+PNQ==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "5gK/V8vtqDYoHf1LFdtSbA==": { "id": "5gK/V8vtqDYoHf1LFdtSbA==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "5hOM1HtOhjQV1yizNCgxBg==": { "id": "5hOM1HtOhjQV1yizNCgxBg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "5j7D/WXFLHsZYUeUrskpMA==": { "id": "5j7D/WXFLHsZYUeUrskpMA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "5lHEu4ueMJgetLv/GfKHtg==": { "id": "5lHEu4ueMJgetLv/GfKHtg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5pFK2pddNfoGuwrNwC3BlQ==": { "id": "5pFK2pddNfoGuwrNwC3BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5pINgBOJXOluBJi9rQyioQ==": { "id": "5pINgBOJXOluBJi9rQyioQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ro53BoC7BlAtEu1loQCSw==": { "id": "5ro53BoC7BlAtEu1loQCSw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5sY/WncZRmQ7FUzZZ4kBfQ==": { "id": "5sY/WncZRmQ7FUzZZ4kBfQ==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "5ua6yduRd8slR+XckPuEJw==": { "id": "5ua6yduRd8slR+XckPuEJw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5vR/2ZAfb0swnLBKDl3Bzg==": { "id": "5vR/2ZAfb0swnLBKDl3Bzg==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "5xW5MMwESxiksXgaLrFCnQ==": { "id": "5xW5MMwESxiksXgaLrFCnQ==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "5xY3IHUogqpqvbFwiQURyA==": { "id": "5xY3IHUogqpqvbFwiQURyA==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "5z9ZOzxJREYn5oM+HAm6dA==": { "id": "5z9ZOzxJREYn5oM+HAm6dA==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "5zg9huqgOp8E89z3dxtcHg==": { "id": "5zg9huqgOp8E89z3dxtcHg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6/Rn1WFxVO6aopyr8psGfQ==": { "id": "6/Rn1WFxVO6aopyr8psGfQ==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "63po8QED6nDungBQEqHIyA==": { "id": "63po8QED6nDungBQEqHIyA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "67Q/SCDsFWutXyKWQ9JQdQ==": { "id": "67Q/SCDsFWutXyKWQ9JQdQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "69HZBPjw2QR8kIdKeSUwQg==": { "id": "69HZBPjw2QR8kIdKeSUwQg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6E1YTgmxENPqo7FirtVNvw==": { "id": "6E1YTgmxENPqo7FirtVNvw==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6GzxFtf19XU1Y6ySz6SgYQ==": { "id": "6GzxFtf19XU1Y6ySz6SgYQ==", "updater": "osv/go", "name": "GO-2024-3107", "description": "Stack exhaustion in Parse in go/build/constraint", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6JXvoql3pzMfkGQb7H+Jqg==": { "id": "6JXvoql3pzMfkGQb7H+Jqg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6K5O0xmJnJtZcGmUaZ+P/w==": { "id": "6K5O0xmJnJtZcGmUaZ+P/w==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6PfMuZGMOADiSo4Ifx0/Qw==": { "id": "6PfMuZGMOADiSo4Ifx0/Qw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "6Q0Sg/Y1lskU2n7rbcxAIw==": { "id": "6Q0Sg/Y1lskU2n7rbcxAIw==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6Qa2KBduT2HgJC4kctpUnw==": { "id": "6Qa2KBduT2HgJC4kctpUnw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "6VA82zmenvpHf3qd7c6BQg==": { "id": "6VA82zmenvpHf3qd7c6BQg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "6W4lt5SjUgXnbxNap1O0Cg==": { "id": "6W4lt5SjUgXnbxNap1O0Cg==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6WQjHZdyTC+aVOSwNc3+BQ==": { "id": "6WQjHZdyTC+aVOSwNc3+BQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6XzckJlhvkdWwkN1ERVdzg==": { "id": "6XzckJlhvkdWwkN1ERVdzg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6Za/T764+Wnq0wfxFjEvGw==": { "id": "6Za/T764+Wnq0wfxFjEvGw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6bZ4UNaa9jRLVZoZHQgYtQ==": { "id": "6bZ4UNaa9jRLVZoZHQgYtQ==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6fJcYsi1gPQNv5g1ujEPdA==": { "id": "6fJcYsi1gPQNv5g1ujEPdA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6miUB07ljV2HaYX/rZ1yjg==": { "id": "6miUB07ljV2HaYX/rZ1yjg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6otwEH3RP+2A14zXLvGXpg==": { "id": "6otwEH3RP+2A14zXLvGXpg==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "6pBzw2YiS9JmVvplQUxl2Q==": { "id": "6pBzw2YiS9JmVvplQUxl2Q==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "6pPl5aD/FZ2M/6Yaa588Aw==": { "id": "6pPl5aD/FZ2M/6Yaa588Aw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "6q1zANz+NJU+U0TPL1Xa2g==": { "id": "6q1zANz+NJU+U0TPL1Xa2g==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "6qJXB6OTmGgjS8WJVVTxvQ==": { "id": "6qJXB6OTmGgjS8WJVVTxvQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "6rBlrHxkkFbqVRbyfq+scg==": { "id": "6rBlrHxkkFbqVRbyfq+scg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "6tML+4g9GkMhdrrSDsX4Zw==": { "id": "6tML+4g9GkMhdrrSDsX4Zw==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "6thTxik/0CDWjirwYbVkYw==": { "id": "6thTxik/0CDWjirwYbVkYw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "6ysC6D7BSkYQ7y8vZ1O7HA==": { "id": "6ysC6D7BSkYQ7y8vZ1O7HA==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "7+mdkcJcBwtv88RB9AcmHQ==": { "id": "7+mdkcJcBwtv88RB9AcmHQ==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70+Z8jFk8NJbHxPCoxDRng==": { "id": "70+Z8jFk8NJbHxPCoxDRng==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "70Ajh2QFCXmrQTWVljWbIg==": { "id": "70Ajh2QFCXmrQTWVljWbIg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "70HU3efHkL/3G4Y44qZmGA==": { "id": "70HU3efHkL/3G4Y44qZmGA==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "70rtBro0k4gOrF1v9b0LPQ==": { "id": "70rtBro0k4gOrF1v9b0LPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "71rWwrWl22424P8D9sWBZg==": { "id": "71rWwrWl22424P8D9sWBZg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "72/cPQH5mNLd1/e3j2Vn+Q==": { "id": "72/cPQH5mNLd1/e3j2Vn+Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "748UmdVwB73z0xvCImrQmA==": { "id": "748UmdVwB73z0xvCImrQmA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "74B4VkBJHkNvj2AsRU4uTw==": { "id": "74B4VkBJHkNvj2AsRU4uTw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "75kzXqx/LGJU9hkFlgdGGA==": { "id": "75kzXqx/LGJU9hkFlgdGGA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "76ytKtBeQe8L2T7nxeVp/g==": { "id": "76ytKtBeQe8L2T7nxeVp/g==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "78Ya60ppwS4OL6ZK9P90Qw==": { "id": "78Ya60ppwS4OL6ZK9P90Qw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7B4LUCjMkCM+NcHtyQXyFA==": { "id": "7B4LUCjMkCM+NcHtyQXyFA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "7BER6omsA92tkjpEqGZJLA==": { "id": "7BER6omsA92tkjpEqGZJLA==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "7CqLd0zk1hiFU3yrvTTdyg==": { "id": "7CqLd0zk1hiFU3yrvTTdyg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "7FDf95fwOcyZ1YXNVDIx0A==": { "id": "7FDf95fwOcyZ1YXNVDIx0A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "7HuMMq7XSYKaQG/oWdxnyg==": { "id": "7HuMMq7XSYKaQG/oWdxnyg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "7MUqmqmB2hEWys43ktPpcQ==": { "id": "7MUqmqmB2hEWys43ktPpcQ==", "updater": "rhel-vex", "name": "CVE-2022-28131", "description": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://www.cve.org/CVERecord?id=CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28131.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7NIMWPjl58dCiuwwIe4bGg==": { "id": "7NIMWPjl58dCiuwwIe4bGg==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "7Q0Bus9RTfFy/UrxkfH2sQ==": { "id": "7Q0Bus9RTfFy/UrxkfH2sQ==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "7Q4dYBj4wFa2768mWculSQ==": { "id": "7Q4dYBj4wFa2768mWculSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "7QBYsSaCu8T87GZR3WHxyw==": { "id": "7QBYsSaCu8T87GZR3WHxyw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "7S6xxC9g1Ybp0dqQ63V8tg==": { "id": "7S6xxC9g1Ybp0dqQ63V8tg==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7SutUCP3yRd4o5ryN/dDZA==": { "id": "7SutUCP3yRd4o5ryN/dDZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7SyD51cUTMP7ddBSGNw3Iw==": { "id": "7SyD51cUTMP7ddBSGNw3Iw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "7T9qiwKBE1swIXuW9Zvewg==": { "id": "7T9qiwKBE1swIXuW9Zvewg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7TWJhc3cfFgph89dsQ0nBA==": { "id": "7TWJhc3cfFgph89dsQ0nBA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "7U+8ffRP7ahu1ot4Zj5Zlw==": { "id": "7U+8ffRP7ahu1ot4Zj5Zlw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "7XM4eB5q+q78IrA8abl57g==": { "id": "7XM4eB5q+q78IrA8abl57g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "7ZyXE8z7uZKjHitrjhSWQQ==": { "id": "7ZyXE8z7uZKjHitrjhSWQQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "7aOJwf1br9gIaC1RH6UwDQ==": { "id": "7aOJwf1br9gIaC1RH6UwDQ==", "updater": "osv/go", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "issued": "2022-08-01T22:21:06Z", "links": "https://go.dev/cl/417774 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://go.dev/issue/53871 https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.5" }, "7bYXVEfvDWEIL53s8ARxGg==": { "id": "7bYXVEfvDWEIL53s8ARxGg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "7cHovEEcBoQ92zXTfFigow==": { "id": "7cHovEEcBoQ92zXTfFigow==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7cqLG7sQEqqh9WoHfpekpw==": { "id": "7cqLG7sQEqqh9WoHfpekpw==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7czTMSwqOjLz2LigIYHAeg==": { "id": "7czTMSwqOjLz2LigIYHAeg==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "7df4FOgRU0BSF6P5QJkjaQ==": { "id": "7df4FOgRU0BSF6P5QJkjaQ==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7oEe6HdmVrscCmplGQsEeQ==": { "id": "7oEe6HdmVrscCmplGQsEeQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "7tWeNpgpS6TZ4aQUo8g9NQ==": { "id": "7tWeNpgpS6TZ4aQUo8g9NQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "7uj4PEKyThSRh2msjDtceg==": { "id": "7uj4PEKyThSRh2msjDtceg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7v+kCrIi/mMmyn+o9Uh+oA==": { "id": "7v+kCrIi/mMmyn+o9Uh+oA==", "updater": "rhel-vex", "name": "CVE-2022-48337", "description": "A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzilla.redhat.com/show_bug.cgi?id=2171987 https://www.cve.org/CVERecord?id=CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48337.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "7y5jXLyua18Srex9lNrfkQ==": { "id": "7y5jXLyua18Srex9lNrfkQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "8/mZoUg5ZlBapu2isiHzqg==": { "id": "8/mZoUg5ZlBapu2isiHzqg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "81Pd3WxGavo8vEw0GcfWBQ==": { "id": "81Pd3WxGavo8vEw0GcfWBQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "82S4cf8ecOlHYb8LNQQn+w==": { "id": "82S4cf8ecOlHYb8LNQQn+w==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "830L36AKCoBHnXPHE6R6uQ==": { "id": "830L36AKCoBHnXPHE6R6uQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "842T09LMtibo6aQ7X6A47A==": { "id": "842T09LMtibo6aQ7X6A47A==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.1.el9_6", "arch_op": "pattern match" }, "84g+WJ21VVZ5YgyE9krInA==": { "id": "84g+WJ21VVZ5YgyE9krInA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "87p97+dH2sU2JVQ8vQ+Xuw==": { "id": "87p97+dH2sU2JVQ8vQ+Xuw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BMA6LbX8vjrr4aUcmHB5w==": { "id": "8BMA6LbX8vjrr4aUcmHB5w==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8Efa1m3XsyOFY5vSd2fHNQ==": { "id": "8Efa1m3XsyOFY5vSd2fHNQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "8ImlkqI0B9hvKdKXJLla/w==": { "id": "8ImlkqI0B9hvKdKXJLla/w==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "8Ldq46rf2Z9JTBjkrtfV0g==": { "id": "8Ldq46rf2Z9JTBjkrtfV0g==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8ML0IVFlCjXlypnsSOqB1Q==": { "id": "8ML0IVFlCjXlypnsSOqB1Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8OhIIjb+vwm01NjtGgcnDw==": { "id": "8OhIIjb+vwm01NjtGgcnDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "8QRmG/+fMsQQzP2maaxOag==": { "id": "8QRmG/+fMsQQzP2maaxOag==", "updater": "rhel-vex", "name": "CVE-2025-48386", "description": "A credential handling flaw has been discovered in git. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), which can lead to buffer overflows.", "issued": "2025-07-08T18:23:41Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48386 https://bugzilla.redhat.com/show_bug.cgi?id=2378807 https://www.cve.org/CVERecord?id=CVE-2025-48386 https://nvd.nist.gov/vuln/detail/CVE-2025-48386 https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48386.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Ug8/LJbCT7/mzHPjLi21A==": { "id": "8Ug8/LJbCT7/mzHPjLi21A==", "updater": "osv/go", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "issued": "2023-08-02T17:25:58Z", "links": "https://go.dev/issue/61460 https://go.dev/cl/515257 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.12" }, "8ZrkaQ6B1f36PC2cIg9i6A==": { "id": "8ZrkaQ6B1f36PC2cIg9i6A==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "8Zz8gP9QPTYBttUQXDeNpg==": { "id": "8Zz8gP9QPTYBttUQXDeNpg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "8bMBj5vTG1tOpQ1wuVD1bQ==": { "id": "8bMBj5vTG1tOpQ1wuVD1bQ==", "updater": "osv/go", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "issued": "2022-07-26T21:41:20Z", "links": "https://go.dev/cl/403759 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://go.dev/issue/52574 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "8dqpgv7n5GVlIYVt/hP0Gg==": { "id": "8dqpgv7n5GVlIYVt/hP0Gg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "8eY8PV83CN3R/MV2hK7XHA==": { "id": "8eY8PV83CN3R/MV2hK7XHA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ez1JQpqUyVUQaplF/dpog==": { "id": "8ez1JQpqUyVUQaplF/dpog==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "8gQtKtb/Xr3aGfsLtKyetA==": { "id": "8gQtKtb/Xr3aGfsLtKyetA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8ge47rqVvHaefMV4OlZnlQ==": { "id": "8ge47rqVvHaefMV4OlZnlQ==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kPW6EH9br7BQBK1DHvQsA==": { "id": "8kPW6EH9br7BQBK1DHvQsA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8lLGaMUZk8kOHbicsIjPjw==": { "id": "8lLGaMUZk8kOHbicsIjPjw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "8m+MeF1Vk+YvSROjY2pN5Q==": { "id": "8m+MeF1Vk+YvSROjY2pN5Q==", "updater": "osv/go", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "issued": "2022-09-12T20:23:06Z", "links": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://go.dev/issue/54658 https://go.dev/cl/428735", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.6" }, "8oKavHMm8C7p1QC+rNA0zA==": { "id": "8oKavHMm8C7p1QC+rNA0zA==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "8qeM99NPNtS3R0CIVDnqTw==": { "id": "8qeM99NPNtS3R0CIVDnqTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "8utuZQ/Ix8fDNAmmSZivvQ==": { "id": "8utuZQ/Ix8fDNAmmSZivvQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "8vc1CEh/sS08VpWYipw3xA==": { "id": "8vc1CEh/sS08VpWYipw3xA==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "9/6RhDAFXPVo7L6QeEsy9w==": { "id": "9/6RhDAFXPVo7L6QeEsy9w==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "92O2+eS3W5hGvsWPMPwTRQ==": { "id": "92O2+eS3W5hGvsWPMPwTRQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "936XDvlfcwVB/34fQscf7w==": { "id": "936XDvlfcwVB/34fQscf7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "95p6rGNUFNsCWfXMBirOLg==": { "id": "95p6rGNUFNsCWfXMBirOLg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "96QbNqFHhG4RmHyIqvnk+w==": { "id": "96QbNqFHhG4RmHyIqvnk+w==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "98vR1ByhE/Y9cvB+lRN3LA==": { "id": "98vR1ByhE/Y9cvB+lRN3LA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "99Q540ZW70Bq59gE8MRNHA==": { "id": "99Q540ZW70Bq59gE8MRNHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9Ad5Q6DJD1JusuIjCNfUvQ==": { "id": "9Ad5Q6DJD1JusuIjCNfUvQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9Bnr48B1Gkm5b1u7nixqng==": { "id": "9Bnr48B1Gkm5b1u7nixqng==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "9C6WGntg4UmJkjiylWVxnw==": { "id": "9C6WGntg4UmJkjiylWVxnw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9Ck8qx7KCeVOhknvjhQwsA==": { "id": "9Ck8qx7KCeVOhknvjhQwsA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "9CmH5Y/MDHXGbta8UBA5HQ==": { "id": "9CmH5Y/MDHXGbta8UBA5HQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "9HkrQyk+mvh4YcyBYw6eQg==": { "id": "9HkrQyk+mvh4YcyBYw6eQg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "9M1meEoYiMYlmYR7kKfweg==": { "id": "9M1meEoYiMYlmYR7kKfweg==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "9NxQaPp619Bd0qky1dvzZg==": { "id": "9NxQaPp619Bd0qky1dvzZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9PE6ZiUdIaAWtCsUgesEZA==": { "id": "9PE6ZiUdIaAWtCsUgesEZA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "9QNdmlIziBB9zOcB4elT6A==": { "id": "9QNdmlIziBB9zOcB4elT6A==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9RLVzTylr5Ocdbql97n+1Q==": { "id": "9RLVzTylr5Ocdbql97n+1Q==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "9SrODyBGF+py5BfKYxVllg==": { "id": "9SrODyBGF+py5BfKYxVllg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "9U8BTRqVPM+WCls5RolwuQ==": { "id": "9U8BTRqVPM+WCls5RolwuQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "9UTiJlsfYxfa60iynbYgLg==": { "id": "9UTiJlsfYxfa60iynbYgLg==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "9XbremjCd0rS6zu/GB+mjA==": { "id": "9XbremjCd0rS6zu/GB+mjA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "9Yjf3Ev3R8wbqlhNdfwPQQ==": { "id": "9Yjf3Ev3R8wbqlhNdfwPQQ==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:9448", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-14.el9_6.2", "arch_op": "pattern match" }, "9avTgsTrB6zaN8UjZ37Wow==": { "id": "9avTgsTrB6zaN8UjZ37Wow==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9b3CWaJsQwdqnuBJDBMt8g==": { "id": "9b3CWaJsQwdqnuBJDBMt8g==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9ca/WR2Db6VUKD0h31yyGw==": { "id": "9ca/WR2Db6VUKD0h31yyGw==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9feM+1JJIYgC5OZCglyV3w==": { "id": "9feM+1JJIYgC5OZCglyV3w==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9fvqDo3ARbJLIgwR1oX6QQ==": { "id": "9fvqDo3ARbJLIgwR1oX6QQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "9gB7mQN0y1Zy9EiaXIHFew==": { "id": "9gB7mQN0y1Zy9EiaXIHFew==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "9ia70lNV6NYvmzB7WlbYQw==": { "id": "9ia70lNV6NYvmzB7WlbYQw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "9kpPzhUEkQr6h/4fDNnSuA==": { "id": "9kpPzhUEkQr6h/4fDNnSuA==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "9lAt/24IrVKtsskC+grSQQ==": { "id": "9lAt/24IrVKtsskC+grSQQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "9lOT/bRPy9mu1knhwrLw8Q==": { "id": "9lOT/bRPy9mu1knhwrLw8Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9lOiMN/e99o1oI1dhS9S2Q==": { "id": "9lOiMN/e99o1oI1dhS9S2Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9lqG2xu+85HJHcn8UQyZ2A==": { "id": "9lqG2xu+85HJHcn8UQyZ2A==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "9lxLFgIezXSh1WnSsRhwNQ==": { "id": "9lxLFgIezXSh1WnSsRhwNQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9oQBIjmHHZP7ZEjuqVHO7Q==": { "id": "9oQBIjmHHZP7ZEjuqVHO7Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "9rfGlkZ9WMAUo942FMnq5A==": { "id": "9rfGlkZ9WMAUo942FMnq5A==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "9uaveyIiSEcdU4MrDHbJ2Q==": { "id": "9uaveyIiSEcdU4MrDHbJ2Q==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "9uo4qIbgVv97/yzslhE6/g==": { "id": "9uo4qIbgVv97/yzslhE6/g==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "9vaAmbFDwko+7w/wBDHWvg==": { "id": "9vaAmbFDwko+7w/wBDHWvg==", "updater": "rhel-vex", "name": "CVE-2023-28617", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.", "issued": "2023-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28617 https://bugzilla.redhat.com/show_bug.cgi?id=2180544 https://www.cve.org/CVERecord?id=CVE-2023-28617 https://nvd.nist.gov/vuln/detail/CVE-2023-28617 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28617.json https://access.redhat.com/errata/RHSA-2023:2074", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-6.el9_1.1", "arch_op": "pattern match" }, "9z2MVdoreqGVJcUFUz72OA==": { "id": "9z2MVdoreqGVJcUFUz72OA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "A/za5QfQmT4HYcIQ4RyCzA==": { "id": "A/za5QfQmT4HYcIQ4RyCzA==", "updater": "osv/go", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "A2YTvJXiGwe7aOSqWlEZhQ==": { "id": "A2YTvJXiGwe7aOSqWlEZhQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "A3ZYVQ8Z63tDAx8FSltQHw==": { "id": "A3ZYVQ8Z63tDAx8FSltQHw==", "updater": "rhel-vex", "name": "CVE-2025-7458", "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "issued": "2025-07-29T12:43:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7458 https://bugzilla.redhat.com/show_bug.cgi?id=2384237 https://www.cve.org/CVERecord?id=CVE-2025-7458 https://nvd.nist.gov/vuln/detail/CVE-2025-7458 https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A98JJ8FAQWnMhx8Nb3TYXA==": { "id": "A98JJ8FAQWnMhx8Nb3TYXA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "ABh4yTmrbQSCnnP4F8iX5A==": { "id": "ABh4yTmrbQSCnnP4F8iX5A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AEXyQvL2wFfW+v4I9XmTaQ==": { "id": "AEXyQvL2wFfW+v4I9XmTaQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "AI5OCFigX+y57buhAMK1UA==": { "id": "AI5OCFigX+y57buhAMK1UA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJcMDco3zISLrE/7+42hGA==": { "id": "AJcMDco3zISLrE/7+42hGA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "AJgpOdbNJblqS+xC52p8RA==": { "id": "AJgpOdbNJblqS+xC52p8RA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ANawluW+m7SrGs8Q9Odgow==": { "id": "ANawluW+m7SrGs8Q9Odgow==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "ANxFBq/yNQoElX4dsXb0wA==": { "id": "ANxFBq/yNQoElX4dsXb0wA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "AOVkipVLZLxGjwVCB/7mwg==": { "id": "AOVkipVLZLxGjwVCB/7mwg==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "AQa/gDZ0IemFxWbJIsU4yQ==": { "id": "AQa/gDZ0IemFxWbJIsU4yQ==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "AR31u5jCzWyawCxRWBepmw==": { "id": "AR31u5jCzWyawCxRWBepmw==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "AYXw2VaylssI+NkH09HL4Q==": { "id": "AYXw2VaylssI+NkH09HL4Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "AcbVYbhZ/tTIOm89OCy5kQ==": { "id": "AcbVYbhZ/tTIOm89OCy5kQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AfEBBMV7R48kk4frVmVcAg==": { "id": "AfEBBMV7R48kk4frVmVcAg==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ApGWymi9r75ZlVZNkjnd4w==": { "id": "ApGWymi9r75ZlVZNkjnd4w==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "Ar1hBHxUcHiCnqL+avGJRg==": { "id": "Ar1hBHxUcHiCnqL+avGJRg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AsiuN/8gu7sZ0PJCLihjmw==": { "id": "AsiuN/8gu7sZ0PJCLihjmw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Aspz79uO5bKpApwSqMsL8A==": { "id": "Aspz79uO5bKpApwSqMsL8A==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "AuT5DLBrUT23i8Fkzi5nrA==": { "id": "AuT5DLBrUT23i8Fkzi5nrA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Av6IvPz8z+8JAyypXmkbTA==": { "id": "Av6IvPz8z+8JAyypXmkbTA==", "updater": "rhel-vex", "name": "CVE-2025-23050", "description": "QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.", "issued": "2025-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23050 https://bugzilla.redhat.com/show_bug.cgi?id=2408769 https://www.cve.org/CVERecord?id=CVE-2025-23050 https://nvd.nist.gov/vuln/detail/CVE-2025-23050 https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 https://codereview.qt-project.org/q/QLowEnergyController https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23050.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AyHFH4N7lNUZlwVfgigcMA==": { "id": "AyHFH4N7lNUZlwVfgigcMA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ayn8XyGcXwYPR+J1PSWdHQ==": { "id": "Ayn8XyGcXwYPR+J1PSWdHQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "B+xaJOiguNTw6xGmTB+mZw==": { "id": "B+xaJOiguNTw6xGmTB+mZw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B0ZJnlI3io/AXTPjqyoADA==": { "id": "B0ZJnlI3io/AXTPjqyoADA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "B1FsL93s2G1YxIvrdDvTfg==": { "id": "B1FsL93s2G1YxIvrdDvTfg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "B1THb18jP+rSUaY77CvPng==": { "id": "B1THb18jP+rSUaY77CvPng==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "B1gQIzGtgKR02WiRgVPUgQ==": { "id": "B1gQIzGtgKR02WiRgVPUgQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "B3tKTgCVG9JSLHIgfbUFmw==": { "id": "B3tKTgCVG9JSLHIgfbUFmw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "B6kRennXxnam4nW6s2O9mQ==": { "id": "B6kRennXxnam4nW6s2O9mQ==", "updater": "rhel-vex", "name": "CVE-2022-30633", "description": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://www.cve.org/CVERecord?id=CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30633.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B7rM39vvdeIIjmDnRAuTIQ==": { "id": "B7rM39vvdeIIjmDnRAuTIQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "BBNgt41sCJ+dkDLhh8RM2Q==": { "id": "BBNgt41sCJ+dkDLhh8RM2Q==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "BCUOacmvjky6+oK/3U158Q==": { "id": "BCUOacmvjky6+oK/3U158Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "BCe3MuKRzryFB5SraMhsPw==": { "id": "BCe3MuKRzryFB5SraMhsPw==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "BEXy4ijrTQIkl+xEVZQ61w==": { "id": "BEXy4ijrTQIkl+xEVZQ61w==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BLPjiJKh0zrGI5mH+bPIGw==": { "id": "BLPjiJKh0zrGI5mH+bPIGw==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BXlYoXrAW947O+Adruh7Zw==": { "id": "BXlYoXrAW947O+Adruh7Zw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BceQQXlChHEbiy2YYN7FvA==": { "id": "BceQQXlChHEbiy2YYN7FvA==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "Bd+yU6xHUdyyaw65uiacIw==": { "id": "Bd+yU6xHUdyyaw65uiacIw==", "updater": "osv/go", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "issued": "2023-05-05T21:10:22Z", "links": "https://go.dev/issue/59721 https://go.dev/cl/491616 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BfJzk+M/zKnbrBHcCrvIlA==": { "id": "BfJzk+M/zKnbrBHcCrvIlA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "BgLn2RypgHsjIVj0SLunZg==": { "id": "BgLn2RypgHsjIVj0SLunZg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "BofAiVtqC38hX5ZAkBLTpA==": { "id": "BofAiVtqC38hX5ZAkBLTpA==", "updater": "osv/go", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "issued": "2024-03-05T22:15:00Z", "links": "https://go.dev/issue/65383 https://go.dev/cl/569341 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "Bp0jmZLVDqekxjq/Mq7PPA==": { "id": "Bp0jmZLVDqekxjq/Mq7PPA==", "updater": "rhel-vex", "name": "CVE-2022-1962", "description": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1962 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://www.cve.org/CVERecord?id=CVE-2022-1962 https://nvd.nist.gov/vuln/detail/CVE-2022-1962 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1962.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bp4O+K+hM5aEmCc59xUWdA==": { "id": "Bp4O+K+hM5aEmCc59xUWdA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "BsGuSaqfP6qrCK8KTTY4qw==": { "id": "BsGuSaqfP6qrCK8KTTY4qw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Bu9dxnhmsLXDd3x0oRPHfA==": { "id": "Bu9dxnhmsLXDd3x0oRPHfA==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bua36N02B8W4H7+P8yixkw==": { "id": "Bua36N02B8W4H7+P8yixkw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "BwQexIGmUvV9ONa+9gpe2w==": { "id": "BwQexIGmUvV9ONa+9gpe2w==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ByykkIf8cqMarBUwgOjK0g==": { "id": "ByykkIf8cqMarBUwgOjK0g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BzOgc4nzX2HHoodQY6X6vQ==": { "id": "BzOgc4nzX2HHoodQY6X6vQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Bzc4r1UXMoCf7blNLHkQGw==": { "id": "Bzc4r1UXMoCf7blNLHkQGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "C+2GxqMTQEZYKlJYDQE1Pg==": { "id": "C+2GxqMTQEZYKlJYDQE1Pg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C2ejCCBwa9n29Fq9gpW/sw==": { "id": "C2ejCCBwa9n29Fq9gpW/sw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "C7v5oMuGS9CuS5bfckNF/w==": { "id": "C7v5oMuGS9CuS5bfckNF/w==", "updater": "osv/go", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "issued": "2022-06-09T01:43:37Z", "links": "https://go.dev/cl/402257 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://go.dev/issue/52561 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "C9NKmmH/EbcYxVOEg1uY9g==": { "id": "C9NKmmH/EbcYxVOEg1uY9g==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "CAcAzU3FmPfcBEK+BF1wiQ==": { "id": "CAcAzU3FmPfcBEK+BF1wiQ==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "CBxUpiwpFiagAj3ihqf+vQ==": { "id": "CBxUpiwpFiagAj3ihqf+vQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CCQ15lzJdM5OqfQf0dLnJQ==": { "id": "CCQ15lzJdM5OqfQf0dLnJQ==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "CD0KTiCn+kQ9+lGQdzy4Lw==": { "id": "CD0KTiCn+kQ9+lGQdzy4Lw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "CFRtSPlXDJlgi28bdADXZg==": { "id": "CFRtSPlXDJlgi28bdADXZg==", "updater": "osv/go", "name": "GO-2024-3105", "description": "Stack exhaustion in all Parse functions in go/parser", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "CH/8kg0DShdiNjzv6+DZnA==": { "id": "CH/8kg0DShdiNjzv6+DZnA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CMGu0bZesU9cyPAc2vK34g==": { "id": "CMGu0bZesU9cyPAc2vK34g==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQXGvG5qF0LSGK3lgLUXJg==": { "id": "CQXGvG5qF0LSGK3lgLUXJg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CQY3y5mGXL6FhNg/bhr8Rw==": { "id": "CQY3y5mGXL6FhNg/bhr8Rw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "CSv4lPWUxMcEgRRI/WkPaA==": { "id": "CSv4lPWUxMcEgRRI/WkPaA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CVNFdSU8eHIr3mZk7+SX/Q==": { "id": "CVNFdSU8eHIr3mZk7+SX/Q==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "CW81Lp11K0nBc+3dYegY/g==": { "id": "CW81Lp11K0nBc+3dYegY/g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "CXlZx/1BY/yqrUCuQlON2w==": { "id": "CXlZx/1BY/yqrUCuQlON2w==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "CYbzKTdqzfhVDluEF23Dxg==": { "id": "CYbzKTdqzfhVDluEF23Dxg==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "CYkHBvLQQf6RYY/2Qkr5gw==": { "id": "CYkHBvLQQf6RYY/2Qkr5gw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CaVsGPkqzxcrIauiEFdPpw==": { "id": "CaVsGPkqzxcrIauiEFdPpw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CacO7saUr+KLTbynVQRYzg==": { "id": "CacO7saUr+KLTbynVQRYzg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Cbqd4MLPHY6FcToWh7U3IA==": { "id": "Cbqd4MLPHY6FcToWh7U3IA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "CebQRpRZjOcKyG6X/Hyb9g==": { "id": "CebQRpRZjOcKyG6X/Hyb9g==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cr4I2Hcgcf8xO3Bc2/KIfA==": { "id": "Cr4I2Hcgcf8xO3Bc2/KIfA==", "updater": "osv/go", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "issued": "2023-06-08T20:16:06Z", "links": "https://go.dev/issue/60272 https://go.dev/cl/501223 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.10" }, "CrxvMdhOPgYpnOjfUKfH3Q==": { "id": "CrxvMdhOPgYpnOjfUKfH3Q==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "CuWE9qOLaSI+JhOsCiY03Q==": { "id": "CuWE9qOLaSI+JhOsCiY03Q==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Cxqp3OmZ1TuIow2bpolrUA==": { "id": "Cxqp3OmZ1TuIow2bpolrUA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "D0qSEDt7Rns05A3ywUZLtw==": { "id": "D0qSEDt7Rns05A3ywUZLtw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "D1jz5P28B8rwvnVaChXHiw==": { "id": "D1jz5P28B8rwvnVaChXHiw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "D2PoAhXlfTjf0jSkt9i3qA==": { "id": "D2PoAhXlfTjf0jSkt9i3qA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "D4iEHIlb8qk7qBBIBLV2WA==": { "id": "D4iEHIlb8qk7qBBIBLV2WA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "D5TjVz7ghGYgdoVa5+N8bw==": { "id": "D5TjVz7ghGYgdoVa5+N8bw==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "DAwq8wwWp0GN/p0AvtHE9Q==": { "id": "DAwq8wwWp0GN/p0AvtHE9Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "DCflC/lDsmgt9IFXJM3PyA==": { "id": "DCflC/lDsmgt9IFXJM3PyA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "DDPdyyhkyoDS2Vq0O3We0w==": { "id": "DDPdyyhkyoDS2Vq0O3We0w==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DE3GDsNl2faTwlhxzYBbYw==": { "id": "DE3GDsNl2faTwlhxzYBbYw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DFOoWHynQeFD6fZDvPyKMg==": { "id": "DFOoWHynQeFD6fZDvPyKMg==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "DG5z7r6LqnKlVNwHAxeXgA==": { "id": "DG5z7r6LqnKlVNwHAxeXgA==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "DGtUYJS9TDm0sI7Gw7jCuA==": { "id": "DGtUYJS9TDm0sI7Gw7jCuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "DI5ofU0JT+/wsYx2AeXNiA==": { "id": "DI5ofU0JT+/wsYx2AeXNiA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "DI7HeHo8A/itZHGTOHOQIg==": { "id": "DI7HeHo8A/itZHGTOHOQIg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "DIXgPb+QqAbL75dH7f2Zww==": { "id": "DIXgPb+QqAbL75dH7f2Zww==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DJqdVbXk9Oqvq0nS8VYv5Q==": { "id": "DJqdVbXk9Oqvq0nS8VYv5Q==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DK1x7B/vzgaKlXynN3g1KA==": { "id": "DK1x7B/vzgaKlXynN3g1KA==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "DKQ/Jfye0O77T1m4bCFM9A==": { "id": "DKQ/Jfye0O77T1m4bCFM9A==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DPcSz1MBKzyaMMMhJWVyEA==": { "id": "DPcSz1MBKzyaMMMhJWVyEA==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "DQIgoLb/8+6+HRbr8B6wHw==": { "id": "DQIgoLb/8+6+HRbr8B6wHw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DZWopkvTJiWmVsAADTNOUw==": { "id": "DZWopkvTJiWmVsAADTNOUw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "Daj39cn0p5rpBblQYRpPNw==": { "id": "Daj39cn0p5rpBblQYRpPNw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "DhiTSAV5nEGdAk1xkbjRsw==": { "id": "DhiTSAV5nEGdAk1xkbjRsw==", "updater": "osv/go", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "issued": "2023-02-21T20:44:30Z", "links": "https://go.dev/issue/58006 https://go.dev/cl/468124 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "DjTY6HUnX+COP0+KJxD8lg==": { "id": "DjTY6HUnX+COP0+KJxD8lg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "DjpSix06K6wkPOmaLpbGWg==": { "id": "DjpSix06K6wkPOmaLpbGWg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DlS6uDYchj9S2LQucQuZxw==": { "id": "DlS6uDYchj9S2LQucQuZxw==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Dlv776lHnCBm01HWpf1zZQ==": { "id": "Dlv776lHnCBm01HWpf1zZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "DlzGGXSItv6fZobEGaNWCA==": { "id": "DlzGGXSItv6fZobEGaNWCA==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "Dp0x43cNy9IQTCa5Vb7Uyw==": { "id": "Dp0x43cNy9IQTCa5Vb7Uyw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "DqGYMV65C5QRFD63WuUcpg==": { "id": "DqGYMV65C5QRFD63WuUcpg==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DrIpfcclD2b0iXSNtu+I6Q==": { "id": "DrIpfcclD2b0iXSNtu+I6Q==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "DrL6S4TbqHyLJh/Go9vALA==": { "id": "DrL6S4TbqHyLJh/Go9vALA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "DtCtyEFA0WRhx44S/aRChA==": { "id": "DtCtyEFA0WRhx44S/aRChA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DtWvIa+898xLj3Yf8kKjtA==": { "id": "DtWvIa+898xLj3Yf8kKjtA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DtYmtBkxVMK6KVHn4U+2Yw==": { "id": "DtYmtBkxVMK6KVHn4U+2Yw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "DtkRUkQTzcJrj8ZsC36kqQ==": { "id": "DtkRUkQTzcJrj8ZsC36kqQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DyteGYzEcNMaIwU0U8gq/w==": { "id": "DyteGYzEcNMaIwU0U8gq/w==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "DzB2GvXN7uyOKTXPPshLvg==": { "id": "DzB2GvXN7uyOKTXPPshLvg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E7v1LWpr+8KCE/5szHqf2Q==": { "id": "E7v1LWpr+8KCE/5szHqf2Q==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "E90jB6HCh1KjzQXtmHMUUg==": { "id": "E90jB6HCh1KjzQXtmHMUUg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "EB6fg0YbdpF3FjycPEVN/Q==": { "id": "EB6fg0YbdpF3FjycPEVN/Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EBopL1hbi9GBQGXZUVNCAA==": { "id": "EBopL1hbi9GBQGXZUVNCAA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ECzeIHiPGDDmiEUQjBzFxg==": { "id": "ECzeIHiPGDDmiEUQjBzFxg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "EE23Ay78OLUGxmoM3vXPbA==": { "id": "EE23Ay78OLUGxmoM3vXPbA==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "EEMnwT7ARQJ+dbVETnKljw==": { "id": "EEMnwT7ARQJ+dbVETnKljw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.1.el9_6", "arch_op": "pattern match" }, "EEsEsfQRh24NPMdhg4HPHw==": { "id": "EEsEsfQRh24NPMdhg4HPHw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EFfUhTiwNATI8s7BT2T3xA==": { "id": "EFfUhTiwNATI8s7BT2T3xA==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EGDBCdh3xodxfhx6SFGa1w==": { "id": "EGDBCdh3xodxfhx6SFGa1w==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "EHdSTtZdfwUmOpf3vIeLWQ==": { "id": "EHdSTtZdfwUmOpf3vIeLWQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "ENoYJ+9TEzYG+jTQB5meaw==": { "id": "ENoYJ+9TEzYG+jTQB5meaw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ERpg5QsiyVdbxyySZngvaA==": { "id": "ERpg5QsiyVdbxyySZngvaA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "ETcQXJZrA6IUPRr4MXFUIw==": { "id": "ETcQXJZrA6IUPRr4MXFUIw==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "ETjF+btf4DIblmTTbHaZSA==": { "id": "ETjF+btf4DIblmTTbHaZSA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "EUzfiOQu+qZDEDuD1AbDtA==": { "id": "EUzfiOQu+qZDEDuD1AbDtA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EVXEAewBnzdtEIOYHBpZfA==": { "id": "EVXEAewBnzdtEIOYHBpZfA==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "EX/jsJKUxl+Y92LbkHwIVg==": { "id": "EX/jsJKUxl+Y92LbkHwIVg==", "updater": "osv/go", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "issued": "2023-11-08T22:42:19Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "EXWaDNivW550gBh9Dm6gCQ==": { "id": "EXWaDNivW550gBh9Dm6gCQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EXi8j2JWeu5xYuWml6Ellg==": { "id": "EXi8j2JWeu5xYuWml6Ellg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "EYkM0DDu8tbFKzGysEiO0Q==": { "id": "EYkM0DDu8tbFKzGysEiO0Q==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EZo12eG9Obl1kmhRKBmcvA==": { "id": "EZo12eG9Obl1kmhRKBmcvA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Ec/FYvTTz4riEqnQe1G+Fw==": { "id": "Ec/FYvTTz4riEqnQe1G+Fw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "EcsVvJ09ys7NpdNzv0A9zA==": { "id": "EcsVvJ09ys7NpdNzv0A9zA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "Ee2apAGC0PFcPNtPjyeqbg==": { "id": "Ee2apAGC0PFcPNtPjyeqbg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "EfJCfNem+1eUwnsxx2dNOg==": { "id": "EfJCfNem+1eUwnsxx2dNOg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "EhVqWSecC9djAkoW+k/+hQ==": { "id": "EhVqWSecC9djAkoW+k/+hQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EhcxS6FJz0RDq0+uuwuiEA==": { "id": "EhcxS6FJz0RDq0+uuwuiEA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "EhgsZTFIUAr2YMmtGzoFMQ==": { "id": "EhgsZTFIUAr2YMmtGzoFMQ==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "EjPl60c/5Xt+2Awh7Lu5jw==": { "id": "EjPl60c/5Xt+2Awh7Lu5jw==", "updater": "rhel-vex", "name": "CVE-2025-7546", "description": "A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.", "issued": "2025-07-13T22:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7546 https://bugzilla.redhat.com/show_bug.cgi?id=2379793 https://www.cve.org/CVERecord?id=CVE-2025-7546 https://nvd.nist.gov/vuln/detail/CVE-2025-7546 https://sourceware.org/bugzilla/attachment.cgi?id=16118 https://sourceware.org/bugzilla/show_bug.cgi?id=33050 https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b https://vuldb.com/?ctiid.316244 https://vuldb.com/?id.316244 https://vuldb.com/?submit.614375 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7546.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EpmDyksRTsldGi5rxDcMlA==": { "id": "EpmDyksRTsldGi5rxDcMlA==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Eptc9iAtWcHP72eK8tBCkA==": { "id": "Eptc9iAtWcHP72eK8tBCkA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Ewdn+P1XzA/h+WRvejvm/Q==": { "id": "Ewdn+P1XzA/h+WRvejvm/Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EzveB8rJWscHHRZtJKOdRA==": { "id": "EzveB8rJWscHHRZtJKOdRA==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "F/boCR7kXAGa4+GAELD7Tg==": { "id": "F/boCR7kXAGa4+GAELD7Tg==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F0PQEZy2PTlCGjp9J75Btw==": { "id": "F0PQEZy2PTlCGjp9J75Btw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "F1KNP85q9V8sONVWKuOzrw==": { "id": "F1KNP85q9V8sONVWKuOzrw==", "updater": "osv/go", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "issued": "2023-09-07T16:11:17Z", "links": "https://go.dev/issue/62196 https://go.dev/cl/526156 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "F2QVfam7Idr3v4Y7g3wf/Q==": { "id": "F2QVfam7Idr3v4Y7g3wf/Q==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "F4g8Bboy9/sMyy+EusFlpA==": { "id": "F4g8Bboy9/sMyy+EusFlpA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "F54ap+bUe0qceQi67ZX30w==": { "id": "F54ap+bUe0qceQi67ZX30w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "F6i42vx+GvZ/9LpnToKHcw==": { "id": "F6i42vx+GvZ/9LpnToKHcw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FAgeMhGaGcH9QOhQHw5rhQ==": { "id": "FAgeMhGaGcH9QOhQHw5rhQ==", "updater": "rhel-vex", "name": "CVE-2024-13978", "description": "A flaw was found in libtiff. The `t2p_read_tiff_init` function in the fax2ps component incorrectly handles TIFF files, leading to a null pointer dereference. A local attacker can trigger this condition by providing a specially crafted TIFF file. This can result in an application level denial of service.", "issued": "2025-08-01T21:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13978 https://bugzilla.redhat.com/show_bug.cgi?id=2386059 https://www.cve.org/CVERecord?id=CVE-2024-13978 https://nvd.nist.gov/vuln/detail/CVE-2024-13978 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 https://gitlab.com/libtiff/libtiff/-/issues/649 https://gitlab.com/libtiff/libtiff/-/merge_requests/667 https://vuldb.com/?ctiid.318355 https://vuldb.com/?id.318355 https://vuldb.com/?submit.624562 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13978.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FAoi5hf12Vg9h7NFehHyBg==": { "id": "FAoi5hf12Vg9h7NFehHyBg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.1.el9_6", "arch_op": "pattern match" }, "FE/mnRiATGHgivPxG+13dw==": { "id": "FE/mnRiATGHgivPxG+13dw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FKu6EFoCfpksmq+M7pL02Q==": { "id": "FKu6EFoCfpksmq+M7pL02Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FKuvvzZuxFLoDaTeoDMGIQ==": { "id": "FKuvvzZuxFLoDaTeoDMGIQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FM2lHn17qlO5uIZtM+Ehmg==": { "id": "FM2lHn17qlO5uIZtM+Ehmg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "FMzc9QFitxthf16XR1P0QA==": { "id": "FMzc9QFitxthf16XR1P0QA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "FOhuL+ZLaAMigc1crKc/uA==": { "id": "FOhuL+ZLaAMigc1crKc/uA==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "FPJOQAbsBSaId8RmD/1j8g==": { "id": "FPJOQAbsBSaId8RmD/1j8g==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "FTUrLe1XMNYvUzaxMdsWeQ==": { "id": "FTUrLe1XMNYvUzaxMdsWeQ==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "FUR7T9AnekkZ5hPUz2WP6Q==": { "id": "FUR7T9AnekkZ5hPUz2WP6Q==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "FUeASYCa2REKwmC0CFlz2g==": { "id": "FUeASYCa2REKwmC0CFlz2g==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "FV18DPtJsW6qZZIHDbkGJA==": { "id": "FV18DPtJsW6qZZIHDbkGJA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "FcmkgsiNKCrDAJ6OFK/Y8g==": { "id": "FcmkgsiNKCrDAJ6OFK/Y8g==", "updater": "osv/go", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "issued": "2023-10-11T16:49:53Z", "links": "https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.10" }, "FdtzK6tyT53moDNlzBGPBQ==": { "id": "FdtzK6tyT53moDNlzBGPBQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "FecDYUjbiWlU3PuXl5vs5w==": { "id": "FecDYUjbiWlU3PuXl5vs5w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Fg8qijPO2mYzPczZJG7NiQ==": { "id": "Fg8qijPO2mYzPczZJG7NiQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "FgTFx5g45j7WzA+bfAHPzQ==": { "id": "FgTFx5g45j7WzA+bfAHPzQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "Fi7GXCkkqJvYQw6Co8Nk7A==": { "id": "Fi7GXCkkqJvYQw6Co8Nk7A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "FjB9AnugxBHu7Kwf86C67w==": { "id": "FjB9AnugxBHu7Kwf86C67w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.1.el9_6", "arch_op": "pattern match" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FkUafBj1ekysZyPIbZi5fg==": { "id": "FkUafBj1ekysZyPIbZi5fg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "FkxoK2aSVfPglVllnxzplw==": { "id": "FkxoK2aSVfPglVllnxzplw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "FlgtpglQEkjGT66EnFUHMg==": { "id": "FlgtpglQEkjGT66EnFUHMg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FnsKxnhjNS+E4Y6hrazjUQ==": { "id": "FnsKxnhjNS+E4Y6hrazjUQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FpA1FaTnKUwdPkl0KHAbaw==": { "id": "FpA1FaTnKUwdPkl0KHAbaw==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FrIXKuepXZdWVsQ8gu1YHA==": { "id": "FrIXKuepXZdWVsQ8gu1YHA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FsYbwBEvKH6FW81JU3KSvw==": { "id": "FsYbwBEvKH6FW81JU3KSvw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Ft+9wGiX7gFQHYNS5do1oA==": { "id": "Ft+9wGiX7gFQHYNS5do1oA==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "FtF7hWwlQYu4clVsrpBd0Q==": { "id": "FtF7hWwlQYu4clVsrpBd0Q==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "FwvyPIBVlE1fAIgwJ1H6Sw==": { "id": "FwvyPIBVlE1fAIgwJ1H6Sw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FyNQxVBbour86huhtgTOzA==": { "id": "FyNQxVBbour86huhtgTOzA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "Fys7cTDgnkqkKy/A1tAWPQ==": { "id": "Fys7cTDgnkqkKy/A1tAWPQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "G/EKAYKB/V29JLdsy1wFCA==": { "id": "G/EKAYKB/V29JLdsy1wFCA==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "G/dmoDOpwh0GrsMovfySVw==": { "id": "G/dmoDOpwh0GrsMovfySVw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "G1biuc7MPjr1XA/l1R5EPQ==": { "id": "G1biuc7MPjr1XA/l1R5EPQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G1ju8KSMzz6zOg31bF5lRw==": { "id": "G1ju8KSMzz6zOg31bF5lRw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "G33a+jVnMZNg6liymp9Lyg==": { "id": "G33a+jVnMZNg6liymp9Lyg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-1.el9_7", "arch_op": "pattern match" }, "G77a8vVkDX/8Yt/v29MOhA==": { "id": "G77a8vVkDX/8Yt/v29MOhA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GDAkupnsjiTl71rwzH5RJg==": { "id": "GDAkupnsjiTl71rwzH5RJg==", "updater": "rhel-vex", "name": "CVE-2024-21538", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", "issued": "2024-11-08T05:00:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2324550 https://www.cve.org/CVERecord?id=CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21538.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GEDO3j20WMwIj0JMNMq5Iw==": { "id": "GEDO3j20WMwIj0JMNMq5Iw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "GJ6//hGiIsio2zBFuudd/Q==": { "id": "GJ6//hGiIsio2zBFuudd/Q==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GJy8g/4zoy4CPDvWLZr9kQ==": { "id": "GJy8g/4zoy4CPDvWLZr9kQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "GKtgrnguQJIeMtP51nnNZQ==": { "id": "GKtgrnguQJIeMtP51nnNZQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GVOb0whjVXBMMGVZhZjH0g==": { "id": "GVOb0whjVXBMMGVZhZjH0g==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GVXQ1XPPQkuhZ4SIFGoF+w==": { "id": "GVXQ1XPPQkuhZ4SIFGoF+w==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GW37uYQxwwgJBIDtA/dT2g==": { "id": "GW37uYQxwwgJBIDtA/dT2g==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXObP88ZOLkWQuVeVgHh/g==": { "id": "GXObP88ZOLkWQuVeVgHh/g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "GXVxiDj3UnyxgXg2cz7u0Q==": { "id": "GXVxiDj3UnyxgXg2cz7u0Q==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Ga3lVfExNl500JGwW345sQ==": { "id": "Ga3lVfExNl500JGwW345sQ==", "updater": "osv/go", "name": "GO-2025-3956", "description": "Unexpected paths returned from LookPath in os/exec", "issued": "2025-09-18T18:21:44Z", "links": "https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "GaZVgTbcdJiJMvdUeofqTA==": { "id": "GaZVgTbcdJiJMvdUeofqTA==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "GbZa+XIQtfFHtHWs5gm0wg==": { "id": "GbZa+XIQtfFHtHWs5gm0wg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "GeI10LHPuNgyyt295MOmIQ==": { "id": "GeI10LHPuNgyyt295MOmIQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "Geg0mw2hzdsfDbJ9adcmWg==": { "id": "Geg0mw2hzdsfDbJ9adcmWg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Gn9qNy1ITVhOKz+nUviaSg==": { "id": "Gn9qNy1ITVhOKz+nUviaSg==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GoHez0BYftW2Wj3h0K6Zxw==": { "id": "GoHez0BYftW2Wj3h0K6Zxw==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "GoHsuuxRgbGb3lm852rQmg==": { "id": "GoHsuuxRgbGb3lm852rQmg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GolUr/klMsQNQ9QFMdcAmw==": { "id": "GolUr/klMsQNQ9QFMdcAmw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GpJjElMhBMa2ZIh0g/0hAQ==": { "id": "GpJjElMhBMa2ZIh0g/0hAQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GwJvkFMzYrKrZEvvNMbc6A==": { "id": "GwJvkFMzYrKrZEvvNMbc6A==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "GwdBWjTMLLj14UbkCrmh/A==": { "id": "GwdBWjTMLLj14UbkCrmh/A==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "Gzt3Aov08YmfW0b/CN7tHw==": { "id": "Gzt3Aov08YmfW0b/CN7tHw==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "H+x0VPepDcitQiESaSwIwQ==": { "id": "H+x0VPepDcitQiESaSwIwQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "H003kvHQyN0gsWRXOrXzxA==": { "id": "H003kvHQyN0gsWRXOrXzxA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "H04yzALMJAjmclexKFeS2w==": { "id": "H04yzALMJAjmclexKFeS2w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "H4boG/V+MB7stA7jG8O6Tw==": { "id": "H4boG/V+MB7stA7jG8O6Tw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "H4hIo8QsJ8tJeirBCqwHFQ==": { "id": "H4hIo8QsJ8tJeirBCqwHFQ==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "H5HU/YMXz+3wwSlUv2hOEg==": { "id": "H5HU/YMXz+3wwSlUv2hOEg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "H5vm/YCKZciOb4TXZmGZlg==": { "id": "H5vm/YCKZciOb4TXZmGZlg==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "H7H9wMobv6DOqzUUAdOqGA==": { "id": "H7H9wMobv6DOqzUUAdOqGA==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBDLPf0FBMppxrTwW+gqlA==": { "id": "HBDLPf0FBMppxrTwW+gqlA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "HFchxDnUHv0YgEfYisGA6A==": { "id": "HFchxDnUHv0YgEfYisGA6A==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HHpOVRDbzmY2UhydU+uwcg==": { "id": "HHpOVRDbzmY2UhydU+uwcg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "HMF5qYGPMt4Fb5i6RtdwRA==": { "id": "HMF5qYGPMt4Fb5i6RtdwRA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "HMytRAMTGJlQRfqVbIzzVg==": { "id": "HMytRAMTGJlQRfqVbIzzVg==", "updater": "osv/go", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "issued": "2022-07-25T17:34:18Z", "links": "https://go.dev/cl/409874 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://go.dev/issue/53188 https://go.dev/cl/410714 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "HNWibMRA8AF0jyyBYQthdA==": { "id": "HNWibMRA8AF0jyyBYQthdA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HS96brYtpBiaYpW7OxT5Wg==": { "id": "HS96brYtpBiaYpW7OxT5Wg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "HT2SNCYX7dkF36jwcJ6tBg==": { "id": "HT2SNCYX7dkF36jwcJ6tBg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "HW1HxtJFrKBktMKHARGGeQ==": { "id": "HW1HxtJFrKBktMKHARGGeQ==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "HeemEcWe2JVMYkjGWbuiFA==": { "id": "HeemEcWe2JVMYkjGWbuiFA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "HfjDJmml2JYJ9YjdaPe+zQ==": { "id": "HfjDJmml2JYJ9YjdaPe+zQ==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "HiF486OoQCfE4Hwc8DTxrQ==": { "id": "HiF486OoQCfE4Hwc8DTxrQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "HjJnWaqrr4SaFPjzu8hVkg==": { "id": "HjJnWaqrr4SaFPjzu8hVkg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlmfsCkhcIqBoptvS1F7pQ==": { "id": "HlmfsCkhcIqBoptvS1F7pQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HmZXdUV/ycFcRK+m71pC+w==": { "id": "HmZXdUV/ycFcRK+m71pC+w==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "HnNhAdInEg3yPEHYo7Hl+Q==": { "id": "HnNhAdInEg3yPEHYo7Hl+Q==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "HqbYURF/7TaXoQPMqtdsIA==": { "id": "HqbYURF/7TaXoQPMqtdsIA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "HrQTGWot7zXPyYbisnzShg==": { "id": "HrQTGWot7zXPyYbisnzShg==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "Ht/FCT7E55SLIJNr/AHy9A==": { "id": "Ht/FCT7E55SLIJNr/AHy9A==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "HuVZNoL6F1XG6bLXPdhmWQ==": { "id": "HuVZNoL6F1XG6bLXPdhmWQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxiMqPnG14UzA9oHqqI6Ng==": { "id": "HxiMqPnG14UzA9oHqqI6Ng==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "I1n6/nf1BmKoqYe/GXCV3A==": { "id": "I1n6/nf1BmKoqYe/GXCV3A==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "I2w7mAdeccRvDV/HeaBOoA==": { "id": "I2w7mAdeccRvDV/HeaBOoA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "I3+uP7bb+nPtzRYHH2UUgw==": { "id": "I3+uP7bb+nPtzRYHH2UUgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I362Vwh1x92yigOP2ZDpKA==": { "id": "I362Vwh1x92yigOP2ZDpKA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "I3Zso12Z+9mUcVEvUKWJ8w==": { "id": "I3Zso12Z+9mUcVEvUKWJ8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I44fXMfux3yPYaBHaNxgsg==": { "id": "I44fXMfux3yPYaBHaNxgsg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "I5CKvoKqBhFd1vY7fxFKtQ==": { "id": "I5CKvoKqBhFd1vY7fxFKtQ==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "I9Xc2JiRiPWfOFS5AHY1Ww==": { "id": "I9Xc2JiRiPWfOFS5AHY1Ww==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "IDAwc/hZzIcM4IBkaUT9YA==": { "id": "IDAwc/hZzIcM4IBkaUT9YA==", "updater": "osv/go", "name": "GO-2025-3563", "description": "Request smuggling due to acceptance of invalid chunked data in net/http", "issued": "2025-04-08T19:46:23Z", "links": "https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.8" }, "IDDFCE+x3YM7koS2SvW5fA==": { "id": "IDDFCE+x3YM7koS2SvW5fA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IENtFrOwfEqYX/lp+0u2Gw==": { "id": "IENtFrOwfEqYX/lp+0u2Gw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "IERk9xwccKWSGr20Hb5U6g==": { "id": "IERk9xwccKWSGr20Hb5U6g==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "IGsR1pj6qXRBH+0hYVXsew==": { "id": "IGsR1pj6qXRBH+0hYVXsew==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IH0yoiWyuDmG+HH8h9dKLw==": { "id": "IH0yoiWyuDmG+HH8h9dKLw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IIfJmT1yzMqBOVKMy3nlyQ==": { "id": "IIfJmT1yzMqBOVKMy3nlyQ==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "IL9yoqEJiA7P9oRxQrj7SQ==": { "id": "IL9yoqEJiA7P9oRxQrj7SQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "IRgMJoQA4x1xizY2hEw96w==": { "id": "IRgMJoQA4x1xizY2hEw96w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ISgjA2mi+Q9vbdNEhDKXOA==": { "id": "ISgjA2mi+Q9vbdNEhDKXOA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ITIiuf1dzb05+JHj8h65fg==": { "id": "ITIiuf1dzb05+JHj8h65fg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "IUI8ka2AYA1twZAQi4gL5Q==": { "id": "IUI8ka2AYA1twZAQi4gL5Q==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "IV554NtP1F9KO4IyBit26g==": { "id": "IV554NtP1F9KO4IyBit26g==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IWplUWF011EXddGnkU5Png==": { "id": "IWplUWF011EXddGnkU5Png==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.1.el9_6", "arch_op": "pattern match" }, "IaNq7BGSUI5KW7kcB5RXdQ==": { "id": "IaNq7BGSUI5KW7kcB5RXdQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "IbhdAqkTe4EMzAhoNvBoZw==": { "id": "IbhdAqkTe4EMzAhoNvBoZw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfZDrkeHpfXHfjHzETuKbw==": { "id": "IfZDrkeHpfXHfjHzETuKbw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ih4ScPgmvAttJN/czzciaQ==": { "id": "Ih4ScPgmvAttJN/czzciaQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IkLJJWoz7DjiEwkwHd9+Bw==": { "id": "IkLJJWoz7DjiEwkwHd9+Bw==", "updater": "osv/go", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "issued": "2024-03-05T22:15:40Z", "links": "https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "IoeuDKI/vu/XCDGoDKzX3g==": { "id": "IoeuDKI/vu/XCDGoDKzX3g==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "IqAfwTRGJO3I/HkfDNLMoQ==": { "id": "IqAfwTRGJO3I/HkfDNLMoQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "Ira5htRPGofy9veGMRD7Vg==": { "id": "Ira5htRPGofy9veGMRD7Vg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IsqBfnAxrh9UbW8oQaSR7w==": { "id": "IsqBfnAxrh9UbW8oQaSR7w==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "ItuvzyMGym4CNyVuxWwH3w==": { "id": "ItuvzyMGym4CNyVuxWwH3w==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IxsDQKwy6X02Ak7TSjZKpA==": { "id": "IxsDQKwy6X02Ak7TSjZKpA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "IzDqrZ8Ru35rI4iCSSk/pw==": { "id": "IzDqrZ8Ru35rI4iCSSk/pw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "J+a2wc6cR5fLyNj39ghgVg==": { "id": "J+a2wc6cR5fLyNj39ghgVg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "J/vqYu1qTz7dsS8oVaCTTw==": { "id": "J/vqYu1qTz7dsS8oVaCTTw==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "J1MkSCEBivWCQoYUEvHXOw==": { "id": "J1MkSCEBivWCQoYUEvHXOw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "J1SK5zSFZI94azX3jybBbw==": { "id": "J1SK5zSFZI94azX3jybBbw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J3RGaCFhZHnCvtta/VAJIw==": { "id": "J3RGaCFhZHnCvtta/VAJIw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "J4ecrOEw69avIhhOznG+2w==": { "id": "J4ecrOEw69avIhhOznG+2w==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "J5i8I5ZRQGDUXQI4WkC0FQ==": { "id": "J5i8I5ZRQGDUXQI4WkC0FQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "J6GavUf0zh8+C0zHHTDYfw==": { "id": "J6GavUf0zh8+C0zHHTDYfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "J9wD9ZF9kAJd1nu03TllBQ==": { "id": "J9wD9ZF9kAJd1nu03TllBQ==", "updater": "osv/go", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "issued": "2024-03-05T22:15:02Z", "links": "https://go.dev/issue/65065 https://go.dev/cl/569340 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "JBIWl7TA4AzjcNVfFPjHaw==": { "id": "JBIWl7TA4AzjcNVfFPjHaw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JLZyRakMGnyMKNtD6nnqpQ==": { "id": "JLZyRakMGnyMKNtD6nnqpQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "JLdsQ9mzV76+v5Ttq5j2hA==": { "id": "JLdsQ9mzV76+v5Ttq5j2hA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "JMtxzN1jgVs2Gwo2QsOKnQ==": { "id": "JMtxzN1jgVs2Gwo2QsOKnQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "JMuZ2WXBBx9rW6/jTPLu0A==": { "id": "JMuZ2WXBBx9rW6/jTPLu0A==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "JQe3P/odATa/OKbzn309dw==": { "id": "JQe3P/odATa/OKbzn309dw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "JS6LnmY1PZfE5YxJsCWPPQ==": { "id": "JS6LnmY1PZfE5YxJsCWPPQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "JS9NNql9cJTDkzzfXyJzDQ==": { "id": "JS9NNql9cJTDkzzfXyJzDQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVp8gcuEEeRLeKprUvrBUg==": { "id": "JVp8gcuEEeRLeKprUvrBUg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JWrwO52d5SNbcmJ2KpFaJQ==": { "id": "JWrwO52d5SNbcmJ2KpFaJQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JXQAkdur2asBQ4qeq789Ew==": { "id": "JXQAkdur2asBQ4qeq789Ew==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "JZIEpU7UdEXuAMj6emkt5A==": { "id": "JZIEpU7UdEXuAMj6emkt5A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "JZVeRC2oy93Tv6vLZpVqJQ==": { "id": "JZVeRC2oy93Tv6vLZpVqJQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "JZouihQMnG3T6XSUXqYbkA==": { "id": "JZouihQMnG3T6XSUXqYbkA==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "JegoLVJD+r1CNqau++1Vlw==": { "id": "JegoLVJD+r1CNqau++1Vlw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "JeqcZQqZ6re77qRb9vpAHQ==": { "id": "JeqcZQqZ6re77qRb9vpAHQ==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "JfmoxvDj+qKmecssvuGVyA==": { "id": "JfmoxvDj+qKmecssvuGVyA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JiPLnE3IM4/yPxZ8earXLg==": { "id": "JiPLnE3IM4/yPxZ8earXLg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "JmAt+4wqaQRWn+7jyy1oCQ==": { "id": "JmAt+4wqaQRWn+7jyy1oCQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jo0GiPh7MZcVuLsVDbp7qg==": { "id": "Jo0GiPh7MZcVuLsVDbp7qg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "Jq9s0m8iiaLnslijc1N/kw==": { "id": "Jq9s0m8iiaLnslijc1N/kw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "JrT9jqBaZlLgPCS0RLnpPQ==": { "id": "JrT9jqBaZlLgPCS0RLnpPQ==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "JsF5ac8+OAOWxsV80iUiIw==": { "id": "JsF5ac8+OAOWxsV80iUiIw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.1.el9_6", "arch_op": "pattern match" }, "JtCpNcg8egZjbdozD9CAJQ==": { "id": "JtCpNcg8egZjbdozD9CAJQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JwRn6LaXs4DLH+aotGHcIQ==": { "id": "JwRn6LaXs4DLH+aotGHcIQ==", "updater": "osv/go", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "issued": "2022-07-20T17:02:29Z", "links": "https://go.dev/cl/417066 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "Jx8Savf4pVqPTLt8HsgoXA==": { "id": "Jx8Savf4pVqPTLt8HsgoXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "K/Jzpgc6xwHh47HFu+S8BQ==": { "id": "K/Jzpgc6xwHh47HFu+S8BQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K0/KdAmlvzyf53kjXgfoRA==": { "id": "K0/KdAmlvzyf53kjXgfoRA==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "K12v1aAHn6bz+NiEB1W7GA==": { "id": "K12v1aAHn6bz+NiEB1W7GA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "K5fLrkou5COixf2q2qhQ5Q==": { "id": "K5fLrkou5COixf2q2qhQ5Q==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "KBpYoBBh5AFRsvma/sImeA==": { "id": "KBpYoBBh5AFRsvma/sImeA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KEWGfOVGYNjr6kNjpQx0qg==": { "id": "KEWGfOVGYNjr6kNjpQx0qg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KM/iKSazFyPeIBezQXviSQ==": { "id": "KM/iKSazFyPeIBezQXviSQ==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "KM3euWq+O2CS0VP936TjVg==": { "id": "KM3euWq+O2CS0VP936TjVg==", "updater": "osv/go", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "issued": "2023-12-06T16:22:36Z", "links": "https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.12" }, "KTLyj41W+cHfjH/HBrA7BQ==": { "id": "KTLyj41W+cHfjH/HBrA7BQ==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KXAIwMyIqS4MKyyyosxjhw==": { "id": "KXAIwMyIqS4MKyyyosxjhw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "KXzUsn7IGL3ZRMjBL3QOng==": { "id": "KXzUsn7IGL3ZRMjBL3QOng==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kcd+UQxBw37KfFkRbn1QXw==": { "id": "Kcd+UQxBw37KfFkRbn1QXw==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "KewD59oo2UdDLsWiOrUjzQ==": { "id": "KewD59oo2UdDLsWiOrUjzQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "KhBWOViCuCZdWqrkDlYvOA==": { "id": "KhBWOViCuCZdWqrkDlYvOA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KhtP1/ZJ9jcZ6Whijt7vkw==": { "id": "KhtP1/ZJ9jcZ6Whijt7vkw==", "updater": "osv/go", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "issued": "2023-02-16T22:31:36Z", "links": "https://go.dev/issue/57855 https://go.dev/cl/468135 https://go.dev/cl/468295 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Km0Kj8/PT21DcOVckLYRyA==": { "id": "Km0Kj8/PT21DcOVckLYRyA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Kp6vEAyTjVJyCperHJ2MsQ==": { "id": "Kp6vEAyTjVJyCperHJ2MsQ==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "Kqi7XT4SGpqJzglrXFbYsQ==": { "id": "Kqi7XT4SGpqJzglrXFbYsQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "KwXuJ1mZuqgv14dKI+DdIw==": { "id": "KwXuJ1mZuqgv14dKI+DdIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "L+KHKrPvSxZVeDMiWq92vw==": { "id": "L+KHKrPvSxZVeDMiWq92vw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "L/8naYULbNo7VCB5WzvpDw==": { "id": "L/8naYULbNo7VCB5WzvpDw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "L04cc8NCPjDZYnxYDnO5+A==": { "id": "L04cc8NCPjDZYnxYDnO5+A==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "L0O+Qmwnpkk+Rg/VqN7QWA==": { "id": "L0O+Qmwnpkk+Rg/VqN7QWA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "L2l/2cM7p8mbRx8/RerNPg==": { "id": "L2l/2cM7p8mbRx8/RerNPg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "L309n8CXvBj9wPx3UR7JGQ==": { "id": "L309n8CXvBj9wPx3UR7JGQ==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3Sq7FQbQmRq1R8Dn0eFww==": { "id": "L3Sq7FQbQmRq1R8Dn0eFww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "L5u3G3ilU8/0RtMpJ7kdKQ==": { "id": "L5u3G3ilU8/0RtMpJ7kdKQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "L7bRdQbudZhoHiefk8z45A==": { "id": "L7bRdQbudZhoHiefk8z45A==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "L9hbhq3wsZ5QkKEIo/fhYQ==": { "id": "L9hbhq3wsZ5QkKEIo/fhYQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "LAdEFhGjw+B+5uRqObeXiQ==": { "id": "LAdEFhGjw+B+5uRqObeXiQ==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "LBK9PqJKfCEUpttQCyryqw==": { "id": "LBK9PqJKfCEUpttQCyryqw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "LBzBPjCNeeSOWXyc2o2hnQ==": { "id": "LBzBPjCNeeSOWXyc2o2hnQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "LCRgl8qKc2VcXP1ILfaS6A==": { "id": "LCRgl8qKc2VcXP1ILfaS6A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "LDhDJjeJTHD14xx6vYgQUQ==": { "id": "LDhDJjeJTHD14xx6vYgQUQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LKHvKuMU+ZaZN+c9jQoc8A==": { "id": "LKHvKuMU+ZaZN+c9jQoc8A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "LMcwA00QGnxriAXkZQIhHw==": { "id": "LMcwA00QGnxriAXkZQIhHw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LULa++Og4kM4JJrQxnZj0w==": { "id": "LULa++Og4kM4JJrQxnZj0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.1.el9_6", "arch_op": "pattern match" }, "LUlesLbzv1yf48cLqYDxTg==": { "id": "LUlesLbzv1yf48cLqYDxTg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LXj+7NB7elh/3U/gcE77cw==": { "id": "LXj+7NB7elh/3U/gcE77cw==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Lc7NiV76Y8Ubl6+6Vgd+sw==": { "id": "Lc7NiV76Y8Ubl6+6Vgd+sw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "LcEYljn+QTWUC36NwQCf7w==": { "id": "LcEYljn+QTWUC36NwQCf7w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Lcg+9plLPEAo58BHKBlIGw==": { "id": "Lcg+9plLPEAo58BHKBlIGw==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "LczpEojKeJQxs4tAiPNubw==": { "id": "LczpEojKeJQxs4tAiPNubw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Lex02lwAwiaMkFn9DV9FuA==": { "id": "Lex02lwAwiaMkFn9DV9FuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkG+n79mbPHrPl1sC2ee1w==": { "id": "LkG+n79mbPHrPl1sC2ee1w==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LlIx9R1y9EWEYmMjr1l1rw==": { "id": "LlIx9R1y9EWEYmMjr1l1rw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "Lsd0oY+cRz3Y5y3+G6CYMA==": { "id": "Lsd0oY+cRz3Y5y3+G6CYMA==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "Lw4KgrwWujzRmDjtibR3+Q==": { "id": "Lw4KgrwWujzRmDjtibR3+Q==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "LyEH4RIrJnMwmS9bxL322w==": { "id": "LyEH4RIrJnMwmS9bxL322w==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LzfcsSJMzHmJVjI8xrynCA==": { "id": "LzfcsSJMzHmJVjI8xrynCA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1Z06nydk707qbRpFiKmaA==": { "id": "M1Z06nydk707qbRpFiKmaA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M3xoPIiF+fvDRyYkizrMWQ==": { "id": "M3xoPIiF+fvDRyYkizrMWQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M4/opsM/3qe/3m0zjGkItQ==": { "id": "M4/opsM/3qe/3m0zjGkItQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "M5aJiMv2/MaWINKfor0BrQ==": { "id": "M5aJiMv2/MaWINKfor0BrQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M6ssHrt9pKPpEPr7O0Tc/A==": { "id": "M6ssHrt9pKPpEPr7O0Tc/A==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "M9nh4Ryt6GwPUlLoItHqnA==": { "id": "M9nh4Ryt6GwPUlLoItHqnA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MAL36hvDgZ40KRvk279OJA==": { "id": "MAL36hvDgZ40KRvk279OJA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "MGoFQMcsriBEPanvv9LYcQ==": { "id": "MGoFQMcsriBEPanvv9LYcQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "MJ6xN5o4V2wpv4hjMTwHAA==": { "id": "MJ6xN5o4V2wpv4hjMTwHAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "MJtIM09Jw6pIepBEcf4LwQ==": { "id": "MJtIM09Jw6pIepBEcf4LwQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MOUExK9O9qzIs9ukHaS2ew==": { "id": "MOUExK9O9qzIs9ukHaS2ew==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "MVGmB/UrNlB0PqdbI1X5iA==": { "id": "MVGmB/UrNlB0PqdbI1X5iA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "MYhgpNDg22nk0/HCSwm/gw==": { "id": "MYhgpNDg22nk0/HCSwm/gw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "McBbvTJIAPyP1aOW8M+hzw==": { "id": "McBbvTJIAPyP1aOW8M+hzw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "Mds6YkAImABVZfFVPdan5w==": { "id": "Mds6YkAImABVZfFVPdan5w==", "updater": "osv/go", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "issued": "2022-07-15T23:30:12Z", "links": "https://go.dev/cl/399539 https://go.dev/issue/52313 https://go.dev/cl/400074 https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.2" }, "Mgu68G03r/7Tj/zMomkJZw==": { "id": "Mgu68G03r/7Tj/zMomkJZw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Mhh/p16eoRFTSGC5EJRZEw==": { "id": "Mhh/p16eoRFTSGC5EJRZEw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "Mo/R2a7u4vWlPy8O1jH7HQ==": { "id": "Mo/R2a7u4vWlPy8O1jH7HQ==", "updater": "rhel-vex", "name": "CVE-2024-8244", "description": "The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.", "issued": "2025-08-06T15:32:27Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8244 https://bugzilla.redhat.com/show_bug.cgi?id=2386885 https://www.cve.org/CVERecord?id=CVE-2024-8244 https://nvd.nist.gov/vuln/detail/CVE-2024-8244 https://go.dev/issue/70007 https://pkg.go.dev/vuln/GO-2025-9999 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8244.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Mo4ARlLui4P8nHgMUyYhSw==": { "id": "Mo4ARlLui4P8nHgMUyYhSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Mqs34KD77Q9uZxNX/8mz0Q==": { "id": "Mqs34KD77Q9uZxNX/8mz0Q==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MrRavbeiISRcJtBRJ3ZRsA==": { "id": "MrRavbeiISRcJtBRJ3ZRsA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "MrpKafmPiKoIdSrqC/r3Sg==": { "id": "MrpKafmPiKoIdSrqC/r3Sg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "Mrux1XY1LZVvkWuUp2MCHQ==": { "id": "Mrux1XY1LZVvkWuUp2MCHQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "MtExg9vrmkuo/+/XELnvpA==": { "id": "MtExg9vrmkuo/+/XELnvpA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Mukn5ixgUb/zb+mcMFd16Q==": { "id": "Mukn5ixgUb/zb+mcMFd16Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "Mv7iQu0SgLhcoLH3nS/HZw==": { "id": "Mv7iQu0SgLhcoLH3nS/HZw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "MvPzfqdptyOBxzxR1iCL3g==": { "id": "MvPzfqdptyOBxzxR1iCL3g==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MwRbFLckfwf7ZXLrr6KBUQ==": { "id": "MwRbFLckfwf7ZXLrr6KBUQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N6/VXIOitxRZPgnZMgm+4A==": { "id": "N6/VXIOitxRZPgnZMgm+4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "N6xCmSIsupN7OsJaYpsl6Q==": { "id": "N6xCmSIsupN7OsJaYpsl6Q==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "N6yyVyHeduwThpSSvA2dVQ==": { "id": "N6yyVyHeduwThpSSvA2dVQ==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "NAN7p79skZ+eBA0xQMnnqw==": { "id": "NAN7p79skZ+eBA0xQMnnqw==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ND8tA1FahvMc/ZIGpyoj3g==": { "id": "ND8tA1FahvMc/ZIGpyoj3g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NDTeUbmjAj/XEHx68pTD9A==": { "id": "NDTeUbmjAj/XEHx68pTD9A==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NFJR7P8KL9HNF/dsA5opTw==": { "id": "NFJR7P8KL9HNF/dsA5opTw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NGHtfO55iqBhbAmqujAqHA==": { "id": "NGHtfO55iqBhbAmqujAqHA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "NJhwMDbt0IMvlSLLB4cUVA==": { "id": "NJhwMDbt0IMvlSLLB4cUVA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "NLs2bAzfO2YzrBTddmvvkQ==": { "id": "NLs2bAzfO2YzrBTddmvvkQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "NNyvMdW5UTPp1jGH161XDQ==": { "id": "NNyvMdW5UTPp1jGH161XDQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "NObEgWpn6tAdrn33X3GoKw==": { "id": "NObEgWpn6tAdrn33X3GoKw==", "updater": "rhel-vex", "name": "CVE-2022-32148", "description": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-32148 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://www.cve.org/CVERecord?id=CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-32148.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NPJh6PwkJYtfpkFMxFCfIA==": { "id": "NPJh6PwkJYtfpkFMxFCfIA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NQ+dtAZLrUPoMA29mi1Odg==": { "id": "NQ+dtAZLrUPoMA29mi1Odg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "NUj8ykIgUTA27ShVMCBysA==": { "id": "NUj8ykIgUTA27ShVMCBysA==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NW78+g0sKpejEre7I2lCOA==": { "id": "NW78+g0sKpejEre7I2lCOA==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NWqPMtB06drZmdGhOgqvEA==": { "id": "NWqPMtB06drZmdGhOgqvEA==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NXkuwjwxMseOUUaLQCgnuQ==": { "id": "NXkuwjwxMseOUUaLQCgnuQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "NdlKBrj70+HY4gSgv+wTmA==": { "id": "NdlKBrj70+HY4gSgv+wTmA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NeoXfJYSR9hqSpA4BJOyWQ==": { "id": "NeoXfJYSR9hqSpA4BJOyWQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfM08djkMgc3ukqHI37OMg==": { "id": "NfM08djkMgc3ukqHI37OMg==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfOajNNzWnotxhFpYD5Nfg==": { "id": "NfOajNNzWnotxhFpYD5Nfg==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "NkAsviHzXhNrys9cILlYeQ==": { "id": "NkAsviHzXhNrys9cILlYeQ==", "updater": "osv/go", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "issued": "2023-11-08T22:42:14Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY https://go.dev/issue/64028 https://go.dev/cl/541175 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "Nl5OfrnQ/SPbLIWCvdxEHw==": { "id": "Nl5OfrnQ/SPbLIWCvdxEHw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NoEVAwQMgkCr1UvAm6iQBQ==": { "id": "NoEVAwQMgkCr1UvAm6iQBQ==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "NpKL2jmktUTvYJUFA1mjww==": { "id": "NpKL2jmktUTvYJUFA1mjww==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "NplyvjxiuekBB/5QKoOJbw==": { "id": "NplyvjxiuekBB/5QKoOJbw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "O+NG96g+kK1DtaJEFTfwuA==": { "id": "O+NG96g+kK1DtaJEFTfwuA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "O+a4984RTSUBIVVJsZTw1A==": { "id": "O+a4984RTSUBIVVJsZTw1A==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "O0QnjS+0zUH+vff5xaIpCw==": { "id": "O0QnjS+0zUH+vff5xaIpCw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "O0ZHj1wCkn8EgvHd15dYqA==": { "id": "O0ZHj1wCkn8EgvHd15dYqA==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "O24do/xbIwz1BfQU4lBl5A==": { "id": "O24do/xbIwz1BfQU4lBl5A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "O41Bejc6em2i0QjOrjliKQ==": { "id": "O41Bejc6em2i0QjOrjliKQ==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "O4VudlVyChnCKHP9qhS59g==": { "id": "O4VudlVyChnCKHP9qhS59g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "O7l2OQQ3NRM4VNrd4YvEaA==": { "id": "O7l2OQQ3NRM4VNrd4YvEaA==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "O8btQzgzPf/pU7XfP3wqPw==": { "id": "O8btQzgzPf/pU7XfP3wqPw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "OIcx4C9IsgtrAE0nDs9GdA==": { "id": "OIcx4C9IsgtrAE0nDs9GdA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "OJ5Ok6CMeJ8/3txCizz4cg==": { "id": "OJ5Ok6CMeJ8/3txCizz4cg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "OOCO13z2+atrfqEfCsJ3/w==": { "id": "OOCO13z2+atrfqEfCsJ3/w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "OUOPFj6v5qm/F5KSXf7dVw==": { "id": "OUOPFj6v5qm/F5KSXf7dVw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oaw7/z6QEDwwzKvMQmdriQ==": { "id": "Oaw7/z6QEDwwzKvMQmdriQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OhQ6agVzWuY02NakmnlJmw==": { "id": "OhQ6agVzWuY02NakmnlJmw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "Oi+2EF5+FNNGg+4WyowonQ==": { "id": "Oi+2EF5+FNNGg+4WyowonQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "Ojd6gfhf5HOGBRFGRWmKOg==": { "id": "Ojd6gfhf5HOGBRFGRWmKOg==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ok4YXGXw7Ua7qgtxqZcqhg==": { "id": "Ok4YXGXw7Ua7qgtxqZcqhg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "OleRcJ5uCI7wOsxOqMjRlg==": { "id": "OleRcJ5uCI7wOsxOqMjRlg==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "OlhZuHzjnGJlFRoEEZLvZw==": { "id": "OlhZuHzjnGJlFRoEEZLvZw==", "updater": "rhel-vex", "name": "CVE-2022-1705", "description": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://www.cve.org/CVERecord?id=CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://go.dev/issue/53188 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1705.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OlzUZywb212kcLte3jiS3g==": { "id": "OlzUZywb212kcLte3jiS3g==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "OoUkTYhn9kcAyWK8OpWEvg==": { "id": "OoUkTYhn9kcAyWK8OpWEvg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "OqWPbZZgGqlPCMzbmClfHA==": { "id": "OqWPbZZgGqlPCMzbmClfHA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "OtUtUn02ewCzaijseyEVUA==": { "id": "OtUtUn02ewCzaijseyEVUA==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "OuZBWnWNFHYdTgntdOB15Q==": { "id": "OuZBWnWNFHYdTgntdOB15Q==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "OvvtykNCZtfooZWGyghXfg==": { "id": "OvvtykNCZtfooZWGyghXfg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ox1tNe9huq3q2onFJsX0QA==": { "id": "Ox1tNe9huq3q2onFJsX0QA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "OxOc7/P4x7mjEZNhGnABDA==": { "id": "OxOc7/P4x7mjEZNhGnABDA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "Oz/6eC07LwyvcoelwlI47w==": { "id": "Oz/6eC07LwyvcoelwlI47w==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "P0aqIEFHW71uwsNt2kNw4A==": { "id": "P0aqIEFHW71uwsNt2kNw4A==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "P1K1eUbqwgam0P6f7iB/IA==": { "id": "P1K1eUbqwgam0P6f7iB/IA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "P2LAyAbSFxWVwlNB9c/A2g==": { "id": "P2LAyAbSFxWVwlNB9c/A2g==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "P8ATyyToJgziJaUXIjyPvA==": { "id": "P8ATyyToJgziJaUXIjyPvA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "PAVfrfQyg9ezKUDPbI/Nmw==": { "id": "PAVfrfQyg9ezKUDPbI/Nmw==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "PB44uTo7NGwmA/fjSEQPBA==": { "id": "PB44uTo7NGwmA/fjSEQPBA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "PDkkYuYRnbObAyDWKDapig==": { "id": "PDkkYuYRnbObAyDWKDapig==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "PEaU9hApxjdZ1D4R2OUZpw==": { "id": "PEaU9hApxjdZ1D4R2OUZpw==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "PHRlWl/iCYco+xAVn6SmKQ==": { "id": "PHRlWl/iCYco+xAVn6SmKQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "PJ/Blkuxb9rGhjSw0f3NrA==": { "id": "PJ/Blkuxb9rGhjSw0f3NrA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "PLT6ItGnGibNqyU7ikhmRA==": { "id": "PLT6ItGnGibNqyU7ikhmRA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PMaPI3hRDt0vFaerryvY/g==": { "id": "PMaPI3hRDt0vFaerryvY/g==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "POO0JR6PIxa5cAikhYHhiQ==": { "id": "POO0JR6PIxa5cAikhYHhiQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "POSFLQ5mtdC9jMcn5UF8FA==": { "id": "POSFLQ5mtdC9jMcn5UF8FA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "PRErogcN/aXkh7DLlBPLlw==": { "id": "PRErogcN/aXkh7DLlBPLlw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "PTaioV6jy0S7VQV20A7R+A==": { "id": "PTaioV6jy0S7VQV20A7R+A==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "PYQ8GtvInfQ411U5gwbErQ==": { "id": "PYQ8GtvInfQ411U5gwbErQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Pd5fn59ga3nlH8XsDKvDWA==": { "id": "Pd5fn59ga3nlH8XsDKvDWA==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "PdGhfwK5tePs8ngzFuopoA==": { "id": "PdGhfwK5tePs8ngzFuopoA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "PdNX5RN9keIsqOloxy7mkg==": { "id": "PdNX5RN9keIsqOloxy7mkg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "Pdc4LabMMVIl3+kSdEepMw==": { "id": "Pdc4LabMMVIl3+kSdEepMw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "PgPRtFXcN+6zuIY77w+muQ==": { "id": "PgPRtFXcN+6zuIY77w+muQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PhzQEpAkCFfaNfVzGQzMgg==": { "id": "PhzQEpAkCFfaNfVzGQzMgg==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "PnyZkAM4ZwDECggE7QV89A==": { "id": "PnyZkAM4ZwDECggE7QV89A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Po+GLdyrucAyVatfOmZxGg==": { "id": "Po+GLdyrucAyVatfOmZxGg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PwX0RLPO5W1w6VDjSgcV8A==": { "id": "PwX0RLPO5W1w6VDjSgcV8A==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q1F3DVZZ3gpMNQT3yhbiSg==": { "id": "Q1F3DVZZ3gpMNQT3yhbiSg==", "updater": "rhel-vex", "name": "CVE-2025-10911", "description": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.", "issued": "2025-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10911 https://bugzilla.redhat.com/show_bug.cgi?id=2397838 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://nvd.nist.gov/vuln/detail/CVE-2025-10911 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10911.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2+f0ITzWPp+YCesnwp1Ng==": { "id": "Q2+f0ITzWPp+YCesnwp1Ng==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q9syyD8a/4l/mc50UAvBnQ==": { "id": "Q9syyD8a/4l/mc50UAvBnQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "QBD2bakyMRLlWNUWb7c8Ng==": { "id": "QBD2bakyMRLlWNUWb7c8Ng==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "QBNxNqNCcUL/GHKqOh7Fyw==": { "id": "QBNxNqNCcUL/GHKqOh7Fyw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QDYJ95dZNazClKtqoRJQeQ==": { "id": "QDYJ95dZNazClKtqoRJQeQ==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "QHS4gwmQURKolJEnj/ZMHw==": { "id": "QHS4gwmQURKolJEnj/ZMHw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "QL7KLbo+Ri9Q4aoq0+/c2w==": { "id": "QL7KLbo+Ri9Q4aoq0+/c2w==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "QNVm3dpa9lFJUb6FBjjc1g==": { "id": "QNVm3dpa9lFJUb6FBjjc1g==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "QNeXj0/uAU3vww6deBbkrw==": { "id": "QNeXj0/uAU3vww6deBbkrw==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QSEpEyTM9A7rsX/qx644wQ==": { "id": "QSEpEyTM9A7rsX/qx644wQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QX1bQ/CZA5mRbcqjpTc9aA==": { "id": "QX1bQ/CZA5mRbcqjpTc9aA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QXekSyzWiuaI8YTxDgngHw==": { "id": "QXekSyzWiuaI8YTxDgngHw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "QY4aLgQQjP1oPPp38ArMrQ==": { "id": "QY4aLgQQjP1oPPp38ArMrQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QZ7uKIt3KkZJfzRLCLWsIg==": { "id": "QZ7uKIt3KkZJfzRLCLWsIg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "QZQvSq0tzcJY8GfiU/aXpg==": { "id": "QZQvSq0tzcJY8GfiU/aXpg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgyYiUqrv2nc1+RqO1bM4A==": { "id": "QgyYiUqrv2nc1+RqO1bM4A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "QhESIu1eoXqoSNW7jNhlZg==": { "id": "QhESIu1eoXqoSNW7jNhlZg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.1.el9_6", "arch_op": "pattern match" }, "Qimhraux3dZtFrPRbNJqyw==": { "id": "Qimhraux3dZtFrPRbNJqyw==", "updater": "osv/go", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "issued": "2023-09-07T16:11:59Z", "links": "https://go.dev/issue/62197 https://go.dev/cl/526157 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "QireWdVPs8MzNOJ1scQvdA==": { "id": "QireWdVPs8MzNOJ1scQvdA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QjS6b4li9vRMvS2l49iyfw==": { "id": "QjS6b4li9vRMvS2l49iyfw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Qp7j7oFs4UbVUHVGblDM1w==": { "id": "Qp7j7oFs4UbVUHVGblDM1w==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "QqK1O3FCNB9QbClJ7bZ6YA==": { "id": "QqK1O3FCNB9QbClJ7bZ6YA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "QqNagWxBuciWgmqsaHDwZw==": { "id": "QqNagWxBuciWgmqsaHDwZw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "Qr2/3ufYTxjXiJuEKM7I7w==": { "id": "Qr2/3ufYTxjXiJuEKM7I7w==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "QsR+n6O0ULfYayvahAaltg==": { "id": "QsR+n6O0ULfYayvahAaltg==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "QwkBpizF3mo2JpevPMDeaw==": { "id": "QwkBpizF3mo2JpevPMDeaw==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "QxQ47SEMl+UFCOv8XVwx9A==": { "id": "QxQ47SEMl+UFCOv8XVwx9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "QznSXY89jmEtP62PhxgH1g==": { "id": "QznSXY89jmEtP62PhxgH1g==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "R1Akf7BYKFH+Usf+3IS0Cg==": { "id": "R1Akf7BYKFH+Usf+3IS0Cg==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R6drGbgnzqKGDiX/RNUdqw==": { "id": "R6drGbgnzqKGDiX/RNUdqw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "R7XEe59RfqPZwHJmDbOyww==": { "id": "R7XEe59RfqPZwHJmDbOyww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "R9lgi90skf6A+gEQ2Lu8dg==": { "id": "R9lgi90skf6A+gEQ2Lu8dg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "RA9ILX3H27ou2ro1GzHq8Q==": { "id": "RA9ILX3H27ou2ro1GzHq8Q==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RDlpzaleAPnYWwZyjvoRug==": { "id": "RDlpzaleAPnYWwZyjvoRug==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "RFeq5rwe+sxgyWgUXeEitA==": { "id": "RFeq5rwe+sxgyWgUXeEitA==", "updater": "osv/go", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "issued": "2022-07-20T20:52:06Z", "links": "https://go.dev/cl/417061 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "RJziShukaon2ShF1sKdneQ==": { "id": "RJziShukaon2ShF1sKdneQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "RKG7TR5VLN5EK2rg7nfjuQ==": { "id": "RKG7TR5VLN5EK2rg7nfjuQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "RLGDcCcECNxfaKqTkhDvew==": { "id": "RLGDcCcECNxfaKqTkhDvew==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RPWIFXazUxYQ5Q1rBYTqdg==": { "id": "RPWIFXazUxYQ5Q1rBYTqdg==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RPlldG/r8WWd2UCSZ1vzsg==": { "id": "RPlldG/r8WWd2UCSZ1vzsg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "RReWBnQmCp2XJDUh6xioRQ==": { "id": "RReWBnQmCp2XJDUh6xioRQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RU6xHn/9SV8lotyX3JW1ZQ==": { "id": "RU6xHn/9SV8lotyX3JW1ZQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "RUDcnDBVSmf+/LWMe4Tqgw==": { "id": "RUDcnDBVSmf+/LWMe4Tqgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "RXSYUreBGXQz5Vll3C130A==": { "id": "RXSYUreBGXQz5Vll3C130A==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdY/UQx2FGTtVn1x7G1KkA==": { "id": "RdY/UQx2FGTtVn1x7G1KkA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rf7m+dbWxZxBNm1A9nfdqg==": { "id": "Rf7m+dbWxZxBNm1A9nfdqg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RfXeDDRCykmZZMDXVfaGtg==": { "id": "RfXeDDRCykmZZMDXVfaGtg==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "RgBI11FezD5/LF6u61IQtw==": { "id": "RgBI11FezD5/LF6u61IQtw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "Rm7aeXEOy4+PSaaC/AfGyw==": { "id": "Rm7aeXEOy4+PSaaC/AfGyw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "RnzVpoLf3gQvIDiBFFXm6w==": { "id": "RnzVpoLf3gQvIDiBFFXm6w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rs2w9Uui+dW2Lg48Ml6jpw==": { "id": "Rs2w9Uui+dW2Lg48Ml6jpw==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxiYxX3H5lL8cc7k0ac/mQ==": { "id": "RxiYxX3H5lL8cc7k0ac/mQ==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxmnlWamNxvphCIuarducQ==": { "id": "RxmnlWamNxvphCIuarducQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ry6vRm+cs1w4rnhTcw+4ww==": { "id": "Ry6vRm+cs1w4rnhTcw+4ww==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "Rz0KcMyzx8GC2p+YUZpHPQ==": { "id": "Rz0KcMyzx8GC2p+YUZpHPQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "S01BJ2Ht59Iq71LsHWKLzg==": { "id": "S01BJ2Ht59Iq71LsHWKLzg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "S2g7delheJOLf2DxVbw0Hg==": { "id": "S2g7delheJOLf2DxVbw0Hg==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "S2kC/8+NtHD0EdQuoPqXlg==": { "id": "S2kC/8+NtHD0EdQuoPqXlg==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "S3c04CkV3MUFBzUssTpBSg==": { "id": "S3c04CkV3MUFBzUssTpBSg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S9GgHs7lpMPNDjvswObhPg==": { "id": "S9GgHs7lpMPNDjvswObhPg==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "SBAWrxfXaQ2Ka48xajW62A==": { "id": "SBAWrxfXaQ2Ka48xajW62A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "SFiwTqc+C9HkxslIGbfU0g==": { "id": "SFiwTqc+C9HkxslIGbfU0g==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "SFoELvc6okNKWKi7mExikA==": { "id": "SFoELvc6okNKWKi7mExikA==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "SIPkCsjtWsrsJnfVRjxnKA==": { "id": "SIPkCsjtWsrsJnfVRjxnKA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "SKOD3G/MxX5t9s/HjT+ehg==": { "id": "SKOD3G/MxX5t9s/HjT+ehg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "SKyAPnATFclliIE0mjtq+w==": { "id": "SKyAPnATFclliIE0mjtq+w==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRL0fsSEDtOf7vYyf/BewQ==": { "id": "SRL0fsSEDtOf7vYyf/BewQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SS38Q6SbT7pMry4emWgqdg==": { "id": "SS38Q6SbT7pMry4emWgqdg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "SU1MGh9+Zg3Zuy+khiN0Og==": { "id": "SU1MGh9+Zg3Zuy+khiN0Og==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "SWMi5UoagLshKWAW26MJTw==": { "id": "SWMi5UoagLshKWAW26MJTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SXF95Q57bdA0qf3iy/XSPw==": { "id": "SXF95Q57bdA0qf3iy/XSPw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "SaWdJL5a+HL0ZieRiKpgNA==": { "id": "SaWdJL5a+HL0ZieRiKpgNA==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "Sal0GJMIh5Nqb3U4N6ro0g==": { "id": "Sal0GJMIh5Nqb3U4N6ro0g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SbrfelK/hRkg8QJAv7881A==": { "id": "SbrfelK/hRkg8QJAv7881A==", "updater": "osv/go", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "issued": "2023-02-16T22:24:51Z", "links": "https://go.dev/issue/58001 https://go.dev/cl/468125 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "SduSwzmffGiGJfqQDrSyEA==": { "id": "SduSwzmffGiGJfqQDrSyEA==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Sfn7NNniMfKKkrbS2KIlnA==": { "id": "Sfn7NNniMfKKkrbS2KIlnA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "SjbW0rogoRJo0my37ozMDg==": { "id": "SjbW0rogoRJo0my37ozMDg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Sn+Wd5xIJ9cLZDfoyJlgkw==": { "id": "Sn+Wd5xIJ9cLZDfoyJlgkw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SnI5fUbXuT/Xt+VkGvddww==": { "id": "SnI5fUbXuT/Xt+VkGvddww==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "SnYLkLUk0dFIFA/itR5yrA==": { "id": "SnYLkLUk0dFIFA/itR5yrA==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "SqKI5VB6698Nen4zsScUuw==": { "id": "SqKI5VB6698Nen4zsScUuw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "SsFE9yHqow9BNx1O4nMcCg==": { "id": "SsFE9yHqow9BNx1O4nMcCg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SsNZleqCp7tmOqFZQ6ZaBA==": { "id": "SsNZleqCp7tmOqFZQ6ZaBA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Stfm7ne4Ofst02xkZn9K1w==": { "id": "Stfm7ne4Ofst02xkZn9K1w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Sw8bDdvvxQW2LmbjS6B1hg==": { "id": "Sw8bDdvvxQW2LmbjS6B1hg==", "updater": "rhel-vex", "name": "CVE-2022-30630", "description": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://www.cve.org/CVERecord?id=CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30630.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T1160/hke2bN2YNtHQGAVQ==": { "id": "T1160/hke2bN2YNtHQGAVQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "T2rcJ7DPtdiGNP7r4L5R2g==": { "id": "T2rcJ7DPtdiGNP7r4L5R2g==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "T38zlL6BTag6EVZfMAMcaw==": { "id": "T38zlL6BTag6EVZfMAMcaw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "T4bxk7MHk24P39KEeRKoig==": { "id": "T4bxk7MHk24P39KEeRKoig==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "T5/Q0DOZypWV6o3x9ziKqw==": { "id": "T5/Q0DOZypWV6o3x9ziKqw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "T507T5wFbtPlOW9lG7LxIA==": { "id": "T507T5wFbtPlOW9lG7LxIA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T9nCb/lA5TdipGMhtb6HJA==": { "id": "T9nCb/lA5TdipGMhtb6HJA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TAntNn3gBlGhX3mRHNXfWw==": { "id": "TAntNn3gBlGhX3mRHNXfWw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "TCtup4kp9cBGgmnLMbI+rw==": { "id": "TCtup4kp9cBGgmnLMbI+rw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TFku8MBahkkWbmKYS7dbIQ==": { "id": "TFku8MBahkkWbmKYS7dbIQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "TGe682MVp+b3S1lDl9HTLw==": { "id": "TGe682MVp+b3S1lDl9HTLw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "TGjVfFW0jWP1/Slr8hCo8Q==": { "id": "TGjVfFW0jWP1/Slr8hCo8Q==", "updater": "osv/go", "name": "GO-2025-3751", "description": "Sensitive headers not cleared on cross-origin redirect in net/http", "issued": "2025-06-11T16:23:58Z", "links": "https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "TI1OyePXauC23iR42z7HKg==": { "id": "TI1OyePXauC23iR42z7HKg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TK/tQUH9MhuStrQUTQS1ZQ==": { "id": "TK/tQUH9MhuStrQUTQS1ZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "TN9ZqAQo2vEW/Tx62EpRcg==": { "id": "TN9ZqAQo2vEW/Tx62EpRcg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "TNb7OrRxFn2Bis7zp2oi8A==": { "id": "TNb7OrRxFn2Bis7zp2oi8A==", "updater": "rhel-vex", "name": "CVE-2025-9165", "description": "A memory leak flaw was found in LibTIFF. This vulnerability affects the _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution.", "issued": "2025-08-19T20:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9165 https://bugzilla.redhat.com/show_bug.cgi?id=2389574 https://www.cve.org/CVERecord?id=CVE-2025-9165 https://nvd.nist.gov/vuln/detail/CVE-2025-9165 http://www.libtiff.org/ https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?ctiid.320543 https://vuldb.com/?id.320543 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9165.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TPp/bXEhRpApQLMY2Ppr9g==": { "id": "TPp/bXEhRpApQLMY2Ppr9g==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "TQEoFglRNgkSreqoAySz5A==": { "id": "TQEoFglRNgkSreqoAySz5A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "TRd8qEGSmZkjG+mmOfTmTg==": { "id": "TRd8qEGSmZkjG+mmOfTmTg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "TTh9HGJJgt1I4lhDqtPBIA==": { "id": "TTh9HGJJgt1I4lhDqtPBIA==", "updater": "osv/go", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "issued": "2022-11-01T23:55:57Z", "links": "https://go.dev/issue/56284 https://go.dev/cl/446916 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.8" }, "TU6sUeJdvbpf1Uxt7QBVXQ==": { "id": "TU6sUeJdvbpf1Uxt7QBVXQ==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "TUvm6koxiDQRc/8CJ4TCOA==": { "id": "TUvm6koxiDQRc/8CJ4TCOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ThUekCEizKQbaM9qGtWShw==": { "id": "ThUekCEizKQbaM9qGtWShw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ThjoilITJToSra2xx7nmXA==": { "id": "ThjoilITJToSra2xx7nmXA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "TiGGrcjH9zkR+9PywLxD8Q==": { "id": "TiGGrcjH9zkR+9PywLxD8Q==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ToyZiPOtBFPiNJOZ8QaYng==": { "id": "ToyZiPOtBFPiNJOZ8QaYng==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "TrfUjn7Hi6JPe4l/9tuyAQ==": { "id": "TrfUjn7Hi6JPe4l/9tuyAQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "TsVNXuAeF3PhiRZhIOjjtQ==": { "id": "TsVNXuAeF3PhiRZhIOjjtQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TteHTvD/qC9z9/bg4D+o8w==": { "id": "TteHTvD/qC9z9/bg4D+o8w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.1.el9_6", "arch_op": "pattern match" }, "U/ITon4/vjzN/EsZEGI38Q==": { "id": "U/ITon4/vjzN/EsZEGI38Q==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "U06t0kkLaLeKpn0QxtZUSg==": { "id": "U06t0kkLaLeKpn0QxtZUSg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "U2e7dgKDqk0OlJ2oJw2iuw==": { "id": "U2e7dgKDqk0OlJ2oJw2iuw==", "updater": "osv/go", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "issued": "2022-10-06T16:42:43Z", "links": "https://go.dev/issue/54663 https://go.dev/cl/432976 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "U2w6LmoqKmaGSd6IxLZGKg==": { "id": "U2w6LmoqKmaGSd6IxLZGKg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "U31VkPC5v6K7XIsRFDo19w==": { "id": "U31VkPC5v6K7XIsRFDo19w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "U47k8+SGMpP7nHNJFxv5oA==": { "id": "U47k8+SGMpP7nHNJFxv5oA==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "U61IeOaU1v6bOHJxSPbCCw==": { "id": "U61IeOaU1v6bOHJxSPbCCw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "U7q9649W3+OXGS9kMwowkw==": { "id": "U7q9649W3+OXGS9kMwowkw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U86hsRMcoSpvWp72aUJNFQ==": { "id": "U86hsRMcoSpvWp72aUJNFQ==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UApauQbQz6UZdsAuW9miOQ==": { "id": "UApauQbQz6UZdsAuW9miOQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "UBV+Z4vQ/HB9/cVGq/+u3w==": { "id": "UBV+Z4vQ/HB9/cVGq/+u3w==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UC0U9/zd+klwBmGR1YYVPg==": { "id": "UC0U9/zd+klwBmGR1YYVPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "UEW14H6J4RBSZEjpG6p4bw==": { "id": "UEW14H6J4RBSZEjpG6p4bw==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "UEgRngB2KVq3bhFU/6+13Q==": { "id": "UEgRngB2KVq3bhFU/6+13Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "UH1xPpnVOud+f1gKl26ATQ==": { "id": "UH1xPpnVOud+f1gKl26ATQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "UPjX59r3QHIaBVa54cqtzA==": { "id": "UPjX59r3QHIaBVa54cqtzA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "USroe8+XCxLDwAOkjWfs+Q==": { "id": "USroe8+XCxLDwAOkjWfs+Q==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "UTm7DZVRUmqWWBx0Js7vCA==": { "id": "UTm7DZVRUmqWWBx0Js7vCA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "UV2MuUVVyu0L6wfdUc0Qpg==": { "id": "UV2MuUVVyu0L6wfdUc0Qpg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "UVRy+pWnw+7xa7f2U2B15Q==": { "id": "UVRy+pWnw+7xa7f2U2B15Q==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "UWR5dcXlfiNMz/BIfTGvfQ==": { "id": "UWR5dcXlfiNMz/BIfTGvfQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ub9JoNToSyT09hD5MOIlGA==": { "id": "Ub9JoNToSyT09hD5MOIlGA==", "updater": "rhel-vex", "name": "CVE-2025-8961", "description": "A memory corruption flaw was found in libTIFF. This issue affects the May function of the tiffcrop.c file in the tiffcrop component. This attack needs to be approached locally.", "issued": "2025-08-14T12:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8961 https://bugzilla.redhat.com/show_bug.cgi?id=2388541 https://www.cve.org/CVERecord?id=CVE-2025-8961 https://nvd.nist.gov/vuln/detail/CVE-2025-8961 http://www.libtiff.org/ https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 https://vuldb.com/?ctiid.319955 https://vuldb.com/?id.319955 https://vuldb.com/?submit.627957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8961.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbJne6U4WRZmmyYLeEtt4w==": { "id": "UbJne6U4WRZmmyYLeEtt4w==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "UcI2WjL14mHQYOfXIkpuzA==": { "id": "UcI2WjL14mHQYOfXIkpuzA==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "UcSRaJxHOHBFxbLpeEwTSA==": { "id": "UcSRaJxHOHBFxbLpeEwTSA==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "UeuwcxsDMDrcMU7c13lXsQ==": { "id": "UeuwcxsDMDrcMU7c13lXsQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "Uh6QIejNBmYSJ+kLmnZWzw==": { "id": "Uh6QIejNBmYSJ+kLmnZWzw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "UhBP4F/rEtGjZG3U8Wvp2Q==": { "id": "UhBP4F/rEtGjZG3U8Wvp2Q==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "UiO8eKIdcPJIKIj94tK4ug==": { "id": "UiO8eKIdcPJIKIj94tK4ug==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "UjXmsuFAyS2A1LN7d6S/5w==": { "id": "UjXmsuFAyS2A1LN7d6S/5w==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "UoBD3GwEne6Zwl54oZgCCg==": { "id": "UoBD3GwEne6Zwl54oZgCCg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Us6zMNu9gwaRC0UH2SSoQw==": { "id": "Us6zMNu9gwaRC0UH2SSoQw==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "UsE9/aKvx7HhPwZe6KY1zw==": { "id": "UsE9/aKvx7HhPwZe6KY1zw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "UsTHWG7fBbgk8T9K0i79Ww==": { "id": "UsTHWG7fBbgk8T9K0i79Ww==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "UuV6vmv/pMSyQBUW2Wn3bA==": { "id": "UuV6vmv/pMSyQBUW2Wn3bA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Uy8P+1ImBLgh4EjZYlMO1Q==": { "id": "Uy8P+1ImBLgh4EjZYlMO1Q==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "UykJtPxmRiaRteAhKYbbOQ==": { "id": "UykJtPxmRiaRteAhKYbbOQ==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V+7K8Rg1uux3xnVmyH12/A==": { "id": "V+7K8Rg1uux3xnVmyH12/A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "V0awGVhndNVps/Yhh/P2GQ==": { "id": "V0awGVhndNVps/Yhh/P2GQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "V2C0OnbFKs9wiV3IrUOPew==": { "id": "V2C0OnbFKs9wiV3IrUOPew==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "V8n5VKFkjNZwkLq+W6E59g==": { "id": "V8n5VKFkjNZwkLq+W6E59g==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "V9f8Tc0z/tWsm1egJDudPA==": { "id": "V9f8Tc0z/tWsm1egJDudPA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VDQb6roo+zwBamxPu+hGeQ==": { "id": "VDQb6roo+zwBamxPu+hGeQ==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VDdxJUjxgL4zXvGWC/1xnw==": { "id": "VDdxJUjxgL4zXvGWC/1xnw==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "VDqplxSZcK9CHQ9RjGiEqQ==": { "id": "VDqplxSZcK9CHQ9RjGiEqQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "VGewdTS02tdqYoORYHK7Rg==": { "id": "VGewdTS02tdqYoORYHK7Rg==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "VJAm4vMolMmA2ytzFknQUA==": { "id": "VJAm4vMolMmA2ytzFknQUA==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "VJggyJ1jjyIM3XdMGzsDrg==": { "id": "VJggyJ1jjyIM3XdMGzsDrg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "VMOHtQeyAtpNyzG6HE0XhQ==": { "id": "VMOHtQeyAtpNyzG6HE0XhQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "VMyDbkft4E3T+1eXNk/i7A==": { "id": "VMyDbkft4E3T+1eXNk/i7A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "VNA7ljkMyeRq9SDNO9drHQ==": { "id": "VNA7ljkMyeRq9SDNO9drHQ==", "updater": "osv/go", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "issued": "2023-02-16T19:49:19Z", "links": "https://go.dev/issue/57274 https://go.dev/cl/468123 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "VQ+eWJsUMBep4PD4xfj8Vw==": { "id": "VQ+eWJsUMBep4PD4xfj8Vw==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "VUNwpBj4hvcLARxqxrvCCg==": { "id": "VUNwpBj4hvcLARxqxrvCCg==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "VVUozaap6uAAqX8QCLFGyg==": { "id": "VVUozaap6uAAqX8QCLFGyg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VZxWbc2wJwiwTLhillEtpA==": { "id": "VZxWbc2wJwiwTLhillEtpA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "Vbqm1jpiIiIM2rxq++FdoQ==": { "id": "Vbqm1jpiIiIM2rxq++FdoQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "VcgFEXPgpzLsj5tOjILVtw==": { "id": "VcgFEXPgpzLsj5tOjILVtw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "VdMk4kWMgrdK/5+i3n6XhA==": { "id": "VdMk4kWMgrdK/5+i3n6XhA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "VdavXNeRp4EjkXxldYSiUw==": { "id": "VdavXNeRp4EjkXxldYSiUw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ve1jg9SxTDjeNdfGHjxP2g==": { "id": "Ve1jg9SxTDjeNdfGHjxP2g==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VgTIKWxJpYFkd788UcqT3A==": { "id": "VgTIKWxJpYFkd788UcqT3A==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "VgaIsJDFBatjqT1h+RQLFQ==": { "id": "VgaIsJDFBatjqT1h+RQLFQ==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Vl7X+IopOqzOWh1MyUOYCw==": { "id": "Vl7X+IopOqzOWh1MyUOYCw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "VxNINARrmRd6QnZ2htNesA==": { "id": "VxNINARrmRd6QnZ2htNesA==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "VyeYHICkBiXwLbWKsz4//A==": { "id": "VyeYHICkBiXwLbWKsz4//A==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "W01A5sOetTjsV/4bYawPgA==": { "id": "W01A5sOetTjsV/4bYawPgA==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "W08Ska67/8hV/b3GYflglQ==": { "id": "W08Ska67/8hV/b3GYflglQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W3qe9/KhW5BUF2s+kXxVcA==": { "id": "W3qe9/KhW5BUF2s+kXxVcA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "W5birtu1clZwp55QDPxkAA==": { "id": "W5birtu1clZwp55QDPxkAA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "W9IdHW1dLxMcDTawlof8yw==": { "id": "W9IdHW1dLxMcDTawlof8yw==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "W9Pcn9xdPg78KgFAK5oOyQ==": { "id": "W9Pcn9xdPg78KgFAK5oOyQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WACsy7vAhq3GJRyxAuj7NA==": { "id": "WACsy7vAhq3GJRyxAuj7NA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "WALxwIFXDH8ZvKesDKBFiQ==": { "id": "WALxwIFXDH8ZvKesDKBFiQ==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "WCZXmTnbo+2lbMuZdpH8NA==": { "id": "WCZXmTnbo+2lbMuZdpH8NA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "WFXV6zzHKCX8JuqtokClVw==": { "id": "WFXV6zzHKCX8JuqtokClVw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WGccGAwrqbQSNjycPuaPsA==": { "id": "WGccGAwrqbQSNjycPuaPsA==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WKC52So9Haaq0Y0pkIeTJg==": { "id": "WKC52So9Haaq0Y0pkIeTJg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WLpGLJSV+lV8a0xggVfA3A==": { "id": "WLpGLJSV+lV8a0xggVfA3A==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "WLri8p9NfgX8reKybIYziw==": { "id": "WLri8p9NfgX8reKybIYziw==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "WNA27LqRIql90O1m/PSAgQ==": { "id": "WNA27LqRIql90O1m/PSAgQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "WNRX1UWo4fDLFOhq9mcbIA==": { "id": "WNRX1UWo4fDLFOhq9mcbIA==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "WOIdi+BEnCeSEkfRBmj1AA==": { "id": "WOIdi+BEnCeSEkfRBmj1AA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "WOmMgxwwjpbn/RLQX8HPBg==": { "id": "WOmMgxwwjpbn/RLQX8HPBg==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "WPitnGSVxSl/y97AJTQIFQ==": { "id": "WPitnGSVxSl/y97AJTQIFQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "WU+A3QdBd331DcSM3AXFew==": { "id": "WU+A3QdBd331DcSM3AXFew==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "WV6CLob4bxW/eDgXBTJfxA==": { "id": "WV6CLob4bxW/eDgXBTJfxA==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "WVPPqMDSvwuthc5RexsDjg==": { "id": "WVPPqMDSvwuthc5RexsDjg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WVkwWFZlIInzrX99VsKBBQ==": { "id": "WVkwWFZlIInzrX99VsKBBQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "Wd+GQ3y21/7kl1XV9m/oiQ==": { "id": "Wd+GQ3y21/7kl1XV9m/oiQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "WhaoYkvfheR7Tz30m0/IKA==": { "id": "WhaoYkvfheR7Tz30m0/IKA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "WlLXHoXR9O8Ph+uSZ6aDCg==": { "id": "WlLXHoXR9O8Ph+uSZ6aDCg==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WnkMM/SD0E+7EEac0/vMVg==": { "id": "WnkMM/SD0E+7EEac0/vMVg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "WoF8HAs7BhQT5cycNGL9tw==": { "id": "WoF8HAs7BhQT5cycNGL9tw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WorXACje3vTXq/wv3RUODg==": { "id": "WorXACje3vTXq/wv3RUODg==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "WqlqRQL17MeMqdTx+SuEyw==": { "id": "WqlqRQL17MeMqdTx+SuEyw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ws0fZZUTvLi37jSEx1MM5g==": { "id": "Ws0fZZUTvLi37jSEx1MM5g==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Wv5rERdynoJ/gHM2CtgXiw==": { "id": "Wv5rERdynoJ/gHM2CtgXiw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WwkM3aNBW0LnenEr6xDxWQ==": { "id": "WwkM3aNBW0LnenEr6xDxWQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "Wy87cIX7luFb8A/riFwUyw==": { "id": "Wy87cIX7luFb8A/riFwUyw==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "WzMeKgvORq7XF2Xr4q+JaQ==": { "id": "WzMeKgvORq7XF2Xr4q+JaQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "X+rjva7ecn1JedeVO9IX9w==": { "id": "X+rjva7ecn1JedeVO9IX9w==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X2wqIFGbKlJQpE/DojrwxA==": { "id": "X2wqIFGbKlJQpE/DojrwxA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "X3NBOrSivf9I926V0a2/oQ==": { "id": "X3NBOrSivf9I926V0a2/oQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X3WuoMxfqKQH/0bF7PkAAQ==": { "id": "X3WuoMxfqKQH/0bF7PkAAQ==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X9G3TF69Pz3xUY5yIPno7w==": { "id": "X9G3TF69Pz3xUY5yIPno7w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "X9na4KYJ5u50u+KLDr2iTQ==": { "id": "X9na4KYJ5u50u+KLDr2iTQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "XAIf2EIgyFF5+OA6csVS5w==": { "id": "XAIf2EIgyFF5+OA6csVS5w==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XC3MXlpMb9D+YigNspsXlA==": { "id": "XC3MXlpMb9D+YigNspsXlA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "XEJhztOC2qEngMnVDsmKtA==": { "id": "XEJhztOC2qEngMnVDsmKtA==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XEhX6upCFgCYuF9SSk9Iyg==": { "id": "XEhX6upCFgCYuF9SSk9Iyg==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "XH8pWtqEhhBDhQuq+NWhvQ==": { "id": "XH8pWtqEhhBDhQuq+NWhvQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "XHSXqyF2rScxnK03VnME5Q==": { "id": "XHSXqyF2rScxnK03VnME5Q==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "XIb0YQoMG8k0zzVWHpmvAA==": { "id": "XIb0YQoMG8k0zzVWHpmvAA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XM09w+ZScTz4IEN6LeAUgg==": { "id": "XM09w+ZScTz4IEN6LeAUgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XSCYGr+cvuvD+k3V0XhWSw==": { "id": "XSCYGr+cvuvD+k3V0XhWSw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "XTLakHdORg480i8g31JU6A==": { "id": "XTLakHdORg480i8g31JU6A==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "XVnPYCI1ck0zTs/Cz6Yl5A==": { "id": "XVnPYCI1ck0zTs/Cz6Yl5A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWfDomoStj3uOui0AGO+Tg==": { "id": "XWfDomoStj3uOui0AGO+Tg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "XXYPGOxEabdavz27Qo+rWQ==": { "id": "XXYPGOxEabdavz27Qo+rWQ==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "XXaDpMG90Mb3fV4QxoLqXA==": { "id": "XXaDpMG90Mb3fV4QxoLqXA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "XctMW4QJZO0RsDAv/VoABQ==": { "id": "XctMW4QJZO0RsDAv/VoABQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "XfjE+J06ONMJAg7vkQ3tbQ==": { "id": "XfjE+J06ONMJAg7vkQ3tbQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XhhNgYgTJmDdYc90YuE8vw==": { "id": "XhhNgYgTJmDdYc90YuE8vw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "XjQpmqOxrg5I1zgVKxswFw==": { "id": "XjQpmqOxrg5I1zgVKxswFw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Xrz5/LPkSDdzEfbSbOXzZA==": { "id": "Xrz5/LPkSDdzEfbSbOXzZA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y+LzorqDQD2Povh+kyYSqw==": { "id": "Y+LzorqDQD2Povh+kyYSqw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y08Ni7+TSPQ/xSSRr851zQ==": { "id": "Y08Ni7+TSPQ/xSSRr851zQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Y2pXpR4HKVIWAZ1sDtjo8A==": { "id": "Y2pXpR4HKVIWAZ1sDtjo8A==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Y3PSsgfYVK7+nWpNGBO9lQ==": { "id": "Y3PSsgfYVK7+nWpNGBO9lQ==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y7ypeGdtYfJMJApDHYX9tg==": { "id": "Y7ypeGdtYfJMJApDHYX9tg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "Y9X/nbUFq4l8+xowG5hDkg==": { "id": "Y9X/nbUFq4l8+xowG5hDkg==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "YCFy9R5BUcPVuUEYQkJQ4w==": { "id": "YCFy9R5BUcPVuUEYQkJQ4w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "YHdZ6rml8dKQg9XmpjCrnw==": { "id": "YHdZ6rml8dKQg9XmpjCrnw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "YJkc0fG7G+dwREiIQihS/A==": { "id": "YJkc0fG7G+dwREiIQihS/A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YPJKJ4DYdTXL0BJCCS9pgA==": { "id": "YPJKJ4DYdTXL0BJCCS9pgA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "YPUY4Y/POEizUQSOdGH26g==": { "id": "YPUY4Y/POEizUQSOdGH26g==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "YQVoCJX8BLl6S5wPwmTGtg==": { "id": "YQVoCJX8BLl6S5wPwmTGtg==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YVYIQ/H++AefhUYldlykPg==": { "id": "YVYIQ/H++AefhUYldlykPg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "YZq+CTlAXva/aUDDEFdZNQ==": { "id": "YZq+CTlAXva/aUDDEFdZNQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YfE+7ocdRscmJ75uekg0tA==": { "id": "YfE+7ocdRscmJ75uekg0tA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "YgD8tCzB10z/Jq6XOfCfgQ==": { "id": "YgD8tCzB10z/Jq6XOfCfgQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Ygj77GRBaQkoNVODBO6xEQ==": { "id": "Ygj77GRBaQkoNVODBO6xEQ==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YgwLp863ho/Lz7XdBK6IXw==": { "id": "YgwLp863ho/Lz7XdBK6IXw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.1.el9_6", "arch_op": "pattern match" }, "YjXf6yY9feRqNoLqPt5iEQ==": { "id": "YjXf6yY9feRqNoLqPt5iEQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YlN21JbaOAqORXBYjgJOYA==": { "id": "YlN21JbaOAqORXBYjgJOYA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "YmjsPDVfe7xyjGwOgJunGw==": { "id": "YmjsPDVfe7xyjGwOgJunGw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "YnyGgq68v/XTMEk0yU1qsA==": { "id": "YnyGgq68v/XTMEk0yU1qsA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Yp6L2DOgQNnvp2uXVvH8NA==": { "id": "Yp6L2DOgQNnvp2uXVvH8NA==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YpjyzhR3jAhlzb479lBoJw==": { "id": "YpjyzhR3jAhlzb479lBoJw==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "YuJLEitJYK/0Cuux1rRK+Q==": { "id": "YuJLEitJYK/0Cuux1rRK+Q==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "YvRDVCmqISFAkWCu7WaKkQ==": { "id": "YvRDVCmqISFAkWCu7WaKkQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z5H14Z81HW+BVvKWtV5kDQ==": { "id": "Z5H14Z81HW+BVvKWtV5kDQ==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Z707rrfU/uxs1xujVpKMRA==": { "id": "Z707rrfU/uxs1xujVpKMRA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Z9vlvDewcgZxmJe4Kp3wxA==": { "id": "Z9vlvDewcgZxmJe4Kp3wxA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZAKrc32qORy4LwsxMQgfrw==": { "id": "ZAKrc32qORy4LwsxMQgfrw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "ZAUFPHu5UQZ+B2n+SrWIqQ==": { "id": "ZAUFPHu5UQZ+B2n+SrWIqQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "ZBDjl4GlHR5BEu3WvRQHHQ==": { "id": "ZBDjl4GlHR5BEu3WvRQHHQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ZC2BsE3IgWbuyuu1cz3YMQ==": { "id": "ZC2BsE3IgWbuyuu1cz3YMQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "ZCWnPSXILcJ9aE646DCmag==": { "id": "ZCWnPSXILcJ9aE646DCmag==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZMp4FVCkBvOUuQnhgF/KRQ==": { "id": "ZMp4FVCkBvOUuQnhgF/KRQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ZNESegZx5Vgpkv3OXwE5Cw==": { "id": "ZNESegZx5Vgpkv3OXwE5Cw==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZQsszFOlqLuLyfXZGfRKxQ==": { "id": "ZQsszFOlqLuLyfXZGfRKxQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "ZUoGCxFJ/+PUPUdg60izwg==": { "id": "ZUoGCxFJ/+PUPUdg60izwg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ZZEVbWhAYTXw9FIX3zIAtw==": { "id": "ZZEVbWhAYTXw9FIX3zIAtw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZZLfaN7MH3nRy8BlgA10kg==": { "id": "ZZLfaN7MH3nRy8BlgA10kg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZZj+FChMvULXnT4QSAEvQQ==": { "id": "ZZj+FChMvULXnT4QSAEvQQ==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zc9mVAa+SgrDGA78Zo8GIg==": { "id": "Zc9mVAa+SgrDGA78Zo8GIg==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "ZeLcisCXFaeQKOi8dej/BQ==": { "id": "ZeLcisCXFaeQKOi8dej/BQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zg/5yy5ojZu/q0X+9MCQQA==": { "id": "Zg/5yy5ojZu/q0X+9MCQQA==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZhxWQvKqBGgL77fuUQ4Ghg==": { "id": "ZhxWQvKqBGgL77fuUQ4Ghg==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "ZiZuAbc4Tq3tBRSI53FjWg==": { "id": "ZiZuAbc4Tq3tBRSI53FjWg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Zk3m2J10w4VuwKsJJMXB2Q==": { "id": "Zk3m2J10w4VuwKsJJMXB2Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmOheSIAULld8cF9POTj/w==": { "id": "ZmOheSIAULld8cF9POTj/w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Zn86UzCNWJIJ8FVaY91JYg==": { "id": "Zn86UzCNWJIJ8FVaY91JYg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZoK4/bCJQ036BMFIy2mG8g==": { "id": "ZoK4/bCJQ036BMFIy2mG8g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZpoRIduwcda+XFGXyoaDAA==": { "id": "ZpoRIduwcda+XFGXyoaDAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZrKcftBnwBVZKQlRJoJcLw==": { "id": "ZrKcftBnwBVZKQlRJoJcLw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "ZtlPcxFiuXhGia0ZM6cNBg==": { "id": "ZtlPcxFiuXhGia0ZM6cNBg==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "Zv+LSqi94387CYLrb5PiCw==": { "id": "Zv+LSqi94387CYLrb5PiCw==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "a+77t9fGz9BxOnJlGe2W1Q==": { "id": "a+77t9fGz9BxOnJlGe2W1Q==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "a1E+QseojoZ2Q73j8WWCLg==": { "id": "a1E+QseojoZ2Q73j8WWCLg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a7PsXEXsbw8aTCMWFxM9mg==": { "id": "a7PsXEXsbw8aTCMWFxM9mg==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "a7WPDd2/UqA1rqbo6pjM9Q==": { "id": "a7WPDd2/UqA1rqbo6pjM9Q==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aDJK/oIxfKTdGBwKif3CBA==": { "id": "aDJK/oIxfKTdGBwKif3CBA==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aFDenLkUq0L68+/zzTfPpQ==": { "id": "aFDenLkUq0L68+/zzTfPpQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "aJcuD8I2FFtYOQG27x05WQ==": { "id": "aJcuD8I2FFtYOQG27x05WQ==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "aQ/ax84rpyWNveVTm/MQww==": { "id": "aQ/ax84rpyWNveVTm/MQww==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aR+DKIj7GETMsDtNSfYXNA==": { "id": "aR+DKIj7GETMsDtNSfYXNA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "aUFq3vh1h0/30jIMgLEGbg==": { "id": "aUFq3vh1h0/30jIMgLEGbg==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ac4lX1PsJ8EE0cPV3DeA7Q==": { "id": "ac4lX1PsJ8EE0cPV3DeA7Q==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "ah5gJjq6ntKGHe05l2QLEA==": { "id": "ah5gJjq6ntKGHe05l2QLEA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "akEF6NF80R9wfgwbXmOEDA==": { "id": "akEF6NF80R9wfgwbXmOEDA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "alSeOMnzCu4eh8h4VjVrpA==": { "id": "alSeOMnzCu4eh8h4VjVrpA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "am8Nu2Xz4xTgOxf+V74bZg==": { "id": "am8Nu2Xz4xTgOxf+V74bZg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "anPJmbS134IB2gfGIWKJ0Q==": { "id": "anPJmbS134IB2gfGIWKJ0Q==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ao8l/bKVk/yRH6auM4IE9g==": { "id": "ao8l/bKVk/yRH6auM4IE9g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "aouER1d5ARUcTEP5rjxlQA==": { "id": "aouER1d5ARUcTEP5rjxlQA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "aqaaxa85Ibw3RSMRWLL7yg==": { "id": "aqaaxa85Ibw3RSMRWLL7yg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "arPTXFJYsCT564EgyQClGA==": { "id": "arPTXFJYsCT564EgyQClGA==", "updater": "rhel-vex", "name": "CVE-2021-31535", "description": "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "issued": "2021-05-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31535 https://bugzilla.redhat.com/show_bug.cgi?id=1961822 https://www.cve.org/CVERecord?id=CVE-2021-31535 https://nvd.nist.gov/vuln/detail/CVE-2021-31535 https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31535.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "atAnLiOuVhy8qyEUVNzM2w==": { "id": "atAnLiOuVhy8qyEUVNzM2w==", "updater": "rhel-vex", "name": "CVE-2022-48338", "description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48338.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "b+wJbUYHuGJqeuEtodqG3A==": { "id": "b+wJbUYHuGJqeuEtodqG3A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "b/JoMKSdjTg9hoFgyAsYGg==": { "id": "b/JoMKSdjTg9hoFgyAsYGg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "b0xlBSDO/qp5khqjIfXlSQ==": { "id": "b0xlBSDO/qp5khqjIfXlSQ==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b8cX6Z3ptet250uYs1XjIQ==": { "id": "b8cX6Z3ptet250uYs1XjIQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "b93ucKpooFuvf5DZpkuQ4Q==": { "id": "b93ucKpooFuvf5DZpkuQ4Q==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bDMsFO9+dr7IgrwHxKJ/2g==": { "id": "bDMsFO9+dr7IgrwHxKJ/2g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bDvGK7B1/5BJREOCtiSQyw==": { "id": "bDvGK7B1/5BJREOCtiSQyw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "bKE3ov27WR5dMz8a/M+jUA==": { "id": "bKE3ov27WR5dMz8a/M+jUA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bOMmd0jIpY2e7Cl4owS24g==": { "id": "bOMmd0jIpY2e7Cl4owS24g==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "bVLJeNp3UltT+T1xu6C55A==": { "id": "bVLJeNp3UltT+T1xu6C55A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "bb9X6domCAmA+m40PgE/jg==": { "id": "bb9X6domCAmA+m40PgE/jg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "bdJdbp3pWxo6biBmwKijBQ==": { "id": "bdJdbp3pWxo6biBmwKijBQ==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "be+F+Fkt9wYh4z6YwfNqdw==": { "id": "be+F+Fkt9wYh4z6YwfNqdw==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bfa/XbakkA2/5GrUyvwSyw==": { "id": "bfa/XbakkA2/5GrUyvwSyw==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bj9lurrpBxE/q4lRd2Wp7A==": { "id": "bj9lurrpBxE/q4lRd2Wp7A==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "bjkXZ4ZTp29EFzF+wMw4xw==": { "id": "bjkXZ4ZTp29EFzF+wMw4xw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "bklfMYFV2WKM17hKPU+5BA==": { "id": "bklfMYFV2WKM17hKPU+5BA==", "updater": "osv/go", "name": "GO-2025-3373", "description": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "bmNjdpodhrAjmmeNv8j2ZA==": { "id": "bmNjdpodhrAjmmeNv8j2ZA==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bmwYxyT6fmHIa8FODhI70w==": { "id": "bmwYxyT6fmHIa8FODhI70w==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "bmyf3V3WjS7kQmiAcGoBiQ==": { "id": "bmyf3V3WjS7kQmiAcGoBiQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bpM7BDVV04atOPduc9mI8Q==": { "id": "bpM7BDVV04atOPduc9mI8Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bqEGDVpuXY3j7Kr18B5E4w==": { "id": "bqEGDVpuXY3j7Kr18B5E4w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bqKZTtfId9l8zdFZE/mZZg==": { "id": "bqKZTtfId9l8zdFZE/mZZg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "brTmpkOORx2yJvCnkPzYRw==": { "id": "brTmpkOORx2yJvCnkPzYRw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "by+PAyhAcd2LS2O/tZxbRQ==": { "id": "by+PAyhAcd2LS2O/tZxbRQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by4qEj8r2+yQ8xw2ZHB4/Q==": { "id": "by4qEj8r2+yQ8xw2ZHB4/Q==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "bytYw82gsP7fmiiqIEcGNw==": { "id": "bytYw82gsP7fmiiqIEcGNw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bzewxC8waOXL414yMxKcqQ==": { "id": "bzewxC8waOXL414yMxKcqQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "c+walK0V+dA1g3qnPME4Ow==": { "id": "c+walK0V+dA1g3qnPME4Ow==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "c/+IhJOZwrUFnxH/AA8NiA==": { "id": "c/+IhJOZwrUFnxH/AA8NiA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "c/EuG5G0xeL87UQs3yxxqQ==": { "id": "c/EuG5G0xeL87UQs3yxxqQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "c/TMKje5Txl9grWesV+S0A==": { "id": "c/TMKje5Txl9grWesV+S0A==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "c0R7sQMFyTIRhp8ZTCTmlw==": { "id": "c0R7sQMFyTIRhp8ZTCTmlw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "c3ac46MKEwGXSYV8lTnQoA==": { "id": "c3ac46MKEwGXSYV8lTnQoA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "c3eMx85yv79gfxNsxZXPHQ==": { "id": "c3eMx85yv79gfxNsxZXPHQ==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "c4b8AyMPp1ls7ClKiTCbAg==": { "id": "c4b8AyMPp1ls7ClKiTCbAg==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c9kKQdmqE31JfE8hW1jBfg==": { "id": "c9kKQdmqE31JfE8hW1jBfg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cA4I0UWWtzTwMIMUTfN+Sg==": { "id": "cA4I0UWWtzTwMIMUTfN+Sg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "cBmZwV0l/QLSSsoNwTuUWA==": { "id": "cBmZwV0l/QLSSsoNwTuUWA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "cD+9p+2eb4ubWbn/ynDqrQ==": { "id": "cD+9p+2eb4ubWbn/ynDqrQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.1.el9_6", "arch_op": "pattern match" }, "cJ4BQpErMW3FIQ2vBfopJw==": { "id": "cJ4BQpErMW3FIQ2vBfopJw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "cKtHM3xMrk1VjV0S8Zl4qQ==": { "id": "cKtHM3xMrk1VjV0S8Zl4qQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "cLetPtVgm731iRPvGEIeyw==": { "id": "cLetPtVgm731iRPvGEIeyw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cNsQU/uNFf7PsCWqaKxjAQ==": { "id": "cNsQU/uNFf7PsCWqaKxjAQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "cS8BJbrTN4Z2MOJCTGMR8w==": { "id": "cS8BJbrTN4Z2MOJCTGMR8w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "cSPoRTB3BjDaa16wszdN3g==": { "id": "cSPoRTB3BjDaa16wszdN3g==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cUH9U4T8Wpzm/UIIektEAQ==": { "id": "cUH9U4T8Wpzm/UIIektEAQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "cWbhx4ozV3Pkh4rK/phNRA==": { "id": "cWbhx4ozV3Pkh4rK/phNRA==", "updater": "osv/go", "name": "GO-2025-3420", "description": "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "ca+BSCGp5tEYAgJqvm8GFw==": { "id": "ca+BSCGp5tEYAgJqvm8GFw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cbSiFirRdrVkpUeOLy/CjA==": { "id": "cbSiFirRdrVkpUeOLy/CjA==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "cex7jEfdv/MaWi3px1ZgxQ==": { "id": "cex7jEfdv/MaWi3px1ZgxQ==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "cgUuYY1sKP0jeDPr/wEn4w==": { "id": "cgUuYY1sKP0jeDPr/wEn4w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "cje1a6rWyE5Ko85v8goPNQ==": { "id": "cje1a6rWyE5Ko85v8goPNQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cm/gvI0AVbEJW8SbZVw6fw==": { "id": "cm/gvI0AVbEJW8SbZVw6fw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cr4RGJYSJM2QUssm6cAQ4w==": { "id": "cr4RGJYSJM2QUssm6cAQ4w==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "cv/HKlhaI7EJMBLIaTimwg==": { "id": "cv/HKlhaI7EJMBLIaTimwg==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "cw4W3PskPKPJZy+QzFk5bA==": { "id": "cw4W3PskPKPJZy+QzFk5bA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1fus7ZZWC8VndZJIxm7pQ==": { "id": "d1fus7ZZWC8VndZJIxm7pQ==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1j+WeBwgxUY2DD8tjQwMA==": { "id": "d1j+WeBwgxUY2DD8tjQwMA==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "d2mdhZ97rWRfD+pslcl6uw==": { "id": "d2mdhZ97rWRfD+pslcl6uw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "d8O/Pp2nkWZxFhUyXQucZg==": { "id": "d8O/Pp2nkWZxFhUyXQucZg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "d9qJI4TyihrqXixZ+S73jg==": { "id": "d9qJI4TyihrqXixZ+S73jg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dMO4fX/IkQ2bi0ds65uBZA==": { "id": "dMO4fX/IkQ2bi0ds65uBZA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "dN3ZkuuHRauklH+tfqwFYA==": { "id": "dN3ZkuuHRauklH+tfqwFYA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO3yYWRHtCsx6+NRjjAIsg==": { "id": "dO3yYWRHtCsx6+NRjjAIsg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dPlld/v+ZrL/y3NT/M5t9A==": { "id": "dPlld/v+ZrL/y3NT/M5t9A==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dRNxgKG0w/nM5rSMcvz/kQ==": { "id": "dRNxgKG0w/nM5rSMcvz/kQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "dT4TBdsMnRpAlGfPboRcFg==": { "id": "dT4TBdsMnRpAlGfPboRcFg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "dTT2owdN4FTG/LqoICFf+w==": { "id": "dTT2owdN4FTG/LqoICFf+w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "dWdVOD7SorvI9CNble8XGw==": { "id": "dWdVOD7SorvI9CNble8XGw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "dXgWtIQra5a7FOM/lmTQMQ==": { "id": "dXgWtIQra5a7FOM/lmTQMQ==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dgwlwyboh6/BQfJsyoE8Eg==": { "id": "dgwlwyboh6/BQfJsyoE8Eg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "dhk9SR7XgMlUT1SwbOzs0A==": { "id": "dhk9SR7XgMlUT1SwbOzs0A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dhv7M9LLYIyyRsKi71f6Ew==": { "id": "dhv7M9LLYIyyRsKi71f6Ew==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "dkB2JDRx/pLwN9EbsYh6UA==": { "id": "dkB2JDRx/pLwN9EbsYh6UA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "dkGOl+YKkRksmyjmvQ3FsA==": { "id": "dkGOl+YKkRksmyjmvQ3FsA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dkvelc7KXIcNmlVEKWwOSg==": { "id": "dkvelc7KXIcNmlVEKWwOSg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqYoyBWLAQszVE/IX85oqg==": { "id": "dqYoyBWLAQszVE/IX85oqg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dr+z30s3mVMvpF2iMBJ7YA==": { "id": "dr+z30s3mVMvpF2iMBJ7YA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "du8AOXnNlQgdqsSZceyiaQ==": { "id": "du8AOXnNlQgdqsSZceyiaQ==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "dwNH2KaulTKNFX+9quNpvw==": { "id": "dwNH2KaulTKNFX+9quNpvw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dxRzT6G0UObuWf8SWujnng==": { "id": "dxRzT6G0UObuWf8SWujnng==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "e+8uKOviBSOTR4ltKl/Y5Q==": { "id": "e+8uKOviBSOTR4ltKl/Y5Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e37CxvNgywelF2ouwzqL2Q==": { "id": "e37CxvNgywelF2ouwzqL2Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8Ba4iAzVtDvrookiM9XAg==": { "id": "e8Ba4iAzVtDvrookiM9XAg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "e91QDoc1m7i0h9Urg1XIuQ==": { "id": "e91QDoc1m7i0h9Urg1XIuQ==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "eDxAdI0cgddAZnBSd4FI0Q==": { "id": "eDxAdI0cgddAZnBSd4FI0Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eGYBZQZGb7FuYNSi9wuFzg==": { "id": "eGYBZQZGb7FuYNSi9wuFzg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "eKKwwoH894W3Vae5kYCKtA==": { "id": "eKKwwoH894W3Vae5kYCKtA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "eKvGCJDf1Iytf5g2d8kaFQ==": { "id": "eKvGCJDf1Iytf5g2d8kaFQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eMVMlNYLRzjk+Xt/peAYqg==": { "id": "eMVMlNYLRzjk+Xt/peAYqg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eNUwUuL3W5wSpnxJfClXhg==": { "id": "eNUwUuL3W5wSpnxJfClXhg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "eOOfcRLf3CHL5spaYEPovQ==": { "id": "eOOfcRLf3CHL5spaYEPovQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eT0Z6G4b2zSUUUSLlyL8Tg==": { "id": "eT0Z6G4b2zSUUUSLlyL8Tg==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "eTM7aUBt48fzJjd2YY1Kaw==": { "id": "eTM7aUBt48fzJjd2YY1Kaw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "eXNCnm2O3ulyDBrjgqgngA==": { "id": "eXNCnm2O3ulyDBrjgqgngA==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "eZ2tz3j+u7GWuS6rb2RB7g==": { "id": "eZ2tz3j+u7GWuS6rb2RB7g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "eZDuJI6jaohxUM7fcdYEYA==": { "id": "eZDuJI6jaohxUM7fcdYEYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eaW+XnaOzUpP/JmOZv+wCg==": { "id": "eaW+XnaOzUpP/JmOZv+wCg==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "ecYseAb1rFmqPx4kHRWeQQ==": { "id": "ecYseAb1rFmqPx4kHRWeQQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "edf9qrl//4hhbTQ8nlVN7g==": { "id": "edf9qrl//4hhbTQ8nlVN7g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "eeetX6Vv3iXNMfmjNIPkQg==": { "id": "eeetX6Vv3iXNMfmjNIPkQg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "eejojwYHRaSarkdAMLD2OA==": { "id": "eejojwYHRaSarkdAMLD2OA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eh1RT9v3ol1cjACTvuohFQ==": { "id": "eh1RT9v3ol1cjACTvuohFQ==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "eh73UwgswuQUUBPGmZNxLg==": { "id": "eh73UwgswuQUUBPGmZNxLg==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ekipReKDch8nQkv6wLHVww==": { "id": "ekipReKDch8nQkv6wLHVww==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "eoZiXVXIYF5HZwY9O+NvfQ==": { "id": "eoZiXVXIYF5HZwY9O+NvfQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "eqZVUGTs5pHRR/tV2jQA/Q==": { "id": "eqZVUGTs5pHRR/tV2jQA/Q==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "esWNnTXfVcQMP31EwLadpw==": { "id": "esWNnTXfVcQMP31EwLadpw==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ewA3f3GyFBJhwPX+CvDYtg==": { "id": "ewA3f3GyFBJhwPX+CvDYtg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "f+wdQFOhBCEFYs6UTbgVcw==": { "id": "f+wdQFOhBCEFYs6UTbgVcw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "f5rDGDIgGLk7iLvtlKjm1w==": { "id": "f5rDGDIgGLk7iLvtlKjm1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f6K2rwitLCyOeqkSvuUcFA==": { "id": "f6K2rwitLCyOeqkSvuUcFA==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "f6muqKqBGKMbn75htgvMLQ==": { "id": "f6muqKqBGKMbn75htgvMLQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "f9AAdWBkmOO1/+acrJji3Q==": { "id": "f9AAdWBkmOO1/+acrJji3Q==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "fBIyxzoMf4PtxmiD953WFg==": { "id": "fBIyxzoMf4PtxmiD953WFg==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "fD8Z9mQCc8h27ZwElVMLmA==": { "id": "fD8Z9mQCc8h27ZwElVMLmA==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fDvGbDNJpsxaSncFLSlH5Q==": { "id": "fDvGbDNJpsxaSncFLSlH5Q==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "fEW9HCDGh5vauL1jhvKpFQ==": { "id": "fEW9HCDGh5vauL1jhvKpFQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "fHxgcXxpn2MkgE/aUd2Vkw==": { "id": "fHxgcXxpn2MkgE/aUd2Vkw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "fI1ruEtJ325PbGUQKXuiVA==": { "id": "fI1ruEtJ325PbGUQKXuiVA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fKSzg5ZVW35n1QRKSQYbUA==": { "id": "fKSzg5ZVW35n1QRKSQYbUA==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "fM+r7qYMTXMx81IJhr45YA==": { "id": "fM+r7qYMTXMx81IJhr45YA==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fMQ6kctftYthbGvZli2/sg==": { "id": "fMQ6kctftYthbGvZli2/sg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT2bR3Pvvu+yOGDatxsWcw==": { "id": "fT2bR3Pvvu+yOGDatxsWcw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "fUkL/QrHEZtoCydnxvHQYQ==": { "id": "fUkL/QrHEZtoCydnxvHQYQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "fUlz8/rwVV2PbflGdFYCdw==": { "id": "fUlz8/rwVV2PbflGdFYCdw==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "fVstMFtDcM3yfjjb8mKxrg==": { "id": "fVstMFtDcM3yfjjb8mKxrg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fZX9tMkRg8Ij95v2HLw9Ew==": { "id": "fZX9tMkRg8Ij95v2HLw9Ew==", "updater": "osv/go", "name": "GO-2025-3750", "description": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "issued": "2025-06-11T16:59:06Z", "links": "https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fcEhBEQT+7+nxaOwZEIInQ==": { "id": "fcEhBEQT+7+nxaOwZEIInQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "fcJXnA1/CqZDeUcxpMPyzg==": { "id": "fcJXnA1/CqZDeUcxpMPyzg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "fdA0Wp/waErtsQk4sTTbPQ==": { "id": "fdA0Wp/waErtsQk4sTTbPQ==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fdpDWwmwFLyFeyU+CnbxxQ==": { "id": "fdpDWwmwFLyFeyU+CnbxxQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fezwmAwUNAjVNYh+YY0Wrw==": { "id": "fezwmAwUNAjVNYh+YY0Wrw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "ff3woW6bpDBZXooXnBPlNQ==": { "id": "ff3woW6bpDBZXooXnBPlNQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "fh2y5aivazupTx0EZ+2Cag==": { "id": "fh2y5aivazupTx0EZ+2Cag==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fjsXh+vV+qSWYTJhGoqerg==": { "id": "fjsXh+vV+qSWYTJhGoqerg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "flC/+W9ll6TqBKBRm/YUiA==": { "id": "flC/+W9ll6TqBKBRm/YUiA==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "ftPQfiVA8qRKJwxT2xcXRw==": { "id": "ftPQfiVA8qRKJwxT2xcXRw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fu2viInfwA1Zq9LmALUkzg==": { "id": "fu2viInfwA1Zq9LmALUkzg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "fv3/0oUmGvxLyxCaIIt3kg==": { "id": "fv3/0oUmGvxLyxCaIIt3kg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "fvxiOpnl4vL2UcobmeaYnA==": { "id": "fvxiOpnl4vL2UcobmeaYnA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "fwXkQZwZsVuPtoAZBIG06w==": { "id": "fwXkQZwZsVuPtoAZBIG06w==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "fwfAtjf5gVRneidAp93edQ==": { "id": "fwfAtjf5gVRneidAp93edQ==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fxc/de3PyQgiwjyykMQ4ow==": { "id": "fxc/de3PyQgiwjyykMQ4ow==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fyE+IA6J77V4hC6QL4QCJQ==": { "id": "fyE+IA6J77V4hC6QL4QCJQ==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "g2+VTeiFdddqhRpToXK2Vw==": { "id": "g2+VTeiFdddqhRpToXK2Vw==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "g29pa0L/tOFblhQQDFeJbA==": { "id": "g29pa0L/tOFblhQQDFeJbA==", "updater": "osv/go", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "issued": "2022-07-28T17:25:07Z", "links": "https://go.dev/cl/401595 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://go.dev/issue/52476 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "g3/sX4CO9sGFGMvToQ+how==": { "id": "g3/sX4CO9sGFGMvToQ+how==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g63+znub5tyxpqqmyP8Tjg==": { "id": "g63+znub5tyxpqqmyP8Tjg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g9gU2/SbcO/F9X65zpT4Uw==": { "id": "g9gU2/SbcO/F9X65zpT4Uw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gC8lb/CZmVxLK6PkYWC9cw==": { "id": "gC8lb/CZmVxLK6PkYWC9cw==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCKIolAPxKn/MwnZqQ5viA==": { "id": "gCKIolAPxKn/MwnZqQ5viA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "gEN3j5KPSWh2c+RarvSBNQ==": { "id": "gEN3j5KPSWh2c+RarvSBNQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gIt1VKjk5s7zkgD1H7aLmQ==": { "id": "gIt1VKjk5s7zkgD1H7aLmQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "gJ/fF2D4AXb0sjRGNWgixw==": { "id": "gJ/fF2D4AXb0sjRGNWgixw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gR+h15dyWueqbKII4cPOWg==": { "id": "gR+h15dyWueqbKII4cPOWg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "gZKcOjx7BKTLxDMH6ZvfGw==": { "id": "gZKcOjx7BKTLxDMH6ZvfGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "gZW7OlWAfe3YqvPh9YUqJA==": { "id": "gZW7OlWAfe3YqvPh9YUqJA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "gaDJ+6UMi8jegvsDECsoeg==": { "id": "gaDJ+6UMi8jegvsDECsoeg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "gchW+O287jwZk0Cnma5sKw==": { "id": "gchW+O287jwZk0Cnma5sKw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "gg092DB69lXLcZyDPZ/RtQ==": { "id": "gg092DB69lXLcZyDPZ/RtQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "ggJq5z8YW0kySCUAGUYdXg==": { "id": "ggJq5z8YW0kySCUAGUYdXg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "gh3MdGIod7lYo7rDnSpHLw==": { "id": "gh3MdGIod7lYo7rDnSpHLw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gjn1JHWHaWtPNhKrrRINWw==": { "id": "gjn1JHWHaWtPNhKrrRINWw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "gl5O329psI82Wn7F+BP/pw==": { "id": "gl5O329psI82Wn7F+BP/pw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "glwEUWfaBwNPBrXUJo34tg==": { "id": "glwEUWfaBwNPBrXUJo34tg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gmo+iv72N8R3ZKjUbp9DXg==": { "id": "gmo+iv72N8R3ZKjUbp9DXg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "goLAuNZUT0caQTKiv7m0Fg==": { "id": "goLAuNZUT0caQTKiv7m0Fg==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "gpPTgXxcA95Uk2vaf3/2dw==": { "id": "gpPTgXxcA95Uk2vaf3/2dw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gqWTMUdDL1db9YSLA4qpRQ==": { "id": "gqWTMUdDL1db9YSLA4qpRQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "grZJQsj3BT+fQns8dkci1g==": { "id": "grZJQsj3BT+fQns8dkci1g==", "updater": "osv/go", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "issued": "2022-07-28T17:23:05Z", "links": "https://go.dev/cl/412857 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "gs7k9o3a1jAc/zZ5AEytpQ==": { "id": "gs7k9o3a1jAc/zZ5AEytpQ==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "guovo7cvog/lYbVq887U/w==": { "id": "guovo7cvog/lYbVq887U/w==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "gwO7tO+7wG4yYN77KHpJIg==": { "id": "gwO7tO+7wG4yYN77KHpJIg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "gxC5QcXnizTYqfkIqc6zTA==": { "id": "gxC5QcXnizTYqfkIqc6zTA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h/OVEZRz5ndHYLHsNXXXMg==": { "id": "h/OVEZRz5ndHYLHsNXXXMg==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "h08ca9AawAYymWtiO1A44A==": { "id": "h08ca9AawAYymWtiO1A44A==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h5U/sk69K9TcWs3P9TuKxQ==": { "id": "h5U/sk69K9TcWs3P9TuKxQ==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "h7m1EaKKCwaqq30R6Q/BlQ==": { "id": "h7m1EaKKCwaqq30R6Q/BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "h7rVfEQf7/yrRLndyq6HvA==": { "id": "h7rVfEQf7/yrRLndyq6HvA==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "h8RB92Gx2aWFJ7WtAQ4wDA==": { "id": "h8RB92Gx2aWFJ7WtAQ4wDA==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "h8nlVtUPrGKdJF9xyffy7g==": { "id": "h8nlVtUPrGKdJF9xyffy7g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hECLdfUszFQo2UbzQI3BMQ==": { "id": "hECLdfUszFQo2UbzQI3BMQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "hEt6vsfHYq4kHELEO5xWxA==": { "id": "hEt6vsfHYq4kHELEO5xWxA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "hGz8R5Dny4UCIDPZzXbK3g==": { "id": "hGz8R5Dny4UCIDPZzXbK3g==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hHQvhYHv8KxCCQMiFpmyWg==": { "id": "hHQvhYHv8KxCCQMiFpmyWg==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "hIHRMVndQh85jnW2uCawbw==": { "id": "hIHRMVndQh85jnW2uCawbw==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "hIP4iOnrw2sfStgfnTKJKw==": { "id": "hIP4iOnrw2sfStgfnTKJKw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "hJqH5PsFQ03HT/LzTwaCXA==": { "id": "hJqH5PsFQ03HT/LzTwaCXA==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hK/f5zoJDHjYWcidbJwYsg==": { "id": "hK/f5zoJDHjYWcidbJwYsg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "hMwTXtuK2CPZup51st8vag==": { "id": "hMwTXtuK2CPZup51st8vag==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hOaq2CFtnMvxmr4bZOUh6A==": { "id": "hOaq2CFtnMvxmr4bZOUh6A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "hRSnphgIhBaU8a2RyBPsuA==": { "id": "hRSnphgIhBaU8a2RyBPsuA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "hUC86VV8kD262xFcev0ZiA==": { "id": "hUC86VV8kD262xFcev0ZiA==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hWXaFNGw43ZC0VkI4/s2Pw==": { "id": "hWXaFNGw43ZC0VkI4/s2Pw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hYg6jGCQ5Nuq7UsitAzuiw==": { "id": "hYg6jGCQ5Nuq7UsitAzuiw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "hazOAbpBSQ6ZcoEMkq6UhQ==": { "id": "hazOAbpBSQ6ZcoEMkq6UhQ==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "helnYsRUBV0VLNZe0kvTiA==": { "id": "helnYsRUBV0VLNZe0kvTiA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "hfVFht+buqTExOEVhwr1xQ==": { "id": "hfVFht+buqTExOEVhwr1xQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hgtI79dU1WVsnkd0nzqqTg==": { "id": "hgtI79dU1WVsnkd0nzqqTg==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "hinEteXkZ2xZbWF5lSQDEw==": { "id": "hinEteXkZ2xZbWF5lSQDEw==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "hjzu3I+m68mPWogOfZscVg==": { "id": "hjzu3I+m68mPWogOfZscVg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "hlV8M1lvezTjDMlaNPSTvg==": { "id": "hlV8M1lvezTjDMlaNPSTvg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "hnVuaDEhxbGffMCkOiTy1A==": { "id": "hnVuaDEhxbGffMCkOiTy1A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "htRPPeb7P9MNS47zhEuuaw==": { "id": "htRPPeb7P9MNS47zhEuuaw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "hv1o+8ALinWTDa5cH4j3rA==": { "id": "hv1o+8ALinWTDa5cH4j3rA==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "hwn8HSXSxoAi1TYe+ACqPA==": { "id": "hwn8HSXSxoAi1TYe+ACqPA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "hx3c9WG+Xum3pwxo0+FyRQ==": { "id": "hx3c9WG+Xum3pwxo0+FyRQ==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hzkoKs3QdYyXJMnifzGbxA==": { "id": "hzkoKs3QdYyXJMnifzGbxA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "i+IfpRQo89HWL/sPRoOFsw==": { "id": "i+IfpRQo89HWL/sPRoOFsw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "i1aZclSgDVfSpq3wWatknQ==": { "id": "i1aZclSgDVfSpq3wWatknQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i3BrKsmhYf5wZYkQCBxUGw==": { "id": "i3BrKsmhYf5wZYkQCBxUGw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "iA/QQjWhvxyNLUaetWDlcQ==": { "id": "iA/QQjWhvxyNLUaetWDlcQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "iACEEOg8p4u2oul22eTv+Q==": { "id": "iACEEOg8p4u2oul22eTv+Q==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "iAZzrtYDqIG5uluq/FjhDA==": { "id": "iAZzrtYDqIG5uluq/FjhDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "iE+bfILM7uszXcxvEd6gYA==": { "id": "iE+bfILM7uszXcxvEd6gYA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "iJ/65EjB0RUIoiFFN5HgAw==": { "id": "iJ/65EjB0RUIoiFFN5HgAw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iKVtZrDNXfISjmDp1xYKBQ==": { "id": "iKVtZrDNXfISjmDp1xYKBQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "iL/VOECJBzyFgTCwWDppVw==": { "id": "iL/VOECJBzyFgTCwWDppVw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iMwaCmNtKHrK2+scb+hkxw==": { "id": "iMwaCmNtKHrK2+scb+hkxw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iPCZH9YqKm3Qb2Qeqw32sA==": { "id": "iPCZH9YqKm3Qb2Qeqw32sA==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iQtqv3HeCGvWBf2ImnFK1w==": { "id": "iQtqv3HeCGvWBf2ImnFK1w==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "iRRK+UGfH5YqM+4LOHExpQ==": { "id": "iRRK+UGfH5YqM+4LOHExpQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "iRvSvKSGVLHqIXREJ4Ht/w==": { "id": "iRvSvKSGVLHqIXREJ4Ht/w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "iSsTR9jTS/494HfIgB9pGQ==": { "id": "iSsTR9jTS/494HfIgB9pGQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iUURXijANkMZIH/VbXWyYQ==": { "id": "iUURXijANkMZIH/VbXWyYQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "iWeHI13pT0mygP25w8npPg==": { "id": "iWeHI13pT0mygP25w8npPg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ibGOv13N1m/577Kb32wGxw==": { "id": "ibGOv13N1m/577Kb32wGxw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "ihcyIiYlnktNuXSrEgrQjg==": { "id": "ihcyIiYlnktNuXSrEgrQjg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ijNNBHI8o+gObvRZ97LRdA==": { "id": "ijNNBHI8o+gObvRZ97LRdA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ikYp9FVR/trdSFxeYpqAcA==": { "id": "ikYp9FVR/trdSFxeYpqAcA==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "ipjYj7xm8hx7kmgjjp0cpg==": { "id": "ipjYj7xm8hx7kmgjjp0cpg==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "iveVedfC78Qk/6ltHJ21kQ==": { "id": "iveVedfC78Qk/6ltHJ21kQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixlSuy1zsWjDOO7lFuUNAQ==": { "id": "ixlSuy1zsWjDOO7lFuUNAQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "izYg2kL7sTEI8ASmlxRCdA==": { "id": "izYg2kL7sTEI8ASmlxRCdA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "j/6W06GHqfn2irJJ7LDKTQ==": { "id": "j/6W06GHqfn2irJJ7LDKTQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "j7HjBQaZ5PNpv7JydPZ8OQ==": { "id": "j7HjBQaZ5PNpv7JydPZ8OQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j8vL1GycOevI00+qC9aKmw==": { "id": "j8vL1GycOevI00+qC9aKmw==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "j9SRMWigV/U3u/1hsi7gLA==": { "id": "j9SRMWigV/U3u/1hsi7gLA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jAwMSdGdL8Maby3fRvFUDA==": { "id": "jAwMSdGdL8Maby3fRvFUDA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jDj44frt+6TCj0cwExt14w==": { "id": "jDj44frt+6TCj0cwExt14w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "jL7k69KOM8ZjTH+gwznwQg==": { "id": "jL7k69KOM8ZjTH+gwznwQg==", "updater": "osv/go", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "issued": "2022-10-06T16:42:07Z", "links": "https://go.dev/issue/55949 https://go.dev/cl/439356 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "jVClMHCoFf8RUCB6W2c2cQ==": { "id": "jVClMHCoFf8RUCB6W2c2cQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jY7qsjEMOfcaNJkgI4dijw==": { "id": "jY7qsjEMOfcaNJkgI4dijw==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "jYkhobM1mHtLOwQie8WeWA==": { "id": "jYkhobM1mHtLOwQie8WeWA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "jYmxPZjDM/CNw9uJ4rnMHQ==": { "id": "jYmxPZjDM/CNw9uJ4rnMHQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "jZXEa4mdIQd85t4aOIhsfA==": { "id": "jZXEa4mdIQd85t4aOIhsfA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "jb1tyEUU0h95jkJRbmTeVg==": { "id": "jb1tyEUU0h95jkJRbmTeVg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "jbS9IFs59O0uPYg9IZeksQ==": { "id": "jbS9IFs59O0uPYg9IZeksQ==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "jcBNjU0VQp8W5rs9GaZnrw==": { "id": "jcBNjU0VQp8W5rs9GaZnrw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "jdtzUluiOvXnFmwaOX/6KQ==": { "id": "jdtzUluiOvXnFmwaOX/6KQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "je5QkI9XlXAaLqMv+l8ztQ==": { "id": "je5QkI9XlXAaLqMv+l8ztQ==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jecTmyeay6DKd/7zioYjow==": { "id": "jecTmyeay6DKd/7zioYjow==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "jh1Mqm3BaTYV6MdA+4D74g==": { "id": "jh1Mqm3BaTYV6MdA+4D74g==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlQB8YKpspXbBoHQT0JY7A==": { "id": "jlQB8YKpspXbBoHQT0JY7A==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jlm8MnE+Ua07hmnpXd564A==": { "id": "jlm8MnE+Ua07hmnpXd564A==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "jmCYpsGWnnwiehZQL2tyGg==": { "id": "jmCYpsGWnnwiehZQL2tyGg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "juRvPdedfeoW/YVn4PBM8Q==": { "id": "juRvPdedfeoW/YVn4PBM8Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jvIOr2cGPChl6X44xwkz2w==": { "id": "jvIOr2cGPChl6X44xwkz2w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "jweM09oSTMKt4t5s2Lpg9g==": { "id": "jweM09oSTMKt4t5s2Lpg9g==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "jyRfRwiUvNWAyNlZmv3MkQ==": { "id": "jyRfRwiUvNWAyNlZmv3MkQ==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "k+Eb8x9IQ/IHa5nSq7kcSQ==": { "id": "k+Eb8x9IQ/IHa5nSq7kcSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "k/2DvTn2KLL28Yuh/WFLmw==": { "id": "k/2DvTn2KLL28Yuh/WFLmw==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "k/RAvY71xpuUVrSpsGkYlA==": { "id": "k/RAvY71xpuUVrSpsGkYlA==", "updater": "osv/go", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "issued": "2022-12-07T16:08:45Z", "links": "https://go.dev/issue/56694 https://go.dev/cl/455716 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "k4dDUqBohIhzwbUS8fZiCA==": { "id": "k4dDUqBohIhzwbUS8fZiCA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "k5LjlV1zmKau2rAIOnay6g==": { "id": "k5LjlV1zmKau2rAIOnay6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "k9Yjqv3ifDP4XwsJSZ8XiQ==": { "id": "k9Yjqv3ifDP4XwsJSZ8XiQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kBdyi87P4B1cTF5hLS7ByA==": { "id": "kBdyi87P4B1cTF5hLS7ByA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "kCgZMoKRMbRx90oiE7jJ+w==": { "id": "kCgZMoKRMbRx90oiE7jJ+w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "kCqPC9VTuWeNYsZfiAbN4g==": { "id": "kCqPC9VTuWeNYsZfiAbN4g==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kFbIkTDdc0p9e6ndPrAnHA==": { "id": "kFbIkTDdc0p9e6ndPrAnHA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "kHC7JlgJ1gpjDIHxKgXZuQ==": { "id": "kHC7JlgJ1gpjDIHxKgXZuQ==", "updater": "osv/go", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "issued": "2024-03-05T22:15:04Z", "links": "https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "kJ/PUfmUBn2Ep03yRLItuQ==": { "id": "kJ/PUfmUBn2Ep03yRLItuQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kMB61Eclf1Qb2Suk3JRmXw==": { "id": "kMB61Eclf1Qb2Suk3JRmXw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kQEcZDAS6Ka6J710VZUH9w==": { "id": "kQEcZDAS6Ka6J710VZUH9w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kRGVc4s/SuXPOfCHc7Q9ug==": { "id": "kRGVc4s/SuXPOfCHc7Q9ug==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kRa60N9SRvgjl+iiwZ9fZg==": { "id": "kRa60N9SRvgjl+iiwZ9fZg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "kRj1Frl5pmWWgd5LR0IPyw==": { "id": "kRj1Frl5pmWWgd5LR0IPyw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "kRqkfuoNHXgeW9vp8iyzQw==": { "id": "kRqkfuoNHXgeW9vp8iyzQw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "kTasTqgA/HsT2H85z8VDPw==": { "id": "kTasTqgA/HsT2H85z8VDPw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kVJhm1LYIfhvn92InJZLDQ==": { "id": "kVJhm1LYIfhvn92InJZLDQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "kVjUyjaMJ0bXnwb03Ksw3A==": { "id": "kVjUyjaMJ0bXnwb03Ksw3A==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kXL26w3j4LcAqSQ9tOuWMA==": { "id": "kXL26w3j4LcAqSQ9tOuWMA==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kdSSzkEHTOGF0fpTfXjzcg==": { "id": "kdSSzkEHTOGF0fpTfXjzcg==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "keMF1HAI1OIF8MvJtPZQ+g==": { "id": "keMF1HAI1OIF8MvJtPZQ+g==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kgCv9K1pgDK48LdFtpFN9Q==": { "id": "kgCv9K1pgDK48LdFtpFN9Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "khaGOQZwNAF+Kql1EAlBfw==": { "id": "khaGOQZwNAF+Kql1EAlBfw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "khwtIlYEcWkkzJP1rg7BNg==": { "id": "khwtIlYEcWkkzJP1rg7BNg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "kiHPM08GilYyFXQYDbdefw==": { "id": "kiHPM08GilYyFXQYDbdefw==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "kkBeA26IUhnokem2LDfx1A==": { "id": "kkBeA26IUhnokem2LDfx1A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "kkxgUCDqJw1GL8dK+Je2RA==": { "id": "kkxgUCDqJw1GL8dK+Je2RA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "knD9e5c9mhfEteHg6iIbAQ==": { "id": "knD9e5c9mhfEteHg6iIbAQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "koaJtTt9+fGxG4OSw5hxFA==": { "id": "koaJtTt9+fGxG4OSw5hxFA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.1.el9_6", "arch_op": "pattern match" }, "ktNuCXztDAtRpUWlUtIWUg==": { "id": "ktNuCXztDAtRpUWlUtIWUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ktZZSLvjrHrh7DYZ23sMhw==": { "id": "ktZZSLvjrHrh7DYZ23sMhw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kxjEyJZKMrQwjAj12bH0Ag==": { "id": "kxjEyJZKMrQwjAj12bH0Ag==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ky4IJ5u2Ib7CaDmE7xOysg==": { "id": "ky4IJ5u2Ib7CaDmE7xOysg==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "kyjbj2qojW5SnPuCG4+T3A==": { "id": "kyjbj2qojW5SnPuCG4+T3A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l2fXal/tlhZFSzN3bmiLSg==": { "id": "l2fXal/tlhZFSzN3bmiLSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "l3j9C20yHr6ZHIXLApzl0A==": { "id": "l3j9C20yHr6ZHIXLApzl0A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "l7gfVyLrNH9qcWdXdRt9Kg==": { "id": "l7gfVyLrNH9qcWdXdRt9Kg==", "updater": "rhel-vex", "name": "CVE-2022-30632", "description": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://www.cve.org/CVERecord?id=CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30632.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l8driNMmALQs2/V7+uCq+w==": { "id": "l8driNMmALQs2/V7+uCq+w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.1.el9_6", "arch_op": "pattern match" }, "l8z3hCmcLYlZgxzha0zw+g==": { "id": "l8z3hCmcLYlZgxzha0zw+g==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "lBoi08D0xA11v+agRADO8A==": { "id": "lBoi08D0xA11v+agRADO8A==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "lCd4ciOqH+xVdJTAK6erDg==": { "id": "lCd4ciOqH+xVdJTAK6erDg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "lG2c0hNx+Fgq8Zf8B1rJyw==": { "id": "lG2c0hNx+Fgq8Zf8B1rJyw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "lH27Z8PmZeo/EM/AegpCTA==": { "id": "lH27Z8PmZeo/EM/AegpCTA==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lIzMhy2E3/kAp+LsQCQyCA==": { "id": "lIzMhy2E3/kAp+LsQCQyCA==", "updater": "osv/go", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "issued": "2023-04-05T21:04:28Z", "links": "https://go.dev/issue/58975 https://go.dev/cl/481994 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "lJ8RTw7m+AgAnWW6upSntA==": { "id": "lJ8RTw7m+AgAnWW6upSntA==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJah2RfNfRF+vEQdCucT7w==": { "id": "lJah2RfNfRF+vEQdCucT7w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lM6Cai1zYvH4FYQ8nb6tQg==": { "id": "lM6Cai1zYvH4FYQ8nb6tQg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lO89yYeT5Xt1E5KBgR1OXw==": { "id": "lO89yYeT5Xt1E5KBgR1OXw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "lQ+CMunyB1B/r/pkv6U72w==": { "id": "lQ+CMunyB1B/r/pkv6U72w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.1.el9_6", "arch_op": "pattern match" }, "lWKRi6BgpanbsQgeIct91A==": { "id": "lWKRi6BgpanbsQgeIct91A==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "lWdVDKK0NI1ECjrQyrQZhA==": { "id": "lWdVDKK0NI1ECjrQyrQZhA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lbvVctqpDivb/6OV/xVV+A==": { "id": "lbvVctqpDivb/6OV/xVV+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lc0ErrFagkcQxsv9AGKTjw==": { "id": "lc0ErrFagkcQxsv9AGKTjw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ldTn/Q3i3BpKZ95U4mfrcQ==": { "id": "ldTn/Q3i3BpKZ95U4mfrcQ==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "lgYZVj6kPc0Poy1meDiyZQ==": { "id": "lgYZVj6kPc0Poy1meDiyZQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "lh/EYac7XXFvwJr7gkU1TA==": { "id": "lh/EYac7XXFvwJr7gkU1TA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ljT4JJv6XdYorFfJ6zbfog==": { "id": "ljT4JJv6XdYorFfJ6zbfog==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lnhGLE2iCT1nizqrTioMEA==": { "id": "lnhGLE2iCT1nizqrTioMEA==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "lsfrxxENmZMCtV8uOKkr8Q==": { "id": "lsfrxxENmZMCtV8uOKkr8Q==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "ltoIfsso65jjPxRqV9UMRw==": { "id": "ltoIfsso65jjPxRqV9UMRw==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "ltryu+P4IG4b3EAJKjyGHQ==": { "id": "ltryu+P4IG4b3EAJKjyGHQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "lv4eSxX+AEAW88phUmOolQ==": { "id": "lv4eSxX+AEAW88phUmOolQ==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m+ltkfB6bwuyxpSjgAFr9w==": { "id": "m+ltkfB6bwuyxpSjgAFr9w==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "m/d6QTwNzEzxGSR3T2263Q==": { "id": "m/d6QTwNzEzxGSR3T2263Q==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "m02T5S9rBezyv/+a/R6Fkw==": { "id": "m02T5S9rBezyv/+a/R6Fkw==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m0VRm0XEm9FSwttsQ8QLaQ==": { "id": "m0VRm0XEm9FSwttsQ8QLaQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "m2sL00H9lvJ4xs2UqwHxiQ==": { "id": "m2sL00H9lvJ4xs2UqwHxiQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "m4A081U6rE2WLJ4u/pMkqg==": { "id": "m4A081U6rE2WLJ4u/pMkqg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m5AiZOpiUf+2oOMwsbQnSg==": { "id": "m5AiZOpiUf+2oOMwsbQnSg==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m77LjZYd/4k9LSozG2S2mA==": { "id": "m77LjZYd/4k9LSozG2S2mA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m94VQcvA5qigjAcL/i2L2Q==": { "id": "m94VQcvA5qigjAcL/i2L2Q==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.1.el9_6", "arch_op": "pattern match" }, "mAh/ixYuQOgKvSoO2gk7SQ==": { "id": "mAh/ixYuQOgKvSoO2gk7SQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "mBrf1Yfgr5icNwG8S0edeA==": { "id": "mBrf1Yfgr5icNwG8S0edeA==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "mIzvIMMUHDBMdt3eAx+4Rw==": { "id": "mIzvIMMUHDBMdt3eAx+4Rw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mL/QvlBQrld+4EwXWLYTNQ==": { "id": "mL/QvlBQrld+4EwXWLYTNQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "mPAC5fvINjFbBEv6qTd6tQ==": { "id": "mPAC5fvINjFbBEv6qTd6tQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "mQKKxdEERDHEVyOMhYExEw==": { "id": "mQKKxdEERDHEVyOMhYExEw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "mUXGZjQ6odB/7zYNoJjJRA==": { "id": "mUXGZjQ6odB/7zYNoJjJRA==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "mX276ORRxpj/FeNL+3OrXg==": { "id": "mX276ORRxpj/FeNL+3OrXg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mXfTdwl2racpbSHHHKO6EA==": { "id": "mXfTdwl2racpbSHHHKO6EA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "mbMEAQXpYoMKq7Io1LfrJA==": { "id": "mbMEAQXpYoMKq7Io1LfrJA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "mfYVQsCdSPyqR1UobqhEIw==": { "id": "mfYVQsCdSPyqR1UobqhEIw==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "miA8N3aOifbt6s11v8VS/A==": { "id": "miA8N3aOifbt6s11v8VS/A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "mjI/WzMYY52AQdc1No8ugQ==": { "id": "mjI/WzMYY52AQdc1No8ugQ==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mjV/DAgymXlZYSj9rj04pg==": { "id": "mjV/DAgymXlZYSj9rj04pg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mk/9oG3VlXeyR83vbnlC7g==": { "id": "mk/9oG3VlXeyR83vbnlC7g==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mpDlR2Lk6PsJrTVRdAvAng==": { "id": "mpDlR2Lk6PsJrTVRdAvAng==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "mqxlcVJc3F4dPOTEtUve1Q==": { "id": "mqxlcVJc3F4dPOTEtUve1Q==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "mwpgk/i3GXoSJDpblt44zg==": { "id": "mwpgk/i3GXoSJDpblt44zg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mypK4Oz3YEbjmcF//Lb3ug==": { "id": "mypK4Oz3YEbjmcF//Lb3ug==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "n+8zHdzpUdNYaOfjqM+rvQ==": { "id": "n+8zHdzpUdNYaOfjqM+rvQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "n0AAvWWXPdMdY6hEXZez1A==": { "id": "n0AAvWWXPdMdY6hEXZez1A==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "n2MoI6iOOGKJg6CiwpZkxg==": { "id": "n2MoI6iOOGKJg6CiwpZkxg==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n5bOb2nwIXCE6i6WEpGlzA==": { "id": "n5bOb2nwIXCE6i6WEpGlzA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6Vm6uSXhVeVnZmJCVL4pw==": { "id": "n6Vm6uSXhVeVnZmJCVL4pw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n78TtR5pw5YtOwMk7gVGmg==": { "id": "n78TtR5pw5YtOwMk7gVGmg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "n9h0mZrBntcdO8rut9mZew==": { "id": "n9h0mZrBntcdO8rut9mZew==", "updater": "osv/go", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "issued": "2023-04-05T21:05:27Z", "links": "https://go.dev/issue/59234 https://go.dev/cl/482079 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "nD4gdXb8ND61ypX9fYklTQ==": { "id": "nD4gdXb8ND61ypX9fYklTQ==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "nF1VC5iJhTtrDBwL8mfOiw==": { "id": "nF1VC5iJhTtrDBwL8mfOiw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "nFaODSvvA4RrGIiPJ9FjRA==": { "id": "nFaODSvvA4RrGIiPJ9FjRA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.1.el9_6", "arch_op": "pattern match" }, "nKGJQ32gv73mgVLbPDD8Qg==": { "id": "nKGJQ32gv73mgVLbPDD8Qg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "nLbsKQgcqXqFJTjqeQs6Vg==": { "id": "nLbsKQgcqXqFJTjqeQs6Vg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "nM+XWkmaG537tz4PDM13+w==": { "id": "nM+XWkmaG537tz4PDM13+w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "nNNVXLjFvnegTKkITfCBuA==": { "id": "nNNVXLjFvnegTKkITfCBuA==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "nNzRt87EkCVymyYuDyEW2w==": { "id": "nNzRt87EkCVymyYuDyEW2w==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "nOD1OtMP4aGP/bT3iktDEQ==": { "id": "nOD1OtMP4aGP/bT3iktDEQ==", "updater": "osv/go", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "issued": "2022-12-08T19:01:21Z", "links": "https://go.dev/issue/56350 https://go.dev/cl/455717 https://go.dev/cl/455635 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "nPl1VYR04nooFy6e74yZlg==": { "id": "nPl1VYR04nooFy6e74yZlg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "nRYrn2tFn8hdV0x+2YRPYQ==": { "id": "nRYrn2tFn8hdV0x+2YRPYQ==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "nRlBpDuWR9J0Ttd/BugkSQ==": { "id": "nRlBpDuWR9J0Ttd/BugkSQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "nS4rhARAcjvkSY8dJUFdOA==": { "id": "nS4rhARAcjvkSY8dJUFdOA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "nSAqYkKsqi7arKT9mgba5w==": { "id": "nSAqYkKsqi7arKT9mgba5w==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "nVEuAeNYaydUTqNE5GOm/w==": { "id": "nVEuAeNYaydUTqNE5GOm/w==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "nVgNlf1p1N8UKAkTllJrCA==": { "id": "nVgNlf1p1N8UKAkTllJrCA==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "nW07GBIUhWrN6iKB9MBAkg==": { "id": "nW07GBIUhWrN6iKB9MBAkg==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "naO+9RNjE/hIMaezFHe7IA==": { "id": "naO+9RNjE/hIMaezFHe7IA==", "updater": "osv/go", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "nbtTb8L4YMUxpajoNaatQg==": { "id": "nbtTb8L4YMUxpajoNaatQg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "nfRozYKxaq/cbStnERagAQ==": { "id": "nfRozYKxaq/cbStnERagAQ==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "nhTPOqyx5Hjq5RaQThVb3A==": { "id": "nhTPOqyx5Hjq5RaQThVb3A==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "noShzkxXeZ6xaXHAA8su4g==": { "id": "noShzkxXeZ6xaXHAA8su4g==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "ntPgpTaOsf+PmS8l/Ba/Gw==": { "id": "ntPgpTaOsf+PmS8l/Ba/Gw==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "nxT/hl64jXfWptNxWhmDuA==": { "id": "nxT/hl64jXfWptNxWhmDuA==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "nzSVb3AtyNNflDi2DJAqSg==": { "id": "nzSVb3AtyNNflDi2DJAqSg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "o+oNdKG9C3ouEb/OQo1GOQ==": { "id": "o+oNdKG9C3ouEb/OQo1GOQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "o/JG334q9R0nTyZD1vNw7w==": { "id": "o/JG334q9R0nTyZD1vNw7w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o1V8hGX+jv19u/R1lSOgXA==": { "id": "o1V8hGX+jv19u/R1lSOgXA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "o2Jv7s2Wil4Jz6qK6599ww==": { "id": "o2Jv7s2Wil4Jz6qK6599ww==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "o2RzBkbyaO/aJUexQwQheA==": { "id": "o2RzBkbyaO/aJUexQwQheA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "o3TqxXhqdegYIl51fSMQ1A==": { "id": "o3TqxXhqdegYIl51fSMQ1A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "o52gvb+djtuOAe8fWpXboQ==": { "id": "o52gvb+djtuOAe8fWpXboQ==", "updater": "osv/go", "name": "GO-2025-3849", "description": "Incorrect results returned from Rows.Scan in database/sql", "issued": "2025-08-07T15:07:27Z", "links": "https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "o6arI4B+lOjvgV6k7kauyw==": { "id": "o6arI4B+lOjvgV6k7kauyw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "o7U6pbXnKgxDi4OXl/ryRA==": { "id": "o7U6pbXnKgxDi4OXl/ryRA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o94cfzaEslnrzBtYm19DkA==": { "id": "o94cfzaEslnrzBtYm19DkA==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "oAa5rQ+ettvHgaEihiWA9A==": { "id": "oAa5rQ+ettvHgaEihiWA9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "oBl0IuwDdaD9PwMwSDcQpg==": { "id": "oBl0IuwDdaD9PwMwSDcQpg==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "oCDLcNdeKQmSOcg6w237gw==": { "id": "oCDLcNdeKQmSOcg6w237gw==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "oDGZCaWnkiaSQdz+QhIr5Q==": { "id": "oDGZCaWnkiaSQdz+QhIr5Q==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oEKqq2GIVwWjorWJihmJiw==": { "id": "oEKqq2GIVwWjorWJihmJiw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "oGKMWwqd8g23cJbO7k5MNA==": { "id": "oGKMWwqd8g23cJbO7k5MNA==", "updater": "osv/go", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "issued": "2023-05-05T21:10:24Z", "links": "https://go.dev/issue/59722 https://go.dev/cl/491617 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oGhsPyoyEtiEHT7/0qF+CQ==": { "id": "oGhsPyoyEtiEHT7/0qF+CQ==", "updater": "rhel-vex", "name": "CVE-2025-7545", "description": "A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.", "issued": "2025-07-13T21:44:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7545 https://bugzilla.redhat.com/show_bug.cgi?id=2379785 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7545.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oNps3pS/KBKadK++zlgktA==": { "id": "oNps3pS/KBKadK++zlgktA==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "oPNobp4gxHQj7UMaryNaHw==": { "id": "oPNobp4gxHQj7UMaryNaHw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "oQ3Lediq93z2xbrIoJUi7Q==": { "id": "oQ3Lediq93z2xbrIoJUi7Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oQ8YhXsWl1bwUCG1x+HzDQ==": { "id": "oQ8YhXsWl1bwUCG1x+HzDQ==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "oUbBUuaPbKO68xR8hm0EKg==": { "id": "oUbBUuaPbKO68xR8hm0EKg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "oVI7j6msaWseNIkn6m/3+A==": { "id": "oVI7j6msaWseNIkn6m/3+A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oXbtPoAI0xd/D3jVRZ8E8Q==": { "id": "oXbtPoAI0xd/D3jVRZ8E8Q==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "oYEyIJ07SURdsg7rK6qrYw==": { "id": "oYEyIJ07SURdsg7rK6qrYw==", "updater": "osv/go", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "issued": "2022-10-06T16:26:05Z", "links": "https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "oZ/2a9w+ysaJ6Y0prrNk0g==": { "id": "oZ/2a9w+ysaJ6Y0prrNk0g==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "obSzOBXxlQxURPk04eb+8Q==": { "id": "obSzOBXxlQxURPk04eb+8Q==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "obTTrP5oWTTgSGItpJqyKg==": { "id": "obTTrP5oWTTgSGItpJqyKg==", "updater": "rhel-vex", "name": "CVE-2022-30631", "description": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://www.cve.org/CVERecord?id=CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ohJ0B7EgOJ9MaxYsbvhjIA==": { "id": "ohJ0B7EgOJ9MaxYsbvhjIA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "okRzJuZWda3BPI4wHU6OSg==": { "id": "okRzJuZWda3BPI4wHU6OSg==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "okW8xf+CinO7BWuM9dEk4Q==": { "id": "okW8xf+CinO7BWuM9dEk4Q==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "opnb226IH8+SU+iAVOx8hw==": { "id": "opnb226IH8+SU+iAVOx8hw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osxk1q2jE3TCrr5JCQRhNA==": { "id": "osxk1q2jE3TCrr5JCQRhNA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "owALVsfUiwMtDqenpdt7Zg==": { "id": "owALVsfUiwMtDqenpdt7Zg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "oybDfBRpKC7mq0IkNE/WbA==": { "id": "oybDfBRpKC7mq0IkNE/WbA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ozbcadljjD/zIm3hj6kVaw==": { "id": "ozbcadljjD/zIm3hj6kVaw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "p2+Y5XRhYt7mgZ7H+35S0w==": { "id": "p2+Y5XRhYt7mgZ7H+35S0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.1.el9_6", "arch_op": "pattern match" }, "p2D36zAi5tbYfUPJhBVLhg==": { "id": "p2D36zAi5tbYfUPJhBVLhg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "p4PSGpZ+FENmdQZ22vQ2FQ==": { "id": "p4PSGpZ+FENmdQZ22vQ2FQ==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "p5Ki7Z96ChbT07EZ4WnnKg==": { "id": "p5Ki7Z96ChbT07EZ4WnnKg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "p8XKlr7C/uFXLykQP2132Q==": { "id": "p8XKlr7C/uFXLykQP2132Q==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "pEwkPeffucbY50JSGQdERQ==": { "id": "pEwkPeffucbY50JSGQdERQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "pFXK+S/0lzfxv0ToVY49hA==": { "id": "pFXK+S/0lzfxv0ToVY49hA==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "pGkOHCsusTyFHJ/G9JGXiA==": { "id": "pGkOHCsusTyFHJ/G9JGXiA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "pGvoS/decJ8g3YpAYIFmmw==": { "id": "pGvoS/decJ8g3YpAYIFmmw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "pHq3XsQe5Y157BuUHMufyg==": { "id": "pHq3XsQe5Y157BuUHMufyg==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "pIJllB0DitFR4biXCLWlfQ==": { "id": "pIJllB0DitFR4biXCLWlfQ==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "pLMgO5RHEs1yrujEkb226g==": { "id": "pLMgO5RHEs1yrujEkb226g==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pN9L6/wRgu21CuY/FfnkIA==": { "id": "pN9L6/wRgu21CuY/FfnkIA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "pNsmsBM6zioL8gqkR9CNUA==": { "id": "pNsmsBM6zioL8gqkR9CNUA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pT+67u2xHyxzA5Cl+Ui55Q==": { "id": "pT+67u2xHyxzA5Cl+Ui55Q==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "pTT7g2z3OsAYgdVqJMZOLQ==": { "id": "pTT7g2z3OsAYgdVqJMZOLQ==", "updater": "osv/go", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "issued": "2022-07-20T17:02:04Z", "links": "https://go.dev/cl/417062 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pWQV0Z8XQHYl5n7sHUZBqA==": { "id": "pWQV0Z8XQHYl5n7sHUZBqA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "pX9giWYBuTR0yK974RC2ng==": { "id": "pX9giWYBuTR0yK974RC2ng==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "pd2B9G+4ekvOFTzso0NXCw==": { "id": "pd2B9G+4ekvOFTzso0NXCw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "peuiWx2cfvlg0ej3db5p4Q==": { "id": "peuiWx2cfvlg0ej3db5p4Q==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "pfNYlxG8sY9hFt3528zJoA==": { "id": "pfNYlxG8sY9hFt3528zJoA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pfZcHRowGRRifIIMXAg+9w==": { "id": "pfZcHRowGRRifIIMXAg+9w==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pg+SRV3v3Mv4Yg+0x76+jg==": { "id": "pg+SRV3v3Mv4Yg+0x76+jg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "piA8HykwHgm/u3haFYSPzw==": { "id": "piA8HykwHgm/u3haFYSPzw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pl0eAtev2igDstYhHd6sxw==": { "id": "pl0eAtev2igDstYhHd6sxw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "plTl3JV8fPj1sUiMh31FmQ==": { "id": "plTl3JV8fPj1sUiMh31FmQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "pmYCdyBPlSpsjaT+VrrmLg==": { "id": "pmYCdyBPlSpsjaT+VrrmLg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "pp3PQor2CpTCVnKZusQgwg==": { "id": "pp3PQor2CpTCVnKZusQgwg==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "pp7NHxA1qAOUnsy/IRCLbw==": { "id": "pp7NHxA1qAOUnsy/IRCLbw==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "psR1kVsSZz19yYKHsoaoNg==": { "id": "psR1kVsSZz19yYKHsoaoNg==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "psr6EfqmKkDu2s/af+27mw==": { "id": "psr6EfqmKkDu2s/af+27mw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "pv5Nm8Lwfq3X5Sm3cuoD1g==": { "id": "pv5Nm8Lwfq3X5Sm3cuoD1g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pvm4gwkuqzgisbgZu1oTlQ==": { "id": "pvm4gwkuqzgisbgZu1oTlQ==", "updater": "osv/go", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "issued": "2022-07-20T20:52:22Z", "links": "https://go.dev/cl/417065 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pvtiIO9KHqFscFbvNo86Dw==": { "id": "pvtiIO9KHqFscFbvNo86Dw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "pwFS1oPwyZIRVgVgtAgSPQ==": { "id": "pwFS1oPwyZIRVgVgtAgSPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "pwNeC1oSJCRKeW3NQ1Zwmw==": { "id": "pwNeC1oSJCRKeW3NQ1Zwmw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "pwSWzlcJAuR/J5zikGUxiw==": { "id": "pwSWzlcJAuR/J5zikGUxiw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pxuVFZsuUa8YFBkmcjpnxQ==": { "id": "pxuVFZsuUa8YFBkmcjpnxQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "q29SxeDdhfgnRkudvf3mdA==": { "id": "q29SxeDdhfgnRkudvf3mdA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "q4W6wpO2YbOLS87LUXPVBw==": { "id": "q4W6wpO2YbOLS87LUXPVBw==", "updater": "rhel-vex", "name": "CVE-2025-8851", "description": "A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the context of the affected process.", "issued": "2025-08-11T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8851 https://bugzilla.redhat.com/show_bug.cgi?id=2387618 https://www.cve.org/CVERecord?id=CVE-2025-8851 https://nvd.nist.gov/vuln/detail/CVE-2025-8851 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8851.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q6x8gUSR0HLnQLHLmB4Htw==": { "id": "q6x8gUSR0HLnQLHLmB4Htw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "q7IyWv1MOsi/PXOLUGKElQ==": { "id": "q7IyWv1MOsi/PXOLUGKElQ==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "q9L+6bHSCCXbReRfXEPeTg==": { "id": "q9L+6bHSCCXbReRfXEPeTg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qB1uVwi5ydv4et+JpGcenw==": { "id": "qB1uVwi5ydv4et+JpGcenw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "qEQEeZkI3fZm1RmMiKeYYg==": { "id": "qEQEeZkI3fZm1RmMiKeYYg==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFhnV7djagzTbJn2rH4ndA==": { "id": "qFhnV7djagzTbJn2rH4ndA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "qI12E1AIG5PjZFUHEhSkgw==": { "id": "qI12E1AIG5PjZFUHEhSkgw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qIRy7/v51ILezECGLzLGBw==": { "id": "qIRy7/v51ILezECGLzLGBw==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "qLHoaQ/4ax3G7SRd9aV2yg==": { "id": "qLHoaQ/4ax3G7SRd9aV2yg==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "qMnTnRnGw88RiTP1PFxynA==": { "id": "qMnTnRnGw88RiTP1PFxynA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "qNhEJopIC+OWvXbrkilAfQ==": { "id": "qNhEJopIC+OWvXbrkilAfQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "qOdN56IOMUot4YWCQPjPvA==": { "id": "qOdN56IOMUot4YWCQPjPvA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "qPGxfT+FyuMifHo1C/aY6w==": { "id": "qPGxfT+FyuMifHo1C/aY6w==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "qQxzRYdLEwZ+uwtq33H+Uw==": { "id": "qQxzRYdLEwZ+uwtq33H+Uw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qV/TxipuOJ9b9a/x4IT2cw==": { "id": "qV/TxipuOJ9b9a/x4IT2cw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXBiVfXy4luW+BbyG9z9BQ==": { "id": "qXBiVfXy4luW+BbyG9z9BQ==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qYLCfB1EzRWGloOr+Ke8RA==": { "id": "qYLCfB1EzRWGloOr+Ke8RA==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qZqMILFWCv2+sfRyc+XFfg==": { "id": "qZqMILFWCv2+sfRyc+XFfg==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qaC6F9Z9j5kAaiDeRwL7nA==": { "id": "qaC6F9Z9j5kAaiDeRwL7nA==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "qb5Q/H2wcR/YimCQn+AUYw==": { "id": "qb5Q/H2wcR/YimCQn+AUYw==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "qbsbXExNvRlblIMDPNkFzA==": { "id": "qbsbXExNvRlblIMDPNkFzA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qcGz8bluItM475eimPK89w==": { "id": "qcGz8bluItM475eimPK89w==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "qdWe9wwJNQD9uM1J1li1Vg==": { "id": "qdWe9wwJNQD9uM1J1li1Vg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "qdXDrJ7D0lw6kIY2dy+1KQ==": { "id": "qdXDrJ7D0lw6kIY2dy+1KQ==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "qhSIFNwi876BQWyJqx7TXw==": { "id": "qhSIFNwi876BQWyJqx7TXw==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "qhl/5MtAFFjdvINFEhyFsg==": { "id": "qhl/5MtAFFjdvINFEhyFsg==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "qhxrSy/lodS857k/RFYSFg==": { "id": "qhxrSy/lodS857k/RFYSFg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qj3kMXpJzib/tg7NOcmtdQ==": { "id": "qj3kMXpJzib/tg7NOcmtdQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "qnfP2y61ycFKlR/SBnZ5sw==": { "id": "qnfP2y61ycFKlR/SBnZ5sw==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "qpRD6NPbAOP7sG5S6hInXg==": { "id": "qpRD6NPbAOP7sG5S6hInXg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qr6Jra3xQBxvbIQJAqILNQ==": { "id": "qr6Jra3xQBxvbIQJAqILNQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "qsn7RE1KMH045/wAyIDw7A==": { "id": "qsn7RE1KMH045/wAyIDw7A==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "qtpMNZ+V4szO/Tox+eT3Cg==": { "id": "qtpMNZ+V4szO/Tox+eT3Cg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "quMgsZt2z8hlQ+HzwzaVJQ==": { "id": "quMgsZt2z8hlQ+HzwzaVJQ==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r+NuuQcHZ5hOWGRHanlG0w==": { "id": "r+NuuQcHZ5hOWGRHanlG0w==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "r0yngP+sUJvKraMLgaaWww==": { "id": "r0yngP+sUJvKraMLgaaWww==", "updater": "osv/go", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "issued": "2023-04-05T21:05:07Z", "links": "https://go.dev/issue/59180 https://go.dev/cl/482078 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "r35oOcTyVY7X2QLaChkjdw==": { "id": "r35oOcTyVY7X2QLaChkjdw==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r3htJBqpa1VO27wdQgcGyw==": { "id": "r3htJBqpa1VO27wdQgcGyw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r8kk8OjPGZXkalD/ogI9TQ==": { "id": "r8kk8OjPGZXkalD/ogI9TQ==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "r9W84DjqWVoSeRkzoMmOdA==": { "id": "r9W84DjqWVoSeRkzoMmOdA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "r9qwoudvbxrKUZqCmUc7NA==": { "id": "r9qwoudvbxrKUZqCmUc7NA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rBDj6tuhee896qgiVA2peA==": { "id": "rBDj6tuhee896qgiVA2peA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "rDeZ9YqARbQ/8OcOA5Tn4g==": { "id": "rDeZ9YqARbQ/8OcOA5Tn4g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "rDx7RcnC1Ce961LxuRo53Q==": { "id": "rDx7RcnC1Ce961LxuRo53Q==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rFWIZJAOzhCWoZKNelyFsQ==": { "id": "rFWIZJAOzhCWoZKNelyFsQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "rIk/NHa428tmc6oDgqypQw==": { "id": "rIk/NHa428tmc6oDgqypQw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "rJHkC74NrobNudSijB/y4A==": { "id": "rJHkC74NrobNudSijB/y4A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rKpZxH2tXrNLthuse32FWg==": { "id": "rKpZxH2tXrNLthuse32FWg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "rPXe6sMC/46EZbom2R58Iw==": { "id": "rPXe6sMC/46EZbom2R58Iw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rRfIMqTlNWlpWE9Bi6NGYw==": { "id": "rRfIMqTlNWlpWE9Bi6NGYw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rWYn/Km2lN55sVL7Ui4zmQ==": { "id": "rWYn/Km2lN55sVL7Ui4zmQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "rXJvA1HAsx+E4rVQeqU3qQ==": { "id": "rXJvA1HAsx+E4rVQeqU3qQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ra+5M5K0yyS4TNorJBFVYw==": { "id": "ra+5M5K0yyS4TNorJBFVYw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "rcUIg6JYVsZx379+fVhSVg==": { "id": "rcUIg6JYVsZx379+fVhSVg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "rct+rak3m0uMzU51NldQpg==": { "id": "rct+rak3m0uMzU51NldQpg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rkpLgzhV90FRHYY3ESWHfw==": { "id": "rkpLgzhV90FRHYY3ESWHfw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "rm3fF4UjNztR1JpYwTPaVg==": { "id": "rm3fF4UjNztR1JpYwTPaVg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "roGA0nQUzXWg+M1vb3jr3g==": { "id": "roGA0nQUzXWg+M1vb3jr3g==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "rpqh6K+YqMAxf172QUbycQ==": { "id": "rpqh6K+YqMAxf172QUbycQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "rpwsfSDtxz8KgCjcE5LUgg==": { "id": "rpwsfSDtxz8KgCjcE5LUgg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rpzV0o5XSSiqAfiLvn+7sw==": { "id": "rpzV0o5XSSiqAfiLvn+7sw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.1.el9_6", "arch_op": "pattern match" }, "rtmfAClgZr+pMIYCffofpQ==": { "id": "rtmfAClgZr+pMIYCffofpQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "ruok+KtL5TC6jhvqLAZEzw==": { "id": "ruok+KtL5TC6jhvqLAZEzw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rwX0WRiXvDcxdTv5pslgxw==": { "id": "rwX0WRiXvDcxdTv5pslgxw==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "ryPu/punYtMOzifbFWj3Xg==": { "id": "ryPu/punYtMOzifbFWj3Xg==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "ryv0HUHLJe8DIxGNl9VAgQ==": { "id": "ryv0HUHLJe8DIxGNl9VAgQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "s+/PgMrbczH4dntN+Uku4A==": { "id": "s+/PgMrbczH4dntN+Uku4A==", "updater": "osv/go", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "issued": "2023-04-05T21:04:39Z", "links": "https://go.dev/issue/59153 https://go.dev/cl/482076 https://go.dev/cl/482075 https://go.dev/cl/482077 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "s/wLIAA4VDi9HrbyrnYgbg==": { "id": "s/wLIAA4VDi9HrbyrnYgbg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "s0BW8R7FNYnFn+nWkJnUqQ==": { "id": "s0BW8R7FNYnFn+nWkJnUqQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "s0PUMgVnEtuqOkBdJNAqUA==": { "id": "s0PUMgVnEtuqOkBdJNAqUA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "s20Tn7zOYHvK/n/K8/hWrA==": { "id": "s20Tn7zOYHvK/n/K8/hWrA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s4mktw9S/tOEdbFRu8ZxjA==": { "id": "s4mktw9S/tOEdbFRu8ZxjA==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s6zRbI6E6xMFwOoLRjlPfw==": { "id": "s6zRbI6E6xMFwOoLRjlPfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "s9zla+0u22E+Nq1zlK4A0A==": { "id": "s9zla+0u22E+Nq1zlK4A0A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sEXYrXIRghEOX+5cKfh4HA==": { "id": "sEXYrXIRghEOX+5cKfh4HA==", "updater": "osv/go", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "issued": "2022-07-20T20:52:11Z", "links": "https://go.dev/cl/417067 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "sEY+u8JcXEvFyPiUDTNKow==": { "id": "sEY+u8JcXEvFyPiUDTNKow==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "sFUeaSTxmIP9ksmZtDFy/w==": { "id": "sFUeaSTxmIP9ksmZtDFy/w==", "updater": "rhel-vex", "name": "CVE-2025-9301", "description": "A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.", "issued": "2025-08-21T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9301 https://bugzilla.redhat.com/show_bug.cgi?id=2390085 https://www.cve.org/CVERecord?id=CVE-2025-9301 https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629 https://vuldb.com/?ctiid.320906 https://vuldb.com/?id.320906 https://vuldb.com/?submit.632369 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9301.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "cmake", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGBviOATX07Y4438NYu+Aw==": { "id": "sGBviOATX07Y4438NYu+Aw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "sHu0Ihy6+HrKJvDoll9f5g==": { "id": "sHu0Ihy6+HrKJvDoll9f5g==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "sHvGKpRovk0D6WznAeRDaw==": { "id": "sHvGKpRovk0D6WznAeRDaw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "sJOXRbCL0QuUC1P4v8JTZA==": { "id": "sJOXRbCL0QuUC1P4v8JTZA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sQrexr1vAx+h04KwvoON3w==": { "id": "sQrexr1vAx+h04KwvoON3w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "sQzygdvKruRINz20KeXUpg==": { "id": "sQzygdvKruRINz20KeXUpg==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "sSpyMuxbh/+/Nula2ikXPw==": { "id": "sSpyMuxbh/+/Nula2ikXPw==", "updater": "rhel-vex", "name": "CVE-2017-17973", "description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "issued": "2017-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17973 https://bugzilla.redhat.com/show_bug.cgi?id=1530912 https://www.cve.org/CVERecord?id=CVE-2017-17973 https://nvd.nist.gov/vuln/detail/CVE-2017-17973 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17973.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sTJKOfHbxppSoExQl7mYpQ==": { "id": "sTJKOfHbxppSoExQl7mYpQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "sTWSbUm1UHqZR0zHxPPV1A==": { "id": "sTWSbUm1UHqZR0zHxPPV1A==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sVTwqtGyRA8GgZdyQgXnqw==": { "id": "sVTwqtGyRA8GgZdyQgXnqw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "sWPZolO+x42N83xPk/byrw==": { "id": "sWPZolO+x42N83xPk/byrw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "sXReFixXG4Bn4+eq/AJDBA==": { "id": "sXReFixXG4Bn4+eq/AJDBA==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "sXnCRVNv4i/ZmrJ0YxWonw==": { "id": "sXnCRVNv4i/ZmrJ0YxWonw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "sY8NON9Vp1LES9AwtY+jzA==": { "id": "sY8NON9Vp1LES9AwtY+jzA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "sYa4l6veBD/KmL7osWW7fQ==": { "id": "sYa4l6veBD/KmL7osWW7fQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "sa5mIA5TIgDDEs7v0PwTjQ==": { "id": "sa5mIA5TIgDDEs7v0PwTjQ==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "scmQI6T6oitCtZW5973ovw==": { "id": "scmQI6T6oitCtZW5973ovw==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "sgKxepKQb+uxgfzzrcWS7w==": { "id": "sgKxepKQb+uxgfzzrcWS7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "skjryijgaN9YVeVVq8xZmA==": { "id": "skjryijgaN9YVeVVq8xZmA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sna4IH0E1Ui1jpzpKgnFOg==": { "id": "sna4IH0E1Ui1jpzpKgnFOg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "sosNUrsbT764ZsBIEQm5Tw==": { "id": "sosNUrsbT764ZsBIEQm5Tw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "srkxdJQ82zHIMw9egdZc5w==": { "id": "srkxdJQ82zHIMw9egdZc5w==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "ssYEt3aOFwnaqoufFlsCAw==": { "id": "ssYEt3aOFwnaqoufFlsCAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "svdlbVzNwZE9P/M3GvQ7Xw==": { "id": "svdlbVzNwZE9P/M3GvQ7Xw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "sx5ziSZauoyjmcMB827V/Q==": { "id": "sx5ziSZauoyjmcMB827V/Q==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "sxxGu02J6Xp0UskX/yPO4w==": { "id": "sxxGu02J6Xp0UskX/yPO4w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "szMAuHDpCq8KehOnG/58kg==": { "id": "szMAuHDpCq8KehOnG/58kg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "t+vHm4kt0AB+tq2CG41TQQ==": { "id": "t+vHm4kt0AB+tq2CG41TQQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tC2r7U8qVBEhU9NaT3fMVg==": { "id": "tC2r7U8qVBEhU9NaT3fMVg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "tDVJVtVXjEp2hZmPcOFM9w==": { "id": "tDVJVtVXjEp2hZmPcOFM9w==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "tEG4S6zEddB/Fl32LgLV+A==": { "id": "tEG4S6zEddB/Fl32LgLV+A==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "tJJUE3O+B2dj0YzqLSTtDA==": { "id": "tJJUE3O+B2dj0YzqLSTtDA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "tKVE3VH+DixxL49Cbeit6Q==": { "id": "tKVE3VH+DixxL49Cbeit6Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tLfvNXQJ1ryG1oIjuKoLPQ==": { "id": "tLfvNXQJ1ryG1oIjuKoLPQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tNFH1YUHHwU3vwUWrO3mLQ==": { "id": "tNFH1YUHHwU3vwUWrO3mLQ==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "tQmmf4j1ZMloac9gv7yd7w==": { "id": "tQmmf4j1ZMloac9gv7yd7w==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "tTdsNcqGarFD7KtMB1ag6Q==": { "id": "tTdsNcqGarFD7KtMB1ag6Q==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "tVvgs8QNtuRqLgnWoPIWbw==": { "id": "tVvgs8QNtuRqLgnWoPIWbw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "tW4ew6Bpf68YpYbdwMyYGA==": { "id": "tW4ew6Bpf68YpYbdwMyYGA==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "tZCJ3EMmfQYEKmNY0R6pgg==": { "id": "tZCJ3EMmfQYEKmNY0R6pgg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "tZSfr7Q1QfQP2u7Sjxqmrw==": { "id": "tZSfr7Q1QfQP2u7Sjxqmrw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "taWP10HWuyQrPSEFSUjPPw==": { "id": "taWP10HWuyQrPSEFSUjPPw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tboTb+/fwz1O/l+3w5n9ew==": { "id": "tboTb+/fwz1O/l+3w5n9ew==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "te0mQBJAxCZ9Xzg2xrzQcg==": { "id": "te0mQBJAxCZ9Xzg2xrzQcg==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "tiOci2zd4htCAwtqrJPUhA==": { "id": "tiOci2zd4htCAwtqrJPUhA==", "updater": "rhel-vex", "name": "CVE-2025-9390", "description": "A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.", "issued": "2025-08-24T14:02:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9390 https://bugzilla.redhat.com/show_bug.cgi?id=2390603 https://www.cve.org/CVERecord?id=CVE-2025-9390 https://nvd.nist.gov/vuln/detail/CVE-2025-9390 https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0 https://github.com/vim/vim/issues/17944 https://github.com/vim/vim/pull/17947 https://github.com/vim/vim/releases/tag/v9.1.1616 https://vuldb.com/?ctiid.321223 https://vuldb.com/?id.321223 https://vuldb.com/?submit.630903 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9390.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tjg7NtH3QatPaaScohSsZg==": { "id": "tjg7NtH3QatPaaScohSsZg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "tlbehmhIbT1WwXt6llfQYw==": { "id": "tlbehmhIbT1WwXt6llfQYw==", "updater": "osv/go", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "issued": "2022-07-20T17:01:45Z", "links": "https://go.dev/cl/417063 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "toXp/ZwNqXAUsdXRb/4DVg==": { "id": "toXp/ZwNqXAUsdXRb/4DVg==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "u+eDY1Q5WfNp0Krtzvv+AQ==": { "id": "u+eDY1Q5WfNp0Krtzvv+AQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "u/b1G56mYgMO4E+lYxSxjA==": { "id": "u/b1G56mYgMO4E+lYxSxjA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "u0MfT/CHY1AhIYRRjCtdhw==": { "id": "u0MfT/CHY1AhIYRRjCtdhw==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "u0i6Tc2zpzW8/pMdj7AH4w==": { "id": "u0i6Tc2zpzW8/pMdj7AH4w==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u3VIQ3Bv2EdQNxxr10FAOQ==": { "id": "u3VIQ3Bv2EdQNxxr10FAOQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "u6PjuomLq+nVKrTw/0Jyeg==": { "id": "u6PjuomLq+nVKrTw/0Jyeg==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "uDUK/vmP915z5uyCv2VhVg==": { "id": "uDUK/vmP915z5uyCv2VhVg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFR2NXYHCgkD0jUkHBTh3g==": { "id": "uFR2NXYHCgkD0jUkHBTh3g==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "uFRb2siFSROrNSaSMqsvqQ==": { "id": "uFRb2siFSROrNSaSMqsvqQ==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uGPuYR0b3uiHdpdRa97mfw==": { "id": "uGPuYR0b3uiHdpdRa97mfw==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "uGxAJHfmN99PtsQCJqV/nQ==": { "id": "uGxAJHfmN99PtsQCJqV/nQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "uILMvGS6obqeMj18FLYSbg==": { "id": "uILMvGS6obqeMj18FLYSbg==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "uJDCv1FWYpz7eywFMZ5WnA==": { "id": "uJDCv1FWYpz7eywFMZ5WnA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uOeAKP5ZyZtLLU7CjOuFcw==": { "id": "uOeAKP5ZyZtLLU7CjOuFcw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "uPUYRQErrH0+5XWkYAjsjw==": { "id": "uPUYRQErrH0+5XWkYAjsjw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "uRGTeRjJyz2NEeH/TpkK8Q==": { "id": "uRGTeRjJyz2NEeH/TpkK8Q==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "uTjjTMH3twVH5hmw0Wmskw==": { "id": "uTjjTMH3twVH5hmw0Wmskw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "uW/TgHSIKlO53BnXG1YZSA==": { "id": "uW/TgHSIKlO53BnXG1YZSA==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "uWvHibmfs86jbjyb5h+qpg==": { "id": "uWvHibmfs86jbjyb5h+qpg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "uXRgwaipa8s2OMXjAf1Thg==": { "id": "uXRgwaipa8s2OMXjAf1Thg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ueWEd2PE6kwBx153FL1eIA==": { "id": "ueWEd2PE6kwBx153FL1eIA==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ug2Mk8LI1eIN0hRNT0s8JQ==": { "id": "ug2Mk8LI1eIN0hRNT0s8JQ==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ugAB401UYtKGrqztlPOlZA==": { "id": "ugAB401UYtKGrqztlPOlZA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uhGUZtCY1OXgM1L55/upYA==": { "id": "uhGUZtCY1OXgM1L55/upYA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "uioq0s2+upthXeIfuu8dpA==": { "id": "uioq0s2+upthXeIfuu8dpA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ujzNJ5kQVFINisRmEnkrzA==": { "id": "ujzNJ5kQVFINisRmEnkrzA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ukBMje282PDzxzC8wCZoJA==": { "id": "ukBMje282PDzxzC8wCZoJA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ulsMCA3bm5VANCxYIf54Zw==": { "id": "ulsMCA3bm5VANCxYIf54Zw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ummv/ARHzS4IbQ59dpGtvQ==": { "id": "ummv/ARHzS4IbQ59dpGtvQ==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "urOIF+inUTTF1gL7DeWkzg==": { "id": "urOIF+inUTTF1gL7DeWkzg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "uvaZxZFE7cKBjyjVQ/t6lg==": { "id": "uvaZxZFE7cKBjyjVQ/t6lg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "v+VZolEvt4HU4yiZTpFx+Q==": { "id": "v+VZolEvt4HU4yiZTpFx+Q==", "updater": "osv/go", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "issued": "2024-04-03T21:12:01Z", "links": "https://go.dev/issue/65051 https://go.dev/cl/576155 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.9" }, "v+qPraJNH1peMhjiTk1OgA==": { "id": "v+qPraJNH1peMhjiTk1OgA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "v/LL4YgDGZJlkF77eUtvPw==": { "id": "v/LL4YgDGZJlkF77eUtvPw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "v6t7qJCF3xL8IO0nPwJX1g==": { "id": "v6t7qJCF3xL8IO0nPwJX1g==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "v9nWDWoVTUzEu77hVCL+xw==": { "id": "v9nWDWoVTUzEu77hVCL+xw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "vAAzy4RBfYsNO+V3LlPJ7A==": { "id": "vAAzy4RBfYsNO+V3LlPJ7A==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "vBXrhxnu9HxQSmN5xWhZaQ==": { "id": "vBXrhxnu9HxQSmN5xWhZaQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "vHIEJpBGkCNiUPmahPyLqQ==": { "id": "vHIEJpBGkCNiUPmahPyLqQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "vJceii8mKrpQPBtlAKleGQ==": { "id": "vJceii8mKrpQPBtlAKleGQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "vLDNpmPSXi+t8ebIQHILIw==": { "id": "vLDNpmPSXi+t8ebIQHILIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "vLLr24Ej4L78gTG08XYkRg==": { "id": "vLLr24Ej4L78gTG08XYkRg==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vLgELeoIueNM9KX5ZIMtjg==": { "id": "vLgELeoIueNM9KX5ZIMtjg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "vPDXRcEg4abq9PCqTBFkAg==": { "id": "vPDXRcEg4abq9PCqTBFkAg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "vQedZoMzqBElfCAKIwQo5w==": { "id": "vQedZoMzqBElfCAKIwQo5w==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "vWwpCPVTGndMb9IraxXgGg==": { "id": "vWwpCPVTGndMb9IraxXgGg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "vZzq+XzhXQpcGK6x6C81SQ==": { "id": "vZzq+XzhXQpcGK6x6C81SQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vagSYtfX2ayPhseLZe8kAA==": { "id": "vagSYtfX2ayPhseLZe8kAA==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "vb7DdaxZjPV5NEcCqN9EkQ==": { "id": "vb7DdaxZjPV5NEcCqN9EkQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.1.el9_6", "arch_op": "pattern match" }, "vbUGycVGGL83rd1I5CfHuQ==": { "id": "vbUGycVGGL83rd1I5CfHuQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "vc3i6DfzTVpLFX6x0zKE4A==": { "id": "vc3i6DfzTVpLFX6x0zKE4A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "vceRrCjaQs4/Tb9s36m+gQ==": { "id": "vceRrCjaQs4/Tb9s36m+gQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "vdokiHWKHEv0aYbydeDs5Q==": { "id": "vdokiHWKHEv0aYbydeDs5Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ve8kNOScD+vxLjbMehgbRA==": { "id": "ve8kNOScD+vxLjbMehgbRA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vekzBecfH1YN/Zd4MHsZmA==": { "id": "vekzBecfH1YN/Zd4MHsZmA==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "ves1GfNCYjdCXJceNwT2Lw==": { "id": "ves1GfNCYjdCXJceNwT2Lw==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vgP3FAR9tXjiqUc0mFlRrg==": { "id": "vgP3FAR9tXjiqUc0mFlRrg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.1.el9_6", "arch_op": "pattern match" }, "viJWUTYaczSUI8knrOEDyQ==": { "id": "viJWUTYaczSUI8knrOEDyQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "vn/18J5TIuzcd8MxdMgYlw==": { "id": "vn/18J5TIuzcd8MxdMgYlw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vnBlYA/0lXrfCSSYxgwhSQ==": { "id": "vnBlYA/0lXrfCSSYxgwhSQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vnQE6sVVricZrrWA9Xv5RQ==": { "id": "vnQE6sVVricZrrWA9Xv5RQ==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "vpkqaxRDIkUCRIT3f2sk6Q==": { "id": "vpkqaxRDIkUCRIT3f2sk6Q==", "updater": "osv/go", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "issued": "2024-03-05T22:14:58Z", "links": "https://go.dev/issue/65390 https://go.dev/cl/569339 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "vu4nws6mMs6GJYT1BNu9DQ==": { "id": "vu4nws6mMs6GJYT1BNu9DQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwUe6Dpe5Fb7V8GdyGEhjA==": { "id": "vwUe6Dpe5Fb7V8GdyGEhjA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwdkC2aeXSkn642Di7lXbw==": { "id": "vwdkC2aeXSkn642Di7lXbw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "vy6yzxdusLc9vaaiu2HI2w==": { "id": "vy6yzxdusLc9vaaiu2HI2w==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "vz18/+7m2wxxY2NMQUQ6Yg==": { "id": "vz18/+7m2wxxY2NMQUQ6Yg==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "w/NMuS0o9hChTkNvZhIOtg==": { "id": "w/NMuS0o9hChTkNvZhIOtg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "w/qPRfgu7T1MbY4EuhkWZw==": { "id": "w/qPRfgu7T1MbY4EuhkWZw==", "updater": "osv/go", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "issued": "2022-07-28T17:24:57Z", "links": "https://go.dev/cl/405994 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://go.dev/issue/52814 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w93rRV74Y3Xaae9j4uy2iQ==": { "id": "w93rRV74Y3Xaae9j4uy2iQ==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "wBC264S906jsJ9EHip/24A==": { "id": "wBC264S906jsJ9EHip/24A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wCl622H8UElXM4AFHot1bA==": { "id": "wCl622H8UElXM4AFHot1bA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "wEVnFZ6M5zpBHSw+nqU0rg==": { "id": "wEVnFZ6M5zpBHSw+nqU0rg==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "wEZLQNUZyYD6Rz0ucz5fzQ==": { "id": "wEZLQNUZyYD6Rz0ucz5fzQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.1.el9_6", "arch_op": "pattern match" }, "wG1iwTc5HBr1VKWUstaeHw==": { "id": "wG1iwTc5HBr1VKWUstaeHw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wL88v46Y3XlOQ8xtlmBugA==": { "id": "wL88v46Y3XlOQ8xtlmBugA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "wMpTUDltgKPDv4b44/0Spg==": { "id": "wMpTUDltgKPDv4b44/0Spg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wN+C2Zg1myHVbcMR/36bqA==": { "id": "wN+C2Zg1myHVbcMR/36bqA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "wO2dcFx5JhDjz2K4QDYydw==": { "id": "wO2dcFx5JhDjz2K4QDYydw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "wSNG00q+az+IW0NBCU7MPQ==": { "id": "wSNG00q+az+IW0NBCU7MPQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "wTqPXpGv5suIYx7xVHwxzw==": { "id": "wTqPXpGv5suIYx7xVHwxzw==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "wVu6Drfzxh1KT5UxKndpTQ==": { "id": "wVu6Drfzxh1KT5UxKndpTQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "wXA+dwIpPFBMKZHFylJdgg==": { "id": "wXA+dwIpPFBMKZHFylJdgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "walyEMfvPvVh3KXxCNA/pQ==": { "id": "walyEMfvPvVh3KXxCNA/pQ==", "updater": "osv/go", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "issued": "2023-05-05T21:10:20Z", "links": "https://go.dev/issue/59720 https://go.dev/cl/491615 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "wbgbZuReVn7DfcAmqe3XZA==": { "id": "wbgbZuReVn7DfcAmqe3XZA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "wc5lIWGg0A45t1Tgl/aghw==": { "id": "wc5lIWGg0A45t1Tgl/aghw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "wed5fBK5xYyUEx1EpoQtEg==": { "id": "wed5fBK5xYyUEx1EpoQtEg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "wfyGNkRP1AKTpRqTPf0oQQ==": { "id": "wfyGNkRP1AKTpRqTPf0oQQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "wgjZroGG2ECX8FlIRRqZmw==": { "id": "wgjZroGG2ECX8FlIRRqZmw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "wh8UL6jE02MHJgululn0nA==": { "id": "wh8UL6jE02MHJgululn0nA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "whMVc0u5Lzujkr6AuzQzMw==": { "id": "whMVc0u5Lzujkr6AuzQzMw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "wj5w4kQEe9iH2tb9jj1wEA==": { "id": "wj5w4kQEe9iH2tb9jj1wEA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "wjPVtpb8yNf3j3pc1wfy6A==": { "id": "wjPVtpb8yNf3j3pc1wfy6A==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "wlPwpwE94ExdZ/N5EaE3ow==": { "id": "wlPwpwE94ExdZ/N5EaE3ow==", "updater": "rhel-vex", "name": "CVE-2023-2491", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 https://www.cve.org/CVERecord?id=CVE-2023-2491 https://nvd.nist.gov/vuln/detail/CVE-2023-2491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2491.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "wn4STzMt4ytbVHyERUyNoA==": { "id": "wn4STzMt4ytbVHyERUyNoA==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "wqIGHEm21/U4VCTr0VeLVw==": { "id": "wqIGHEm21/U4VCTr0VeLVw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ws4rNVATNtezkRTpFfdzmA==": { "id": "ws4rNVATNtezkRTpFfdzmA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "x+9X6oSMihxrE4Tni3a4Zw==": { "id": "x+9X6oSMihxrE4Tni3a4Zw==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "x+E+r7arkKvVcXf/ay8rdg==": { "id": "x+E+r7arkKvVcXf/ay8rdg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "x0tnd8GOUfHQCdr5bXMpHA==": { "id": "x0tnd8GOUfHQCdr5bXMpHA==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "x2hzd4kogrK1x2HyIGmxuw==": { "id": "x2hzd4kogrK1x2HyIGmxuw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "x4dqDafgKW8Zo/is+xcVZQ==": { "id": "x4dqDafgKW8Zo/is+xcVZQ==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x5MnAXJPkWBC+zd+i08Svw==": { "id": "x5MnAXJPkWBC+zd+i08Svw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "xDXpto7iDgv1dyFWeDEVcQ==": { "id": "xDXpto7iDgv1dyFWeDEVcQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "xEtBJoALTqnQBn0TOsRe9w==": { "id": "xEtBJoALTqnQBn0TOsRe9w==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "xF20fK5dvutyLkWcMLVDPw==": { "id": "xF20fK5dvutyLkWcMLVDPw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "xIqTu52elcgV5FuN0Fuj4Q==": { "id": "xIqTu52elcgV5FuN0Fuj4Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xKFSWwGN4NIDnytC6SdEvg==": { "id": "xKFSWwGN4NIDnytC6SdEvg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKgvhqTYvQwR5QWUkRuf6Q==": { "id": "xKgvhqTYvQwR5QWUkRuf6Q==", "updater": "osv/go", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "issued": "2022-07-20T20:52:17Z", "links": "https://go.dev/cl/417064 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "xNJWUdryH0nBQB/93HRNuw==": { "id": "xNJWUdryH0nBQB/93HRNuw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "xP/kV8YDeJxssrXaMcjXUg==": { "id": "xP/kV8YDeJxssrXaMcjXUg==", "updater": "osv/go", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "issued": "2023-12-05T16:16:44Z", "links": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.0" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xUBSdDBs0fiKOh6BCZPXOA==": { "id": "xUBSdDBs0fiKOh6BCZPXOA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "xVnM1Y5F9hIYQN1//jfY7Q==": { "id": "xVnM1Y5F9hIYQN1//jfY7Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "xYZxVBz2xY/aoDQPqi4nCQ==": { "id": "xYZxVBz2xY/aoDQPqi4nCQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "xcQReVPnPEIim0iMTZWDwA==": { "id": "xcQReVPnPEIim0iMTZWDwA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "xhnxsdmWc6+n3gUj6yqBpw==": { "id": "xhnxsdmWc6+n3gUj6yqBpw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "xjE2Ua1GOmdwVi+xIIGVeQ==": { "id": "xjE2Ua1GOmdwVi+xIIGVeQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "xmhlBgW9Qhx+a2k3SdfUzA==": { "id": "xmhlBgW9Qhx+a2k3SdfUzA==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "xoMyxEWbrnIOZWHnwVuShQ==": { "id": "xoMyxEWbrnIOZWHnwVuShQ==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "xqLSmaq+0/3ps+9zoCEL9g==": { "id": "xqLSmaq+0/3ps+9zoCEL9g==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "xsP7BCzVmEb3+qivw8mFIQ==": { "id": "xsP7BCzVmEb3+qivw8mFIQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "xsiKeHcIwwzMLDEPFdNSFQ==": { "id": "xsiKeHcIwwzMLDEPFdNSFQ==", "updater": "rhel-vex", "name": "CVE-2020-28362", "description": "A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "issued": "2020-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-28362 https://bugzilla.redhat.com/show_bug.cgi?id=1897635 https://www.cve.org/CVERecord?id=CVE-2020-28362 https://nvd.nist.gov/vuln/detail/CVE-2020-28362 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-28362.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xvZ+aaak6OxbCE7Nu46XhA==": { "id": "xvZ+aaak6OxbCE7Nu46XhA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xxrk6qwvf/BkNdal8rz/jA==": { "id": "xxrk6qwvf/BkNdal8rz/jA==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "xzz0v3ajpuFhN3HDJCDDYg==": { "id": "xzz0v3ajpuFhN3HDJCDDYg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y0c8SsIbu7kpkqoaDhf8/A==": { "id": "y0c8SsIbu7kpkqoaDhf8/A==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "y1Qpo5IDwj5DRizBbMgltw==": { "id": "y1Qpo5IDwj5DRizBbMgltw==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y1VRnBNNx34t1XvqjEl7IQ==": { "id": "y1VRnBNNx34t1XvqjEl7IQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "y5N73UEFT/BHwjJkVAx22A==": { "id": "y5N73UEFT/BHwjJkVAx22A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "y64mIHRpNx52AEpoGbOyzQ==": { "id": "y64mIHRpNx52AEpoGbOyzQ==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y6Uu3YyF1CrzpsmxAF1m9w==": { "id": "y6Uu3YyF1CrzpsmxAF1m9w==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yCrfh+WfD/7UJatf+Ek6jA==": { "id": "yCrfh+WfD/7UJatf+Ek6jA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "yF/CyvOlKzDmpBu26JCuEg==": { "id": "yF/CyvOlKzDmpBu26JCuEg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "yIgeDQgyoDXR+INQbK5bbA==": { "id": "yIgeDQgyoDXR+INQbK5bbA==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "yK3vcSC4PlKQSa9IQKCw1w==": { "id": "yK3vcSC4PlKQSa9IQKCw1w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yNIngFjcdt+ETIv0YvW+4Q==": { "id": "yNIngFjcdt+ETIv0YvW+4Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "yOFL3ef2F8Ux3GMySAVXxg==": { "id": "yOFL3ef2F8Ux3GMySAVXxg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "yRV28i/MrM7mz4Vw1MzWxA==": { "id": "yRV28i/MrM7mz4Vw1MzWxA==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "yU3Lpv2jlcYSr1/M/dL33A==": { "id": "yU3Lpv2jlcYSr1/M/dL33A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yV3QixxBrXQjuo0c4OIL/w==": { "id": "yV3QixxBrXQjuo0c4OIL/w==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ybQbHANLbpeKvvvpnEOh2Q==": { "id": "ybQbHANLbpeKvvvpnEOh2Q==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "ybg9o/djfKR8D2l5wfz/6g==": { "id": "ybg9o/djfKR8D2l5wfz/6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ycihN0043OihPtrAPlFZyA==": { "id": "ycihN0043OihPtrAPlFZyA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.1.el9_6", "arch_op": "pattern match" }, "ydN/9qW+IO/7qUsy09APhw==": { "id": "ydN/9qW+IO/7qUsy09APhw==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ydg80VAiaAwfrueUhGEKNA==": { "id": "ydg80VAiaAwfrueUhGEKNA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "ygPqOnRCEHz9NjTVM+wIZA==": { "id": "ygPqOnRCEHz9NjTVM+wIZA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ymBGTBftPxHJSbwAfx3uNA==": { "id": "ymBGTBftPxHJSbwAfx3uNA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "ynnULh1l7jTnQPnMak7suQ==": { "id": "ynnULh1l7jTnQPnMak7suQ==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "yq06et41/lBQ0nsMvLOG/A==": { "id": "yq06et41/lBQ0nsMvLOG/A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "yrD0ecVnK2Y23POHVpCwiA==": { "id": "yrD0ecVnK2Y23POHVpCwiA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "yrkfySEOvQHtbEYpAUNs0Q==": { "id": "yrkfySEOvQHtbEYpAUNs0Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "yubezWiwTBzlJyfKBBah5A==": { "id": "yubezWiwTBzlJyfKBBah5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yz/zQzn72boszb6Cab3Y9w==": { "id": "yz/zQzn72boszb6Cab3Y9w==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "z/LMTnJeia+du5LSYhMD2w==": { "id": "z/LMTnJeia+du5LSYhMD2w==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "z1fiDjJjV7T+4MZClzquUA==": { "id": "z1fiDjJjV7T+4MZClzquUA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "z1wZ8EsA73QQBAtKsHeNNA==": { "id": "z1wZ8EsA73QQBAtKsHeNNA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "z52r/0OKaWAkLWR5L4SEkQ==": { "id": "z52r/0OKaWAkLWR5L4SEkQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "z6u9MfxJ5450gPIBXVMBZg==": { "id": "z6u9MfxJ5450gPIBXVMBZg==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zBm31RctqcDF3ITqeA/9oA==": { "id": "zBm31RctqcDF3ITqeA/9oA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zEKtVLhCQn3xgvKNhFo2bg==": { "id": "zEKtVLhCQn3xgvKNhFo2bg==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zFG8iDklz8FcuYliYZGkqA==": { "id": "zFG8iDklz8FcuYliYZGkqA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "zFZE1hLph4hR8T7aNvRt0w==": { "id": "zFZE1hLph4hR8T7aNvRt0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.1.el9_6", "arch_op": "pattern match" }, "zH/R3mCgsX+vslxcP7p4cg==": { "id": "zH/R3mCgsX+vslxcP7p4cg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "zLUPO/DSeItPLWNqYd2DSQ==": { "id": "zLUPO/DSeItPLWNqYd2DSQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zNwhU1to6ohdg5Ws/JmM/Q==": { "id": "zNwhU1to6ohdg5Ws/JmM/Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zRaIctSo0IHgkpOD2xBvHw==": { "id": "zRaIctSo0IHgkpOD2xBvHw==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "zdrK/Mitm8rUuLp2HwWnmQ==": { "id": "zdrK/Mitm8rUuLp2HwWnmQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.1.1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "zi+zTCtHwI+xWITxpaOJBw==": { "id": "zi+zTCtHwI+xWITxpaOJBw==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zidvm9MkkP4S62Ofl4+xSQ==": { "id": "zidvm9MkkP4S62Ofl4+xSQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "zjZHjKf2l5+qY9/XYdFMQQ==": { "id": "zjZHjKf2l5+qY9/XYdFMQQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "zmJCk6ssM8yXKzXcDFtbsA==": { "id": "zmJCk6ssM8yXKzXcDFtbsA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "zoCeQAIu1TFmWIYHnlYddg==": { "id": "zoCeQAIu1TFmWIYHnlYddg==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ztlVnn1P+W74ZN9vh2BisQ==": { "id": "ztlVnn1P+W74ZN9vh2BisQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "zwpNi+NBoVUfQ5Ed4vkNug==": { "id": "zwpNi+NBoVUfQ5Ed4vkNug==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+LQ46YAn9giMKDZRMCUpfg==": [ "ZAUFPHu5UQZ+B2n+SrWIqQ==", "wEZLQNUZyYD6Rz0ucz5fzQ==" ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ "FKu6EFoCfpksmq+M7pL02Q==", "XPUXyp+BOEJyEGOgXafi8Q==", "eDxAdI0cgddAZnBSd4FI0Q==" ], "+yIdH2Pb8SGFuXnry3uK/A==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "i1aZclSgDVfSpq3wWatknQ==" ], "/FMjm+UzO0PTaS3Td0lhkw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "/t0e+LuglIbDcO/k67Hr2A==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "/th8aUKrkgR3Sw9KSBM+CA==": [ "s0PUMgVnEtuqOkBdJNAqUA==" ], "0N0D43vK8KV4kQOq2LQn7g==": [ "lbvVctqpDivb/6OV/xVV+A==", "2DPl1NLEsHotw7kYOPR/8A==", "2432H9ZBrMWDJ7HhyQT63A==", "QY4aLgQQjP1oPPp38ArMrQ==", "xYZxVBz2xY/aoDQPqi4nCQ==", "pwFS1oPwyZIRVgVgtAgSPQ==", "IfZDrkeHpfXHfjHzETuKbw==", "cUH9U4T8Wpzm/UIIektEAQ==", "7CqLd0zk1hiFU3yrvTTdyg==", "DCflC/lDsmgt9IFXJM3PyA==", "o3TqxXhqdegYIl51fSMQ1A==", "LcEYljn+QTWUC36NwQCf7w==", "bKE3ov27WR5dMz8a/M+jUA==", "SjbW0rogoRJo0my37ozMDg==", "whMVc0u5Lzujkr6AuzQzMw==", "uhGUZtCY1OXgM1L55/upYA==", "jVClMHCoFf8RUCB6W2c2cQ==", "CSv4lPWUxMcEgRRI/WkPaA==", "aQ/ax84rpyWNveVTm/MQww==", "eMVMlNYLRzjk+Xt/peAYqg==", "Rf7m+dbWxZxBNm1A9nfdqg==", "eOOfcRLf3CHL5spaYEPovQ==", "glwEUWfaBwNPBrXUJo34tg==", "GEDO3j20WMwIj0JMNMq5Iw==", "G77a8vVkDX/8Yt/v29MOhA==", "0UWL07sxLog3CGNaaYYQxQ==", "31zk833ZdfHhkO9sg82MSw==", "ihcyIiYlnktNuXSrEgrQjg==", "Q2+f0ITzWPp+YCesnwp1Ng==", "G/dmoDOpwh0GrsMovfySVw==", "O0QnjS+0zUH+vff5xaIpCw==", "AJcMDco3zISLrE/7+42hGA==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "8utuZQ/Ix8fDNAmmSZivvQ==", "x0tnd8GOUfHQCdr5bXMpHA==", "HjJnWaqrr4SaFPjzu8hVkg==" ], "0wIoN0pFyBSc9eVtRdIOWA==": [ "tZCJ3EMmfQYEKmNY0R6pgg==", "WALxwIFXDH8ZvKesDKBFiQ==", "3wnJ6TxCGJITikNK4m6q+g==", "4JIGhO7+fAz+LPTFEuBHUg==", "PHRlWl/iCYco+xAVn6SmKQ==", "JQe3P/odATa/OKbzn309dw==", "SRL0fsSEDtOf7vYyf/BewQ==", "J6GavUf0zh8+C0zHHTDYfw==", "U61IeOaU1v6bOHJxSPbCCw==", "SU1MGh9+Zg3Zuy+khiN0Og==", "XhhNgYgTJmDdYc90YuE8vw==", "bpM7BDVV04atOPduc9mI8Q==", "kRj1Frl5pmWWgd5LR0IPyw==", "FUR7T9AnekkZ5hPUz2WP6Q==", "tDVJVtVXjEp2hZmPcOFM9w==", "IsqBfnAxrh9UbW8oQaSR7w==", "O+NG96g+kK1DtaJEFTfwuA==", "eNUwUuL3W5wSpnxJfClXhg==", "jbS9IFs59O0uPYg9IZeksQ==", "EzveB8rJWscHHRZtJKOdRA==", "Qp7j7oFs4UbVUHVGblDM1w==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "qpRD6NPbAOP7sG5S6hInXg==", "mUXGZjQ6odB/7zYNoJjJRA==", "Bzc4r1UXMoCf7blNLHkQGw==", "8BMA6LbX8vjrr4aUcmHB5w==", "pd2B9G+4ekvOFTzso0NXCw==", "FgTFx5g45j7WzA+bfAHPzQ==", "nNzRt87EkCVymyYuDyEW2w==", "L04cc8NCPjDZYnxYDnO5+A==", "yrkfySEOvQHtbEYpAUNs0Q==", "/+t6edjy50ibBAIw8q+CWg==", "hECLdfUszFQo2UbzQI3BMQ==", "lJah2RfNfRF+vEQdCucT7w==", "84g+WJ21VVZ5YgyE9krInA==", "y0c8SsIbu7kpkqoaDhf8/A==", "S2g7delheJOLf2DxVbw0Hg==", "0Gq5wAUiCXaH50wxZYx9MQ==", "M9nh4Ryt6GwPUlLoItHqnA==", "fMQ6kctftYthbGvZli2/sg==", "4K1RYkumn7qw6Pk7lwpfbA==", "hHQvhYHv8KxCCQMiFpmyWg==", "Y3PSsgfYVK7+nWpNGBO9lQ==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "ohJ0B7EgOJ9MaxYsbvhjIA==" ], "13i0QoQ6Q4yBI5RUf20lXA==": [ "h7m1EaKKCwaqq30R6Q/BlQ==", "Uy8P+1ImBLgh4EjZYlMO1Q==", "7NIMWPjl58dCiuwwIe4bGg==" ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ "rtmfAClgZr+pMIYCffofpQ==", "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "eT0Z6G4b2zSUUUSLlyL8Tg==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "vy6yzxdusLc9vaaiu2HI2w==", "0MBdby0uigxg//rv2xd7SQ==", "WPitnGSVxSl/y97AJTQIFQ==", "H4boG/V+MB7stA7jG8O6Tw==", "dRNxgKG0w/nM5rSMcvz/kQ==", "cJ4BQpErMW3FIQ2vBfopJw==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "DqGYMV65C5QRFD63WuUcpg==", "1lRtJofWFCTkQi0dreTmvg==", "/rVEaWl0l9u8biVEKbZTFg==", "2vr/twKdnITJOKu9ARCAXQ==", "lKniGV6mBq1xFWJ6V0QVvA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "H4hIo8QsJ8tJeirBCqwHFQ==", "dPlld/v+ZrL/y3NT/M5t9A==" ], "2REYKadw7TKFiuC+OnoHmA==": [ "ijNNBHI8o+gObvRZ97LRdA==", "CH/8kg0DShdiNjzv6+DZnA==", "L3Sq7FQbQmRq1R8Dn0eFww==", "JegoLVJD+r1CNqau++1Vlw==", "2UhjmcPUkGmILpYJPZEiNQ==", "UWR5dcXlfiNMz/BIfTGvfQ==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "Jo0GiPh7MZcVuLsVDbp7qg==", "CMGu0bZesU9cyPAc2vK34g==" ], "3688bXyK/nwHthXLLVH24g==": [ "teVzqeXKz5qAL9KrVUsKAA==", "IWplUWF011EXddGnkU5Png==" ], "3DTA/XNFCCDFf6sfX96bGg==": [ "CQY3y5mGXL6FhNg/bhr8Rw==", "rpzV0o5XSSiqAfiLvn+7sw==" ], "3RQKCmep11B4hkfn96QJTA==": [ "WxO9le6q4ACTs4KnSuckDw==", "QNeXj0/uAU3vww6deBbkrw==" ], "3iIPR0bjuCPQ2+48pSdeHg==": [ "+WB02bbxvRVZgJj5gYjJ7w==", "4gO4ls/gy0nmsC3NeXvyVQ==" ], "4Aph2Qer6+KdCecFsU0TXg==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "AsiuN/8gu7sZ0PJCLihjmw==", "0u9BhQlRGnXqmFj5VxmVgw==" ], "4DM2GB9KLL7/xWypPdz7vA==": [ "8QRmG/+fMsQQzP2maaxOag==", "9b3CWaJsQwdqnuBJDBMt8g==", "f6K2rwitLCyOeqkSvuUcFA==", "VgaIsJDFBatjqT1h+RQLFQ==", "m77LjZYd/4k9LSozG2S2mA==", "KJGsgMArislsisVXSZHY4A==", "pr6wo3A29JKUBSVK/BGExw==", "WIbunUW6+W30QKZc5Tmqzw==", "9UTiJlsfYxfa60iynbYgLg==", "VGewdTS02tdqYoORYHK7Rg==", "0PMktbRk+B4fdwvvP1VWUg==", "V9lyeZvue30g1R6RiITjAw==", "qIRy7/v51ILezECGLzLGBw==", "2vidY7qxU0KDMpAzTaXQCw==", "5z9ZOzxJREYn5oM+HAm6dA==", "E90jB6HCh1KjzQXtmHMUUg==", "iSsTR9jTS/494HfIgB9pGQ==", "2VowcBblBj36IfwmFRwcwg==", "3FdyvSRS+ECfT74KYiCcLA==", "peMVLpnT962hXrm4IDBPqg==", "JTwzSHX5xKxgTtyprecVew==", "2k/PqFfUaKNy33VkAbVD6g==", "1oKL9ZSv1M4CmxUhNFjpmg==" ], "4ImdKzJ7uZoaviIayzuoUg==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "1SDdOQM609JpOnF4Vx/qwQ==", "2j4vw/Ef1McLxa/C6FEQvA==", "iL/VOECJBzyFgTCwWDppVw==", "ITIiuf1dzb05+JHj8h65fg==", "gCKIolAPxKn/MwnZqQ5viA==", "ANxFBq/yNQoElX4dsXb0wA==", "562erF6ddCIyzi5oV/IzHQ==", "81Pd3WxGavo8vEw0GcfWBQ==", "iWeHI13pT0mygP25w8npPg==", "gh3MdGIod7lYo7rDnSpHLw==", "49jEi4xCgfg8T8qzhNobIA==", "NfOajNNzWnotxhFpYD5Nfg==", "5ZJ6PuXfgRMCarpNow00ew==", "hMwTXtuK2CPZup51st8vag==", "uJDCv1FWYpz7eywFMZ5WnA==", "VZxWbc2wJwiwTLhillEtpA==", "dhk9SR7XgMlUT1SwbOzs0A==", "ybQbHANLbpeKvvvpnEOh2Q==", "iUURXijANkMZIH/VbXWyYQ==", "vZzq+XzhXQpcGK6x6C81SQ==", "X+rjva7ecn1JedeVO9IX9w==", "7B4LUCjMkCM+NcHtyQXyFA==", "9z2MVdoreqGVJcUFUz72OA==", "am8Nu2Xz4xTgOxf+V74bZg==", "H5vm/YCKZciOb4TXZmGZlg==", "YpjyzhR3jAhlzb479lBoJw==", "bmNjdpodhrAjmmeNv8j2ZA==", "OOCO13z2+atrfqEfCsJ3/w==", "NplyvjxiuekBB/5QKoOJbw==", "cv/HKlhaI7EJMBLIaTimwg==", "L9hbhq3wsZ5QkKEIo/fhYQ==", "iE+bfILM7uszXcxvEd6gYA==", "VcgFEXPgpzLsj5tOjILVtw==", "kBdyi87P4B1cTF5hLS7ByA==", "71rWwrWl22424P8D9sWBZg==", "bb9X6domCAmA+m40PgE/jg==", "ISgjA2mi+Q9vbdNEhDKXOA==", "3a2lYBlaR2GDen/lmTlCyg==", "hzkoKs3QdYyXJMnifzGbxA==", "WLri8p9NfgX8reKybIYziw==", "3wP/Eggf7Bu35MpzNr1Fog==", "ToyZiPOtBFPiNJOZ8QaYng==", "fezwmAwUNAjVNYh+YY0Wrw==", "EBopL1hbi9GBQGXZUVNCAA==", "GJ6//hGiIsio2zBFuudd/Q==", "GVXQ1XPPQkuhZ4SIFGoF+w==", "0LvlxzvH25js4ffWzvLRTQ==", "/U86DUGeHRSAL0GvmlifyA==", "rkpLgzhV90FRHYY3ESWHfw==", "MrRavbeiISRcJtBRJ3ZRsA==", "VdMk4kWMgrdK/5+i3n6XhA==", "fUkL/QrHEZtoCydnxvHQYQ==", "WU+A3QdBd331DcSM3AXFew==", "TQEoFglRNgkSreqoAySz5A==", "9NxQaPp619Bd0qky1dvzZg==", "MVGmB/UrNlB0PqdbI1X5iA==", "nhTPOqyx5Hjq5RaQThVb3A==", "keMF1HAI1OIF8MvJtPZQ+g==", "EXi8j2JWeu5xYuWml6Ellg==", "VQ+eWJsUMBep4PD4xfj8Vw==", "ND8tA1FahvMc/ZIGpyoj3g==", "78Ya60ppwS4OL6ZK9P90Qw==", "ZCWnPSXILcJ9aE646DCmag==", "UH1xPpnVOud+f1gKl26ATQ==", "WNRX1UWo4fDLFOhq9mcbIA==", "JZIEpU7UdEXuAMj6emkt5A==", "nKGJQ32gv73mgVLbPDD8Qg==", "k9Yjqv3ifDP4XwsJSZ8XiQ==", "7TWJhc3cfFgph89dsQ0nBA==", "jyRfRwiUvNWAyNlZmv3MkQ==", "iMwaCmNtKHrK2+scb+hkxw==", "LMcwA00QGnxriAXkZQIhHw==", "tjg7NtH3QatPaaScohSsZg==", "IRgMJoQA4x1xizY2hEw96w==", "9ia70lNV6NYvmzB7WlbYQw==", "LkG+n79mbPHrPl1sC2ee1w==", "r9W84DjqWVoSeRkzoMmOdA==", "Ira5htRPGofy9veGMRD7Vg==", "dgwlwyboh6/BQfJsyoE8Eg==", "UhBP4F/rEtGjZG3U8Wvp2Q==", "YPJKJ4DYdTXL0BJCCS9pgA==", "eh73UwgswuQUUBPGmZNxLg==", "bytYw82gsP7fmiiqIEcGNw==", "O4VudlVyChnCKHP9qhS59g==", "XfjE+J06ONMJAg7vkQ3tbQ==", "esWNnTXfVcQMP31EwLadpw==", "osxk1q2jE3TCrr5JCQRhNA==", "TI1OyePXauC23iR42z7HKg==", "o6arI4B+lOjvgV6k7kauyw==", "0O2I0zrYDyiCiU68WyBLvw==", "lG2c0hNx+Fgq8Zf8B1rJyw==", "FsYbwBEvKH6FW81JU3KSvw==", "m2sL00H9lvJ4xs2UqwHxiQ==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "sXnCRVNv4i/ZmrJ0YxWonw==", "Uh6QIejNBmYSJ+kLmnZWzw==" ], "5NZNFErDrBiBoorV+igTjg==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "9M1meEoYiMYlmYR7kKfweg==", "ZeLcisCXFaeQKOi8dej/BQ==", "XHSXqyF2rScxnK03VnME5Q==", "QZQvSq0tzcJY8GfiU/aXpg==", "Geg0mw2hzdsfDbJ9adcmWg==", "1QQmDcMkRqvOte/bR8QEuQ==", "w93rRV74Y3Xaae9j4uy2iQ==", "Oaw7/z6QEDwwzKvMQmdriQ==", "N6xCmSIsupN7OsJaYpsl6Q==", "hv1o+8ALinWTDa5cH4j3rA==", "q6x8gUSR0HLnQLHLmB4Htw==", "yz/zQzn72boszb6Cab3Y9w==", "GolUr/klMsQNQ9QFMdcAmw==", "9uaveyIiSEcdU4MrDHbJ2Q==", "X9na4KYJ5u50u+KLDr2iTQ==", "qXBiVfXy4luW+BbyG9z9BQ==", "c3eMx85yv79gfxNsxZXPHQ==", "12PmpsYpKqbguwokcjBXqw==", "wEVnFZ6M5zpBHSw+nqU0rg==", "nD4gdXb8ND61ypX9fYklTQ==", "5vR/2ZAfb0swnLBKDl3Bzg==", "quMgsZt2z8hlQ+HzwzaVJQ==", "70HU3efHkL/3G4Y44qZmGA==", "fUlz8/rwVV2PbflGdFYCdw==", "4K7cGcsZltSw5Ayu8+A5rA==", "ETcQXJZrA6IUPRr4MXFUIw==", "ZZj+FChMvULXnT4QSAEvQQ==", "qLHoaQ/4ax3G7SRd9aV2yg==", "AQa/gDZ0IemFxWbJIsU4yQ==", "ug2Mk8LI1eIN0hRNT0s8JQ==", "O41Bejc6em2i0QjOrjliKQ==", "VJAm4vMolMmA2ytzFknQUA==", "RReWBnQmCp2XJDUh6xioRQ==", "vAAzy4RBfYsNO+V3LlPJ7A==", "2eKcZq74WOmYmPDTZ8L+Jg==", "1PYvw1fdwe6hM2UBdw4Itw==", "qdXDrJ7D0lw6kIY2dy+1KQ==", "jY7qsjEMOfcaNJkgI4dijw==", "K0/KdAmlvzyf53kjXgfoRA==", "LXj+7NB7elh/3U/gcE77cw==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "xQ6R88+x8IssPvOAavmZXw==", "r3RLKNYtYvKarBqnnrlrew==", "Z0bbSkX8e3OUKdJa86CbBw==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "RUDcnDBVSmf+/LWMe4Tqgw==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6VAQWTpZhN9PW7YCmVhxsw==": [ "03F5BM6+dlM9pg6rJMb2UA==", "0P/5eKFuPPXM3bHgeAHWxw==", "JfmoxvDj+qKmecssvuGVyA==", "2bOVXniSdlE0fZB1iot4yQ==", "8gQtKtb/Xr3aGfsLtKyetA==", "bqEGDVpuXY3j7Kr18B5E4w==", "YnyGgq68v/XTMEk0yU1qsA==", "vLDNpmPSXi+t8ebIQHILIw==", "eqZVUGTs5pHRR/tV2jQA/Q==", "sTJKOfHbxppSoExQl7mYpQ==", "PnyZkAM4ZwDECggE7QV89A==", "qI12E1AIG5PjZFUHEhSkgw==", "51jf2IrfzMdepCjAvXkPMw==", "kJ/PUfmUBn2Ep03yRLItuQ==", "1/PWApRfYh/rLEOR0JZLsw==", "wbgbZuReVn7DfcAmqe3XZA==", "Wd+GQ3y21/7kl1XV9m/oiQ==", "fcJXnA1/CqZDeUcxpMPyzg==", "n5bOb2nwIXCE6i6WEpGlzA==", "taWP10HWuyQrPSEFSUjPPw==", "EfJCfNem+1eUwnsxx2dNOg==", "ktNuCXztDAtRpUWlUtIWUg==", "UuV6vmv/pMSyQBUW2Wn3bA==", "f5rDGDIgGLk7iLvtlKjm1w==", "lO89yYeT5Xt1E5KBgR1OXw==", "S3c04CkV3MUFBzUssTpBSg==", "wXA+dwIpPFBMKZHFylJdgg==", "ljT4JJv6XdYorFfJ6zbfog==", "830L36AKCoBHnXPHE6R6uQ==", "4Uca8szOo7gGoVgv+DjeUA==", "knD9e5c9mhfEteHg6iIbAQ==", "BfJzk+M/zKnbrBHcCrvIlA==" ], "7JHS+mBQfJeJoy73lvm4lw==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "jecTmyeay6DKd/7zioYjow==", "XXaDpMG90Mb3fV4QxoLqXA==", "7uj4PEKyThSRh2msjDtceg==", "s9zla+0u22E+Nq1zlK4A0A==", "1aPjlkabj3eUY8WGb+gz+g==", "McBbvTJIAPyP1aOW8M+hzw==", "7ZyXE8z7uZKjHitrjhSWQQ==", "x2hzd4kogrK1x2HyIGmxuw==", "aouER1d5ARUcTEP5rjxlQA==", "gEN3j5KPSWh2c+RarvSBNQ==", "6fJcYsi1gPQNv5g1ujEPdA==", "ktZZSLvjrHrh7DYZ23sMhw==", "0TUqdQNGOvjHNFjkDen1Sg==", "63po8QED6nDungBQEqHIyA==", "NXkuwjwxMseOUUaLQCgnuQ==", "/bIhvJWw2AYMGyJtBaoH6A==", "LUlesLbzv1yf48cLqYDxTg==", "rct+rak3m0uMzU51NldQpg==", "oBl0IuwDdaD9PwMwSDcQpg==", "srkxdJQ82zHIMw9egdZc5w==", "k5LjlV1zmKau2rAIOnay6g==", "edf9qrl//4hhbTQ8nlVN7g==", "ve8kNOScD+vxLjbMehgbRA==", "o+oNdKG9C3ouEb/OQo1GOQ==", "eh1RT9v3ol1cjACTvuohFQ==", "c4b8AyMPp1ls7ClKiTCbAg==", "9C6WGntg4UmJkjiylWVxnw==", "7tWeNpgpS6TZ4aQUo8g9NQ==", "rWYn/Km2lN55sVL7Ui4zmQ==", "QqNagWxBuciWgmqsaHDwZw==", "UV2MuUVVyu0L6wfdUc0Qpg==", "QwkBpizF3mo2JpevPMDeaw==", "fVstMFtDcM3yfjjb8mKxrg==", "qOdN56IOMUot4YWCQPjPvA==", "2wnmmIxGcmTTQ7kdV4Q55Q==", "6bZ4UNaa9jRLVZoZHQgYtQ==", "rXJvA1HAsx+E4rVQeqU3qQ==", "BsGuSaqfP6qrCK8KTTY4qw==", "4eh40PtMaL3JhPlCzb+8jA==", "zdrK/Mitm8rUuLp2HwWnmQ==", "zidvm9MkkP4S62Ofl4+xSQ==", "kXL26w3j4LcAqSQ9tOuWMA==", "o2RzBkbyaO/aJUexQwQheA==", "kVJhm1LYIfhvn92InJZLDQ==", "H7H9wMobv6DOqzUUAdOqGA==", "xVnM1Y5F9hIYQN1//jfY7Q==", "0ZGrJGNNqDLH/sZXsRkfvA==", "VyeYHICkBiXwLbWKsz4//A==", "QX1bQ/CZA5mRbcqjpTc9aA==", "IV554NtP1F9KO4IyBit26g==", "wed5fBK5xYyUEx1EpoQtEg==", "+pWnGgJUL0jrC1yhwq+kNw==", "8/mZoUg5ZlBapu2isiHzqg==", "WnkMM/SD0E+7EEac0/vMVg==", "tboTb+/fwz1O/l+3w5n9ew==", "FMzc9QFitxthf16XR1P0QA==", "9gB7mQN0y1Zy9EiaXIHFew==", "M4/opsM/3qe/3m0zjGkItQ==", "Y7ypeGdtYfJMJApDHYX9tg==", "SnI5fUbXuT/Xt+VkGvddww==", "ftPQfiVA8qRKJwxT2xcXRw==", "/G3xQo8kmNMyu7hycZYF/A==", "06GjiUkv66Ek9Iq8u3SFSA==", "u3VIQ3Bv2EdQNxxr10FAOQ==", "psR1kVsSZz19yYKHsoaoNg==", "T2rcJ7DPtdiGNP7r4L5R2g==", "pmYCdyBPlSpsjaT+VrrmLg==", "9PE6ZiUdIaAWtCsUgesEZA==", "eejojwYHRaSarkdAMLD2OA==", "JZouihQMnG3T6XSUXqYbkA==", "JXQAkdur2asBQ4qeq789Ew==", "pNsmsBM6zioL8gqkR9CNUA==", "bjkXZ4ZTp29EFzF+wMw4xw==", "ZAKrc32qORy4LwsxMQgfrw==", "jh1Mqm3BaTYV6MdA+4D74g==", "7Q0Bus9RTfFy/UrxkfH2sQ==", "D1jz5P28B8rwvnVaChXHiw==", "hx3c9WG+Xum3pwxo0+FyRQ==", "j7HjBQaZ5PNpv7JydPZ8OQ==", "yF/CyvOlKzDmpBu26JCuEg==", "A2YTvJXiGwe7aOSqWlEZhQ==", "W08Ska67/8hV/b3GYflglQ==", "cNsQU/uNFf7PsCWqaKxjAQ==", "98vR1ByhE/Y9cvB+lRN3LA==", "CW81Lp11K0nBc+3dYegY/g==", "hlV8M1lvezTjDMlaNPSTvg==", "OqWPbZZgGqlPCMzbmClfHA==", "9lOT/bRPy9mu1knhwrLw8Q==", "/WghVlKV6eiRYf2iGmk9sQ==", "UsE9/aKvx7HhPwZe6KY1zw==", "1LTKa378StuY8O3o3G26jw==", "r+NuuQcHZ5hOWGRHanlG0w==", "RU6xHn/9SV8lotyX3JW1ZQ==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "q9L+6bHSCCXbReRfXEPeTg==", "29Fo/GOP7MILPepOrnMgjA==", "/E8Khm0ZXy1gRiDom4c+aw==", "yq06et41/lBQ0nsMvLOG/A==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "84WodsWNE9m9GIrBiKl02g==": [ "XctMW4QJZO0RsDAv/VoABQ==" ], "8Ky53YwzOPM2pkEIVuuuBg==": [ "LCRgl8qKc2VcXP1ILfaS6A==", "T9nCb/lA5TdipGMhtb6HJA==", "FnsKxnhjNS+E4Y6hrazjUQ==", "GoHsuuxRgbGb3lm852rQmg==", "mL/QvlBQrld+4EwXWLYTNQ==", "TUvm6koxiDQRc/8CJ4TCOA==", "v9nWDWoVTUzEu77hVCL+xw==", "c/+IhJOZwrUFnxH/AA8NiA==", "uPUYRQErrH0+5XWkYAjsjw==", "YJkc0fG7G+dwREiIQihS/A==", "KewD59oo2UdDLsWiOrUjzQ==", "n+8zHdzpUdNYaOfjqM+rvQ==", "B1gQIzGtgKR02WiRgVPUgQ==", "QireWdVPs8MzNOJ1scQvdA==", "F2QVfam7Idr3v4Y7g3wf/Q==", "ynnULh1l7jTnQPnMak7suQ==", "HuVZNoL6F1XG6bLXPdhmWQ==", "FlgtpglQEkjGT66EnFUHMg==", "n6Vm6uSXhVeVnZmJCVL4pw==", "t+vHm4kt0AB+tq2CG41TQQ==", "ixlSuy1zsWjDOO7lFuUNAQ==", "+rCn8yfwQj/rMH9c7+J0ww==", "IzDqrZ8Ru35rI4iCSSk/pw==", "HxiMqPnG14UzA9oHqqI6Ng==", "JtCpNcg8egZjbdozD9CAJQ==", "rRfIMqTlNWlpWE9Bi6NGYw==", "/l+w9tCELORzNXZA4/qNsw==", "ENoYJ+9TEzYG+jTQB5meaw==", "V9f8Tc0z/tWsm1egJDudPA==", "vu4nws6mMs6GJYT1BNu9DQ==", "nLbsKQgcqXqFJTjqeQs6Vg==", "CXlZx/1BY/yqrUCuQlON2w==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "Fi7GXCkkqJvYQw6Co8Nk7A==", "QsR+n6O0ULfYayvahAaltg==" ], "9WzsXAqqRoLidXM4HaB8/w==": [ "oNps3pS/KBKadK++zlgktA==", "TPp/bXEhRpApQLMY2Ppr9g==", "SnYLkLUk0dFIFA/itR5yrA==", "7U+8ffRP7ahu1ot4Zj5Zlw==", "G33a+jVnMZNg6liymp9Lyg==" ], "9hWn3VgLVkzmMJln7S0UCQ==": [ "rFWIZJAOzhCWoZKNelyFsQ==", "a7WPDd2/UqA1rqbo6pjM9Q==", "EZo12eG9Obl1kmhRKBmcvA==", "76ytKtBeQe8L2T7nxeVp/g==", "QjS6b4li9vRMvS2l49iyfw==", "pxuVFZsuUa8YFBkmcjpnxQ==", "DQIgoLb/8+6+HRbr8B6wHw==", "6WQjHZdyTC+aVOSwNc3+BQ==", "pwNeC1oSJCRKeW3NQ1Zwmw==", "Jq9s0m8iiaLnslijc1N/kw==", "oUbBUuaPbKO68xR8hm0EKg==", "dXgWtIQra5a7FOM/lmTQMQ==", "4PXcy6CSX2EaPwYEdLkfbw==", "IGsR1pj6qXRBH+0hYVXsew==", "AI5OCFigX+y57buhAMK1UA==", "J5i8I5ZRQGDUXQI4WkC0FQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "oXbtPoAI0xd/D3jVRZ8E8Q==", "M5aJiMv2/MaWINKfor0BrQ==", "oAa5rQ+ettvHgaEihiWA9A==", "sQrexr1vAx+h04KwvoON3w==", "J1SK5zSFZI94azX3jybBbw==", "WVkwWFZlIInzrX99VsKBBQ==", "Ewdn+P1XzA/h+WRvejvm/Q==", "4RaJ63cwUpp+QWj0IKysEw==", "wCl622H8UElXM4AFHot1bA==", "tTdsNcqGarFD7KtMB1ag6Q==", "/+enDTB16pRyR8XOMcf3ug==", "Cbqd4MLPHY6FcToWh7U3IA==", "748UmdVwB73z0xvCImrQmA==", "ItuvzyMGym4CNyVuxWwH3w==", "24Paca4PaySz9eM+VJu4ew==", "DrL6S4TbqHyLJh/Go9vALA==" ], "ARxZCHzD7KB2Pu4aHl7POw==": [ "ntPgpTaOsf+PmS8l/Ba/Gw==", "a7PsXEXsbw8aTCMWFxM9mg==", "qaC6F9Z9j5kAaiDeRwL7nA==", "3BY1OD4rYtX6LEFO6X+/Yw==", "72/cPQH5mNLd1/e3j2Vn+Q==", "2QjZksAOTEJVwk59l2QYOQ==", "plTl3JV8fPj1sUiMh31FmQ==", "Lw4KgrwWujzRmDjtibR3+Q==", "2M5CwoqtCrF9ix+6ghISOg==", "ZMp4FVCkBvOUuQnhgF/KRQ==", "OoUkTYhn9kcAyWK8OpWEvg==", "xF20fK5dvutyLkWcMLVDPw==", "uRGTeRjJyz2NEeH/TpkK8Q==", "Gn9qNy1ITVhOKz+nUviaSg==", "W9Pcn9xdPg78KgFAK5oOyQ==", "N6/VXIOitxRZPgnZMgm+4A==", "MvPzfqdptyOBxzxR1iCL3g==", "GbZa+XIQtfFHtHWs5gm0wg==", "HmZXdUV/ycFcRK+m71pC+w==", "f9AAdWBkmOO1/+acrJji3Q==", "JLdsQ9mzV76+v5Ttq5j2hA==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "MrpKafmPiKoIdSrqC/r3Sg==", "VDdxJUjxgL4zXvGWC/1xnw==", "gZKcOjx7BKTLxDMH6ZvfGw==", "9fvqDo3ARbJLIgwR1oX6QQ==", "+do0gu6vrF3ZT5my5V6+CQ==", "+Q1v3N9+IP1xQOJnmQWDyQ==", "Wv5rERdynoJ/gHM2CtgXiw==", "uDUK/vmP915z5uyCv2VhVg==", "9oQBIjmHHZP7ZEjuqVHO7Q==", "6miUB07ljV2HaYX/rZ1yjg==", "JiPLnE3IM4/yPxZ8earXLg==", "U31VkPC5v6K7XIsRFDo19w==", "DZWopkvTJiWmVsAADTNOUw==", "bOMmd0jIpY2e7Cl4owS24g==", "kVjUyjaMJ0bXnwb03Ksw3A==", "3CUrg7YVjtx0L5aX+iMRxA==", "Q9syyD8a/4l/mc50UAvBnQ==", "WCZXmTnbo+2lbMuZdpH8NA==", "qV/TxipuOJ9b9a/x4IT2cw==", "6q1zANz+NJU+U0TPL1Xa2g==", "xUBSdDBs0fiKOh6BCZPXOA==" ], "AdRs6lk9yzTM3HvjeEThKA==": [ "AsiuN/8gu7sZ0PJCLihjmw==", "4JsZIRvQ+13IMgBIUPH0jA==", "P2LAyAbSFxWVwlNB9c/A2g==" ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ "3D/COcmVFbxgINNliqKHgw==", "M1Z06nydk707qbRpFiKmaA==", "QHS4gwmQURKolJEnj/ZMHw==", "p2D36zAi5tbYfUPJhBVLhg==", "7T9qiwKBE1swIXuW9Zvewg==", "WGccGAwrqbQSNjycPuaPsA==", "L2l/2cM7p8mbRx8/RerNPg==", "uvaZxZFE7cKBjyjVQ/t6lg==", "RPlldG/r8WWd2UCSZ1vzsg==", "HS96brYtpBiaYpW7OxT5Wg==", "kkBeA26IUhnokem2LDfx1A==", "aR+DKIj7GETMsDtNSfYXNA==", "urOIF+inUTTF1gL7DeWkzg==", "fEW9HCDGh5vauL1jhvKpFQ==", "HfjDJmml2JYJ9YjdaPe+zQ==", "pT+67u2xHyxzA5Cl+Ui55Q==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "ff3woW6bpDBZXooXnBPlNQ==", "NJhwMDbt0IMvlSLLB4cUVA==", "++J1c+9mFiyHFShlJEQFeA==", "H+x0VPepDcitQiESaSwIwQ==", "KXzUsn7IGL3ZRMjBL3QOng==", "NNyvMdW5UTPp1jGH161XDQ==", "1nX4t0Z3G1H45fqJox3f4Q==", "67Q/SCDsFWutXyKWQ9JQdQ==", "PdGhfwK5tePs8ngzFuopoA==", "dqYoyBWLAQszVE/IX85oqg==", "EYkM0DDu8tbFKzGysEiO0Q==", "be+F+Fkt9wYh4z6YwfNqdw==", "ETjF+btf4DIblmTTbHaZSA==", "gR+h15dyWueqbKII4cPOWg==", "qMnTnRnGw88RiTP1PFxynA==", "0LMSjLLjEqlpe4LAE1rWJA==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "Mgu68G03r/7Tj/zMomkJZw==", "Ok4YXGXw7Ua7qgtxqZcqhg==", "aFDenLkUq0L68+/zzTfPpQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "8Efa1m3XsyOFY5vSd2fHNQ==", "fv3/0oUmGvxLyxCaIIt3kg==", "dTT2owdN4FTG/LqoICFf+w==" ], "CjFzfz4zBZj7fcwIrVHCRA==": [ "GtECMHzRoeZKh1TLvpCt+A==", "FjB9AnugxBHu7Kwf86C67w==" ], "Ct/46Ed7Asmqt98kLc0FLw==": [ "kQq8hvN2yLWiupMaLbRduA==", "vgP3FAR9tXjiqUc0mFlRrg==" ], "D/XNnExpupd1bO9ZIJIE9w==": [ "0W0/E/g2cPvxNF42LmIwRg==", "JsF5ac8+OAOWxsV80iUiIw==" ], "D0GGDit/UxegO+/A5R03SA==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ "W3qe9/KhW5BUF2s+kXxVcA==", "5073UNZPtR+lsy1kIMhUEA==", "GoHez0BYftW2Wj3h0K6Zxw==", "wL88v46Y3XlOQ8xtlmBugA==", "15uVNLTcXPHEO0XVoOOwZw==", "BCe3MuKRzryFB5SraMhsPw==", "PMaPI3hRDt0vFaerryvY/g==", "nSAqYkKsqi7arKT9mgba5w==", "5EPGtk7Hqn2hqOaxgmNiSQ==", "EE23Ay78OLUGxmoM3vXPbA==", "s4mktw9S/tOEdbFRu8ZxjA==", "V+7K8Rg1uux3xnVmyH12/A==", "OxOc7/P4x7mjEZNhGnABDA==", "hazOAbpBSQ6ZcoEMkq6UhQ==", "WorXACje3vTXq/wv3RUODg==", "E7v1LWpr+8KCE/5szHqf2Q==", "mpDlR2Lk6PsJrTVRdAvAng==", "+ieGB56AL1fLbXEZaHIRig==", "PTaioV6jy0S7VQV20A7R+A==", "O0ZHj1wCkn8EgvHd15dYqA==", "hgtI79dU1WVsnkd0nzqqTg==", "OleRcJ5uCI7wOsxOqMjRlg==", "HnNhAdInEg3yPEHYo7Hl+Q==", "R6drGbgnzqKGDiX/RNUdqw==", "nRYrn2tFn8hdV0x+2YRPYQ==", "5j7D/WXFLHsZYUeUrskpMA==" ], "E7ikPxWehuEw+6yIZODYlQ==": [ "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==", "b/JoMKSdjTg9hoFgyAsYGg==", "Us6zMNu9gwaRC0UH2SSoQw==", "vn/18J5TIuzcd8MxdMgYlw==", "HeemEcWe2JVMYkjGWbuiFA==", "FtF7hWwlQYu4clVsrpBd0Q==", "1ICypZP/7UrDVdoDevopUA==", "SIPkCsjtWsrsJnfVRjxnKA==", "NpKL2jmktUTvYJUFA1mjww==", "KBpYoBBh5AFRsvma/sImeA==", "rpwsfSDtxz8KgCjcE5LUgg==", "0kDaqIpbO93XpnbaK6KFUg==", "zjZHjKf2l5+qY9/XYdFMQQ==", "ves1GfNCYjdCXJceNwT2Lw==", "6K5O0xmJnJtZcGmUaZ+P/w==", "0MVVcjDKfdLbs80csEfrOw==", "RA9ILX3H27ou2ro1GzHq8Q==", "miA8N3aOifbt6s11v8VS/A==", "QBD2bakyMRLlWNUWb7c8Ng==", "Mhh/p16eoRFTSGC5EJRZEw==", "BzOgc4nzX2HHoodQY6X6vQ==", "wVu6Drfzxh1KT5UxKndpTQ==", "IERk9xwccKWSGr20Hb5U6g==", "pIJllB0DitFR4biXCLWlfQ==", "r8kk8OjPGZXkalD/ogI9TQ==", "29JfppZedoclZHW2coehcQ==", "c3ac46MKEwGXSYV8lTnQoA==", "x4dqDafgKW8Zo/is+xcVZQ==", "mAh/ixYuQOgKvSoO2gk7SQ==", "OuZBWnWNFHYdTgntdOB15Q==", "mypK4Oz3YEbjmcF//Lb3ug==", "X9G3TF69Pz3xUY5yIPno7w==", "JrT9jqBaZlLgPCS0RLnpPQ==", "mk/9oG3VlXeyR83vbnlC7g==", "LyEH4RIrJnMwmS9bxL322w==", "ipjYj7xm8hx7kmgjjp0cpg==", "6VA82zmenvpHf3qd7c6BQg==", "N6yyVyHeduwThpSSvA2dVQ==", "SS38Q6SbT7pMry4emWgqdg==", "SsNZleqCp7tmOqFZQ6ZaBA==", "pwSWzlcJAuR/J5zikGUxiw==", "WOmMgxwwjpbn/RLQX8HPBg==", "+Q9jA+OXah1xDhJvsj+1OQ==", "GwJvkFMzYrKrZEvvNMbc6A==", "2/I3PyWTnfJdMedKAemp8Q==", "svdlbVzNwZE9P/M3GvQ7Xw==", "qhl/5MtAFFjdvINFEhyFsg==", "PAVfrfQyg9ezKUDPbI/Nmw==", "2y2LXrQ+Jdr+fioSazFF4w==", "q29SxeDdhfgnRkudvf3mdA==", "UPjX59r3QHIaBVa54cqtzA==", "09S7nCU8PMWz5tWquOFCaQ==", "n2MoI6iOOGKJg6CiwpZkxg==", "QDYJ95dZNazClKtqoRJQeQ==" ], "EgjLGZKjPtqIaFVLlFAAPg==": [ "gchW+O287jwZk0Cnma5sKw==", "tVvgs8QNtuRqLgnWoPIWbw==", "7QBYsSaCu8T87GZR3WHxyw==", "BBNgt41sCJ+dkDLhh8RM2Q==", "87p97+dH2sU2JVQ8vQ+Xuw==", "hK/f5zoJDHjYWcidbJwYsg==", "p8XKlr7C/uFXLykQP2132Q==", "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "0wh4c9Z6sNxM5NAXtzaMNg==", "khaGOQZwNAF+Kql1EAlBfw==", "8ZrkaQ6B1f36PC2cIg9i6A==", "T5/Q0DOZypWV6o3x9ziKqw==", "MOUExK9O9qzIs9ukHaS2ew==", "ikYp9FVR/trdSFxeYpqAcA==", "BceQQXlChHEbiy2YYN7FvA==" ], "EuqqL3yIFMd5VRAfuufJgg==": [ "jdtzUluiOvXnFmwaOX/6KQ==", "CBxUpiwpFiagAj3ihqf+vQ==", "tLfvNXQJ1ryG1oIjuKoLPQ==", "1KxLqY5vPHnDfUxdviejiw==", "7SutUCP3yRd4o5ryN/dDZA==", "6JXvoql3pzMfkGQb7H+Jqg==", "o1V8hGX+jv19u/R1lSOgXA==", "m4A081U6rE2WLJ4u/pMkqg==", "DtCtyEFA0WRhx44S/aRChA==", "7Q4dYBj4wFa2768mWculSQ==", "yU3Lpv2jlcYSr1/M/dL33A==", "oDGZCaWnkiaSQdz+QhIr5Q==", "EEsEsfQRh24NPMdhg4HPHw==", "DE3GDsNl2faTwlhxzYBbYw==", "B+xaJOiguNTw6xGmTB+mZw==", "DFOoWHynQeFD6fZDvPyKMg==", "5hOM1HtOhjQV1yizNCgxBg==", "P8ATyyToJgziJaUXIjyPvA==", "ecYseAb1rFmqPx4kHRWeQQ==", "ruok+KtL5TC6jhvqLAZEzw==", "kgCv9K1pgDK48LdFtpFN9Q==", "4CRDu/yV+Tfg3mSUobPIUg==", "Cxqp3OmZ1TuIow2bpolrUA==", "oQ3Lediq93z2xbrIoJUi7Q==", "z52r/0OKaWAkLWR5L4SEkQ==", "Lex02lwAwiaMkFn9DV9FuA==", "VMyDbkft4E3T+1eXNk/i7A==", "yK3vcSC4PlKQSa9IQKCw1w==", "bmyf3V3WjS7kQmiAcGoBiQ==", "YZq+CTlAXva/aUDDEFdZNQ==", "YjXf6yY9feRqNoLqPt5iEQ==", "4QiWtYafAt/cFOvYpyJONw==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "89XrIFUuuXy08LkDR6XMOw==", "g8hJlpBfWMarbfdU+OkQdw==", "SaWdJL5a+HL0ZieRiKpgNA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "z/LMTnJeia+du5LSYhMD2w==" ], "Fy3bplraTnRnJlV5RewauA==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "aJcuD8I2FFtYOQG27x05WQ==", "qhSIFNwi876BQWyJqx7TXw==", "Sfn7NNniMfKKkrbS2KIlnA==" ], "GVmxmNcJqT3ovg+RwjJg1A==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "7BER6omsA92tkjpEqGZJLA==", "szMAuHDpCq8KehOnG/58kg==", "SRtj8i4HsQkjCyC1YPMDYw==", "bmwYxyT6fmHIa8FODhI70w==", "ztlVnn1P+W74ZN9vh2BisQ==", "vQedZoMzqBElfCAKIwQo5w==", "c+walK0V+dA1g3qnPME4Ow==", "v/LL4YgDGZJlkF77eUtvPw==", "5ro53BoC7BlAtEu1loQCSw==", "sosNUrsbT764ZsBIEQm5Tw==", "VUNwpBj4hvcLARxqxrvCCg==", "XSCYGr+cvuvD+k3V0XhWSw==", "MJtIM09Jw6pIepBEcf4LwQ==", "4Utc/6C5f6+A3gsr9KU/IA==", "8kPW6EH9br7BQBK1DHvQsA==", "pp3PQor2CpTCVnKZusQgwg==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "hIP4iOnrw2sfStgfnTKJKw==", "mfYVQsCdSPyqR1UobqhEIw==", "NGHtfO55iqBhbAmqujAqHA==", "E6F4Bsc58fK+0x+N9LY6gA==", "UC0U9/zd+klwBmGR1YYVPg==", "ZMCWgxkMJ4LjF/nj5/+01g==", "fdpDWwmwFLyFeyU+CnbxxQ==", "pFXK+S/0lzfxv0ToVY49hA==", "Pd5fn59ga3nlH8XsDKvDWA==", "03WJApqdfWbzHtZHpqBt1Q==", "d2mdhZ97rWRfD+pslcl6uw==", "RLGDcCcECNxfaKqTkhDvew==", "5BXX9+pRVay9wrZAORfhhQ==", "/0WOR5Jn6BKoC/9+5dlz1Q==", "ekipReKDch8nQkv6wLHVww==", "GjK0gO1QmNQJ/ZsCakqCdA==", "jYmxPZjDM/CNw9uJ4rnMHQ==", "Ox1tNe9huq3q2onFJsX0QA==", "TN9ZqAQo2vEW/Tx62EpRcg==", "tQmmf4j1ZMloac9gv7yd7w==", "5ua6yduRd8slR+XckPuEJw==", "POSFLQ5mtdC9jMcn5UF8FA==", "PB44uTo7NGwmA/fjSEQPBA==", "5TfU8//dfsOlT82byi0lug==", "tNFH1YUHHwU3vwUWrO3mLQ==", "KtIlAO0V0/KiMbIbmHHMGw==", "TK/tQUH9MhuStrQUTQS1ZQ==", "PEaU9hApxjdZ1D4R2OUZpw==", "uGPuYR0b3uiHdpdRa97mfw==", "sHu0Ihy6+HrKJvDoll9f5g==", "ThUekCEizKQbaM9qGtWShw==", "6Qa2KBduT2HgJC4kctpUnw==", "vnBlYA/0lXrfCSSYxgwhSQ==", "9Ck8qx7KCeVOhknvjhQwsA==", "B0ZJnlI3io/AXTPjqyoADA==", "XIb0YQoMG8k0zzVWHpmvAA==", "Hk/EnuFgs+4rtDh2D0OPZg==", "FPJOQAbsBSaId8RmD/1j8g==", "F54ap+bUe0qceQi67ZX30w==", "yIgeDQgyoDXR+INQbK5bbA==", "LFiejdPb02ZvCk9/k6M2OA==", "4xxaXkxeYvxr8HgxLSDyHw==", "ANawluW+m7SrGs8Q9Odgow==", "KWqotAAFzFGFp1GIUjXi0g==", "L+KHKrPvSxZVeDMiWq92vw==", "I362Vwh1x92yigOP2ZDpKA==", "0gEzVf04N4WWI36MnLXr1w==", "SFiwTqc+C9HkxslIGbfU0g==", "SBAWrxfXaQ2Ka48xajW62A==", "Bp4O+K+hM5aEmCc59xUWdA==", "Nsd5wG+dBhUvVktxuz/adg==", "HFchxDnUHv0YgEfYisGA6A==", "95p6rGNUFNsCWfXMBirOLg==", "e2U3+rnCE0yJbEhq/B49zQ==", "EGDBCdh3xodxfhx6SFGa1w==", "9XbremjCd0rS6zu/GB+mjA==", "rTV9bjfy2M3+eJBkP+611w==", "fM+r7qYMTXMx81IJhr45YA==", "W9IdHW1dLxMcDTawlof8yw==", "cLetPtVgm731iRPvGEIeyw==", "S01BJ2Ht59Iq71LsHWKLzg==", "DyteGYzEcNMaIwU0U8gq/w==", "u0MfT/CHY1AhIYRRjCtdhw==", "b3gcqhWrOMtSFjkTMyyWQw==", "AJgpOdbNJblqS+xC52p8RA==", "dpCbBO9jgzvekz9nKJpSRA==", "70+Z8jFk8NJbHxPCoxDRng==", "8BsUEMjLB96UtpRd1ludrg==", "xcQReVPnPEIim0iMTZWDwA==", "ZoK4/bCJQ036BMFIy2mG8g==", "5lHEu4ueMJgetLv/GfKHtg==", "vagSYtfX2ayPhseLZe8kAA==", "guovo7cvog/lYbVq887U/w==", "1eXmoeT5Qd9M0GiSJ3z2mg==", "+63s7h05SP1xmH1EyLoL/Q==", "sGBviOATX07Y4438NYu+Aw==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "WV6CLob4bxW/eDgXBTJfxA==", "cwXdqs9AFOcThYn4e8y3yw==", "oGVW07Zdco+t8LxGqPbEUA==", "oCDLcNdeKQmSOcg6w237gw==", "9b3hAQW/ubh4v6zyl2M5Ig==", "M0WxNlBrWr1WR0ACcsFS3w==" ], "HbglDdnV9yne0i8jQL30HA==": [ "VMOHtQeyAtpNyzG6HE0XhQ==", "fDvGbDNJpsxaSncFLSlH5Q==" ], "J0HrVYoM3raELvTfJ82QMA==": [ "+nrMi8U389zlK2TEsOUGbw==", "cD+9p+2eb4ubWbn/ynDqrQ==" ], "JHQdC8JdSGipvO0sCig0cQ==": [ "UVRy+pWnw+7xa7f2U2B15Q==", "AsiuN/8gu7sZ0PJCLihjmw==", "74B4VkBJHkNvj2AsRU4uTw==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "vekzBecfH1YN/Zd4MHsZmA==" ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ "C0udSo+foVK8TphEaJ9u7g==", "RLfmH4oizoEHB59VpAV6Kg==", "2A2BjgErU1GldRQi2g+XQg==", "Jek37tQeVdKEwtu+6a9/CA==", "9Yjf3Ev3R8wbqlhNdfwPQQ==", "2Z/NA7sGgadio/qisfiC3Q==", "CoMZiX0VsWNhKSQo1NCYkg==", "9vaAmbFDwko+7w/wBDHWvg==", "wlPwpwE94ExdZ/N5EaE3ow==", "7v+kCrIi/mMmyn+o9Uh+oA==", "ZPTYG1GW4N8khhdO0sFXlQ==", "atAnLiOuVhy8qyEUVNzM2w==", "BQivQt20Anl3mLgiJoMKAA==", "noUIfMZn5dUZdEKTi/GsOA==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "dO3yYWRHtCsx6+NRjjAIsg==", "8vc1CEh/sS08VpWYipw3xA==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "L4diUjusARli24fy/u9lAw==": [ "FkUafBj1ekysZyPIbZi5fg==", "l8driNMmALQs2/V7+uCq+w==" ], "LD9yEwGtdZJl2S96EO58PQ==": [ "RgBI11FezD5/LF6u61IQtw==", "yrD0ecVnK2Y23POHVpCwiA==" ], "LR+S3JloJQ5YEViBpmcLkA==": [ "ydg80VAiaAwfrueUhGEKNA==", "toXp/ZwNqXAUsdXRb/4DVg==", "ApGWymi9r75ZlVZNkjnd4w==", "b0xlBSDO/qp5khqjIfXlSQ==", "pp7NHxA1qAOUnsy/IRCLbw==", "iQtqv3HeCGvWBf2ImnFK1w==", "PhzQEpAkCFfaNfVzGQzMgg==", "J4ecrOEw69avIhhOznG+2w==", "dhv7M9LLYIyyRsKi71f6Ew==", "lnhGLE2iCT1nizqrTioMEA==", "ummv/ARHzS4IbQ59dpGtvQ==", "3S91ZYwiienVlUnFeIzkRw==" ], "MJmw8vClC4VAn/J4MfhK2Q==": [ "DWl94vpEWRXsnNv1XWboVA==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "tJJUE3O+B2dj0YzqLSTtDA==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "ydN/9qW+IO/7qUsy09APhw==", "Av6IvPz8z+8JAyypXmkbTA==", "hGz8R5Dny4UCIDPZzXbK3g==", "SPxMxLW2DZ8IvP04UR/H6g==", "kUo4IyXRh1XFppRDAqTNnw==", "WKEI7EQhRkCAgIF18HZjKg==", "gvOYexCvSFjRc1ovPwHsww==" ], "N4dB55YYjGYeXRj+vLBatg==": [ "14EBaSYBL4fLL4zgayhBkg==", "lQ+CMunyB1B/r/pkv6U72w==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "PHkBez1UE90U9LJepncOKQ==": [ "Jx8Savf4pVqPTLt8HsgoXA==", "842T09LMtibo6aQ7X6A47A==" ], "Q+exKQZH61PI/8YfpN472w==": [ "j9SRMWigV/U3u/1hsi7gLA==", "Ih4ScPgmvAttJN/czzciaQ==", "Mo4ARlLui4P8nHgMUyYhSw==", "99Q540ZW70Bq59gE8MRNHA==", "DzB2GvXN7uyOKTXPPshLvg==", "70rtBro0k4gOrF1v9b0LPQ==", "4zvDuRN18ZTgEdA+auow3w==", "pv5Nm8Lwfq3X5Sm3cuoD1g==", "RXSYUreBGXQz5Vll3C130A==", "XM09w+ZScTz4IEN6LeAUgg==", "MJ6xN5o4V2wpv4hjMTwHAA==", "jmCYpsGWnnwiehZQL2tyGg==", "cKtHM3xMrk1VjV0S8Zl4qQ==", "L0O+Qmwnpkk+Rg/VqN7QWA==", "eZDuJI6jaohxUM7fcdYEYA==", "LBK9PqJKfCEUpttQCyryqw==", "LzfcsSJMzHmJVjI8xrynCA==", "rJHkC74NrobNudSijB/y4A==", "F6i42vx+GvZ/9LpnToKHcw==", "8ML0IVFlCjXlypnsSOqB1Q==", "vwUe6Dpe5Fb7V8GdyGEhjA==", "bzewxC8waOXL414yMxKcqQ==", "KhBWOViCuCZdWqrkDlYvOA==", "Po+GLdyrucAyVatfOmZxGg==", "sEY+u8JcXEvFyPiUDTNKow==", "wMpTUDltgKPDv4b44/0Spg==", "k+Eb8x9IQ/IHa5nSq7kcSQ==", "/kFHc0+JKhJmQT3bM6TpTQ==", "rpqh6K+YqMAxf172QUbycQ==", "Y+LzorqDQD2Povh+kyYSqw==", "XjQpmqOxrg5I1zgVKxswFw==", "6Za/T764+Wnq0wfxFjEvGw==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "HOYwG5Rw5KtCLqSTp9IaXQ==", "de6Wm8GcUOvZ/vqX7ogEtQ==", "CAcAzU3FmPfcBEK+BF1wiQ==", "sY8NON9Vp1LES9AwtY+jzA==", "0w7yDxNwDisUMkIdlkUTZw==", "lgYZVj6kPc0Poy1meDiyZQ==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "y9E+Lh5SpPDKe0DW19HLjA==", "AYOaUiAITXfmzrid+CR2Og==", "kCqPC9VTuWeNYsZfiAbN4g==", "YuJLEitJYK/0Cuux1rRK+Q==", "UBV+Z4vQ/HB9/cVGq/+u3w==", "dMO4fX/IkQ2bi0ds65uBZA==" ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ "rIk/NHa428tmc6oDgqypQw==", "1q7YjyB3mR25zvqxJ6Zk3w==" ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "UbJne6U4WRZmmyYLeEtt4w==", "cBmZwV0l/QLSSsoNwTuUWA==", "MYhgpNDg22nk0/HCSwm/gw==", "wO2dcFx5JhDjz2K4QDYydw==", "e37CxvNgywelF2ouwzqL2Q==", "6thTxik/0CDWjirwYbVkYw==", "hwn8HSXSxoAi1TYe+ACqPA==", "jb1tyEUU0h95jkJRbmTeVg==", "eGYBZQZGb7FuYNSi9wuFzg==", "oybDfBRpKC7mq0IkNE/WbA==", "Kcd+UQxBw37KfFkRbn1QXw==", "gl5O329psI82Wn7F+BP/pw==", "0ahYjiLWT0VE+MRcEm8yAQ==", "pl0eAtev2igDstYhHd6sxw==", "5XT+5ghtfmJFJSJCERGwhQ==", "kFbIkTDdc0p9e6ndPrAnHA==", "5N/eQ/DLmsm7yS6+3apC5A==", "owALVsfUiwMtDqenpdt7Zg==", "AuT5DLBrUT23i8Fkzi5nrA==", "0ZniYEExf5hn6bWx9CxbmA==", "HBDLPf0FBMppxrTwW+gqlA==", "Y08Ni7+TSPQ/xSSRr851zQ==", "1CDGyH/KaS7DctjOTuk4Gg==", "IL9yoqEJiA7P9oRxQrj7SQ==", "kxjEyJZKMrQwjAj12bH0Ag==", "5ejk3bhFpvIIABy9EwjwqQ==", "WzMeKgvORq7XF2Xr4q+JaQ==", "6pPl5aD/FZ2M/6Yaa588Aw==", "qYLCfB1EzRWGloOr+Ke8RA==", "QL7KLbo+Ri9Q4aoq0+/c2w==", "Oi+2EF5+FNNGg+4WyowonQ==", "XC3MXlpMb9D+YigNspsXlA==", "NFJR7P8KL9HNF/dsA5opTw==", "HiF486OoQCfE4Hwc8DTxrQ==", "/YIHlhDwc0XvwYDDbGEIMg==", "SFoELvc6okNKWKi7mExikA==", "r9qwoudvbxrKUZqCmUc7NA==", "anPJmbS134IB2gfGIWKJ0Q==", "wc5lIWGg0A45t1Tgl/aghw==", "X2wqIFGbKlJQpE/DojrwxA==", "qr6Jra3xQBxvbIQJAqILNQ==", "z6u9MfxJ5450gPIBXVMBZg==", "kRGVc4s/SuXPOfCHc7Q9ug==", "Dlv776lHnCBm01HWpf1zZQ==", "6/Rn1WFxVO6aopyr8psGfQ==", "UEgRngB2KVq3bhFU/6+13Q==", "SXF95Q57bdA0qf3iy/XSPw==", "qEQEeZkI3fZm1RmMiKeYYg==", "1/xm1gDhSpcAv1vbsLnNhA==", "+1zjTJXhgIQ5uwrI0Po3UA==", "Eptc9iAtWcHP72eK8tBCkA==", "XWfDomoStj3uOui0AGO+Tg==", "0DVnsi7oVeiCakd5LIvqig==", "DjTY6HUnX+COP0+KJxD8lg==", "pWQV0Z8XQHYl5n7sHUZBqA==", "4N3POA/rTFsL9RdGINkq1A==", "gs7k9o3a1jAc/zZ5AEytpQ==", "NPJh6PwkJYtfpkFMxFCfIA==", "HlmfsCkhcIqBoptvS1F7pQ==", "KM/iKSazFyPeIBezQXviSQ==", "F4g8Bboy9/sMyy+EusFlpA==", "zBm31RctqcDF3ITqeA/9oA==", "pfNYlxG8sY9hFt3528zJoA==", "7oEe6HdmVrscCmplGQsEeQ==", "POO0JR6PIxa5cAikhYHhiQ==", "o7U6pbXnKgxDi4OXl/ryRA==", "oQ8YhXsWl1bwUCG1x+HzDQ==", "L5u3G3ilU8/0RtMpJ7kdKQ==", "u/b1G56mYgMO4E+lYxSxjA==", "w/NMuS0o9hChTkNvZhIOtg==", "jYkhobM1mHtLOwQie8WeWA==", "m/d6QTwNzEzxGSR3T2263Q==", "eZ2tz3j+u7GWuS6rb2RB7g==", "ZZEVbWhAYTXw9FIX3zIAtw==", "F0PQEZy2PTlCGjp9J75Btw==", "9kpPzhUEkQr6h/4fDNnSuA==", "yCrfh+WfD/7UJatf+Ek6jA==", "Ht/FCT7E55SLIJNr/AHy9A==", "vBXrhxnu9HxQSmN5xWhZaQ==", "Ee2apAGC0PFcPNtPjyeqbg==", "JS6LnmY1PZfE5YxJsCWPPQ==", "mbMEAQXpYoMKq7Io1LfrJA==", "ByykkIf8cqMarBUwgOjK0g==", "AcbVYbhZ/tTIOm89OCy5kQ==", "43uaBOp3I4s6BbwM75Dtcg==", "6qJXB6OTmGgjS8WJVVTxvQ==", "ujzNJ5kQVFINisRmEnkrzA==", "kTasTqgA/HsT2H85z8VDPw==", "DAwq8wwWp0GN/p0AvtHE9Q==", "V0awGVhndNVps/Yhh/P2GQ==", "psr6EfqmKkDu2s/af+27mw==", "jcBNjU0VQp8W5rs9GaZnrw==", "kdSSzkEHTOGF0fpTfXjzcg==" ], "RhNJQyxUHoA1z70UtgAC4Q==": [ "kwBmjCC7+d5xUliMZJPNWA==", "vb7DdaxZjPV5NEcCqN9EkQ==" ], "RjsHhFfoWvmQBIu8lxYZjw==": [ "iK/w4oP0ry88Fhi1iG/FpA==", "ycihN0043OihPtrAPlFZyA==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "GAn7gWUe2pFr7PbwechqxA==", "AUiFITCnRjRxctzqqbDeeA==" ], "SV9uo4F9Li9vAHBKYcAlZA==": [ "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "2IUiS8eDJ2evZHzBkLGqPw==", "UeuwcxsDMDrcMU7c13lXsQ==" ], "TANtf1h6RhI5yVQQhHFTbg==": [ "QxQ47SEMl+UFCOv8XVwx9A==", "XPUXyp+BOEJyEGOgXafi8Q==", "6rBlrHxkkFbqVRbyfq+scg==" ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ "rd7C8AD7IYUHYPSfAYtKrQ==", "0hxAfeI84l0pzeedcqmGpQ==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "H003kvHQyN0gsWRXOrXzxA==", "QgyYiUqrv2nc1+RqO1bM4A==", "FyNQxVBbour86huhtgTOzA==", "qnfP2y61ycFKlR/SBnZ5sw==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "+SOMbfLFiy8gAeP6YTZQLA==", "7HuMMq7XSYKaQG/oWdxnyg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "Gzt3Aov08YmfW0b/CN7tHw==", "d8O/Pp2nkWZxFhUyXQucZg==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "z1wZ8EsA73QQBAtKsHeNNA==", "1XwPa50Si6EKs+Oms8SLUA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "pX9giWYBuTR0yK974RC2ng==", "qj3kMXpJzib/tg7NOcmtdQ==", "5Dh9IlEeZc9EPevqDNDlAQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "T1160/hke2bN2YNtHQGAVQ==", "gwO7tO+7wG4yYN77KHpJIg==", "pGvoS/decJ8g3YpAYIFmmw==" ], "Uui1iXuECCOB7NgLQMsJpg==": [ "g63+znub5tyxpqqmyP8Tjg==", "B7rM39vvdeIIjmDnRAuTIQ==", "bVLJeNp3UltT+T1xu6C55A==", "e+8uKOviBSOTR4ltKl/Y5Q==", "Pdc4LabMMVIl3+kSdEepMw==", "brTmpkOORx2yJvCnkPzYRw==", "T4bxk7MHk24P39KEeRKoig==", "WNA27LqRIql90O1m/PSAgQ==", "C9NKmmH/EbcYxVOEg1uY9g==", "ZpoRIduwcda+XFGXyoaDAA==", "7XM4eB5q+q78IrA8abl57g==", "JWrwO52d5SNbcmJ2KpFaJQ==", "EUzfiOQu+qZDEDuD1AbDtA==", "9lOiMN/e99o1oI1dhS9S2Q==", "fxc/de3PyQgiwjyykMQ4ow==", "XVnPYCI1ck0zTs/Cz6Yl5A==", "ao8l/bKVk/yRH6auM4IE9g==", "2pofu/QdlV4xoXosgfKRNw==", "zNwhU1to6ohdg5Ws/JmM/Q==", "lM6Cai1zYvH4FYQ8nb6tQg==", "MtExg9vrmkuo/+/XELnvpA==", "0QqnWQey4QRkB1tBadW1jg==", "WoF8HAs7BhQT5cycNGL9tw==", "PLT6ItGnGibNqyU7ikhmRA==", "ewA3f3GyFBJhwPX+CvDYtg==", "Nl5OfrnQ/SPbLIWCvdxEHw==", "ybg9o/djfKR8D2l5wfz/6g==", "UApauQbQz6UZdsAuW9miOQ==", "nRlBpDuWR9J0Ttd/BugkSQ==", "70Ajh2QFCXmrQTWVljWbIg==", "U7q9649W3+OXGS9kMwowkw==", "0wSMVHwI5T4EgYqkub8RhA==" ], "VFldiAD+rTFuce+kutFUuA==": [ "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "qNhEJopIC+OWvXbrkilAfQ==", "+YsItiFwLsY/quEIP17M6A==", "3cVM/UH6o+8G2FMQ1Gl/Ww==", "O24do/xbIwz1BfQU4lBl5A==", "zi+zTCtHwI+xWITxpaOJBw==", "69HZBPjw2QR8kIdKeSUwQg==", "24Ysg4Ma/AJz8Z93D2PzNQ==", "tZSfr7Q1QfQP2u7Sjxqmrw==", "iACEEOg8p4u2oul22eTv+Q==", "55nFlly0ydgYROdIHNoLjg==", "sJOXRbCL0QuUC1P4v8JTZA==", "CebQRpRZjOcKyG6X/Hyb9g==", "W5birtu1clZwp55QDPxkAA==", "FUeASYCa2REKwmC0CFlz2g==", "iRvSvKSGVLHqIXREJ4Ht/w==", "ABh4yTmrbQSCnnP4F8iX5A==", "mX276ORRxpj/FeNL+3OrXg==", "aqaaxa85Ibw3RSMRWLL7yg==", "rBDj6tuhee896qgiVA2peA==", "khwtIlYEcWkkzJP1rg7BNg==", "zLUPO/DSeItPLWNqYd2DSQ==", "mXfTdwl2racpbSHHHKO6EA==", "UoBD3GwEne6Zwl54oZgCCg==", "Zg/5yy5ojZu/q0X+9MCQQA==", "GXVxiDj3UnyxgXg2cz7u0Q==", "xIqTu52elcgV5FuN0Fuj4Q==", "m+ltkfB6bwuyxpSjgAFr9w==", "5pFK2pddNfoGuwrNwC3BlQ==", "rDeZ9YqARbQ/8OcOA5Tn4g==", "s0BW8R7FNYnFn+nWkJnUqQ==", "gZW7OlWAfe3YqvPh9YUqJA==", "I1n6/nf1BmKoqYe/GXCV3A==", "b93ucKpooFuvf5DZpkuQ4Q==", "pfZcHRowGRRifIIMXAg+9w==", "Z9vlvDewcgZxmJe4Kp3wxA==", "BCUOacmvjky6+oK/3U158Q==", "Y9X/nbUFq4l8+xowG5hDkg==", "xzz0v3ajpuFhN3HDJCDDYg==", "3A+d+ITPUBtAGX1jTlLhKg==", "+xzMjgQ/BhN1jTBlVwQfIA==", "akEF6NF80R9wfgwbXmOEDA==", "iA/QQjWhvxyNLUaetWDlcQ==" ], "VKbklzwNVEem7m1iQRERDg==": [ "C7v5oMuGS9CuS5bfckNF/w==", "Mds6YkAImABVZfFVPdan5w==", "tlbehmhIbT1WwXt6llfQYw==", "grZJQsj3BT+fQns8dkci1g==", "pTT7g2z3OsAYgdVqJMZOLQ==", "JwRn6LaXs4DLH+aotGHcIQ==", "RFeq5rwe+sxgyWgUXeEitA==", "sEXYrXIRghEOX+5cKfh4HA==", "HMytRAMTGJlQRfqVbIzzVg==", "xKgvhqTYvQwR5QWUkRuf6Q==", "pvm4gwkuqzgisbgZu1oTlQ==", "w/qPRfgu7T1MbY4EuhkWZw==", "8bMBj5vTG1tOpQ1wuVD1bQ==", "g29pa0L/tOFblhQQDFeJbA==", "7aOJwf1br9gIaC1RH6UwDQ==", "8m+MeF1Vk+YvSROjY2pN5Q==", "oYEyIJ07SURdsg7rK6qrYw==", "U2e7dgKDqk0OlJ2oJw2iuw==", "jL7k69KOM8ZjTH+gwznwQg==", "TTh9HGJJgt1I4lhDqtPBIA==", "k/RAvY71xpuUVrSpsGkYlA==", "nOD1OtMP4aGP/bT3iktDEQ==", "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "W+js148eF9SSUbrTSIRvOQ==": [ "EHdSTtZdfwUmOpf3vIeLWQ==", "5EJ0MC7TgiGIlilbbiOvfQ==", "dN3ZkuuHRauklH+tfqwFYA==", "Ry6vRm+cs1w4rnhTcw+4ww==", "yV3QixxBrXQjuo0c4OIL/w==", "kCgZMoKRMbRx90oiE7jJ+w==", "PYQ8GtvInfQ411U5gwbErQ==", "Vbqm1jpiIiIM2rxq++FdoQ==", "8ez1JQpqUyVUQaplF/dpog==", "2n2n++65Q4X6kZeNZUZXMw==", "GpJjElMhBMa2ZIh0g/0hAQ==", "lWKRi6BgpanbsQgeIct91A==", "Ws0fZZUTvLi37jSEx1MM5g==", "IH0yoiWyuDmG+HH8h9dKLw==", "NdlKBrj70+HY4gSgv+wTmA==", "1ylYMOLaPUA6xIkqwKBb9w==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "JLZyRakMGnyMKNtD6nnqpQ==", "8lLGaMUZk8kOHbicsIjPjw==", "lh/EYac7XXFvwJr7gkU1TA==", "RnzVpoLf3gQvIDiBFFXm6w==", "ZZLfaN7MH3nRy8BlgA10kg==", "Stfm7ne4Ofst02xkZn9K1w==", "P1K1eUbqwgam0P6f7iB/IA==", "wjPVtpb8yNf3j3pc1wfy6A==", "kRa60N9SRvgjl+iiwZ9fZg==", "zFG8iDklz8FcuYliYZGkqA==", "d9qJI4TyihrqXixZ+S73jg==", "/m4KubgMsY+Uf3GqqbY5Og==", "82S4cf8ecOlHYb8LNQQn+w==", "I44fXMfux3yPYaBHaNxgsg==", "UsTHWG7fBbgk8T9K0i79Ww==", "WwkM3aNBW0LnenEr6xDxWQ==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ "3O4R28kD2w0Acw7XQvAZ3Q==", "gmo+iv72N8R3ZKjUbp9DXg==" ], "WIBkwuKReD+vnev0WY88mA==": [ "Mo/R2a7u4vWlPy8O1jH7HQ==", "//NR3gdAYSoDJ/e4qJeTJg==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "4MoaZecth+9t4X3jdykhZg==", "0U0p6zwok5l6rbIxjBRN7w==" ], "WXfnWfq5UvDl4B0hS+0enw==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "WgTBt6b85L1bF7WXV5bQRA==": [ "LMrJ8zW3vxlqJrvFMbbCGA==", "YgwLp863ho/Lz7XdBK6IXw==" ], "WuHt6bav9qTQn9+qCLLu3w==": [ "ZmOheSIAULld8cF9POTj/w==", "ulsMCA3bm5VANCxYIf54Zw==", "TRd8qEGSmZkjG+mmOfTmTg==", "vLgELeoIueNM9KX5ZIMtjg==", "ssYEt3aOFwnaqoufFlsCAw==", "ZUoGCxFJ/+PUPUdg60izwg==" ], "XD0JiZBKTweysL9d3sIzpw==": [ "eERb0a2u5NJoo8XHmwI23A==", "LULa++Og4kM4JJrQxnZj0w==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "4rkDoNFFNCrcnkPj+GN2vA==", "fvxiOpnl4vL2UcobmeaYnA==", "1NnjgULlQBpIVsNocYb9uw==", "QNVm3dpa9lFJUb6FBjjc1g==", "vbUGycVGGL83rd1I5CfHuQ==", "NoEVAwQMgkCr1UvAm6iQBQ==", "RfXeDDRCykmZZMDXVfaGtg==", "VgTIKWxJpYFkd788UcqT3A==", "cex7jEfdv/MaWi3px1ZgxQ==", "ozbcadljjD/zIm3hj6kVaw==", "P0aqIEFHW71uwsNt2kNw4A==", "xoMyxEWbrnIOZWHnwVuShQ==", "by4qEj8r2+yQ8xw2ZHB4/Q==", "4YMcCEsfWO5KpctoAqwrFQ==", "uioq0s2+upthXeIfuu8dpA==", "zmJCk6ssM8yXKzXcDFtbsA==", "4hX2FW/Yj9HDbKRBqrhgdg==", "A98JJ8FAQWnMhx8Nb3TYXA==", "kQEcZDAS6Ka6J710VZUH9w==", "9rfGlkZ9WMAUo942FMnq5A==", "TU6sUeJdvbpf1Uxt7QBVXQ==", "hYg6jGCQ5Nuq7UsitAzuiw==", "vwdkC2aeXSkn642Di7lXbw==", "r35oOcTyVY7X2QLaChkjdw==", "ZrKcftBnwBVZKQlRJoJcLw==", "lBoi08D0xA11v+agRADO8A==" ], "XX1gx35T8rMzed7p4qESdA==": [ "cSPoRTB3BjDaa16wszdN3g==", "rKpZxH2tXrNLthuse32FWg==" ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "5xW5MMwESxiksXgaLrFCnQ==", "GaZVgTbcdJiJMvdUeofqTA==", "8Zz8gP9QPTYBttUQXDeNpg==", "e8Ba4iAzVtDvrookiM9XAg==", "nNNVXLjFvnegTKkITfCBuA==", "FdtzK6tyT53moDNlzBGPBQ==", "sHvGKpRovk0D6WznAeRDaw==", "iveVedfC78Qk/6ltHJ21kQ==", "9SrODyBGF+py5BfKYxVllg==", "x+E+r7arkKvVcXf/ay8rdg==", "oVI7j6msaWseNIkn6m/3+A==", "5/L+eT1BzZSWVW4ZLUXszw==" ], "Y2WVn7YbALZNiKrMVF83bA==": [ "GJy8g/4zoy4CPDvWLZr9kQ==", "34lrKmSrRttv8Ef8QZo+Cw==", "uGxAJHfmN99PtsQCJqV/nQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "Rm7aeXEOy4+PSaaC/AfGyw==", "O8btQzgzPf/pU7XfP3wqPw==", "9lxLFgIezXSh1WnSsRhwNQ==" ], "YRfO+WACNVQDTEO1DaRoPw==": [ "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "KEWGfOVGYNjr6kNjpQx0qg==", "D4iEHIlb8qk7qBBIBLV2WA==", "fcEhBEQT+7+nxaOwZEIInQ==", "9CmH5Y/MDHXGbta8UBA5HQ==", "NLs2bAzfO2YzrBTddmvvkQ==", "9ca/WR2Db6VUKD0h31yyGw==" ], "ZEh/5caJmj5WMgoK5/jyfw==": [ "KTLyj41W+cHfjH/HBrA7BQ==", "fHxgcXxpn2MkgE/aUd2Vkw==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "Lcg+9plLPEAo58BHKBlIGw==", "QznSXY89jmEtP62PhxgH1g==", "JBIWl7TA4AzjcNVfFPjHaw==", "vc3i6DfzTVpLFX6x0zKE4A==" ], "aW0vfCmvp3ku6dMkvaoZGw==": [ "FAES1XlWFCETbKQytoq57Q==", "2oTX17kDUCTK4lHB98r0SQ==" ], "ao0mLJHwgqEhua26lzg6gQ==": [ "helnYsRUBV0VLNZe0kvTiA==", "L/8naYULbNo7VCB5WzvpDw==", "4L3dk768qs7Sg3jWyr+5Ug==", "hEt6vsfHYq4kHELEO5xWxA==", "mIzvIMMUHDBMdt3eAx+4Rw==", "okW8xf+CinO7BWuM9dEk4Q==", "KwXuJ1mZuqgv14dKI+DdIw==", "l3j9C20yHr6ZHIXLApzl0A==", "9Bnr48B1Gkm5b1u7nixqng==", "wBC264S906jsJ9EHip/24A==", "DGtUYJS9TDm0sI7Gw7jCuA==", "alSeOMnzCu4eh8h4VjVrpA==", "ZQsszFOlqLuLyfXZGfRKxQ==", "1sD6TJmtoMKm89Mo2ka5lA==", "0bsVwLbC3DjqoPdFlpHGrA==", "USroe8+XCxLDwAOkjWfs+Q==", "FrIXKuepXZdWVsQ8gu1YHA==", "mjV/DAgymXlZYSj9rj04pg==", "lc0ErrFagkcQxsv9AGKTjw==", "eKvGCJDf1Iytf5g2d8kaFQ==", "5MGCN705vR5eWycZyFuYJQ==", "H04yzALMJAjmclexKFeS2w==", "qQxzRYdLEwZ+uwtq33H+Uw==", "8qeM99NPNtS3R0CIVDnqTw==", "DjpSix06K6wkPOmaLpbGWg==", "c9kKQdmqE31JfE8hW1jBfg==", "wSNG00q+az+IW0NBCU7MPQ==", "OvvtykNCZtfooZWGyghXfg==", "EB6fg0YbdpF3FjycPEVN/Q==", "g3/sX4CO9sGFGMvToQ+how==", "AyHFH4N7lNUZlwVfgigcMA==", "FV18DPtJsW6qZZIHDbkGJA==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "/rVEaWl0l9u8biVEKbZTFg==", "ymBGTBftPxHJSbwAfx3uNA==", "1VKGbptJGVhPmMaic8aidg==", "dkB2JDRx/pLwN9EbsYh6UA==", "xhnxsdmWc6+n3gUj6yqBpw==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "J/vqYu1qTz7dsS8oVaCTTw==", "vJceii8mKrpQPBtlAKleGQ==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "YmjsPDVfe7xyjGwOgJunGw==", "QXekSyzWiuaI8YTxDgngHw==", "H5HU/YMXz+3wwSlUv2hOEg==", "WKC52So9Haaq0Y0pkIeTJg==", "qsn7RE1KMH045/wAyIDw7A==", "ZtlPcxFiuXhGia0ZM6cNBg==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "WACsy7vAhq3GJRyxAuj7NA==", "wn4STzMt4ytbVHyERUyNoA==", "1Iwd54Uz+8MDWoeCI9f7Iw==", "ThjoilITJToSra2xx7nmXA==", "ltryu+P4IG4b3EAJKjyGHQ==", "75kzXqx/LGJU9hkFlgdGGA==" ], "byfHs8LLvbAc+YzK8+QmXA==": [ "0EBjG0eDRuUxNmTKolYVYQ==", "VdavXNeRp4EjkXxldYSiUw==", "EXWaDNivW550gBh9Dm6gCQ==", "gJ/fF2D4AXb0sjRGNWgixw==", "GVOb0whjVXBMMGVZhZjH0g==", "8OhIIjb+vwm01NjtGgcnDw==", "SWMi5UoagLshKWAW26MJTw==", "SsFE9yHqow9BNx1O4nMcCg==", "eoZiXVXIYF5HZwY9O+NvfQ==", "5zg9huqgOp8E89z3dxtcHg==", "1XBQq3flp6UCNWfTuRjE6g==", "kMB61Eclf1Qb2Suk3JRmXw==", "8eY8PV83CN3R/MV2hK7XHA==", "V2C0OnbFKs9wiV3IrUOPew==", "gqWTMUdDL1db9YSLA4qpRQ==", "wqIGHEm21/U4VCTr0VeLVw==", "FKuvvzZuxFLoDaTeoDMGIQ==", "OUOPFj6v5qm/F5KSXf7dVw==", "yubezWiwTBzlJyfKBBah5A==", "qbsbXExNvRlblIMDPNkFzA==", "juRvPdedfeoW/YVn4PBM8Q==", "k4dDUqBohIhzwbUS8fZiCA==", "4IznDha57aCNWoI0Hc828Q==", "1BGBx+ICmx9ndSR1J6c9Rw==", "DDPdyyhkyoDS2Vq0O3We0w==", "SKyAPnATFclliIE0mjtq+w==", "ukBMje282PDzxzC8wCZoJA==", "cm/gvI0AVbEJW8SbZVw6fw==", "vHIEJpBGkCNiUPmahPyLqQ==", "C+2GxqMTQEZYKlJYDQE1Pg==", "ZBDjl4GlHR5BEu3WvRQHHQ==", "y5N73UEFT/BHwjJkVAx22A==" ], "c+W6x4Mcea6sasJQFpayfg==": [ "ryPu/punYtMOzifbFWj3Xg==", "cr4RGJYSJM2QUssm6cAQ4w==", "XH8pWtqEhhBDhQuq+NWhvQ==" ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==", "/KRhrFyFO2WBBj1/Wnbnrg==", "4iFNln+X4k0SeUiw/ueLUA==", "sQzygdvKruRINz20KeXUpg==", "0DSgRHOq1OLwMX3biKMcbA==", "UcI2WjL14mHQYOfXIkpuzA==", "e91QDoc1m7i0h9Urg1XIuQ==", "UTm7DZVRUmqWWBx0Js7vCA==", "HW1HxtJFrKBktMKHARGGeQ==", "9lAt/24IrVKtsskC+grSQQ==", "sa5mIA5TIgDDEs7v0PwTjQ==", "5sY/WncZRmQ7FUzZZ4kBfQ==", "b8cX6Z3ptet250uYs1XjIQ==", "h/OVEZRz5ndHYLHsNXXXMg==", "d1j+WeBwgxUY2DD8tjQwMA==", "Ec/FYvTTz4riEqnQe1G+Fw==", "7SyD51cUTMP7ddBSGNw3Iw==", "LKHvKuMU+ZaZN+c9jQoc8A==", "Dp0x43cNy9IQTCa5Vb7Uyw==", "9U8BTRqVPM+WCls5RolwuQ==", "c/TMKje5Txl9grWesV+S0A==", "Ayn8XyGcXwYPR+J1PSWdHQ==", "O7l2OQQ3NRM4VNrd4YvEaA==", "SqKI5VB6698Nen4zsScUuw==", "pHq3XsQe5Y157BuUHMufyg==", "CuWE9qOLaSI+JhOsCiY03Q==", "nzSVb3AtyNNflDi2DJAqSg==", "DI7HeHo8A/itZHGTOHOQIg==", "RKG7TR5VLN5EK2rg7nfjuQ==", "flC/+W9ll6TqBKBRm/YUiA==", "U86hsRMcoSpvWp72aUJNFQ==", "h5U/sk69K9TcWs3P9TuKxQ==", "8ImlkqI0B9hvKdKXJLla/w==", "lH27Z8PmZeo/EM/AegpCTA==", "W01A5sOetTjsV/4bYawPgA==", "DlS6uDYchj9S2LQucQuZxw==", "xxrk6qwvf/BkNdal8rz/jA==", "x+9X6oSMihxrE4Tni3a4Zw==", "hjzu3I+m68mPWogOfZscVg==", "WOIdi+BEnCeSEkfRBmj1AA==", "nfRozYKxaq/cbStnERagAQ==", "+DDOZxWQYsdNCtZZs4LB2w==", "Fys7cTDgnkqkKy/A1tAWPQ==", "Bua36N02B8W4H7+P8yixkw==", "nVEuAeNYaydUTqNE5GOm/w==", "96QbNqFHhG4RmHyIqvnk+w==", "0ZQtBpkFjRCvM3RNGGREDQ==", "UjXmsuFAyS2A1LN7d6S/5w==", "yOFL3ef2F8Ux3GMySAVXxg==", "5RT9+X+8xx3rC02gOnVsjQ==", "Km0Kj8/PT21DcOVckLYRyA==", "DrIpfcclD2b0iXSNtu+I6Q==", "Z5H14Z81HW+BVvKWtV5kDQ==", "hIHRMVndQh85jnW2uCawbw==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "OJ5Ok6CMeJ8/3txCizz4cg==", "x5MnAXJPkWBC+zd+i08Svw==", "vdokiHWKHEv0aYbydeDs5Q==", "opnb226IH8+SU+iAVOx8hw==" ], "caF9WsICRhpk2jJBTv5OsQ==": [ "x4y353xwTKkgu0582Qh5wg==", "m94VQcvA5qigjAcL/i2L2Q==" ], "cj0M8yBzJA8j5tTGHOqDIw==": [ "5AQXXWGtKGeqoPkMqmVzTg==", "FAoi5hf12Vg9h7NFehHyBg==" ], "clGQ5Kq/RKZZziBln/4BLA==": [ "R9lgi90skf6A+gEQ2Lu8dg==", "koaJtTt9+fGxG4OSw5hxFA==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "M6ssHrt9pKPpEPr7O0Tc/A==", "ac4lX1PsJ8EE0cPV3DeA7Q==", "/rVEaWl0l9u8biVEKbZTFg==", "EcsVvJ09ys7NpdNzv0A9zA==", "IbhdAqkTe4EMzAhoNvBoZw==" ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "pvtiIO9KHqFscFbvNo86Dw==", "iAZzrtYDqIG5uluq/FjhDA==", "q7IyWv1MOsi/PXOLUGKElQ==", "zH/R3mCgsX+vslxcP7p4cg==", "cS8BJbrTN4Z2MOJCTGMR8w==", "rcUIg6JYVsZx379+fVhSVg==", "uWvHibmfs86jbjyb5h+qpg==", "sXReFixXG4Bn4+eq/AJDBA==", "XEhX6upCFgCYuF9SSk9Iyg==", "HrQTGWot7zXPyYbisnzShg==", "SKOD3G/MxX5t9s/HjT+ehg==", "jvIOr2cGPChl6X44xwkz2w==", "gIt1VKjk5s7zkgD1H7aLmQ==", "nPl1VYR04nooFy6e74yZlg==" ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ "sFUeaSTxmIP9ksmZtDFy/w==" ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ "bDvGK7B1/5BJREOCtiSQyw==", "BwQexIGmUvV9ONa+9gpe2w==", "xmhlBgW9Qhx+a2k3SdfUzA==", "lv4eSxX+AEAW88phUmOolQ==", "L7bRdQbudZhoHiefk8z45A==", "14Etv/7765FAI8QbzsokBQ==", "0Tr3QMpqaFB6S//rbJ/Onw==", "GeI10LHPuNgyyt295MOmIQ==", "wj5w4kQEe9iH2tb9jj1wEA==", "9RLVzTylr5Ocdbql97n+1Q==", "C2ejCCBwa9n29Fq9gpW/sw==", "ZC2BsE3IgWbuyuu1cz3YMQ==", "y1VRnBNNx34t1XvqjEl7IQ==", "qB1uVwi5ydv4et+JpGcenw==", "s6zRbI6E6xMFwOoLRjlPfw==", "fwXkQZwZsVuPtoAZBIG06w==", "fjsXh+vV+qSWYTJhGoqerg==", "+pLPiYWkQ9M+8Zi7lKlOZA==", "RDlpzaleAPnYWwZyjvoRug==", "dkvelc7KXIcNmlVEKWwOSg==", "NUj8ykIgUTA27ShVMCBysA==", "MwRbFLckfwf7ZXLrr6KBUQ==" ], "eckWZv7IBjaLZNS/vZ1gWg==": [ "h8RB92Gx2aWFJ7WtAQ4wDA==" ], "ey7Cn3NmMZ6qorZvUccGqA==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "viJWUTYaczSUI8knrOEDyQ==", "AYXw2VaylssI+NkH09HL4Q==", "Fg8qijPO2mYzPczZJG7NiQ==", "bqKZTtfId9l8zdFZE/mZZg==", "PRErogcN/aXkh7DLlBPLlw==", "uOeAKP5ZyZtLLU7CjOuFcw==", "mqxlcVJc3F4dPOTEtUve1Q==", "0E3jDwz9OiQ7ty2SI9zDYQ==", "scmQI6T6oitCtZW5973ovw==", "mQKKxdEERDHEVyOMhYExEw==", "0RLigWktH24pjgFtIwRH2A==", "4vS3iu8lvGukFpBFqYCdVg==", "ra+5M5K0yyS4TNorJBFVYw==", "LBzBPjCNeeSOWXyc2o2hnQ==", "xvZ+aaak6OxbCE7Nu46XhA==", "roGA0nQUzXWg+M1vb3jr3g==", "5pINgBOJXOluBJi9rQyioQ==", "39KBEdrZX0FwGoQxYgkupQ==", "cje1a6rWyE5Ko85v8goPNQ==", "7FDf95fwOcyZ1YXNVDIx0A==", "IqAfwTRGJO3I/HkfDNLMoQ==", "9HkrQyk+mvh4YcyBYw6eQg==", "kiHPM08GilYyFXQYDbdefw==", "pGkOHCsusTyFHJ/G9JGXiA==", "xDXpto7iDgv1dyFWeDEVcQ==", "IaNq7BGSUI5KW7kcB5RXdQ==", "wfyGNkRP1AKTpRqTPf0oQQ==", "HT2SNCYX7dkF36jwcJ6tBg==", "3wYf+EaP3IAW5wHFWATuaw==", "wN+C2Zg1myHVbcMR/36bqA==", "QZ7uKIt3KkZJfzRLCLWsIg==", "ECzeIHiPGDDmiEUQjBzFxg==", "wgjZroGG2ECX8FlIRRqZmw==" ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ "7MUqmqmB2hEWys43ktPpcQ==", "xsiKeHcIwwzMLDEPFdNSFQ==", "NWqPMtB06drZmdGhOgqvEA==", "7cqLG7sQEqqh9WoHfpekpw==", "EFfUhTiwNATI8s7BT2T3xA==", "hJqH5PsFQ03HT/LzTwaCXA==", "Yp6L2DOgQNnvp2uXVvH8NA==", "l7gfVyLrNH9qcWdXdRt9Kg==", "UykJtPxmRiaRteAhKYbbOQ==", "BLPjiJKh0zrGI5mH+bPIGw==", "Sw8bDdvvxQW2LmbjS6B1hg==", "obTTrP5oWTTgSGItpJqyKg==", "OlhZuHzjnGJlFRoEEZLvZw==", "B6kRennXxnam4nW6s2O9mQ==", "je5QkI9XlXAaLqMv+l8ztQ==", "3hB+Mhm9+7AXsO3nGoz+Pg==", "XEJhztOC2qEngMnVDsmKtA==", "NObEgWpn6tAdrn33X3GoKw==", "/SEhubz8W4ZKbKg2+yh86Q==", "Bp0jmZLVDqekxjq/Mq7PPA==", "EhgsZTFIUAr2YMmtGzoFMQ==", "EhcxS6FJz0RDq0+uuwuiEA==", "fyE+IA6J77V4hC6QL4QCJQ==", "gg092DB69lXLcZyDPZ/RtQ==", "nS4rhARAcjvkSY8dJUFdOA==", "g2+VTeiFdddqhRpToXK2Vw==", "9/6RhDAFXPVo7L6QeEsy9w==", "Zv+LSqi94387CYLrb5PiCw==", "ltoIfsso65jjPxRqV9UMRw==", "UcSRaJxHOHBFxbLpeEwTSA==", "Zc9mVAa+SgrDGA78Zo8GIg==", "S2kC/8+NtHD0EdQuoPqXlg==", "Vl7X+IopOqzOWh1MyUOYCw==", "LczpEojKeJQxs4tAiPNubw==", "sVTwqtGyRA8GgZdyQgXnqw==", "l8z3hCmcLYlZgxzha0zw+g==", "nVgNlf1p1N8UKAkTllJrCA==", "AR31u5jCzWyawCxRWBepmw==", "7bYXVEfvDWEIL53s8ARxGg==", "3SaNoRivMP21uU5flMCqrg==", "YPUY4Y/POEizUQSOdGH26g==", "du8AOXnNlQgdqsSZceyiaQ==", "7czTMSwqOjLz2LigIYHAeg==", "vceRrCjaQs4/Tb9s36m+gQ==", "p5Ki7Z96ChbT07EZ4WnnKg==", "ERpg5QsiyVdbxyySZngvaA==", "U06t0kkLaLeKpn0QxtZUSg==", "YHdZ6rml8dKQg9XmpjCrnw==", "AfEBBMV7R48kk4frVmVcAg==", "cgUuYY1sKP0jeDPr/wEn4w==", "+dqw6lT9TwTTzMp6O2vf1w==", "sx5ziSZauoyjmcMB827V/Q==", "7df4FOgRU0BSF6P5QJkjaQ==", "DG5z7r6LqnKlVNwHAxeXgA==", "rwX0WRiXvDcxdTv5pslgxw==", "+YVz742I3o3v3ix+O1wb3g==", "peuiWx2cfvlg0ej3db5p4Q==", "qcGz8bluItM475eimPK89w==" ], "hGxLNL3q3tYYzz2uKfKB4A==": [ "y1Qpo5IDwj5DRizBbMgltw==", "DKQ/Jfye0O77T1m4bCFM9A==", "0EZfEnxlowgJ1Et69rh7Fg==", "5xY3IHUogqpqvbFwiQURyA==", "MAL36hvDgZ40KRvk279OJA==", "Xrz5/LPkSDdzEfbSbOXzZA==", "Aspz79uO5bKpApwSqMsL8A==", "TrfUjn7Hi6JPe4l/9tuyAQ==", "te0mQBJAxCZ9Xzg2xrzQcg==", "f6muqKqBGKMbn75htgvMLQ==", "/F62/Gd7cIE4aLRbxVnfCA==", "wTqPXpGv5suIYx7xVHwxzw==", "iRRK+UGfH5YqM+4LOHExpQ==", "4Ue6KfIGD2Yqlg6OG87Bzw==", "u+eDY1Q5WfNp0Krtzvv+AQ==", "RJziShukaon2ShF1sKdneQ==", "PDkkYuYRnbObAyDWKDapig==", "ldTn/Q3i3BpKZ95U4mfrcQ==", "J3RGaCFhZHnCvtta/VAJIw==" ], "hHL/OokyETnopazrev0shg==": [ "OtUtUn02ewCzaijseyEVUA==", "u6PjuomLq+nVKrTw/0Jyeg==" ], "hYEisV19Dxn4PvCvxJFm5A==": [ "Ygj77GRBaQkoNVODBO6xEQ==" ], "hasHd85qN7fkJeIIqjjDow==": [ "XPUXyp+BOEJyEGOgXafi8Q==", "92O2+eS3W5hGvsWPMPwTRQ==", "FecDYUjbiWlU3PuXl5vs5w==" ], "hvKbzRSMjrg1f3y/PRzGwg==": [ "7y5jXLyua18Srex9lNrfkQ==", "CYkHBvLQQf6RYY/2Qkr5gw==", "Rz0KcMyzx8GC2p+YUZpHPQ==", "oPNobp4gxHQj7UMaryNaHw==", "VVUozaap6uAAqX8QCLFGyg==", "gC8lb/CZmVxLK6PkYWC9cw==", "mwpgk/i3GXoSJDpblt44zg==", "WFXV6zzHKCX8JuqtokClVw==", "pEwkPeffucbY50JSGQdERQ==", "NQ+dtAZLrUPoMA29mi1Odg==", "Zn86UzCNWJIJ8FVaY91JYg==", "b+wJbUYHuGJqeuEtodqG3A==", "z1fiDjJjV7T+4MZClzquUA==", "vLLr24Ej4L78gTG08XYkRg==", "HqbYURF/7TaXoQPMqtdsIA==", "IDDFCE+x3YM7koS2SvW5fA==", "WVPPqMDSvwuthc5RexsDjg==", "LAdEFhGjw+B+5uRqObeXiQ==", "+hNDIOxLd94c7zDMEtwHAQ==", "FwvyPIBVlE1fAIgwJ1H6Sw==", "Zk3m2J10w4VuwKsJJMXB2Q==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "DIXgPb+QqAbL75dH7f2Zww==", "CQXGvG5qF0LSGK3lgLUXJg==", "gaDJ+6UMi8jegvsDECsoeg==", "nW07GBIUhWrN6iKB9MBAkg==", "NW78+g0sKpejEre7I2lCOA==", "6XzckJlhvkdWwkN1ERVdzg==", "j/6W06GHqfn2irJJ7LDKTQ==", "ueWEd2PE6kwBx153FL1eIA==", "Qr2/3ufYTxjXiJuEKM7I7w==", "J+a2wc6cR5fLyNj39ghgVg==", "T38zlL6BTag6EVZfMAMcaw==", "hOaq2CFtnMvxmr4bZOUh6A==", "f+wdQFOhBCEFYs6UTbgVcw==", "Z707rrfU/uxs1xujVpKMRA==", "UiO8eKIdcPJIKIj94tK4ug==", "hnVuaDEhxbGffMCkOiTy1A==", "fu2viInfwA1Zq9LmALUkzg==", "V8n5VKFkjNZwkLq+W6E59g==", "jlm8MnE+Ua07hmnpXd564A==", "JVp8gcuEEeRLeKprUvrBUg==", "oEKqq2GIVwWjorWJihmJiw==" ], "i1yNGcAdCbK2SnebCgMUqQ==": [ "I9Xc2JiRiPWfOFS5AHY1Ww==", "AsiuN/8gu7sZ0PJCLihjmw==", "pN9L6/wRgu21CuY/FfnkIA==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "xNJWUdryH0nBQB/93HRNuw==", "hfVFht+buqTExOEVhwr1xQ==" ], "iQnKl0+RxymKc9bhVdyuyQ==": [ "FM2lHn17qlO5uIZtM+Ehmg==", "zFZE1hLph4hR8T7aNvRt0w==" ], "jADxtb7PiatU9dihVhjp/Q==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ "dwNH2KaulTKNFX+9quNpvw==", "sxxGu02J6Xp0UskX/yPO4w==", "R7XEe59RfqPZwHJmDbOyww==", "6PfMuZGMOADiSo4Ifx0/Qw==", "eTM7aUBt48fzJjd2YY1Kaw==", "+Hel9A1WiSK+ZclItesXnQ==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "kEe4Kuw3hXrzhJ/JDjR7wg==", "LiT2UIJJCX7RQxuKZd5BaQ==", "i1iqh+iGOleBv5v21I50xw==" ], "kMrprdB/TspYL2Dyt9hBfw==": [ "nbtTb8L4YMUxpajoNaatQg==", "XPUXyp+BOEJyEGOgXafi8Q==", "qdWe9wwJNQD9uM1J1li1Vg==" ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ "CacO7saUr+KLTbynVQRYzg==", "XPUXyp+BOEJyEGOgXafi8Q==", "I3Zso12Z+9mUcVEvUKWJ8w==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "todSxpG0ADSu6dX8ZW+q4A==", "/rGrv6ID1FHztWkSNUU0Yw==", "ugk8bc5JAs//Hgj923HTXA==", "B/+SfhbeumQponnHheNEVg==" ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ "8QRmG/+fMsQQzP2maaxOag==", "O+a4984RTSUBIVVJsZTw1A==", "cA4I0UWWtzTwMIMUTfN+Sg==", "vPDXRcEg4abq9PCqTBFkAg==", "Ojd6gfhf5HOGBRFGRWmKOg==", "QTcHwvmTXpVKkHS0xdfb9g==", "SmczXqxeZRCcJykxG3Abrg==", "+wnQC0tYj+uyZzMNgN2bcw==", "kkxgUCDqJw1GL8dK+Je2RA==", "Mv7iQu0SgLhcoLH3nS/HZw==", "KXAIwMyIqS4MKyyyosxjhw==", "H8XwHNDIkW12mW+y74dsdQ==", "vnQE6sVVricZrrWA9Xv5RQ==", "I2w7mAdeccRvDV/HeaBOoA==", "ZNESegZx5Vgpkv3OXwE5Cw==", "MGoFQMcsriBEPanvv9LYcQ==", "uILMvGS6obqeMj18FLYSbg==", "6tML+4g9GkMhdrrSDsX4Zw==", "noShzkxXeZ6xaXHAA8su4g==", "Q2EySKz2roj2mYOhGJQA3A==", "AdhtRMEnBdpFFyeSlUP6fA==", "4comqU/5SRuDKC1qqBMlGQ==", "dWdVOD7SorvI9CNble8XGw==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "gpPTgXxcA95Uk2vaf3/2dw==", "TsVNXuAeF3PhiRZhIOjjtQ==", "DtkRUkQTzcJrj8ZsC36kqQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "CYbzKTdqzfhVDluEF23Dxg==", "TGe682MVp+b3S1lDl9HTLw==", "D2PoAhXlfTjf0jSkt9i3qA==", "n78TtR5pw5YtOwMk7gVGmg==", "yNIngFjcdt+ETIv0YvW+4Q==", "jDj44frt+6TCj0cwExt14w==", "BXlYoXrAW947O+Adruh7Zw==", "uW/TgHSIKlO53BnXG1YZSA==", "Daj39cn0p5rpBblQYRpPNw==", "PJ/Blkuxb9rGhjSw0f3NrA==", "IxsDQKwy6X02Ak7TSjZKpA==", "9uo4qIbgVv97/yzslhE6/g==", "uFR2NXYHCgkD0jUkHBTh3g==", "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "dr+z30s3mVMvpF2iMBJ7YA==", "n0AAvWWXPdMdY6hEXZez1A==", "uTjjTMH3twVH5hmw0Wmskw==", "eKKwwoH894W3Vae5kYCKtA==", "tKVE3VH+DixxL49Cbeit6Q==", "S9GgHs7lpMPNDjvswObhPg==", "J1MkSCEBivWCQoYUEvHXOw==", "qPGxfT+FyuMifHo1C/aY6w==", "pg+SRV3v3Mv4Yg+0x76+jg==", "32PT0J5usgv3laBJ37g1fA==", "bdJdbp3pWxo6biBmwKijBQ==", "YfE+7ocdRscmJ75uekg0tA==", "6E1YTgmxENPqo7FirtVNvw==" ], "lxyER9sFQyH/cLua8fAlfw==": [ "/MWzwBJlhhNbF+zp0zgq+A==", "p2+Y5XRhYt7mgZ7H+35S0w==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "G/EKAYKB/V29JLdsy1wFCA==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "8dqpgv7n5GVlIYVt/hP0Gg==", "v+qPraJNH1peMhjiTk1OgA==", "fBIyxzoMf4PtxmiD953WFg==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "tW4ew6Bpf68YpYbdwMyYGA==", "sgKxepKQb+uxgfzzrcWS7w==" ], "me8N6gnEhOLccvD/431aCw==": [ "sna4IH0E1Ui1jpzpKgnFOg==", "XPUXyp+BOEJyEGOgXafi8Q==", "bDMsFO9+dr7IgrwHxKJ/2g==" ], "mqd6XOc7hJ7OKe7FI62YlA==": [ "a5tv38r7RoeoKCznzGbyPQ==" ], "n2BikwI3Mg2dIr4kYK8New==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "nRx5HCyZ2M4L1LvJSclibw==": [ "6GILJqctNxTbZFPR6fLtoA==", "d1fus7ZZWC8VndZJIxm7pQ==", "D5TjVz7ghGYgdoVa5+N8bw==", "Mrux1XY1LZVvkWuUp2MCHQ==", "nF1VC5iJhTtrDBwL8mfOiw==", "2vdCDySzHer9qKv7EOUGqQ==", "Ft+9wGiX7gFQHYNS5do1oA==", "jZXEa4mdIQd85t4aOIhsfA==", "TAntNn3gBlGhX3mRHNXfWw==", "fKSzg5ZVW35n1QRKSQYbUA==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "noZz3cbDBX3Q1ohSWIKe1g==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "PwX0RLPO5W1w6VDjSgcV8A==", "RxmnlWamNxvphCIuarducQ==", "EVXEAewBnzdtEIOYHBpZfA==", "eeetX6Vv3iXNMfmjNIPkQg==", "NAN7p79skZ+eBA0xQMnnqw==", "hinEteXkZ2xZbWF5lSQDEw==", "cw4W3PskPKPJZy+QzFk5bA==", "/U8Jx7SKI9t4H3q4Xm/KEQ==", "TCtup4kp9cBGgmnLMbI+rw==", "AOVkipVLZLxGjwVCB/7mwg==", "NDTeUbmjAj/XEHx68pTD9A==", "rm3fF4UjNztR1JpYwTPaVg==", "i+IfpRQo89HWL/sPRoOFsw==", "CCQ15lzJdM5OqfQf0dLnJQ==", "GwdBWjTMLLj14UbkCrmh/A==", "k/2DvTn2KLL28Yuh/WFLmw==", "kRqkfuoNHXgeW9vp8iyzQw==", "tEG4S6zEddB/Fl32LgLV+A==", "4K4SQ2PlDqXihbvwEXiB/w==", "DPcSz1MBKzyaMMMhJWVyEA==", "EpmDyksRTsldGi5rxDcMlA==", "iJ/65EjB0RUIoiFFN5HgAw==", "vz18/+7m2wxxY2NMQUQ6Yg==", "eaW+XnaOzUpP/JmOZv+wCg==", "0nQVynV3NMmwash6dBc+8Q==", "vWwpCPVTGndMb9IraxXgGg==", "o94cfzaEslnrzBtYm19DkA==", "I5CKvoKqBhFd1vY7fxFKtQ==", "2t1KBK7sA8rKgVHavF6SZA==", "aUFq3vh1h0/30jIMgLEGbg==", "3f5N5l71YgnMV/U9whrIuA==", "obSzOBXxlQxURPk04eb+8Q==", "xjE2Ua1GOmdwVi+xIIGVeQ==", "CrxvMdhOPgYpnOjfUKfH3Q==", "XTLakHdORg480i8g31JU6A==", "zwpNi+NBoVUfQ5Ed4vkNug==", "cbSiFirRdrVkpUeOLy/CjA==", "YVYIQ/H++AefhUYldlykPg==", "AEXyQvL2wFfW+v4I9XmTaQ==", "SduSwzmffGiGJfqQDrSyEA==" ], "nwgNWiqPWTP9jQpHdB8CFA==": [ "c/EuG5G0xeL87UQs3yxxqQ==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "o3loazzxvm2hQ5N1QRaYvg==": [ "eXNCnm2O3ulyDBrjgqgngA==", "U2w6LmoqKmaGSd6IxLZGKg==", "FTUrLe1XMNYvUzaxMdsWeQ==", "VDqplxSZcK9CHQ9RjGiEqQ==", "TFku8MBahkkWbmKYS7dbIQ==", "c0R7sQMFyTIRhp8ZTCTmlw==", "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "DtYmtBkxVMK6KVHn4U+2Yw==", "B3tKTgCVG9JSLHIgfbUFmw==", "U47k8+SGMpP7nHNJFxv5oA==", "2GOqqUt4mwKng/FA0FV67w==", "mPAC5fvINjFbBEv6qTd6tQ==", "LDhDJjeJTHD14xx6vYgQUQ==" ], "oCbJhi6fmGrlKcF1SlNuYw==": [ "8QRmG/+fMsQQzP2maaxOag==", "XXYPGOxEabdavz27Qo+rWQ==", "VJggyJ1jjyIM3XdMGzsDrg==", "1378JmiuKDjVj7PZAMUvLg==", "HNWibMRA8AF0jyyBYQthdA==", "OIcx4C9IsgtrAE0nDs9GdA==", "13fIhbDHRYF0KXmxmJIfiA==", "qFhnV7djagzTbJn2rH4ndA==", "qb5Q/H2wcR/YimCQn+AUYw==", "OhQ6agVzWuY02NakmnlJmw==", "p4PSGpZ+FENmdQZ22vQ2FQ==", "/eIvRWSFFmU3q3Ki3j/gKA==", "nxT/hl64jXfWptNxWhmDuA==", "ygPqOnRCEHz9NjTVM+wIZA==", "4Gs7xCHPPMrNepkQNCPnkg==", "ZiZuAbc4Tq3tBRSI53FjWg==", "YgD8tCzB10z/Jq6XOfCfgQ==", "/pWkiqt8QgDCUksSSa24UQ==", "JMuZ2WXBBx9rW6/jTPLu0A==", "bfa/XbakkA2/5GrUyvwSyw==", "Oz/6eC07LwyvcoelwlI47w==", "Wy87cIX7luFb8A/riFwUyw==", "WqlqRQL17MeMqdTx+SuEyw==" ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ "l2+nQ26t0lYvVluseJErUQ==", "0UxirvKJMj5gY8fbrSf6sA==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "ugAB401UYtKGrqztlPOlZA==", "LlIx9R1y9EWEYmMjr1l1rw==" ], "om/hnbn42itSjLCSeL6+2A==": [ "JmAt+4wqaQRWn+7jyy1oCQ==", "QBNxNqNCcUL/GHKqOh7Fyw==" ], "p9BcHmUiqsfiDX2HpNFM5g==": [ "4Oz54fEBFyAJBdTJ/p2wxA==", "OlzUZywb212kcLte3jiS3g==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "dKzgwwkG/spsYd8PVvrk6A==", "iPCZH9YqKm3Qb2Qeqw32sA==" ], "peDze6790+ubKa/8hacS+w==": [ "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "pff1wMeg2U6ebqlGIkRlMg==": [ "8QRmG/+fMsQQzP2maaxOag==", "DK1x7B/vzgaKlXynN3g1KA==", "5fSQkV1bu4GJUiaWjO+PNQ==", "U/ITon4/vjzN/EsZEGI38Q==", "m02T5S9rBezyv/+a/R6Fkw==", "goLAuNZUT0caQTKiv7m0Fg==", "s/wLIAA4VDi9HrbyrnYgbg==", "R1Akf7BYKFH+Usf+3IS0Cg==", "fI1ruEtJ325PbGUQKXuiVA==", "+0Id+AHw3V8pYW+ywWnP+g==", "IENtFrOwfEqYX/lp+0u2Gw==", "Y2pXpR4HKVIWAZ1sDtjo8A==", "WLpGLJSV+lV8a0xggVfA3A==", "a+77t9fGz9BxOnJlGe2W1Q==", "9feM+1JJIYgC5OZCglyV3w==", "JZVeRC2oy93Tv6vLZpVqJQ==", "9Ad5Q6DJD1JusuIjCNfUvQ==", "mBrf1Yfgr5icNwG8S0edeA==", "B1THb18jP+rSUaY77CvPng==", "8oKavHMm8C7p1QC+rNA0zA==", "CD0KTiCn+kQ9+lGQdzy4Lw==", "fD8Z9mQCc8h27ZwElVMLmA==", "u0i6Tc2zpzW8/pMdj7AH4w==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "FOhuL+ZLaAMigc1crKc/uA==", "ryv0HUHLJe8DIxGNl9VAgQ==" ], "qIHoKDOcFEbVk0+xQvglbQ==": [ "K5fLrkou5COixf2q2qhQ5Q==", "K/Jzpgc6xwHh47HFu+S8BQ==", "FkxoK2aSVfPglVllnxzplw==", "kyjbj2qojW5SnPuCG4+T3A==", "B1FsL93s2G1YxIvrdDvTfg==", "QSEpEyTM9A7rsX/qx644wQ==", "JS9NNql9cJTDkzzfXyJzDQ==", "m0VRm0XEm9FSwttsQ8QLaQ==", "3E/EPC1OcoKQToPb+efdaQ==", "QqK1O3FCNB9QbClJ7bZ6YA==", "VDQb6roo+zwBamxPu+hGeQ==", "YvRDVCmqISFAkWCu7WaKkQ==", "wG1iwTc5HBr1VKWUstaeHw==", "piA8HykwHgm/u3haFYSPzw==", "YCFy9R5BUcPVuUEYQkJQ4w==", "gxC5QcXnizTYqfkIqc6zTA==", "wh8UL6jE02MHJgululn0nA==", "sTWSbUm1UHqZR0zHxPPV1A==", "ca+BSCGp5tEYAgJqvm8GFw==", "Sal0GJMIh5Nqb3U4N6ro0g==", "g9gU2/SbcO/F9X65zpT4Uw==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "PgPRtFXcN+6zuIY77w+muQ==", "xsP7BCzVmEb3+qivw8mFIQ==", "l2fXal/tlhZFSzN3bmiLSg==", "D0qSEDt7Rns05A3ywUZLtw==", "/+0dqY3HS0Vwp8Izm3R04Q==", "K12v1aAHn6bz+NiEB1W7GA==", "M3xoPIiF+fvDRyYkizrMWQ==", "5IIoRCBMIgus62mGlE3F9A==", "ZhxWQvKqBGgL77fuUQ4Ghg==", "lsfrxxENmZMCtV8uOKkr8Q==", "26JRymquUeoxtDSKcKSDSg==", "0KjhdYYIURWUfsbpzAdnPQ==", "8Ldq46rf2Z9JTBjkrtfV0g==", "EhVqWSecC9djAkoW+k/+hQ==", "Lc7NiV76Y8Ubl6+6Vgd+sw==", "dkGOl+YKkRksmyjmvQ3FsA==", "PdNX5RN9keIsqOloxy7mkg==", "uXRgwaipa8s2OMXjAf1Thg==", "HHpOVRDbzmY2UhydU+uwcg==", "6pBzw2YiS9JmVvplQUxl2Q==", "T507T5wFbtPlOW9lG7LxIA==" ], "qTTyL80F/2JUAy85WSpobg==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "rkUaC636uKZYge61PN1dew==": [ "lCd4ciOqH+xVdJTAK6erDg==", "nFaODSvvA4RrGIiPJ9FjRA==" ], "ryPyL0/oZK1jJ8umBZkZBA==": [ "ky4IJ5u2Ib7CaDmE7xOysg==", "7+mdkcJcBwtv88RB9AcmHQ==" ], "szNvvFbgC3+nu7+FkWHQxA==": [ "QQ1upjXEDW7OiB4aR8O/8A==", "QhESIu1eoXqoSNW7jNhlZg==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "HMF5qYGPMt4Fb5i6RtdwRA==", "tC2r7U8qVBEhU9NaT3fMVg==" ], "tsX00aIcJlVDdnN8EABj3g==": [ "SSAJUNd+iNG0Dh0JEHjSXA==", "EEMnwT7ARQJ+dbVETnKljw==" ], "uXpj8krYkomg5XDZ83F2kg==": [ "936XDvlfcwVB/34fQscf7w==", "qtpMNZ+V4szO/Tox+eT3Cg==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "i3BrKsmhYf5wZYkQCBxUGw==", "/EvgSih2YVXl7ohENLMJIQ==" ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ "Mukn5ixgUb/zb+mcMFd16Q==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "wXu3MDegq/TfLSbBy6aoBQ==": [ "3k2lNJd2kR3VB6gGhj547g==", "XPUXyp+BOEJyEGOgXafi8Q==", "Kqi7XT4SGpqJzglrXFbYsQ==" ], "wsc0mBnyNwrXYdpo0V+0aw==": [ "YSdK7PYtLQ7JLXu7W4mdRQ==", "TteHTvD/qC9z9/bg4D+o8w==" ], "xC2PhiBOHiQbniVjaMltjw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ "5MqCycBYSRDsdNOzvOandQ==", "XPUXyp+BOEJyEGOgXafi8Q==", "WhaoYkvfheR7Tz30m0/IKA==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "s20Tn7zOYHvK/n/K8/hWrA==", "+0pi5+jw8FdwHp5pZIVTBg==", "hRSnphgIhBaU8a2RyBPsuA==" ], "yLdg/zIMr1LMvkW9tAZlGw==": [ "0tfYnYhAiMREOXyqf/1Urw==", "fT2bR3Pvvu+yOGDatxsWcw==", "h8nlVtUPrGKdJF9xyffy7g==", "ggJq5z8YW0kySCUAGUYdXg==", "skjryijgaN9YVeVVq8xZmA==", "j8vL1GycOevI00+qC9aKmw==" ], "z/d/zUXK6aF2L4H7dfeSZw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "zPYyryKVwACz98/WbfSW6w==": [ "jlQB8YKpspXbBoHQT0JY7A==", "hWXaFNGw43ZC0VkI4/s2Pw==", "YlN21JbaOAqORXBYjgJOYA==", "CaVsGPkqzxcrIauiEFdPpw==", "o/JG334q9R0nTyZD1vNw7w==", "GXObP88ZOLkWQuVeVgHh/g==" ], "zpqzIc9TY4hiXJG024jdBQ==": [ "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==", "dT4TBdsMnRpAlGfPboRcFg==", "okRzJuZWda3BPI4wHU6OSg==", "rPXe6sMC/46EZbom2R58Iw==", "GKtgrnguQJIeMtP51nnNZQ==", "jweM09oSTMKt4t5s2Lpg9g==", "2tFr9TQJkcgsTrNAQX0kdw==", "rDx7RcnC1Ce961LxuRo53Q==", "6W4lt5SjUgXnbxNap1O0Cg==", "JMtxzN1jgVs2Gwo2QsOKnQ==", "BgLn2RypgHsjIVj0SLunZg==", "/HT2WOXIuvVNrzT1Wp3ntw==", "iKVtZrDNXfISjmDp1xYKBQ==", "JeqcZQqZ6re77qRb9vpAHQ==", "v6t7qJCF3xL8IO0nPwJX1g==", "10T7L0U8GuP9Qhz3unCqvw==", "DlzGGXSItv6fZobEGaNWCA==", "IoeuDKI/vu/XCDGoDKzX3g==", "6otwEH3RP+2A14zXLvGXpg==", "xEtBJoALTqnQBn0TOsRe9w==", "sWPZolO+x42N83xPk/byrw==", "o2Jv7s2Wil4Jz6qK6599ww==", "CVNFdSU8eHIr3mZk7+SX/Q==", "G1ju8KSMzz6zOg31bF5lRw==", "h7rVfEQf7/yrRLndyq6HvA==", "NeoXfJYSR9hqSpA4BJOyWQ==", "a1E+QseojoZ2Q73j8WWCLg==", "3E5wmOETiTx03Y24iDJEUg==", "yRV28i/MrM7mz4Vw1MzWxA==", "Kp6vEAyTjVJyCperHJ2MsQ==", "9lqG2xu+85HJHcn8UQyZ2A==", "nM+XWkmaG537tz4PDM13+w==", "zRaIctSo0IHgkpOD2xBvHw==", "UEW14H6J4RBSZEjpG6p4bw==", "bj9lurrpBxE/q4lRd2Wp7A==", "sYa4l6veBD/KmL7osWW7fQ==", "dxRzT6G0UObuWf8SWujnng==", "izYg2kL7sTEI8ASmlxRCdA==", "6Q0Sg/Y1lskU2n7rbcxAIw==", "r3htJBqpa1VO27wdQgcGyw==", "ibGOv13N1m/577Kb32wGxw==", "Lsd0oY+cRz3Y5y3+G6CYMA==", "00MQS+g+VNjKvRbuFWsWbQ==", "htRPPeb7P9MNS47zhEuuaw==", "NfM08djkMgc3ukqHI37OMg==", "gjn1JHWHaWtPNhKrrRINWw==", "IUI8ka2AYA1twZAQi4gL5Q==", "IIfJmT1yzMqBOVKMy3nlyQ==", "5gK/V8vtqDYoHf1LFdtSbA==", "DI5ofU0JT+/wsYx2AeXNiA==", "YQVoCJX8BLl6S5wPwmTGtg==", "6ysC6D7BSkYQ7y8vZ1O7HA==", "xqLSmaq+0/3ps+9zoCEL9g==", "VxNINARrmRd6QnZ2htNesA==" ] }, "enrichments": {} } pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: go-component-urfrln-on-pull-request-8q8bl-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 3, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), delve-1.8.3-1.el9 (CVE-2024-34156), libwebp-devel-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), libeconf-0.4.1-2.el9 (CVE-2023-30079), pam-1.5.1-12.el9 (CVE-2024-10963, CVE-2025-6020, CVE-2025-8941), sqlite-3.34.1-6.el9_1 (CVE-2025-6965), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2024-6345), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), git-core-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libdnf-plugin-subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), openssh-clients-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libarchive-3.5.3-3.el9 (CVE-2025-5914), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-12797), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-38545), krb5-libs-1.19.1-24.el9_1 (CVE-2023-39975, CVE-2024-3596), libtiff-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), freetype-2.10.4-9.el9 (CVE-2025-27363), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), golang-src-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libpq-devel-13.5-1.el9 (CVE-2025-1094), libpq-13.5-1.el9 (CVE-2025-1094), python3-cloud-what-1.29.30.1-1.el9_1 (CVE-2023-3899), libwebp-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), perl-Git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), openssh-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-6965), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), libnghttp2-1.43.0-5.el9 (CVE-2023-44487), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), rsync-3.2.3-18.el9 (CVE-2024-12085), less-590-1.el9_0 (CVE-2024-32487), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), python3-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), libtiff-devel-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-6965), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), glibc-common-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2024-6345), nodejs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), golang-bin-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), glibc-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), go-toolset-1.18.9-1.el9_1 (CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), golang-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-12797), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), bsdtar-3.5.3-3.el9 (CVE-2025-5914), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), emacs-filesystem-1:27.2-6.el9 (CVE-2023-2491, CVE-2023-28617, CVE-2025-1244), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), openssl-1:3.0.1-47.el9_1 (CVE-2024-12797), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), python3-subscription-manager-rhsm-1.29.30.1-1.el9_1 (CVE-2023-3899), subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 228 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: expat-2.4.9-1.el9_1.1 (CVE-2025-59375)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), delve-1.8.3-1.el9 (CVE-2024-45336, CVE-2025-22866, CVE-2025-58183), perl-File-stat-1.09-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-SelectSaver-1.02-479.el9 (CVE-2023-47038, CVE-2025-40909), libeconf-0.4.1-2.el9 (CVE-2023-22652), pam-1.5.1-12.el9 (CVE-2024-10041, CVE-2024-22365), perl-if-0.60.800-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), perl-File-Copy-2.34-479.el9 (CVE-2023-47038, CVE-2025-40909), libgcrypt-1.10.0-8.el9_0 (CVE-2024-2236), systemd-libs-250-12.el9_1.3 (CVE-2023-7008), glib2-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2025-22150, CVE-2025-23085, CVE-2025-31498), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), git-core-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-subs-1.03-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-Class-Struct-0.66-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-interpreter-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), openssh-clients-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-lib-0.65-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-overloading-0.02-479.el9 (CVE-2023-47038, CVE-2025-40909), libarchive-3.5.3-3.el9 (CVE-2025-25724), systemd-250-12.el9_1.3 (CVE-2023-7008), openssl-libs-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), libicu-67.1-9.el9 (CVE-2025-5222), wget-1.21.1-7.el9 (CVE-2024-38428), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), krb5-libs-1.19.1-24.el9_1 (CVE-2020-17049, CVE-2023-36054, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528, CVE-2025-3576), expat-2.4.9-1.el9_1.1 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), gcc-c++-11.3.1-2.1.el9 (CVE-2020-11023), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), perl-Fcntl-1.13-479.el9 (CVE-2023-47038, CVE-2025-40909), libtiff-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), perl-IO-1.43-479.el9 (CVE-2023-47038, CVE-2025-40909), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), cpp-11.3.1-2.1.el9 (CVE-2020-11023), libgcc-11.3.1-2.1.el9 (CVE-2020-11023), perl-B-1.80-479.el9 (CVE-2023-47038, CVE-2025-40909), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), golang-src-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), systemd-pam-250-12.el9_1.3 (CVE-2023-7008), perl-Git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-File-Find-1.37-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Compare-1.100.600-479.el9 (CVE-2023-47038, CVE-2025-40909), libjpeg-turbo-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), perl-Getopt-Std-1.12-479.el9 (CVE-2023-47038, CVE-2025-40909), libstdc++-11.3.1-2.1.el9 (CVE-2020-11023), python3-rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), perl-DynaLoader-1.47-479.el9 (CVE-2023-47038, CVE-2025-40909), rpm-sign-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), rpm-build-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), openssh-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), go-srpm-macros-3.0.9-9.el9 (CVE-2025-47906), gcc-11.3.1-2.1.el9 (CVE-2020-11023), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), dmidecode-1:3.3-7.el9 (CVE-2023-30630), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), pixman-0.40.0-5.el9 (CVE-2022-44638), perl-File-Basename-2.85-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-libs-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), libstdc++-devel-11.3.1-2.1.el9 (CVE-2020-11023), rsync-3.2.3-18.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), gmp-1:6.2.0-10.el9 (CVE-2021-43618), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-overload-1.31-479.el9 (CVE-2023-47038, CVE-2025-40909), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), python3-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), perl-base-2.27-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), gnutls-3.7.6-12.el9_0 (CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libjpeg-turbo-devel-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), perl-FileHandle-2.03-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-NDBM_File-1.15-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-IPC-Open3-1.21-479.el9 (CVE-2023-47038, CVE-2025-40909), libcap-2.48-8.el9 (CVE-2023-2603), glibc-common-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), rpm-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), systemd-rpm-macros-250-12.el9_1.3 (CVE-2023-7008), glib2-devel-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), bzip2-1.0.8-8.el9 (CVE-2019-12900), git-core-doc-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), nodejs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), golang-bin-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), glibc-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), go-toolset-1.18.9-1.el9_1 (CVE-2023-29402, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), perl-AutoLoader-5.74-479.el9 (CVE-2023-47038, CVE-2025-40909), golang-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), openssl-devel-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), libicu-devel-67.1-9.el9 (CVE-2025-5222), binutils-gold-2.35.2-24.el9 (CVE-2022-4285), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), bsdtar-3.5.3-3.el9 (CVE-2025-25724), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2020-11023), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libgomp-11.3.1-2.1.el9 (CVE-2020-11023), rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), emacs-filesystem-1:27.2-6.el9 (CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), binutils-2.35.2-24.el9 (CVE-2022-4285), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-Symbol-1.08-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-vars-1.05-479.el9 (CVE-2023-47038, CVE-2025-40909), openssl-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), perl-mro-1.23-479.el9 (CVE-2023-47038, CVE-2025-40909), python3-idna-2.10-7.el9 (CVE-2024-3651), perl-POSIX-1.94-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-Errno-1.30-479.el9 (CVE-2023-47038, CVE-2025-40909)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 701 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libX11-xcb-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), sqlite-3.34.1-6.el9_1 (CVE-2025-52099), systemd-libs-250-12.el9_1.3 (CVE-2025-4598), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), libX11-common-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), git-core-2.31.1-3.el9_1 (CVE-2025-48386), gdb-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), openssh-clients-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), gdb-headless-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), libarchive-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), systemd-250-12.el9_1.3 (CVE-2025-4598), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), libtiff-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), git-2.31.1-3.el9_1 (CVE-2025-48386), golang-src-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), systemd-pam-250-12.el9_1.3 (CVE-2025-4598), libpq-devel-13.5-1.el9 (CVE-2025-4207), libpq-13.5-1.el9 (CVE-2025-4207), perl-Git-2.31.1-3.el9_1 (CVE-2025-48386), gdb-gdbserver-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), libX11-devel-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), openssh-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), go-srpm-macros-3.0.9-9.el9 (CVE-2024-8244), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-52099), rsync-3.2.3-18.el9 (CVE-2024-12086, CVE-2025-10158), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5683), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), python3-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-52099), curl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-9714), libX11-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), tar-2:1.34-6.el9_1 (CVE-2025-45582), systemd-rpm-macros-250-12.el9_1.3 (CVE-2025-4598), git-core-doc-2.31.1-3.el9_1 (CVE-2025-48386), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), nodejs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), golang-bin-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), go-toolset-1.18.9-1.el9_1 (CVE-2020-28362, CVE-2021-3115, CVE-2021-42574, CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), golang-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), python3-pip-wheel-21.2.3-6.el9 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), binutils-gold-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), libxml2-2.9.13-3.el9_1 (CVE-2025-9714), bsdtar-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), binutils-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), coreutils-single-8.32-32.el9 (CVE-2025-5278), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), lz4-libs-1.9.3-5.el9 (CVE-2025-62813), libxslt-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 207 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: glibc-locale-source-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), delve-1.8.3-1.el9 (CVE-2024-45341), glib2-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2024-25629, CVE-2025-23165), git-core-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), gdb-10.2-10.el9 (CVE-2021-3826), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), gdb-headless-10.2-10.el9 (CVE-2021-3826), libarchive-3.5.3-3.el9 (CVE-2022-36227), openssl-libs-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), krb5-libs-1.19.1-24.el9_1 (CVE-2024-26458, CVE-2024-26461), libtiff-4.4.0-5.el9_1 (CVE-2023-6228), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), golang-src-1.18.9-1.el9_1 (CVE-2024-45341), libpq-devel-13.5-1.el9 (CVE-2022-41862), libpq-13.5-1.el9 (CVE-2022-41862), perl-Git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), ncurses-6.2-8.20210508.el9 (CVE-2022-29458), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-headers-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), python3-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-6228), curl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), procps-ng-3.3.17-8.el9 (CVE-2023-4016), shadow-utils-2:4.9-5.el9 (CVE-2023-4641, CVE-2024-56433), libcap-2.48-8.el9 (CVE-2023-2602), glibc-common-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glib2-devel-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), python3-libs-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), nodejs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), golang-bin-1.18.9-1.el9_1 (CVE-2024-45341), file-libs-5.39-10.el9 (CVE-2022-48554), glibc-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), go-toolset-1.18.9-1.el9_1 (CVE-2024-45341), golang-1.18.9-1.el9_1 (CVE-2024-45341), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), openssl-devel-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), file-5.39-10.el9 (CVE-2022-48554), bsdtar-3.5.3-3.el9 (CVE-2022-36227), glibc-devel-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), openssl-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458), lua-libs-5.4.4-2.el9_1 (CVE-2022-28805)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 187 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), elfutils-debuginfod-client-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), sqlite-3.34.1-6.el9_1 (CVE-2024-0232), gawk-5.1.0-6.el9 (CVE-2023-4156), glib2-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libX11-common-1.7.0-7.el9 (CVE-2022-3555), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), pkgconf-pkg-config-1.7.3-9.el9 (CVE-2023-24056), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libarchive-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libpng-2:1.6.37-12.el9 (CVE-2022-3857), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), pkgconf-1.7.3-9.el9 (CVE-2023-24056), ncurses-base-6.2-8.20210508.el9 (CVE-2023-50495), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), pcre2-10.40-2.el9 (CVE-2022-41409), gcc-c++-11.3.1-2.1.el9 (CVE-2022-27943), libtiff-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), cpp-11.3.1-2.1.el9 (CVE-2022-27943), libgcc-11.3.1-2.1.el9 (CVE-2022-27943), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), elfutils-libs-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libstdc++-11.3.1-2.1.el9 (CVE-2022-27943), pcre2-devel-10.40-2.el9 (CVE-2022-41409), libX11-devel-1.7.0-7.el9 (CVE-2022-3555), ncurses-6.2-8.20210508.el9 (CVE-2023-50495), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258), gcc-11.3.1-2.1.el9 (CVE-2022-27943), pkgconf-m4-1.7.3-9.el9 (CVE-2023-24056), sqlite-libs-3.34.1-6.el9_1 (CVE-2024-0232), libstdc++-devel-11.3.1-2.1.el9 (CVE-2022-27943), elfutils-libelf-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), qt5-srpm-macros-5.15.3-1.el9 (CVE-2025-23050), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), python3-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), cmake-filesystem-3.20.2-7.el9 (CVE-2025-9301), sqlite-devel-3.34.1-6.el9_1 (CVE-2024-0232), curl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), patch-2.7.6-16.el9 (CVE-2021-45261), libX11-1.7.0-7.el9 (CVE-2022-3555), tar-2:1.34-6.el9_1 (CVE-2023-39804), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), glib2-devel-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), nodejs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), binutils-gold-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), bsdtar-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2022-27943), libgomp-11.3.1-2.1.el9 (CVE-2022-27943), libpkgconf-1.7.3-9.el9 (CVE-2023-24056), emacs-filesystem-1:27.2-6.el9 (CVE-2017-1000383), binutils-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libxslt-devel-1.1.34-9.el9 (CVE-2025-11731), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), elfutils-default-yama-scope-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), openssl-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-50495), libxslt-1.1.34-9.el9 (CVE-2025-11731)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 444 } }, { "msg": "Found packages with unknown vulnerabilities. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-devel-1.2.0-3.el9 (CVE-2023-5129), libwebp-1.2.0-3.el9 (CVE-2023-5129)", "name": "clair_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } } ] } ] {"vulnerabilities":{"critical":0,"high":228,"medium":701,"low":187,"unknown":2},"unpatched_vulnerabilities":{"critical":0,"high":1,"medium":207,"low":444,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96", "digests": ["sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:15:48+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-8q8bl-clamav-scan-pod | init container: prepare 2026/02/10 22:14:48 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-clamav-scan-pod | init container: place-scripts 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-0-jv26q 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-1-nn2db pod: go-component-urfrln-on-pull-request-8q8bl-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 37.671 sec (0 m 37 s) Start Date: 2026:02:10 22:15:12 End Date: 2026:02:10 22:15:50 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761750","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761750","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761750","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96", "digests": ["sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54"]}} pod: go-component-urfrln-on-pull-request-8q8bl-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Uploading 4ca65d61f73c clamscan-ec-test-amd64.json Uploading e06e2f144bcf clamscan-result-amd64.log Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploaded e06e2f144bcf clamscan-result-amd64.log Uploaded 4ca65d61f73c clamscan-ec-test-amd64.json Uploading 9dcb8ee7c430 application/vnd.oci.image.manifest.v1+json Uploaded 9dcb8ee7c430 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 Digest: sha256:9dcb8ee7c430ad427686c94dd063f682650ad40553aa0c95ae59c2183ee92774 pod: go-component-urfrln-on-pull-request-8q8bl-clone-repository-pod | init container: prepare 2026/02/10 22:13:00 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-clone-repository-pod | init container: place-scripts 2026/02/10 22:13:00 Decoded script /tekton/scripts/script-0-78msv 2026/02/10 22:13:00 Decoded script /tekton/scripts/script-1-d9djb pod: go-component-urfrln-on-pull-request-8q8bl-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761583.8802664,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761584.0731032,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761584.0731466,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761584.0980773,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 directly. pod: go-component-urfrln-on-pull-request-8q8bl-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-urfrln-on-pull-request-8q8bl-init-pod | init container: prepare 2026/02/10 22:12:43 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-init-pod | init container: place-scripts 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-0-tbnq8 pod: go-component-urfrln-on-pull-request-8q8bl-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: go-component-urfrln-on-pull-request-8q8bl-push-dockerfile-pod | init container: prepare 2026/02/10 22:14:53 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-0-fs492 pod: go-component-urfrln-on-pull-request-8q8bl-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-8q8bl-push-dockerfile-pod | container step-push: [2026-02-10T22:14:58,658349537+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.dtUpkWucB8 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:sha256-2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54.dockerfile Dockerfile pod: go-component-urfrln-on-pull-request-8q8bl-sast-shell-check-pod | init container: prepare 2026/02/10 22:14:52 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-0-4m6g8 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-1-5d8hz pod: go-component-urfrln-on-pull-request-8q8bl-sast-shell-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-8q8bl-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-110.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-125.json ./shellcheck-results/sc-77.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-81.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-86.json ./shellcheck-results/sc-89.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:14:59+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull-request-8q8bl-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 16864441e6a3 application/vnd.oci.image.manifest.v1+json Uploaded 16864441e6a3 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 Digest: sha256:16864441e6a3c4326e89c4ae21c8d7c9976d1fcaa4d7c54758b21b2f86d64016 No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull-request-8q8bl-sast-snyk-check-pod | init container: prepare 2026/02/10 22:14:53 Entrypoint initialization pod: go-component-urfrln-on-pull-request-8q8bl-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-0-429c8 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-1-54mfp pod: go-component-urfrln-on-pull-request-8q8bl-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-8q8bl-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-urfrln INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:14:58+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-8q8bl-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | init container: prepare 2026/02/10 22:14:48 Entrypoint initialization pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | init container: place-scripts 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-0-xpfn6 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-1-btf5h 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-2-4szfj 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-3-hhd75 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-4-sdsj2 2026/02/10 22:14:48 Decoded script /tekton/scripts/script-5-kd9gj pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Auth json written to "/auth/auth.json". pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-set-skip-for-bundles: 2026/02/10 22:14:55 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-app-check: time="2026-02-10T22:14:55Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:14:55Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 for platform amd64" time="2026-02-10T22:14:55Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96" time="2026-02-10T22:15:34Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:15:34Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:15:34Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:15:34Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:15:34Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:15:34Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:15:34Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:16:03Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:16:03Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:16:03Z" level=info msg="This image's tag on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 will be paired with digest sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 109, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 28299, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 151, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:16:03Z" level=info msg="Preflight result: FAILED" pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761764","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 pod: go-component-urfrln-on-pull2e11eb23dcc78a43541ac0887ff078c6-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761764","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: go-component-urfrln-on-pull723a9b61d9febdb3d0594ebd89804c87-pod | init container: prepare 2026/02/10 22:14:52 Entrypoint initialization pod: go-component-urfrln-on-pull723a9b61d9febdb3d0594ebd89804c87-pod | init container: place-scripts 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-0-jxqbf 2026/02/10 22:14:53 Decoded script /tekton/scripts/script-1-984lh pod: go-component-urfrln-on-pull723a9b61d9febdb3d0594ebd89804c87-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull723a9b61d9febdb3d0594ebd89804c87-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT INFO: The PROJECT_NAME used is: go-component-urfrln + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:14:59+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:14:59+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull723a9b61d9febdb3d0594ebd89804c87-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 941103f36941 application/vnd.oci.image.manifest.v1+json Uploaded 941103f36941 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-dd18d6106963a4f76fbb0f827b12c9fb1d2a2d96@sha256:2f294165f69a3fa26fb901da9294991f131e6e9000eb77f8e561de30a93cae54 Digest: sha256:941103f36941a702bb3d065edae558ce3634e8a3251dddc55d9e41c5f104be45 No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pullb778ccf9915abafd0aa167274098239a-pod | init container: prepare 2026/02/10 22:13:10 Entrypoint initialization pod: go-component-urfrln-on-pullb778ccf9915abafd0aa167274098239a-pod | init container: place-scripts 2026/02/10 22:13:10 Decoded script /tekton/scripts/script-0-jjmbm 2026/02/10 22:13:10 Decoded script /tekton/scripts/script-1-bxl68 pod: go-component-urfrln-on-pullb778ccf9915abafd0aa167274098239a-pod | container step-sanitize-config-file-with-yq: pod: go-component-urfrln-on-pullb778ccf9915abafd0aa167274098239a-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Running PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: PipelineRunStopping PipelineRun go-component-urfrln-on-pull-request-j4rb2 reason: Failed attempt 3/3: PipelineRun "go-component-urfrln-on-pull-request-j4rb2" failed: pod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:18:26Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50" time="2026-02-10T22:18:26Z" level=info msg="[param] Image digest: sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f" time="2026-02-10T22:18:26Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:18:26Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: prepare 2026/02/10 22:17:01 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: place-scripts 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-0-f8ndg 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-1-5gnxr 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-2-qnsmj 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-3-9r4cv 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-4-6thh6 pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-build: [2026-02-10T22:17:05,864584967+00:00] Validate context path [2026-02-10T22:17:05,867867077+00:00] Update CA trust [2026-02-10T22:17:05,868901787+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:17:07,839308060+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:17:07,845030262+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:17:07,964595453+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-02-10T22:17:20,354326246+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:17:07Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "27c8fd00029d26c81cc79ce57fa942af87688b50", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "27c8fd00029d26c81cc79ce57fa942af87688b50", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-02-10T22:17:07Z" } [2026-02-10T22:17:20,401327792+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:17:20,404659713+00:00] Add secrets [2026-02-10T22:17:20,412092652+00:00] Run buildah build [2026-02-10T22:17:20,413176172+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=27c8fd00029d26c81cc79ce57fa942af87688b50 --label org.opencontainers.image.revision=27c8fd00029d26c81cc79ce57fa942af87688b50 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-02-10T22:17:07Z --label org.opencontainers.image.created=2026-02-10T22:17:07Z --annotation org.opencontainers.image.revision=27c8fd00029d26c81cc79ce57fa942af87688b50 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-02-10T22:17:07Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.giK5qO -t quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="27c8fd00029d26c81cc79ce57fa942af87688b50" "org.opencontainers.image.revision"="27c8fd00029d26c81cc79ce57fa942af87688b50" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-02-10T22:17:07Z" "org.opencontainers.image.created"="2026-02-10T22:17:07Z" COMMIT quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 --> 8c5c151a0dfd Successfully tagged quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 [2026-02-10T22:17:23,506356829+00:00] Unsetting proxy [2026-02-10T22:17:23,507577474+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination [2026-02-10T22:17:30,467569407+00:00] End build pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-push: [2026-02-10T22:17:30,983025656+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:17:32,997958313+00:00] Convert image [2026-02-10T22:17:32,999018811+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-j4rb2-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-j4rb2-build-container Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination [2026-02-10T22:17:43,982105546+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11fquay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 [2026-02-10T22:17:44,830009456+00:00] End push pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:17:45,086949377+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:18:05,773698387+00:00] End sbom-syft-generate pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-prepare-sboms: [2026-02-10T22:18:06,178434379+00:00] Prepare SBOM [2026-02-10T22:18:06,182245352+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:18:07,275 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:18:07,711 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-02-10 22:18:08,708 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:18:08,708 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:18:08,710 [INFO] mobster.log: Contextual workflow completed in 1.10s 2026-02-10 22:18:08,846 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:18:08,917535169+00:00] End prepare-sboms pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-upload-sbom: [2026-02-10T22:18:09,276180365+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:83fa50aefb3c8b6b1c6d9bbb337c00a378885adb77b7c6b69400f48ffabdf783 [2026-02-10T22:18:11,653971239+00:00] End upload-sbom pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | init container: prepare 2026/02/10 22:18:14 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | init container: place-scripts 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-0-wtdrv 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-1-tdmb6 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-2-6hl75 pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-build: [2026-02-10T22:18:18,329419522+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 55eb4bee09e9cd0cd650a640fe96b4922db4c80175f16d730ee45d42b5554c1f Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:18:20,552011027+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | init container: prepare 2026/02/10 22:18:23 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | init container: place-scripts 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-0-8cp2n 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-1-28g99 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-2-4rxdf 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-3-c58jm pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:18:31Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"}] 2026-02-10T22:18:31Z INF libvuln initialized component=libvuln/New 2026-02-10T22:18:32Z INF registered configured scanners component=libindex/New 2026-02-10T22:18:32Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:18:32Z INF index request start component=libindex/Libindex.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f 2026-02-10T22:18:32Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f 2026-02-10T22:18:32Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=CheckManifest 2026-02-10T22:18:32Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=ScanLayers 2026-02-10T22:18:43Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-9.1.0-1782 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-s2i-core-1-394 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-s2i-base-1-421 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:47Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=ScanLayers 2026-02-10T22:18:47Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexManifest 2026-02-10T22:18:47Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexFinished 2026-02-10T22:18:47Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexFinished 2026-02-10T22:18:48Z INF index request done component=libindex/Libindex.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f { "manifest_hash": "sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f", "packages": { "++K+RsmgWfVk2mj1+hzWKA==": { "id": "++K+RsmgWfVk2mj1+hzWKA==", "name": "zlib-devel", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+8O7w8gnK983LoZMdgIWhQ==": { "id": "+8O7w8gnK983LoZMdgIWhQ==", "name": "kernel-headers", "version": "5.14.0-162.18.1.el9_1", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-162.18.1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+LQ46YAn9giMKDZRMCUpfg==": { "id": "+LQ46YAn9giMKDZRMCUpfg==", "name": "perl-lib", "version": "0.65-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Mkqc/Y23wK8i6e0RDbi0w==": { "id": "+Mkqc/Y23wK8i6e0RDbi0w==", "name": "libstdc++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+jCn1wujuDa5B1uNvCdVnw==": { "id": "+jCn1wujuDa5B1uNvCdVnw==", "name": "device-mapper-libs", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/FMjm+UzO0PTaS3Td0lhkw==": { "id": "/FMjm+UzO0PTaS3Td0lhkw==", "name": "pkgconf-pkg-config", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/dbWc/LExxt1O7duWFf9og==": { "id": "/dbWc/LExxt1O7duWFf9og==", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/t0e+LuglIbDcO/k67Hr2A==": { "id": "/t0e+LuglIbDcO/k67Hr2A==", "name": "elfutils-libs", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/th8aUKrkgR3Sw9KSBM+CA==": { "id": "/th8aUKrkgR3Sw9KSBM+CA==", "name": "python3-subscription-manager-rhsm", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0N0D43vK8KV4kQOq2LQn7g==": { "id": "0N0D43vK8KV4kQOq2LQn7g==", "name": "glibc-locale-source", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0QIby1L00NbGeIw8oxRQWQ==": { "id": "0QIby1L00NbGeIw8oxRQWQ==", "name": "zip", "version": "3.0-33.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-33.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0wIoN0pFyBSc9eVtRdIOWA==": { "id": "0wIoN0pFyBSc9eVtRdIOWA==", "name": "python3", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13i0QoQ6Q4yBI5RUf20lXA==": { "id": "13i0QoQ6Q4yBI5RUf20lXA==", "name": "libwebp-devel", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1GZ5tdSeZY3Wi3x9/AVQ2Q==": { "id": "1GZ5tdSeZY3Wi3x9/AVQ2Q==", "name": "binutils-gold", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2REYKadw7TKFiuC+OnoHmA==": { "id": "2REYKadw7TKFiuC+OnoHmA==", "name": "rpm-build-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3688bXyK/nwHthXLLVH24g==": { "id": "3688bXyK/nwHthXLLVH24g==", "name": "perl-overloading", "version": "0.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3DTA/XNFCCDFf6sfX96bGg==": { "id": "3DTA/XNFCCDFf6sfX96bGg==", "name": "perl-Errno", "version": "1.30-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3RQKCmep11B4hkfn96QJTA==": { "id": "3RQKCmep11B4hkfn96QJTA==", "name": "shadow-utils", "version": "2:4.9-5.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3iIPR0bjuCPQ2+48pSdeHg==": { "id": "3iIPR0bjuCPQ2+48pSdeHg==", "name": "perl-IO", "version": "1.43-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Aph2Qer6+KdCecFsU0TXg==": { "id": "4Aph2Qer6+KdCecFsU0TXg==", "name": "systemd-rpm-macros", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4DM2GB9KLL7/xWypPdz7vA==": { "id": "4DM2GB9KLL7/xWypPdz7vA==", "name": "git-core-doc", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ImdKzJ7uZoaviIayzuoUg==": { "id": "4ImdKzJ7uZoaviIayzuoUg==", "name": "nodejs-full-i18n", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NZNFErDrBiBoorV+igTjg==": { "id": "5NZNFErDrBiBoorV+igTjg==", "name": "libtiff-devel", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5uy1J7qi/MafOdYJgaQeGw==": { "id": "5uy1J7qi/MafOdYJgaQeGw==", "name": "virt-what", "version": "1.25-1.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "68hxwX7t9VVTsdLs/0iJBA==": { "id": "68hxwX7t9VVTsdLs/0iJBA==", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "695zXUDPsaaAbh1PGloHag==": { "id": "695zXUDPsaaAbh1PGloHag==", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6VAQWTpZhN9PW7YCmVhxsw==": { "id": "6VAQWTpZhN9PW7YCmVhxsw==", "name": "glibc-headers", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6f28+Af9kIn0OSp9f9j14Q==": { "id": "6f28+Af9kIn0OSp9f9j14Q==", "name": "ubi9/s2i-base", "version": "1-421", "kind": "binary", "source": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7JHS+mBQfJeJoy73lvm4lw==": { "id": "7JHS+mBQfJeJoy73lvm4lw==", "name": "npm", "version": "1:8.19.2-1.16.18.1.3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7Lf3UXydabzw8g7HGZER+w==": { "id": "7Lf3UXydabzw8g7HGZER+w==", "name": "ubi9/s2i-core", "version": "1-394", "kind": "binary", "source": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "84WodsWNE9m9GIrBiKl02g==": { "id": "84WodsWNE9m9GIrBiKl02g==", "name": "python3-cloud-what", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Gh2hioTt5BFisg9eNKeEg==": { "id": "8Gh2hioTt5BFisg9eNKeEg==", "name": "python3-librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8I3zEJ4sFSgk47ZaRLgtDQ==": { "id": "8I3zEJ4sFSgk47ZaRLgtDQ==", "name": "annobin", "version": "10.73-3.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "10.73-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Ky53YwzOPM2pkEIVuuuBg==": { "id": "8Ky53YwzOPM2pkEIVuuuBg==", "name": "glibc-gconv-extra", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8tmJEWGia0UWhhPJb3EyAw==": { "id": "8tmJEWGia0UWhhPJb3EyAw==", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9AmKs/wDQFsVMVHWnqbu+g==": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "9Fy0bRr3ZMu3q8UNrhlOSQ==": { "id": "9Fy0bRr3ZMu3q8UNrhlOSQ==", "name": "man-db", "version": "2.9.3-6.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9WzsXAqqRoLidXM4HaB8/w==": { "id": "9WzsXAqqRoLidXM4HaB8/w==", "name": "delve", "version": "1.8.3-1.el9", "kind": "binary", "source": { "id": "", "name": "delve", "version": "1.8.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9hWn3VgLVkzmMJln7S0UCQ==": { "id": "9hWn3VgLVkzmMJln7S0UCQ==", "name": "libcurl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9sAM/NqMLlsG3N88/yD1Vg==": { "id": "9sAM/NqMLlsG3N88/yD1Vg==", "name": "python3-libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ARxZCHzD7KB2Pu4aHl7POw==": { "id": "ARxZCHzD7KB2Pu4aHl7POw==", "name": "python3-libs", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AZwLZmqkel2BzSMgQsIVGQ==": { "id": "AZwLZmqkel2BzSMgQsIVGQ==", "name": "libselinux", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AdRs6lk9yzTM3HvjeEThKA==": { "id": "AdRs6lk9yzTM3HvjeEThKA==", "name": "systemd", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AxTxyAHzdLVnUL9t8+ZYmg==": { "id": "AxTxyAHzdLVnUL9t8+ZYmg==", "name": "curl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BX+oelClu2v6UOl6tluOEQ==": { "id": "BX+oelClu2v6UOl6tluOEQ==", "name": "crypto-policies-scripts", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C3QbGupU53FFTX0pkfNLrA==": { "id": "C3QbGupU53FFTX0pkfNLrA==", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CjFzfz4zBZj7fcwIrVHCRA==": { "id": "CjFzfz4zBZj7fcwIrVHCRA==", "name": "perl-IPC-Open3", "version": "1.21-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CpC5etTxiNuDvBGQesJNDg==": { "id": "CpC5etTxiNuDvBGQesJNDg==", "name": "libmount", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ct/46Ed7Asmqt98kLc0FLw==": { "id": "Ct/46Ed7Asmqt98kLc0FLw==", "name": "perl-Symbol", "version": "1.08-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/XNnExpupd1bO9ZIJIE9w==": { "id": "D/XNnExpupd1bO9ZIJIE9w==", "name": "perl-AutoLoader", "version": "5.74-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D0GGDit/UxegO+/A5R03SA==": { "id": "D0GGDit/UxegO+/A5R03SA==", "name": "elfutils-default-yama-scope", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DGqCqs+yrHvXs9qsPgn58g==": { "id": "DGqCqs+yrHvXs9qsPgn58g==", "name": "github.com/devfile-samples/devfile-sample-go-basic", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E2+Fh4utKcr7Wyiwzh2bYw==": { "id": "E2+Fh4utKcr7Wyiwzh2bYw==", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7ikPxWehuEw+6yIZODYlQ==": { "id": "E7ikPxWehuEw+6yIZODYlQ==", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EgjLGZKjPtqIaFVLlFAAPg==": { "id": "EgjLGZKjPtqIaFVLlFAAPg==", "name": "openssh-clients", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EuqqL3yIFMd5VRAfuufJgg==": { "id": "EuqqL3yIFMd5VRAfuufJgg==", "name": "glibc-common", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GVmxmNcJqT3ovg+RwjJg1A==": { "id": "GVmxmNcJqT3ovg+RwjJg1A==", "name": "nodejs-docs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GXm2fCeoaq1FqYmMTmMmhQ==": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "H+zLNGeS4JMpmfP42mEhnA==": { "id": "H+zLNGeS4JMpmfP42mEhnA==", "name": "scl-utils", "version": "1:2.0.3-2.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IN2DA8X4LYRmUb07gLqapg==": { "id": "IN2DA8X4LYRmUb07gLqapg==", "name": "dnf-data", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J0HrVYoM3raELvTfJ82QMA==": { "id": "J0HrVYoM3raELvTfJ82QMA==", "name": "perl-vars", "version": "1.05-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JHQdC8JdSGipvO0sCig0cQ==": { "id": "JHQdC8JdSGipvO0sCig0cQ==", "name": "systemd-pam", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JrBk+FMgyv4RrG6esVBCIQ==": { "id": "JrBk+FMgyv4RrG6esVBCIQ==", "name": "cryptsetup-libs", "version": "2.4.3-5.el9_1.1", "kind": "binary", "source": { "id": "", "name": "cryptsetup", "version": "2.4.3-5.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Jt5/Qd9oxegZwQjsNbUyYA==": { "id": "Jt5/Qd9oxegZwQjsNbUyYA==", "name": "emacs-filesystem", "version": "1:27.2-6.el9", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L4diUjusARli24fy/u9lAw==": { "id": "L4diUjusARli24fy/u9lAw==", "name": "perl-NDBM_File", "version": "1.15-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LD9yEwGtdZJl2S96EO58PQ==": { "id": "LD9yEwGtdZJl2S96EO58PQ==", "name": "file-libs", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LR+S3JloJQ5YEViBpmcLkA==": { "id": "LR+S3JloJQ5YEViBpmcLkA==", "name": "pam", "version": "1.5.1-12.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lm5zHfIH4SjtxMBhECD0OQ==": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MJmw8vClC4VAn/J4MfhK2Q==": { "id": "MJmw8vClC4VAn/J4MfhK2Q==", "name": "python3-setuptools-wheel", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N4dB55YYjGYeXRj+vLBatg==": { "id": "N4dB55YYjGYeXRj+vLBatg==", "name": "perl-Class-Struct", "version": "0.66-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O2SZ5NZewmkamADtmBGMpw==": { "id": "O2SZ5NZewmkamADtmBGMpw==", "name": "setup", "version": "2.13.7-7.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OLwWa8SuQNJHUBFuTxkKKA==": { "id": "OLwWa8SuQNJHUBFuTxkKKA==", "name": "cyrus-sasl-lib", "version": "2.1.27-20.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PHkBez1UE90U9LJepncOKQ==": { "id": "PHkBez1UE90U9LJepncOKQ==", "name": "perl-mro", "version": "1.23-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q+exKQZH61PI/8YfpN472w==": { "id": "Q+exKQZH61PI/8YfpN472w==", "name": "glibc-devel", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QCZyKHG3XZk9MlIs9ZFBuA==": { "id": "QCZyKHG3XZk9MlIs9ZFBuA==", "name": "llvm-libs", "version": "14.0.6-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "14.0.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QcnepR4WKBdAhWdMUPrAWA==": { "id": "QcnepR4WKBdAhWdMUPrAWA==", "name": "python3-hawkey", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R7K6A/Ve75xrYpD+6H0Z8w==": { "id": "R7K6A/Ve75xrYpD+6H0Z8w==", "name": "file", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RRIjgvJwJW9jZT+h6lhzrQ==": { "id": "RRIjgvJwJW9jZT+h6lhzrQ==", "name": "nodejs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RhNJQyxUHoA1z70UtgAC4Q==": { "id": "RhNJQyxUHoA1z70UtgAC4Q==", "name": "perl-File-stat", "version": "1.09-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RjsHhFfoWvmQBIu8lxYZjw==": { "id": "RjsHhFfoWvmQBIu8lxYZjw==", "name": "perl-SelectSaver", "version": "1.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Rx4ZYvIz7JT5wbghBsjOTA==": { "id": "Rx4ZYvIz7JT5wbghBsjOTA==", "name": "libsemanage", "version": "3.4-2.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SRyGVMCI95+oD0l3+3YStw==": { "id": "SRyGVMCI95+oD0l3+3YStw==", "name": "dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSnnOPGZCl33DlmR57wC7w==": { "id": "SSnnOPGZCl33DlmR57wC7w==", "name": "python3-dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SV9uo4F9Li9vAHBKYcAlZA==": { "id": "SV9uo4F9Li9vAHBKYcAlZA==", "name": "binutils", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TANtf1h6RhI5yVQQhHFTbg==": { "id": "TANtf1h6RhI5yVQQhHFTbg==", "name": "libstdc++-devel", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "THoW7icQ9Ts4hZAkh5A/WQ==": { "id": "THoW7icQ9Ts4hZAkh5A/WQ==", "name": "perl-if", "version": "0.60.800-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uui1iXuECCOB7NgLQMsJpg==": { "id": "Uui1iXuECCOB7NgLQMsJpg==", "name": "glibc-langpack-en", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UyCrdfN88WUEEECLCIw93w==": { "id": "UyCrdfN88WUEEECLCIw93w==", "name": "keyutils-libs", "version": "1.6.1-4.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VFldiAD+rTFuce+kutFUuA==": { "id": "VFldiAD+rTFuce+kutFUuA==", "name": "openssl", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKbklzwNVEem7m1iQRERDg==": { "id": "VKbklzwNVEem7m1iQRERDg==", "name": "stdlib", "version": "1.18.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.1.0.0.0.0.0.0", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W+js148eF9SSUbrTSIRvOQ==": { "id": "W+js148eF9SSUbrTSIRvOQ==", "name": "libcurl-devel", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WCNTEGU4JEqQUNwdkKkP0Q==": { "id": "WCNTEGU4JEqQUNwdkKkP0Q==", "name": "perl-interpreter", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WIBkwuKReD+vnev0WY88mA==": { "id": "WIBkwuKReD+vnev0WY88mA==", "name": "go-srpm-macros", "version": "3.0.9-9.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.0.9-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WXfnWfq5UvDl4B0hS+0enw==": { "id": "WXfnWfq5UvDl4B0hS+0enw==", "name": "elfutils-debuginfod-client", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WgTBt6b85L1bF7WXV5bQRA==": { "id": "WgTBt6b85L1bF7WXV5bQRA==", "name": "perl-File-Compare", "version": "1.100.600-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WuHt6bav9qTQn9+qCLLu3w==": { "id": "WuHt6bav9qTQn9+qCLLu3w==", "name": "python3-rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XD0JiZBKTweysL9d3sIzpw==": { "id": "XD0JiZBKTweysL9d3sIzpw==", "name": "perl-subs", "version": "1.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XPJI1FEhwhWF1vzFJI8S6g==": { "id": "XPJI1FEhwhWF1vzFJI8S6g==", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XVUHqTgxrtHVNbQOLA/oQA==": { "id": "XVUHqTgxrtHVNbQOLA/oQA==", "name": "librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XmQjRyagIacphhV3vVNJUg==": { "id": "XmQjRyagIacphhV3vVNJUg==", "name": "libuser", "version": "0.63-11.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Xs0UZDLX+3bz2vT+iSJz7Q==": { "id": "Xs0UZDLX+3bz2vT+iSJz7Q==", "name": "glib2", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y2WVn7YbALZNiKrMVF83bA==": { "id": "Y2WVn7YbALZNiKrMVF83bA==", "name": "bsdtar", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "YRfO+WACNVQDTEO1DaRoPw==": { "id": "YRfO+WACNVQDTEO1DaRoPw==", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZEh/5caJmj5WMgoK5/jyfw==": { "id": "ZEh/5caJmj5WMgoK5/jyfw==", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Znd6oNA8HDVHwd3abR/PEg==": { "id": "Znd6oNA8HDVHwd3abR/PEg==", "name": "libblkid-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "aW0vfCmvp3ku6dMkvaoZGw==": { "id": "aW0vfCmvp3ku6dMkvaoZGw==", "name": "perl-base", "version": "2.27-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ao0mLJHwgqEhua26lzg6gQ==": { "id": "ao0mLJHwgqEhua26lzg6gQ==", "name": "glibc-minimal-langpack", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "byfHs8LLvbAc+YzK8+QmXA==": { "id": "byfHs8LLvbAc+YzK8+QmXA==", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+W6x4Mcea6sasJQFpayfg==": { "id": "c+W6x4Mcea6sasJQFpayfg==", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c4cAHnbL6QvzxTWvSxwSUQ==": { "id": "c4cAHnbL6QvzxTWvSxwSUQ==", "name": "golang-bin", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c6MW06Rtj8J56gSpVtmC/w==": { "id": "c6MW06Rtj8J56gSpVtmC/w==", "name": "libselinux-devel", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cPPALpm8EZ1p7Fe1on0nPQ==": { "id": "cPPALpm8EZ1p7Fe1on0nPQ==", "name": "diffutils", "version": "3.7-12.el9", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "3.7-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "caF9WsICRhpk2jJBTv5OsQ==": { "id": "caF9WsICRhpk2jJBTv5OsQ==", "name": "perl-File-Basename", "version": "2.85-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "cj0M8yBzJA8j5tTGHOqDIw==": { "id": "cj0M8yBzJA8j5tTGHOqDIw==", "name": "perl-Fcntl", "version": "1.13-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ckYokpjDEx3hfGxpdtbM6A==": { "id": "ckYokpjDEx3hfGxpdtbM6A==", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "clGQ5Kq/RKZZziBln/4BLA==": { "id": "clGQ5Kq/RKZZziBln/4BLA==", "name": "perl-DynaLoader", "version": "1.47-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dnA+092RxSVxmYLtbm4n5w==": { "id": "dnA+092RxSVxmYLtbm4n5w==", "name": "libmount-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dt/eA+h8BqXPeZvbQ4xjlQ==": { "id": "dt/eA+h8BqXPeZvbQ4xjlQ==", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eJ5VkZHE2z3KyF5sFEKj8g==": { "id": "eJ5VkZHE2z3KyF5sFEKj8g==", "name": "cmake-filesystem", "version": "3.20.2-7.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eMk3cpR3xfyfnR/IUeON3Q==": { "id": "eMk3cpR3xfyfnR/IUeON3Q==", "name": "command-line-arguments", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "eUjbBBk9e6ukjdxq7Ysc5Q==": { "id": "eUjbBBk9e6ukjdxq7Ysc5Q==", "name": "krb5-libs", "version": "1.19.1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.19.1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eckWZv7IBjaLZNS/vZ1gWg==": { "id": "eckWZv7IBjaLZNS/vZ1gWg==", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ey7Cn3NmMZ6qorZvUccGqA==": { "id": "ey7Cn3NmMZ6qorZvUccGqA==", "name": "nodejs-libs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fTz/BbdjDg+PD+HvcMlQ3A==": { "id": "fTz/BbdjDg+PD+HvcMlQ3A==", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ffBZQco1wXO0fddcwHstSQ==": { "id": "ffBZQco1wXO0fddcwHstSQ==", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hGxLNL3q3tYYzz2uKfKB4A==": { "id": "hGxLNL3q3tYYzz2uKfKB4A==", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hHL/OokyETnopazrev0shg==": { "id": "hHL/OokyETnopazrev0shg==", "name": "lua-libs", "version": "5.4.4-2.el9_1", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hNv7ol5w6PGaZXktwlRWPg==": { "id": "hNv7ol5w6PGaZXktwlRWPg==", "name": "libblkid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hasHd85qN7fkJeIIqjjDow==": { "id": "hasHd85qN7fkJeIIqjjDow==", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hvKbzRSMjrg1f3y/PRzGwg==": { "id": "hvKbzRSMjrg1f3y/PRzGwg==", "name": "openssl-devel", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1yNGcAdCbK2SnebCgMUqQ==": { "id": "i1yNGcAdCbK2SnebCgMUqQ==", "name": "systemd-libs", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQnKl0+RxymKc9bhVdyuyQ==": { "id": "iQnKl0+RxymKc9bhVdyuyQ==", "name": "perl-B", "version": "1.80-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "j3oHbOmfE09xNAzoTXpcSg==": { "id": "j3oHbOmfE09xNAzoTXpcSg==", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jADxtb7PiatU9dihVhjp/Q==": { "id": "jADxtb7PiatU9dihVhjp/Q==", "name": "elfutils-libelf", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jSOT/FBECA7xUY+Zv/Ps+Q==": { "id": "jSOT/FBECA7xUY+Zv/Ps+Q==", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kMrprdB/TspYL2Dyt9hBfw==": { "id": "kMrprdB/TspYL2Dyt9hBfw==", "name": "libgomp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ki6pd/LsWsx2BY6b+Np6dQ==": { "id": "ki6pd/LsWsx2BY6b+Np6dQ==", "name": "cpp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kzHnWWgcRX/Do32aQ8TMBQ==": { "id": "kzHnWWgcRX/Do32aQ8TMBQ==", "name": "perl-Git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lxyER9sFQyH/cLua8fAlfw==": { "id": "lxyER9sFQyH/cLua8fAlfw==", "name": "perl-File-Find", "version": "1.37-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mRRefE/Wm2s5CZDmwUJ8jg==": { "id": "mRRefE/Wm2s5CZDmwUJ8jg==", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "me8N6gnEhOLccvD/431aCw==": { "id": "me8N6gnEhOLccvD/431aCw==", "name": "libgcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mqd6XOc7hJ7OKe7FI62YlA==": { "id": "mqd6XOc7hJ7OKe7FI62YlA==", "name": "python3-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ms1/Dytf/YQgRgubY3EyyQ==": { "id": "ms1/Dytf/YQgRgubY3EyyQ==", "name": "libsepol-devel", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "n2BikwI3Mg2dIr4kYK8New==": { "id": "n2BikwI3Mg2dIr4kYK8New==", "name": "pkgconf-m4", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nRx5HCyZ2M4L1LvJSclibw==": { "id": "nRx5HCyZ2M4L1LvJSclibw==", "name": "rsync", "version": "3.2.3-18.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "noZz3cbDBX3Q1ohSWIKe1g==": { "id": "noZz3cbDBX3Q1ohSWIKe1g==", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nwgNWiqPWTP9jQpHdB8CFA==": { "id": "nwgNWiqPWTP9jQpHdB8CFA==", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o3loazzxvm2hQ5N1QRaYvg==": { "id": "o3loazzxvm2hQ5N1QRaYvg==", "name": "glib2-devel", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oCbJhi6fmGrlKcF1SlNuYw==": { "id": "oCbJhi6fmGrlKcF1SlNuYw==", "name": "git-core", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oGWSEEsLb6ToIwJ1tUBkwg==": { "id": "oGWSEEsLb6ToIwJ1tUBkwg==", "name": "perl-File-Copy", "version": "2.34-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oWKtpTsx1ck3WozLlUNKbw==": { "id": "oWKtpTsx1ck3WozLlUNKbw==", "name": "yum", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9BcHmUiqsfiDX2HpNFM5g==": { "id": "p9BcHmUiqsfiDX2HpNFM5g==", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pNbpZqWYymW5Cm1QYLE4uQ==": { "id": "pNbpZqWYymW5Cm1QYLE4uQ==", "name": "device-mapper", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pdyD4GFauXtML8NxA7nURQ==": { "id": "pdyD4GFauXtML8NxA7nURQ==", "name": "python3-dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "peDze6790+ubKa/8hacS+w==": { "id": "peDze6790+ubKa/8hacS+w==", "name": "stdlib", "version": "1.18.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.9.0.0.0.0.0.0", "cpe": "" }, "pff1wMeg2U6ebqlGIkRlMg==": { "id": "pff1wMeg2U6ebqlGIkRlMg==", "name": "git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qIHoKDOcFEbVk0+xQvglbQ==": { "id": "qIHoKDOcFEbVk0+xQvglbQ==", "name": "openssl-libs", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qTTyL80F/2JUAy85WSpobg==": { "id": "qTTyL80F/2JUAy85WSpobg==", "name": "coreutils-single", "version": "8.32-32.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-32.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qijykJ/WFTcI/fd8/RsFmg==": { "id": "qijykJ/WFTcI/fd8/RsFmg==", "name": "ubi9", "version": "9.1.0-1782", "kind": "binary", "source": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rTAf2eiAGJSR1vI+tk12zg==": { "id": "rTAf2eiAGJSR1vI+tk12zg==", "name": "libuuid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rkUaC636uKZYge61PN1dew==": { "id": "rkUaC636uKZYge61PN1dew==", "name": "perl-POSIX", "version": "1.94-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ryPyL0/oZK1jJ8umBZkZBA==": { "id": "ryPyL0/oZK1jJ8umBZkZBA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szNvvFbgC3+nu7+FkWHQxA==": { "id": "szNvvFbgC3+nu7+FkWHQxA==", "name": "perl-overload", "version": "1.31-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "t51FYLdtFZpGFe/8JMUaTQ==": { "id": "t51FYLdtFZpGFe/8JMUaTQ==", "name": "rhel9/go-toolset", "version": "1.18.9-14", "kind": "binary", "source": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "tsX00aIcJlVDdnN8EABj3g==": { "id": "tsX00aIcJlVDdnN8EABj3g==", "name": "perl-Getopt-Std", "version": "1.12-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u+N5u943P15onszlgf+ujA==": { "id": "u+N5u943P15onszlgf+ujA==", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u95OKK2MhRQlEYI4tmvSVQ==": { "id": "u95OKK2MhRQlEYI4tmvSVQ==", "name": "util-linux-core", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uOrv4V08LjQ381I5J7cGpw==": { "id": "uOrv4V08LjQ381I5J7cGpw==", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uWyEe6UPxO05NNzNabxBgA==": { "id": "uWyEe6UPxO05NNzNabxBgA==", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uXpj8krYkomg5XDZ83F2kg==": { "id": "uXpj8krYkomg5XDZ83F2kg==", "name": "perl-libs", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVZXXrZNgHNmTJM7knKqAQ==": { "id": "vVZXXrZNgHNmTJM7knKqAQ==", "name": "libfdisk", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vaBZgtoGX6VZtIwrD9w+EQ==": { "id": "vaBZgtoGX6VZtIwrD9w+EQ==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wXu3MDegq/TfLSbBy6aoBQ==": { "id": "wXu3MDegq/TfLSbBy6aoBQ==", "name": "gcc-c++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wsc0mBnyNwrXYdpo0V+0aw==": { "id": "wsc0mBnyNwrXYdpo0V+0aw==", "name": "perl-FileHandle", "version": "2.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wusWpHXirQF8KfxliQcLkQ==": { "id": "wusWpHXirQF8KfxliQcLkQ==", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xC2PhiBOHiQbniVjaMltjw==": { "id": "xC2PhiBOHiQbniVjaMltjw==", "name": "libpkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xSR/sMJIXbuFPYhZS2ZN2Q==": { "id": "xSR/sMJIXbuFPYhZS2ZN2Q==", "name": "gcc-plugin-annobin", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yLdg/zIMr1LMvkW9tAZlGw==": { "id": "yLdg/zIMr1LMvkW9tAZlGw==", "name": "rpm-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yRjjypPMZa7QJg+DLoMumw==": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "yXx0rhfj7kyXaTrxOLQSfA==": { "id": "yXx0rhfj7kyXaTrxOLQSfA==", "name": "libsmartcols", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "z/d/zUXK6aF2L4H7dfeSZw==": { "id": "z/d/zUXK6aF2L4H7dfeSZw==", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zPYyryKVwACz98/WbfSW6w==": { "id": "zPYyryKVwACz98/WbfSW6w==", "name": "rpm-sign-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zpqzIc9TY4hiXJG024jdBQ==": { "id": "zpqzIc9TY4hiXJG024jdBQ==", "name": "golang-src", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "8fc41c58-ca99-44e8-aaa9-d109e69a3947": { "id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "07c6d587-db01-4d19-be02-418729be5c28": { "id": "07c6d587-db01-4d19-be02-418729be5c28", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "0fde6250-ea54-42c3-b274-3048eef68be6": { "id": "0fde6250-ea54-42c3-b274-3048eef68be6", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "1d931aee-6c61-4c5f-91e2-953875606e17": { "id": "1d931aee-6c61-4c5f-91e2-953875606e17", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "298154c8-d2ff-45e3-a866-bb704a567c6c": { "id": "298154c8-d2ff-45e3-a866-bb704a567c6c", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "4c17d9c6-a2f9-4605-a2c4-004edd8c2157": { "id": "4c17d9c6-a2f9-4605-a2c4-004edd8c2157", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "a84507cf-d767-4aac-8348-67a0b1572854": { "id": "a84507cf-d767-4aac-8348-67a0b1572854", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "a907f616-75e6-48b9-a430-28a9226f4f5f": { "id": "a907f616-75e6-48b9-a430-28a9226f4f5f", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "daeb1305-fb8b-45e6-9438-1fd3cd207364": { "id": "daeb1305-fb8b-45e6-9438-1fd3cd207364", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "e7b64797-1e71-4d2b-aaa4-b134707fecc6": { "id": "e7b64797-1e71-4d2b-aaa4-b134707fecc6", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4": { "id": "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "++K+RsmgWfVk2mj1+hzWKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+8O7w8gnK983LoZMdgIWhQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+LQ46YAn9giMKDZRMCUpfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+jCn1wujuDa5B1uNvCdVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/FMjm+UzO0PTaS3Td0lhkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "/dbWc/LExxt1O7duWFf9og==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/t0e+LuglIbDcO/k67Hr2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "/th8aUKrkgR3Sw9KSBM+CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "0N0D43vK8KV4kQOq2LQn7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "0QIby1L00NbGeIw8oxRQWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "0wIoN0pFyBSc9eVtRdIOWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "13i0QoQ6Q4yBI5RUf20lXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "2REYKadw7TKFiuC+OnoHmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3688bXyK/nwHthXLLVH24g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3DTA/XNFCCDFf6sfX96bGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3RQKCmep11B4hkfn96QJTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "3iIPR0bjuCPQ2+48pSdeHg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4Aph2Qer6+KdCecFsU0TXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "4DM2GB9KLL7/xWypPdz7vA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4ImdKzJ7uZoaviIayzuoUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "5NZNFErDrBiBoorV+igTjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5uy1J7qi/MafOdYJgaQeGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "68hxwX7t9VVTsdLs/0iJBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "695zXUDPsaaAbh1PGloHag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6VAQWTpZhN9PW7YCmVhxsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6f28+Af9kIn0OSp9f9j14Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "7JHS+mBQfJeJoy73lvm4lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7Lf3UXydabzw8g7HGZER+w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "84WodsWNE9m9GIrBiKl02g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Gh2hioTt5BFisg9eNKeEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8I3zEJ4sFSgk47ZaRLgtDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Ky53YwzOPM2pkEIVuuuBg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8tmJEWGia0UWhhPJb3EyAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "9AmKs/wDQFsVMVHWnqbu+g==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "9Fy0bRr3ZMu3q8UNrhlOSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "9WzsXAqqRoLidXM4HaB8/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "9hWn3VgLVkzmMJln7S0UCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "9sAM/NqMLlsG3N88/yD1Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ARxZCHzD7KB2Pu4aHl7POw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AZwLZmqkel2BzSMgQsIVGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "AdRs6lk9yzTM3HvjeEThKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "BX+oelClu2v6UOl6tluOEQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "C3QbGupU53FFTX0pkfNLrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "CjFzfz4zBZj7fcwIrVHCRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "CpC5etTxiNuDvBGQesJNDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Ct/46Ed7Asmqt98kLc0FLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "D/XNnExpupd1bO9ZIJIE9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "D0GGDit/UxegO+/A5R03SA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "DGqCqs+yrHvXs9qsPgn58g==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:3161d5266a57069ab3c35244925c1e1f9a01a91427008eb5de6bae1f091900a4", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "E7ikPxWehuEw+6yIZODYlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "EgjLGZKjPtqIaFVLlFAAPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "EuqqL3yIFMd5VRAfuufJgg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "GVmxmNcJqT3ovg+RwjJg1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "GXm2fCeoaq1FqYmMTmMmhQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "H+zLNGeS4JMpmfP42mEhnA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IN2DA8X4LYRmUb07gLqapg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "J0HrVYoM3raELvTfJ82QMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "JHQdC8JdSGipvO0sCig0cQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JrBk+FMgyv4RrG6esVBCIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "L4diUjusARli24fy/u9lAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LD9yEwGtdZJl2S96EO58PQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LR+S3JloJQ5YEViBpmcLkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Lm5zHfIH4SjtxMBhECD0OQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MJmw8vClC4VAn/J4MfhK2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "N4dB55YYjGYeXRj+vLBatg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "O2SZ5NZewmkamADtmBGMpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OLwWa8SuQNJHUBFuTxkKKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "PHkBez1UE90U9LJepncOKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Q+exKQZH61PI/8YfpN472w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "QcnepR4WKBdAhWdMUPrAWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "RhNJQyxUHoA1z70UtgAC4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RjsHhFfoWvmQBIu8lxYZjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Rx4ZYvIz7JT5wbghBsjOTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SRyGVMCI95+oD0l3+3YStw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SSnnOPGZCl33DlmR57wC7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SV9uo4F9Li9vAHBKYcAlZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "TANtf1h6RhI5yVQQhHFTbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Uui1iXuECCOB7NgLQMsJpg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "UyCrdfN88WUEEECLCIw93w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "VFldiAD+rTFuce+kutFUuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VKbklzwNVEem7m1iQRERDg==": [ { "package_db": "go:usr/bin/dlv", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "W+js148eF9SSUbrTSIRvOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WIBkwuKReD+vnev0WY88mA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WXfnWfq5UvDl4B0hS+0enw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WgTBt6b85L1bF7WXV5bQRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WuHt6bav9qTQn9+qCLLu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XD0JiZBKTweysL9d3sIzpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XPJI1FEhwhWF1vzFJI8S6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XVUHqTgxrtHVNbQOLA/oQA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XmQjRyagIacphhV3vVNJUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Y2WVn7YbALZNiKrMVF83bA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "YRfO+WACNVQDTEO1DaRoPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ZEh/5caJmj5WMgoK5/jyfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Znd6oNA8HDVHwd3abR/PEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "aW0vfCmvp3ku6dMkvaoZGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ao0mLJHwgqEhua26lzg6gQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "byfHs8LLvbAc+YzK8+QmXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "c+W6x4Mcea6sasJQFpayfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "c6MW06Rtj8J56gSpVtmC/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cPPALpm8EZ1p7Fe1on0nPQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "caF9WsICRhpk2jJBTv5OsQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cj0M8yBzJA8j5tTGHOqDIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ckYokpjDEx3hfGxpdtbM6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "clGQ5Kq/RKZZziBln/4BLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dnA+092RxSVxmYLtbm4n5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "eMk3cpR3xfyfnR/IUeON3Q==": [ { "package_db": "go:usr/lib/golang/pkg/tool/linux_amd64/vet", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "eckWZv7IBjaLZNS/vZ1gWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "ey7Cn3NmMZ6qorZvUccGqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "ffBZQco1wXO0fddcwHstSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hGxLNL3q3tYYzz2uKfKB4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hHL/OokyETnopazrev0shg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hNv7ol5w6PGaZXktwlRWPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hasHd85qN7fkJeIIqjjDow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hvKbzRSMjrg1f3y/PRzGwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "i1yNGcAdCbK2SnebCgMUqQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iQnKl0+RxymKc9bhVdyuyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "j3oHbOmfE09xNAzoTXpcSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jADxtb7PiatU9dihVhjp/Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kMrprdB/TspYL2Dyt9hBfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "lxyER9sFQyH/cLua8fAlfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "me8N6gnEhOLccvD/431aCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mqd6XOc7hJ7OKe7FI62YlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ms1/Dytf/YQgRgubY3EyyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "n2BikwI3Mg2dIr4kYK8New==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nRx5HCyZ2M4L1LvJSclibw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "noZz3cbDBX3Q1ohSWIKe1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nwgNWiqPWTP9jQpHdB8CFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "o3loazzxvm2hQ5N1QRaYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oCbJhi6fmGrlKcF1SlNuYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "oWKtpTsx1ck3WozLlUNKbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "p9BcHmUiqsfiDX2HpNFM5g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pNbpZqWYymW5Cm1QYLE4uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pdyD4GFauXtML8NxA7nURQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "peDze6790+ubKa/8hacS+w==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:3161d5266a57069ab3c35244925c1e1f9a01a91427008eb5de6bae1f091900a4", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "pff1wMeg2U6ebqlGIkRlMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "qIHoKDOcFEbVk0+xQvglbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qTTyL80F/2JUAy85WSpobg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qijykJ/WFTcI/fd8/RsFmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rTAf2eiAGJSR1vI+tk12zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rkUaC636uKZYge61PN1dew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ryPyL0/oZK1jJ8umBZkZBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "szNvvFbgC3+nu7+FkWHQxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "t51FYLdtFZpGFe/8JMUaTQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "tsX00aIcJlVDdnN8EABj3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "u+N5u943P15onszlgf+ujA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "u95OKK2MhRQlEYI4tmvSVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "uOrv4V08LjQ381I5J7cGpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uWyEe6UPxO05NNzNabxBgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uXpj8krYkomg5XDZ83F2kg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vVZXXrZNgHNmTJM7knKqAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "wXu3MDegq/TfLSbBy6aoBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wsc0mBnyNwrXYdpo0V+0aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wusWpHXirQF8KfxliQcLkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xC2PhiBOHiQbniVjaMltjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "yLdg/zIMr1LMvkW9tAZlGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "yRjjypPMZa7QJg+DLoMumw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "yXx0rhfj7kyXaTrxOLQSfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "z/d/zUXK6aF2L4H7dfeSZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "zPYyryKVwACz98/WbfSW6w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "zpqzIc9TY4hiXJG024jdBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ] }, "vulnerabilities": { "++J1c+9mFiyHFShlJEQFeA==": { "id": "++J1c+9mFiyHFShlJEQFeA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "+0Id+AHw3V8pYW+ywWnP+g==": { "id": "+0Id+AHw3V8pYW+ywWnP+g==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "+0pi5+jw8FdwHp5pZIVTBg==": { "id": "+0pi5+jw8FdwHp5pZIVTBg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "+1zjTJXhgIQ5uwrI0Po3UA==": { "id": "+1zjTJXhgIQ5uwrI0Po3UA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "+63s7h05SP1xmH1EyLoL/Q==": { "id": "+63s7h05SP1xmH1EyLoL/Q==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "+DDOZxWQYsdNCtZZs4LB2w==": { "id": "+DDOZxWQYsdNCtZZs4LB2w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "+Hel9A1WiSK+ZclItesXnQ==": { "id": "+Hel9A1WiSK+ZclItesXnQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+Q1v3N9+IP1xQOJnmQWDyQ==": { "id": "+Q1v3N9+IP1xQOJnmQWDyQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "+Q9jA+OXah1xDhJvsj+1OQ==": { "id": "+Q9jA+OXah1xDhJvsj+1OQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+SOMbfLFiy8gAeP6YTZQLA==": { "id": "+SOMbfLFiy8gAeP6YTZQLA==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "+WB02bbxvRVZgJj5gYjJ7w==": { "id": "+WB02bbxvRVZgJj5gYjJ7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "+YVz742I3o3v3ix+O1wb3g==": { "id": "+YVz742I3o3v3ix+O1wb3g==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "+YsItiFwLsY/quEIP17M6A==": { "id": "+YsItiFwLsY/quEIP17M6A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+do0gu6vrF3ZT5my5V6+CQ==": { "id": "+do0gu6vrF3ZT5my5V6+CQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "+dqw6lT9TwTTzMp6O2vf1w==": { "id": "+dqw6lT9TwTTzMp6O2vf1w==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hNDIOxLd94c7zDMEtwHAQ==": { "id": "+hNDIOxLd94c7zDMEtwHAQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+ieGB56AL1fLbXEZaHIRig==": { "id": "+ieGB56AL1fLbXEZaHIRig==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+pLPiYWkQ9M+8Zi7lKlOZA==": { "id": "+pLPiYWkQ9M+8Zi7lKlOZA==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "+pWnGgJUL0jrC1yhwq+kNw==": { "id": "+pWnGgJUL0jrC1yhwq+kNw==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "+rCn8yfwQj/rMH9c7+J0ww==": { "id": "+rCn8yfwQj/rMH9c7+J0ww==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "+xzMjgQ/BhN1jTBlVwQfIA==": { "id": "+xzMjgQ/BhN1jTBlVwQfIA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+0dqY3HS0Vwp8Izm3R04Q==": { "id": "/+0dqY3HS0Vwp8Izm3R04Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+enDTB16pRyR8XOMcf3ug==": { "id": "/+enDTB16pRyR8XOMcf3ug==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/+t6edjy50ibBAIw8q+CWg==": { "id": "/+t6edjy50ibBAIw8q+CWg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "//2gjbgNV4aF0qefir+7Ng==": { "id": "//2gjbgNV4aF0qefir+7Ng==", "updater": "osv/go", "name": "GO-2024-2963", "description": "Denial of service due to improper 100-continue handling in net/http", "issued": "2024-07-02T20:11:00Z", "links": "https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.12" }, "//NR3gdAYSoDJ/e4qJeTJg==": { "id": "//NR3gdAYSoDJ/e4qJeTJg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:22005", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-12.el9_7", "arch_op": "pattern match" }, "/0WOR5Jn6BKoC/9+5dlz1Q==": { "id": "/0WOR5Jn6BKoC/9+5dlz1Q==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "/E8Khm0ZXy1gRiDom4c+aw==": { "id": "/E8Khm0ZXy1gRiDom4c+aw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/EvgSih2YVXl7ohENLMJIQ==": { "id": "/EvgSih2YVXl7ohENLMJIQ==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "/F62/Gd7cIE4aLRbxVnfCA==": { "id": "/F62/Gd7cIE4aLRbxVnfCA==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "/G3xQo8kmNMyu7hycZYF/A==": { "id": "/G3xQo8kmNMyu7hycZYF/A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/HT2WOXIuvVNrzT1Wp3ntw==": { "id": "/HT2WOXIuvVNrzT1Wp3ntw==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "/KRhrFyFO2WBBj1/Wnbnrg==": { "id": "/KRhrFyFO2WBBj1/Wnbnrg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/MgFHW097IAGIZkNc/Fltw==": { "id": "/MgFHW097IAGIZkNc/Fltw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/SEhubz8W4ZKbKg2+yh86Q==": { "id": "/SEhubz8W4ZKbKg2+yh86Q==", "updater": "rhel-vex", "name": "CVE-2022-30635", "description": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://www.cve.org/CVERecord?id=CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30635.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/U86DUGeHRSAL0GvmlifyA==": { "id": "/U86DUGeHRSAL0GvmlifyA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "/U8Jx7SKI9t4H3q4Xm/KEQ==": { "id": "/U8Jx7SKI9t4H3q4Xm/KEQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "/WghVlKV6eiRYf2iGmk9sQ==": { "id": "/WghVlKV6eiRYf2iGmk9sQ==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/YIHlhDwc0XvwYDDbGEIMg==": { "id": "/YIHlhDwc0XvwYDDbGEIMg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/bIhvJWw2AYMGyJtBaoH6A==": { "id": "/bIhvJWw2AYMGyJtBaoH6A==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/eIvRWSFFmU3q3Ki3j/gKA==": { "id": "/eIvRWSFFmU3q3Ki3j/gKA==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "/kFHc0+JKhJmQT3bM6TpTQ==": { "id": "/kFHc0+JKhJmQT3bM6TpTQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "/l+w9tCELORzNXZA4/qNsw==": { "id": "/l+w9tCELORzNXZA4/qNsw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/m4KubgMsY+Uf3GqqbY5Og==": { "id": "/m4KubgMsY+Uf3GqqbY5Og==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "/pWkiqt8QgDCUksSSa24UQ==": { "id": "/pWkiqt8QgDCUksSSa24UQ==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/rVEaWl0l9u8biVEKbZTFg==": { "id": "/rVEaWl0l9u8biVEKbZTFg==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "00MQS+g+VNjKvRbuFWsWbQ==": { "id": "00MQS+g+VNjKvRbuFWsWbQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "03F5BM6+dlM9pg6rJMb2UA==": { "id": "03F5BM6+dlM9pg6rJMb2UA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "06GjiUkv66Ek9Iq8u3SFSA==": { "id": "06GjiUkv66Ek9Iq8u3SFSA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "081ZZUa7+goThe2JzRBcxw==": { "id": "081ZZUa7+goThe2JzRBcxw==", "updater": "osv/go", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "issued": "2023-03-08T19:30:53Z", "links": "https://go.dev/issue/58647 https://go.dev/cl/471255 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.7" }, "09S7nCU8PMWz5tWquOFCaQ==": { "id": "09S7nCU8PMWz5tWquOFCaQ==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0DSgRHOq1OLwMX3biKMcbA==": { "id": "0DSgRHOq1OLwMX3biKMcbA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "0DVnsi7oVeiCakd5LIvqig==": { "id": "0DVnsi7oVeiCakd5LIvqig==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "0E3jDwz9OiQ7ty2SI9zDYQ==": { "id": "0E3jDwz9OiQ7ty2SI9zDYQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0EBjG0eDRuUxNmTKolYVYQ==": { "id": "0EBjG0eDRuUxNmTKolYVYQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "0EZfEnxlowgJ1Et69rh7Fg==": { "id": "0EZfEnxlowgJ1Et69rh7Fg==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "0Gq5wAUiCXaH50wxZYx9MQ==": { "id": "0Gq5wAUiCXaH50wxZYx9MQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "0ISEnYRRDkbJFXBP9XvdpA==": { "id": "0ISEnYRRDkbJFXBP9XvdpA==", "updater": "rhel-vex", "name": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "issued": "2025-10-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://www.cve.org/CVERecord?id=CVE-2025-11731 https://nvd.nist.gov/vuln/detail/CVE-2025-11731 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11731.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0KjhdYYIURWUfsbpzAdnPQ==": { "id": "0KjhdYYIURWUfsbpzAdnPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "0LMSjLLjEqlpe4LAE1rWJA==": { "id": "0LMSjLLjEqlpe4LAE1rWJA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0LvlxzvH25js4ffWzvLRTQ==": { "id": "0LvlxzvH25js4ffWzvLRTQ==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0MBdby0uigxg//rv2xd7SQ==": { "id": "0MBdby0uigxg//rv2xd7SQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "0MVVcjDKfdLbs80csEfrOw==": { "id": "0MVVcjDKfdLbs80csEfrOw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "0O2I0zrYDyiCiU68WyBLvw==": { "id": "0O2I0zrYDyiCiU68WyBLvw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "0P/5eKFuPPXM3bHgeAHWxw==": { "id": "0P/5eKFuPPXM3bHgeAHWxw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0PMktbRk+B4fdwvvP1VWUg==": { "id": "0PMktbRk+B4fdwvvP1VWUg==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "0QqnWQey4QRkB1tBadW1jg==": { "id": "0QqnWQey4QRkB1tBadW1jg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0RLigWktH24pjgFtIwRH2A==": { "id": "0RLigWktH24pjgFtIwRH2A==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0TUqdQNGOvjHNFjkDen1Sg==": { "id": "0TUqdQNGOvjHNFjkDen1Sg==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "0Tr3QMpqaFB6S//rbJ/Onw==": { "id": "0Tr3QMpqaFB6S//rbJ/Onw==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "0U0p6zwok5l6rbIxjBRN7w==": { "id": "0U0p6zwok5l6rbIxjBRN7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "0UWL07sxLog3CGNaaYYQxQ==": { "id": "0UWL07sxLog3CGNaaYYQxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0UxirvKJMj5gY8fbrSf6sA==": { "id": "0UxirvKJMj5gY8fbrSf6sA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.1.el9_6", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZGrJGNNqDLH/sZXsRkfvA==": { "id": "0ZGrJGNNqDLH/sZXsRkfvA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0ZQtBpkFjRCvM3RNGGREDQ==": { "id": "0ZQtBpkFjRCvM3RNGGREDQ==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0ZniYEExf5hn6bWx9CxbmA==": { "id": "0ZniYEExf5hn6bWx9CxbmA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "0ahYjiLWT0VE+MRcEm8yAQ==": { "id": "0ahYjiLWT0VE+MRcEm8yAQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0bsVwLbC3DjqoPdFlpHGrA==": { "id": "0bsVwLbC3DjqoPdFlpHGrA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0gEzVf04N4WWI36MnLXr1w==": { "id": "0gEzVf04N4WWI36MnLXr1w==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0hxAfeI84l0pzeedcqmGpQ==": { "id": "0hxAfeI84l0pzeedcqmGpQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.1.el9_6", "arch_op": "pattern match" }, "0kDaqIpbO93XpnbaK6KFUg==": { "id": "0kDaqIpbO93XpnbaK6KFUg==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "0nQVynV3NMmwash6dBc+8Q==": { "id": "0nQVynV3NMmwash6dBc+8Q==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "0tfYnYhAiMREOXyqf/1Urw==": { "id": "0tfYnYhAiMREOXyqf/1Urw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0w7yDxNwDisUMkIdlkUTZw==": { "id": "0w7yDxNwDisUMkIdlkUTZw==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "0wSMVHwI5T4EgYqkub8RhA==": { "id": "0wSMVHwI5T4EgYqkub8RhA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "0wh4c9Z6sNxM5NAXtzaMNg==": { "id": "0wh4c9Z6sNxM5NAXtzaMNg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "1/PWApRfYh/rLEOR0JZLsw==": { "id": "1/PWApRfYh/rLEOR0JZLsw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1/xm1gDhSpcAv1vbsLnNhA==": { "id": "1/xm1gDhSpcAv1vbsLnNhA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "10T7L0U8GuP9Qhz3unCqvw==": { "id": "10T7L0U8GuP9Qhz3unCqvw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "12PmpsYpKqbguwokcjBXqw==": { "id": "12PmpsYpKqbguwokcjBXqw==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "1378JmiuKDjVj7PZAMUvLg==": { "id": "1378JmiuKDjVj7PZAMUvLg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "13Dkon5caDMIMuKn79Qskg==": { "id": "13Dkon5caDMIMuKn79Qskg==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "13fIhbDHRYF0KXmxmJIfiA==": { "id": "13fIhbDHRYF0KXmxmJIfiA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14Etv/7765FAI8QbzsokBQ==": { "id": "14Etv/7765FAI8QbzsokBQ==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "15uVNLTcXPHEO0XVoOOwZw==": { "id": "15uVNLTcXPHEO0XVoOOwZw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1BGBx+ICmx9ndSR1J6c9Rw==": { "id": "1BGBx+ICmx9ndSR1J6c9Rw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1CDGyH/KaS7DctjOTuk4Gg==": { "id": "1CDGyH/KaS7DctjOTuk4Gg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ICypZP/7UrDVdoDevopUA==": { "id": "1ICypZP/7UrDVdoDevopUA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "1Iwd54Uz+8MDWoeCI9f7Iw==": { "id": "1Iwd54Uz+8MDWoeCI9f7Iw==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "1KxLqY5vPHnDfUxdviejiw==": { "id": "1KxLqY5vPHnDfUxdviejiw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1LTKa378StuY8O3o3G26jw==": { "id": "1LTKa378StuY8O3o3G26jw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1NnjgULlQBpIVsNocYb9uw==": { "id": "1NnjgULlQBpIVsNocYb9uw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "1PYvw1fdwe6hM2UBdw4Itw==": { "id": "1PYvw1fdwe6hM2UBdw4Itw==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "1QQmDcMkRqvOte/bR8QEuQ==": { "id": "1QQmDcMkRqvOte/bR8QEuQ==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "1SDdOQM609JpOnF4Vx/qwQ==": { "id": "1SDdOQM609JpOnF4Vx/qwQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "1VKGbptJGVhPmMaic8aidg==": { "id": "1VKGbptJGVhPmMaic8aidg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1XBQq3flp6UCNWfTuRjE6g==": { "id": "1XBQq3flp6UCNWfTuRjE6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1XwPa50Si6EKs+Oms8SLUA==": { "id": "1XwPa50Si6EKs+Oms8SLUA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "1aPjlkabj3eUY8WGb+gz+g==": { "id": "1aPjlkabj3eUY8WGb+gz+g==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "1eXmoeT5Qd9M0GiSJ3z2mg==": { "id": "1eXmoeT5Qd9M0GiSJ3z2mg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1nX4t0Z3G1H45fqJox3f4Q==": { "id": "1nX4t0Z3G1H45fqJox3f4Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "1oKL9ZSv1M4CmxUhNFjpmg==": { "id": "1oKL9ZSv1M4CmxUhNFjpmg==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "1q7YjyB3mR25zvqxJ6Zk3w==": { "id": "1q7YjyB3mR25zvqxJ6Zk3w==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "1qsA4RvCYZB2uDwgIo8TuQ==": { "id": "1qsA4RvCYZB2uDwgIo8TuQ==", "updater": "osv/go", "name": "GO-2024-3106", "description": "Stack exhaustion in Decoder.Decode in encoding/gob", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "1sD6TJmtoMKm89Mo2ka5lA==": { "id": "1sD6TJmtoMKm89Mo2ka5lA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1xdBxKyIRMGUr99Qk2jvHw==": { "id": "1xdBxKyIRMGUr99Qk2jvHw==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ylYMOLaPUA6xIkqwKBb9w==": { "id": "1ylYMOLaPUA6xIkqwKBb9w==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "2/I3PyWTnfJdMedKAemp8Q==": { "id": "2/I3PyWTnfJdMedKAemp8Q==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2432H9ZBrMWDJ7HhyQT63A==": { "id": "2432H9ZBrMWDJ7HhyQT63A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "24Paca4PaySz9eM+VJu4ew==": { "id": "24Paca4PaySz9eM+VJu4ew==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "24Ysg4Ma/AJz8Z93D2PzNQ==": { "id": "24Ysg4Ma/AJz8Z93D2PzNQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "26JRymquUeoxtDSKcKSDSg==": { "id": "26JRymquUeoxtDSKcKSDSg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "29Fo/GOP7MILPepOrnMgjA==": { "id": "29Fo/GOP7MILPepOrnMgjA==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "29JfppZedoclZHW2coehcQ==": { "id": "29JfppZedoclZHW2coehcQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2A2BjgErU1GldRQi2g+XQg==": { "id": "2A2BjgErU1GldRQi2g+XQg==", "updater": "rhel-vex", "name": "CVE-2022-45939", "description": "A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.", "issued": "2022-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzilla.redhat.com/show_bug.cgi?id=2149380 https://www.cve.org/CVERecord?id=CVE-2022-45939 https://nvd.nist.gov/vuln/detail/CVE-2022-45939 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-45939.json https://access.redhat.com/errata/RHSA-2023:2366", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9", "arch_op": "pattern match" }, "2DPl1NLEsHotw7kYOPR/8A==": { "id": "2DPl1NLEsHotw7kYOPR/8A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2GOqqUt4mwKng/FA0FV67w==": { "id": "2GOqqUt4mwKng/FA0FV67w==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2IUiS8eDJ2evZHzBkLGqPw==": { "id": "2IUiS8eDJ2evZHzBkLGqPw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "2M5CwoqtCrF9ix+6ghISOg==": { "id": "2M5CwoqtCrF9ix+6ghISOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "2QjZksAOTEJVwk59l2QYOQ==": { "id": "2QjZksAOTEJVwk59l2QYOQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2SApI7oHpcm9Z48+2Hj11w==": { "id": "2SApI7oHpcm9Z48+2Hj11w==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UhjmcPUkGmILpYJPZEiNQ==": { "id": "2UhjmcPUkGmILpYJPZEiNQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2VowcBblBj36IfwmFRwcwg==": { "id": "2VowcBblBj36IfwmFRwcwg==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "2Z/NA7sGgadio/qisfiC3Q==": { "id": "2Z/NA7sGgadio/qisfiC3Q==", "updater": "rhel-vex", "name": "CVE-2022-48339", "description": "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzilla.redhat.com/show_bug.cgi?id=2171989 https://www.cve.org/CVERecord?id=CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48339.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "2bOVXniSdlE0fZB1iot4yQ==": { "id": "2bOVXniSdlE0fZB1iot4yQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2eKcZq74WOmYmPDTZ8L+Jg==": { "id": "2eKcZq74WOmYmPDTZ8L+Jg==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "2j4vw/Ef1McLxa/C6FEQvA==": { "id": "2j4vw/Ef1McLxa/C6FEQvA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "2k/PqFfUaKNy33VkAbVD6g==": { "id": "2k/PqFfUaKNy33VkAbVD6g==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2n2n++65Q4X6kZeNZUZXMw==": { "id": "2n2n++65Q4X6kZeNZUZXMw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "2oTX17kDUCTK4lHB98r0SQ==": { "id": "2oTX17kDUCTK4lHB98r0SQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.1.el9_6", "arch_op": "pattern match" }, "2pofu/QdlV4xoXosgfKRNw==": { "id": "2pofu/QdlV4xoXosgfKRNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2t1KBK7sA8rKgVHavF6SZA==": { "id": "2t1KBK7sA8rKgVHavF6SZA==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "2tFr9TQJkcgsTrNAQX0kdw==": { "id": "2tFr9TQJkcgsTrNAQX0kdw==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "2vdCDySzHer9qKv7EOUGqQ==": { "id": "2vdCDySzHer9qKv7EOUGqQ==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "2vidY7qxU0KDMpAzTaXQCw==": { "id": "2vidY7qxU0KDMpAzTaXQCw==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2vr/twKdnITJOKu9ARCAXQ==": { "id": "2vr/twKdnITJOKu9ARCAXQ==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "2wnmmIxGcmTTQ7kdV4Q55Q==": { "id": "2wnmmIxGcmTTQ7kdV4Q55Q==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "2y2LXrQ+Jdr+fioSazFF4w==": { "id": "2y2LXrQ+Jdr+fioSazFF4w==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "31zk833ZdfHhkO9sg82MSw==": { "id": "31zk833ZdfHhkO9sg82MSw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "32PT0J5usgv3laBJ37g1fA==": { "id": "32PT0J5usgv3laBJ37g1fA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "34lrKmSrRttv8Ef8QZo+Cw==": { "id": "34lrKmSrRttv8Ef8QZo+Cw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "39KBEdrZX0FwGoQxYgkupQ==": { "id": "39KBEdrZX0FwGoQxYgkupQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "3A+d+ITPUBtAGX1jTlLhKg==": { "id": "3A+d+ITPUBtAGX1jTlLhKg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3BY1OD4rYtX6LEFO6X+/Yw==": { "id": "3BY1OD4rYtX6LEFO6X+/Yw==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3CUrg7YVjtx0L5aX+iMRxA==": { "id": "3CUrg7YVjtx0L5aX+iMRxA==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "3D/COcmVFbxgINNliqKHgw==": { "id": "3D/COcmVFbxgINNliqKHgw==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "3E/EPC1OcoKQToPb+efdaQ==": { "id": "3E/EPC1OcoKQToPb+efdaQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "3E5wmOETiTx03Y24iDJEUg==": { "id": "3E5wmOETiTx03Y24iDJEUg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3FdyvSRS+ECfT74KYiCcLA==": { "id": "3FdyvSRS+ECfT74KYiCcLA==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4R28kD2w0Acw7XQvAZ3Q==": { "id": "3O4R28kD2w0Acw7XQvAZ3Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "3S91ZYwiienVlUnFeIzkRw==": { "id": "3S91ZYwiienVlUnFeIzkRw==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "3SaNoRivMP21uU5flMCqrg==": { "id": "3SaNoRivMP21uU5flMCqrg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3a2lYBlaR2GDen/lmTlCyg==": { "id": "3a2lYBlaR2GDen/lmTlCyg==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "3cVM/UH6o+8G2FMQ1Gl/Ww==": { "id": "3cVM/UH6o+8G2FMQ1Gl/Ww==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "3f5N5l71YgnMV/U9whrIuA==": { "id": "3f5N5l71YgnMV/U9whrIuA==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "3hB+Mhm9+7AXsO3nGoz+Pg==": { "id": "3hB+Mhm9+7AXsO3nGoz+Pg==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3k2lNJd2kR3VB6gGhj547g==": { "id": "3k2lNJd2kR3VB6gGhj547g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3wP/Eggf7Bu35MpzNr1Fog==": { "id": "3wP/Eggf7Bu35MpzNr1Fog==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "3wYf+EaP3IAW5wHFWATuaw==": { "id": "3wYf+EaP3IAW5wHFWATuaw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "3wnJ6TxCGJITikNK4m6q+g==": { "id": "3wnJ6TxCGJITikNK4m6q+g==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "43uaBOp3I4s6BbwM75Dtcg==": { "id": "43uaBOp3I4s6BbwM75Dtcg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "49jEi4xCgfg8T8qzhNobIA==": { "id": "49jEi4xCgfg8T8qzhNobIA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4CRDu/yV+Tfg3mSUobPIUg==": { "id": "4CRDu/yV+Tfg3mSUobPIUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4Gs7xCHPPMrNepkQNCPnkg==": { "id": "4Gs7xCHPPMrNepkQNCPnkg==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "4IznDha57aCNWoI0Hc828Q==": { "id": "4IznDha57aCNWoI0Hc828Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4JIGhO7+fAz+LPTFEuBHUg==": { "id": "4JIGhO7+fAz+LPTFEuBHUg==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "4JsZIRvQ+13IMgBIUPH0jA==": { "id": "4JsZIRvQ+13IMgBIUPH0jA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "4K1RYkumn7qw6Pk7lwpfbA==": { "id": "4K1RYkumn7qw6Pk7lwpfbA==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "4K4SQ2PlDqXihbvwEXiB/w==": { "id": "4K4SQ2PlDqXihbvwEXiB/w==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "4K7cGcsZltSw5Ayu8+A5rA==": { "id": "4K7cGcsZltSw5Ayu8+A5rA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4L3dk768qs7Sg3jWyr+5Ug==": { "id": "4L3dk768qs7Sg3jWyr+5Ug==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4MoaZecth+9t4X3jdykhZg==": { "id": "4MoaZecth+9t4X3jdykhZg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "4N3POA/rTFsL9RdGINkq1A==": { "id": "4N3POA/rTFsL9RdGINkq1A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4Oz54fEBFyAJBdTJ/p2wxA==": { "id": "4Oz54fEBFyAJBdTJ/p2wxA==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "4PW1pGs0HJlG6XNR1xk0ZA==": { "id": "4PW1pGs0HJlG6XNR1xk0ZA==", "updater": "osv/go", "name": "GO-2025-3447", "description": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "issued": "2025-02-06T16:38:14Z", "links": "https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.12" }, "4PXcy6CSX2EaPwYEdLkfbw==": { "id": "4PXcy6CSX2EaPwYEdLkfbw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "4QiWtYafAt/cFOvYpyJONw==": { "id": "4QiWtYafAt/cFOvYpyJONw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "4RaJ63cwUpp+QWj0IKysEw==": { "id": "4RaJ63cwUpp+QWj0IKysEw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "4Uca8szOo7gGoVgv+DjeUA==": { "id": "4Uca8szOo7gGoVgv+DjeUA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4Ue6KfIGD2Yqlg6OG87Bzw==": { "id": "4Ue6KfIGD2Yqlg6OG87Bzw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "4Utc/6C5f6+A3gsr9KU/IA==": { "id": "4Utc/6C5f6+A3gsr9KU/IA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "4YMcCEsfWO5KpctoAqwrFQ==": { "id": "4YMcCEsfWO5KpctoAqwrFQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4cQAenzXciR7rLlEmdwZsQ==": { "id": "4cQAenzXciR7rLlEmdwZsQ==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4comqU/5SRuDKC1qqBMlGQ==": { "id": "4comqU/5SRuDKC1qqBMlGQ==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "4eh40PtMaL3JhPlCzb+8jA==": { "id": "4eh40PtMaL3JhPlCzb+8jA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "4evfzAbeD7HXRBHHbDpAwA==": { "id": "4evfzAbeD7HXRBHHbDpAwA==", "updater": "osv/go", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "issued": "2023-07-11T19:19:08Z", "links": "https://go.dev/issue/60374 https://go.dev/cl/506996 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.11" }, "4gO4ls/gy0nmsC3NeXvyVQ==": { "id": "4gO4ls/gy0nmsC3NeXvyVQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.1.el9_6", "arch_op": "pattern match" }, "4hX2FW/Yj9HDbKRBqrhgdg==": { "id": "4hX2FW/Yj9HDbKRBqrhgdg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4iFNln+X4k0SeUiw/ueLUA==": { "id": "4iFNln+X4k0SeUiw/ueLUA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "4rkDoNFFNCrcnkPj+GN2vA==": { "id": "4rkDoNFFNCrcnkPj+GN2vA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4vHE1o0sxmJSfgr6AiAtqA==": { "id": "4vHE1o0sxmJSfgr6AiAtqA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4vS3iu8lvGukFpBFqYCdVg==": { "id": "4vS3iu8lvGukFpBFqYCdVg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "4xxaXkxeYvxr8HgxLSDyHw==": { "id": "4xxaXkxeYvxr8HgxLSDyHw==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "4zvDuRN18ZTgEdA+auow3w==": { "id": "4zvDuRN18ZTgEdA+auow3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "5/L+eT1BzZSWVW4ZLUXszw==": { "id": "5/L+eT1BzZSWVW4ZLUXszw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "5073UNZPtR+lsy1kIMhUEA==": { "id": "5073UNZPtR+lsy1kIMhUEA==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "51jf2IrfzMdepCjAvXkPMw==": { "id": "51jf2IrfzMdepCjAvXkPMw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "55nFlly0ydgYROdIHNoLjg==": { "id": "55nFlly0ydgYROdIHNoLjg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "562erF6ddCIyzi5oV/IzHQ==": { "id": "562erF6ddCIyzi5oV/IzHQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "5AQXXWGtKGeqoPkMqmVzTg==": { "id": "5AQXXWGtKGeqoPkMqmVzTg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "5BXX9+pRVay9wrZAORfhhQ==": { "id": "5BXX9+pRVay9wrZAORfhhQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5Dh9IlEeZc9EPevqDNDlAQ==": { "id": "5Dh9IlEeZc9EPevqDNDlAQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "5EJ0MC7TgiGIlilbbiOvfQ==": { "id": "5EJ0MC7TgiGIlilbbiOvfQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "5EPGtk7Hqn2hqOaxgmNiSQ==": { "id": "5EPGtk7Hqn2hqOaxgmNiSQ==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "5IIoRCBMIgus62mGlE3F9A==": { "id": "5IIoRCBMIgus62mGlE3F9A==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5MGCN705vR5eWycZyFuYJQ==": { "id": "5MGCN705vR5eWycZyFuYJQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5MqCycBYSRDsdNOzvOandQ==": { "id": "5MqCycBYSRDsdNOzvOandQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "5N/eQ/DLmsm7yS6+3apC5A==": { "id": "5N/eQ/DLmsm7yS6+3apC5A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "5RT9+X+8xx3rC02gOnVsjQ==": { "id": "5RT9+X+8xx3rC02gOnVsjQ==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "5TfU8//dfsOlT82byi0lug==": { "id": "5TfU8//dfsOlT82byi0lug==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "5XT+5ghtfmJFJSJCERGwhQ==": { "id": "5XT+5ghtfmJFJSJCERGwhQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5ZJ6PuXfgRMCarpNow00ew==": { "id": "5ZJ6PuXfgRMCarpNow00ew==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ejk3bhFpvIIABy9EwjwqQ==": { "id": "5ejk3bhFpvIIABy9EwjwqQ==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "5fSQkV1bu4GJUiaWjO+PNQ==": { "id": "5fSQkV1bu4GJUiaWjO+PNQ==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "5gK/V8vtqDYoHf1LFdtSbA==": { "id": "5gK/V8vtqDYoHf1LFdtSbA==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "5hOM1HtOhjQV1yizNCgxBg==": { "id": "5hOM1HtOhjQV1yizNCgxBg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "5j7D/WXFLHsZYUeUrskpMA==": { "id": "5j7D/WXFLHsZYUeUrskpMA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "5lHEu4ueMJgetLv/GfKHtg==": { "id": "5lHEu4ueMJgetLv/GfKHtg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5pFK2pddNfoGuwrNwC3BlQ==": { "id": "5pFK2pddNfoGuwrNwC3BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5pINgBOJXOluBJi9rQyioQ==": { "id": "5pINgBOJXOluBJi9rQyioQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ro53BoC7BlAtEu1loQCSw==": { "id": "5ro53BoC7BlAtEu1loQCSw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5sY/WncZRmQ7FUzZZ4kBfQ==": { "id": "5sY/WncZRmQ7FUzZZ4kBfQ==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "5ua6yduRd8slR+XckPuEJw==": { "id": "5ua6yduRd8slR+XckPuEJw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5vR/2ZAfb0swnLBKDl3Bzg==": { "id": "5vR/2ZAfb0swnLBKDl3Bzg==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "5xW5MMwESxiksXgaLrFCnQ==": { "id": "5xW5MMwESxiksXgaLrFCnQ==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "5xY3IHUogqpqvbFwiQURyA==": { "id": "5xY3IHUogqpqvbFwiQURyA==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "5z9ZOzxJREYn5oM+HAm6dA==": { "id": "5z9ZOzxJREYn5oM+HAm6dA==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "5zg9huqgOp8E89z3dxtcHg==": { "id": "5zg9huqgOp8E89z3dxtcHg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6/Rn1WFxVO6aopyr8psGfQ==": { "id": "6/Rn1WFxVO6aopyr8psGfQ==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "63po8QED6nDungBQEqHIyA==": { "id": "63po8QED6nDungBQEqHIyA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "67Q/SCDsFWutXyKWQ9JQdQ==": { "id": "67Q/SCDsFWutXyKWQ9JQdQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "69HZBPjw2QR8kIdKeSUwQg==": { "id": "69HZBPjw2QR8kIdKeSUwQg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6E1YTgmxENPqo7FirtVNvw==": { "id": "6E1YTgmxENPqo7FirtVNvw==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6GzxFtf19XU1Y6ySz6SgYQ==": { "id": "6GzxFtf19XU1Y6ySz6SgYQ==", "updater": "osv/go", "name": "GO-2024-3107", "description": "Stack exhaustion in Parse in go/build/constraint", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6JXvoql3pzMfkGQb7H+Jqg==": { "id": "6JXvoql3pzMfkGQb7H+Jqg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6K5O0xmJnJtZcGmUaZ+P/w==": { "id": "6K5O0xmJnJtZcGmUaZ+P/w==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6PfMuZGMOADiSo4Ifx0/Qw==": { "id": "6PfMuZGMOADiSo4Ifx0/Qw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "6Q0Sg/Y1lskU2n7rbcxAIw==": { "id": "6Q0Sg/Y1lskU2n7rbcxAIw==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6Qa2KBduT2HgJC4kctpUnw==": { "id": "6Qa2KBduT2HgJC4kctpUnw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "6VA82zmenvpHf3qd7c6BQg==": { "id": "6VA82zmenvpHf3qd7c6BQg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "6W4lt5SjUgXnbxNap1O0Cg==": { "id": "6W4lt5SjUgXnbxNap1O0Cg==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6WQjHZdyTC+aVOSwNc3+BQ==": { "id": "6WQjHZdyTC+aVOSwNc3+BQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6XzckJlhvkdWwkN1ERVdzg==": { "id": "6XzckJlhvkdWwkN1ERVdzg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6Za/T764+Wnq0wfxFjEvGw==": { "id": "6Za/T764+Wnq0wfxFjEvGw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6bZ4UNaa9jRLVZoZHQgYtQ==": { "id": "6bZ4UNaa9jRLVZoZHQgYtQ==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6fJcYsi1gPQNv5g1ujEPdA==": { "id": "6fJcYsi1gPQNv5g1ujEPdA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6miUB07ljV2HaYX/rZ1yjg==": { "id": "6miUB07ljV2HaYX/rZ1yjg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6otwEH3RP+2A14zXLvGXpg==": { "id": "6otwEH3RP+2A14zXLvGXpg==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "6pBzw2YiS9JmVvplQUxl2Q==": { "id": "6pBzw2YiS9JmVvplQUxl2Q==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "6pPl5aD/FZ2M/6Yaa588Aw==": { "id": "6pPl5aD/FZ2M/6Yaa588Aw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "6q1zANz+NJU+U0TPL1Xa2g==": { "id": "6q1zANz+NJU+U0TPL1Xa2g==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "6qJXB6OTmGgjS8WJVVTxvQ==": { "id": "6qJXB6OTmGgjS8WJVVTxvQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "6rBlrHxkkFbqVRbyfq+scg==": { "id": "6rBlrHxkkFbqVRbyfq+scg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "6tML+4g9GkMhdrrSDsX4Zw==": { "id": "6tML+4g9GkMhdrrSDsX4Zw==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "6thTxik/0CDWjirwYbVkYw==": { "id": "6thTxik/0CDWjirwYbVkYw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "6ysC6D7BSkYQ7y8vZ1O7HA==": { "id": "6ysC6D7BSkYQ7y8vZ1O7HA==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "7+mdkcJcBwtv88RB9AcmHQ==": { "id": "7+mdkcJcBwtv88RB9AcmHQ==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70+Z8jFk8NJbHxPCoxDRng==": { "id": "70+Z8jFk8NJbHxPCoxDRng==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "70Ajh2QFCXmrQTWVljWbIg==": { "id": "70Ajh2QFCXmrQTWVljWbIg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "70HU3efHkL/3G4Y44qZmGA==": { "id": "70HU3efHkL/3G4Y44qZmGA==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "70rtBro0k4gOrF1v9b0LPQ==": { "id": "70rtBro0k4gOrF1v9b0LPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "71rWwrWl22424P8D9sWBZg==": { "id": "71rWwrWl22424P8D9sWBZg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "72/cPQH5mNLd1/e3j2Vn+Q==": { "id": "72/cPQH5mNLd1/e3j2Vn+Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "748UmdVwB73z0xvCImrQmA==": { "id": "748UmdVwB73z0xvCImrQmA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "74B4VkBJHkNvj2AsRU4uTw==": { "id": "74B4VkBJHkNvj2AsRU4uTw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "75kzXqx/LGJU9hkFlgdGGA==": { "id": "75kzXqx/LGJU9hkFlgdGGA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "76ytKtBeQe8L2T7nxeVp/g==": { "id": "76ytKtBeQe8L2T7nxeVp/g==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "78Ya60ppwS4OL6ZK9P90Qw==": { "id": "78Ya60ppwS4OL6ZK9P90Qw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7B4LUCjMkCM+NcHtyQXyFA==": { "id": "7B4LUCjMkCM+NcHtyQXyFA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "7BER6omsA92tkjpEqGZJLA==": { "id": "7BER6omsA92tkjpEqGZJLA==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "7CqLd0zk1hiFU3yrvTTdyg==": { "id": "7CqLd0zk1hiFU3yrvTTdyg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "7FDf95fwOcyZ1YXNVDIx0A==": { "id": "7FDf95fwOcyZ1YXNVDIx0A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "7HuMMq7XSYKaQG/oWdxnyg==": { "id": "7HuMMq7XSYKaQG/oWdxnyg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "7MUqmqmB2hEWys43ktPpcQ==": { "id": "7MUqmqmB2hEWys43ktPpcQ==", "updater": "rhel-vex", "name": "CVE-2022-28131", "description": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://www.cve.org/CVERecord?id=CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28131.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7NIMWPjl58dCiuwwIe4bGg==": { "id": "7NIMWPjl58dCiuwwIe4bGg==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "7Q0Bus9RTfFy/UrxkfH2sQ==": { "id": "7Q0Bus9RTfFy/UrxkfH2sQ==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "7Q4dYBj4wFa2768mWculSQ==": { "id": "7Q4dYBj4wFa2768mWculSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "7QBYsSaCu8T87GZR3WHxyw==": { "id": "7QBYsSaCu8T87GZR3WHxyw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "7S6xxC9g1Ybp0dqQ63V8tg==": { "id": "7S6xxC9g1Ybp0dqQ63V8tg==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7SutUCP3yRd4o5ryN/dDZA==": { "id": "7SutUCP3yRd4o5ryN/dDZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7SyD51cUTMP7ddBSGNw3Iw==": { "id": "7SyD51cUTMP7ddBSGNw3Iw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "7T9qiwKBE1swIXuW9Zvewg==": { "id": "7T9qiwKBE1swIXuW9Zvewg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7TWJhc3cfFgph89dsQ0nBA==": { "id": "7TWJhc3cfFgph89dsQ0nBA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "7U+8ffRP7ahu1ot4Zj5Zlw==": { "id": "7U+8ffRP7ahu1ot4Zj5Zlw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "7XM4eB5q+q78IrA8abl57g==": { "id": "7XM4eB5q+q78IrA8abl57g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "7ZyXE8z7uZKjHitrjhSWQQ==": { "id": "7ZyXE8z7uZKjHitrjhSWQQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "7aOJwf1br9gIaC1RH6UwDQ==": { "id": "7aOJwf1br9gIaC1RH6UwDQ==", "updater": "osv/go", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "issued": "2022-08-01T22:21:06Z", "links": "https://go.dev/cl/417774 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://go.dev/issue/53871 https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.5" }, "7bYXVEfvDWEIL53s8ARxGg==": { "id": "7bYXVEfvDWEIL53s8ARxGg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "7cHovEEcBoQ92zXTfFigow==": { "id": "7cHovEEcBoQ92zXTfFigow==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7cqLG7sQEqqh9WoHfpekpw==": { "id": "7cqLG7sQEqqh9WoHfpekpw==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7czTMSwqOjLz2LigIYHAeg==": { "id": "7czTMSwqOjLz2LigIYHAeg==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "7df4FOgRU0BSF6P5QJkjaQ==": { "id": "7df4FOgRU0BSF6P5QJkjaQ==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7oEe6HdmVrscCmplGQsEeQ==": { "id": "7oEe6HdmVrscCmplGQsEeQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "7tWeNpgpS6TZ4aQUo8g9NQ==": { "id": "7tWeNpgpS6TZ4aQUo8g9NQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "7uj4PEKyThSRh2msjDtceg==": { "id": "7uj4PEKyThSRh2msjDtceg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7v+kCrIi/mMmyn+o9Uh+oA==": { "id": "7v+kCrIi/mMmyn+o9Uh+oA==", "updater": "rhel-vex", "name": "CVE-2022-48337", "description": "A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzilla.redhat.com/show_bug.cgi?id=2171987 https://www.cve.org/CVERecord?id=CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48337.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "7y5jXLyua18Srex9lNrfkQ==": { "id": "7y5jXLyua18Srex9lNrfkQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "8/mZoUg5ZlBapu2isiHzqg==": { "id": "8/mZoUg5ZlBapu2isiHzqg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "81Pd3WxGavo8vEw0GcfWBQ==": { "id": "81Pd3WxGavo8vEw0GcfWBQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "82S4cf8ecOlHYb8LNQQn+w==": { "id": "82S4cf8ecOlHYb8LNQQn+w==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "830L36AKCoBHnXPHE6R6uQ==": { "id": "830L36AKCoBHnXPHE6R6uQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "842T09LMtibo6aQ7X6A47A==": { "id": "842T09LMtibo6aQ7X6A47A==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.1.el9_6", "arch_op": "pattern match" }, "84g+WJ21VVZ5YgyE9krInA==": { "id": "84g+WJ21VVZ5YgyE9krInA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "87p97+dH2sU2JVQ8vQ+Xuw==": { "id": "87p97+dH2sU2JVQ8vQ+Xuw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BMA6LbX8vjrr4aUcmHB5w==": { "id": "8BMA6LbX8vjrr4aUcmHB5w==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8Efa1m3XsyOFY5vSd2fHNQ==": { "id": "8Efa1m3XsyOFY5vSd2fHNQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "8ImlkqI0B9hvKdKXJLla/w==": { "id": "8ImlkqI0B9hvKdKXJLla/w==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "8Ldq46rf2Z9JTBjkrtfV0g==": { "id": "8Ldq46rf2Z9JTBjkrtfV0g==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8ML0IVFlCjXlypnsSOqB1Q==": { "id": "8ML0IVFlCjXlypnsSOqB1Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8OhIIjb+vwm01NjtGgcnDw==": { "id": "8OhIIjb+vwm01NjtGgcnDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "8QRmG/+fMsQQzP2maaxOag==": { "id": "8QRmG/+fMsQQzP2maaxOag==", "updater": "rhel-vex", "name": "CVE-2025-48386", "description": "A credential handling flaw has been discovered in git. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), which can lead to buffer overflows.", "issued": "2025-07-08T18:23:41Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48386 https://bugzilla.redhat.com/show_bug.cgi?id=2378807 https://www.cve.org/CVERecord?id=CVE-2025-48386 https://nvd.nist.gov/vuln/detail/CVE-2025-48386 https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48386.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Ug8/LJbCT7/mzHPjLi21A==": { "id": "8Ug8/LJbCT7/mzHPjLi21A==", "updater": "osv/go", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "issued": "2023-08-02T17:25:58Z", "links": "https://go.dev/issue/61460 https://go.dev/cl/515257 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.12" }, "8ZrkaQ6B1f36PC2cIg9i6A==": { "id": "8ZrkaQ6B1f36PC2cIg9i6A==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "8Zz8gP9QPTYBttUQXDeNpg==": { "id": "8Zz8gP9QPTYBttUQXDeNpg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "8bMBj5vTG1tOpQ1wuVD1bQ==": { "id": "8bMBj5vTG1tOpQ1wuVD1bQ==", "updater": "osv/go", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "issued": "2022-07-26T21:41:20Z", "links": "https://go.dev/cl/403759 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://go.dev/issue/52574 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "8dqpgv7n5GVlIYVt/hP0Gg==": { "id": "8dqpgv7n5GVlIYVt/hP0Gg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "8eY8PV83CN3R/MV2hK7XHA==": { "id": "8eY8PV83CN3R/MV2hK7XHA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ez1JQpqUyVUQaplF/dpog==": { "id": "8ez1JQpqUyVUQaplF/dpog==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "8gQtKtb/Xr3aGfsLtKyetA==": { "id": "8gQtKtb/Xr3aGfsLtKyetA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8ge47rqVvHaefMV4OlZnlQ==": { "id": "8ge47rqVvHaefMV4OlZnlQ==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kPW6EH9br7BQBK1DHvQsA==": { "id": "8kPW6EH9br7BQBK1DHvQsA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8lLGaMUZk8kOHbicsIjPjw==": { "id": "8lLGaMUZk8kOHbicsIjPjw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "8m+MeF1Vk+YvSROjY2pN5Q==": { "id": "8m+MeF1Vk+YvSROjY2pN5Q==", "updater": "osv/go", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "issued": "2022-09-12T20:23:06Z", "links": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://go.dev/issue/54658 https://go.dev/cl/428735", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.6" }, "8oKavHMm8C7p1QC+rNA0zA==": { "id": "8oKavHMm8C7p1QC+rNA0zA==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "8qeM99NPNtS3R0CIVDnqTw==": { "id": "8qeM99NPNtS3R0CIVDnqTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "8utuZQ/Ix8fDNAmmSZivvQ==": { "id": "8utuZQ/Ix8fDNAmmSZivvQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "8vc1CEh/sS08VpWYipw3xA==": { "id": "8vc1CEh/sS08VpWYipw3xA==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "9/6RhDAFXPVo7L6QeEsy9w==": { "id": "9/6RhDAFXPVo7L6QeEsy9w==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "92O2+eS3W5hGvsWPMPwTRQ==": { "id": "92O2+eS3W5hGvsWPMPwTRQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "936XDvlfcwVB/34fQscf7w==": { "id": "936XDvlfcwVB/34fQscf7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "95p6rGNUFNsCWfXMBirOLg==": { "id": "95p6rGNUFNsCWfXMBirOLg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "96QbNqFHhG4RmHyIqvnk+w==": { "id": "96QbNqFHhG4RmHyIqvnk+w==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "98vR1ByhE/Y9cvB+lRN3LA==": { "id": "98vR1ByhE/Y9cvB+lRN3LA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "99Q540ZW70Bq59gE8MRNHA==": { "id": "99Q540ZW70Bq59gE8MRNHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9Ad5Q6DJD1JusuIjCNfUvQ==": { "id": "9Ad5Q6DJD1JusuIjCNfUvQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9Bnr48B1Gkm5b1u7nixqng==": { "id": "9Bnr48B1Gkm5b1u7nixqng==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "9C6WGntg4UmJkjiylWVxnw==": { "id": "9C6WGntg4UmJkjiylWVxnw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9Ck8qx7KCeVOhknvjhQwsA==": { "id": "9Ck8qx7KCeVOhknvjhQwsA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "9CmH5Y/MDHXGbta8UBA5HQ==": { "id": "9CmH5Y/MDHXGbta8UBA5HQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "9HkrQyk+mvh4YcyBYw6eQg==": { "id": "9HkrQyk+mvh4YcyBYw6eQg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "9M1meEoYiMYlmYR7kKfweg==": { "id": "9M1meEoYiMYlmYR7kKfweg==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "9NxQaPp619Bd0qky1dvzZg==": { "id": "9NxQaPp619Bd0qky1dvzZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9PE6ZiUdIaAWtCsUgesEZA==": { "id": "9PE6ZiUdIaAWtCsUgesEZA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "9QNdmlIziBB9zOcB4elT6A==": { "id": "9QNdmlIziBB9zOcB4elT6A==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9RLVzTylr5Ocdbql97n+1Q==": { "id": "9RLVzTylr5Ocdbql97n+1Q==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "9SrODyBGF+py5BfKYxVllg==": { "id": "9SrODyBGF+py5BfKYxVllg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "9U8BTRqVPM+WCls5RolwuQ==": { "id": "9U8BTRqVPM+WCls5RolwuQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "9UTiJlsfYxfa60iynbYgLg==": { "id": "9UTiJlsfYxfa60iynbYgLg==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "9XbremjCd0rS6zu/GB+mjA==": { "id": "9XbremjCd0rS6zu/GB+mjA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "9Yjf3Ev3R8wbqlhNdfwPQQ==": { "id": "9Yjf3Ev3R8wbqlhNdfwPQQ==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:9448", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-14.el9_6.2", "arch_op": "pattern match" }, "9avTgsTrB6zaN8UjZ37Wow==": { "id": "9avTgsTrB6zaN8UjZ37Wow==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9b3CWaJsQwdqnuBJDBMt8g==": { "id": "9b3CWaJsQwdqnuBJDBMt8g==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9ca/WR2Db6VUKD0h31yyGw==": { "id": "9ca/WR2Db6VUKD0h31yyGw==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9feM+1JJIYgC5OZCglyV3w==": { "id": "9feM+1JJIYgC5OZCglyV3w==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9fvqDo3ARbJLIgwR1oX6QQ==": { "id": "9fvqDo3ARbJLIgwR1oX6QQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "9gB7mQN0y1Zy9EiaXIHFew==": { "id": "9gB7mQN0y1Zy9EiaXIHFew==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "9ia70lNV6NYvmzB7WlbYQw==": { "id": "9ia70lNV6NYvmzB7WlbYQw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "9kpPzhUEkQr6h/4fDNnSuA==": { "id": "9kpPzhUEkQr6h/4fDNnSuA==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "9lAt/24IrVKtsskC+grSQQ==": { "id": "9lAt/24IrVKtsskC+grSQQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "9lOT/bRPy9mu1knhwrLw8Q==": { "id": "9lOT/bRPy9mu1knhwrLw8Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9lOiMN/e99o1oI1dhS9S2Q==": { "id": "9lOiMN/e99o1oI1dhS9S2Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9lqG2xu+85HJHcn8UQyZ2A==": { "id": "9lqG2xu+85HJHcn8UQyZ2A==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "9lxLFgIezXSh1WnSsRhwNQ==": { "id": "9lxLFgIezXSh1WnSsRhwNQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9oQBIjmHHZP7ZEjuqVHO7Q==": { "id": "9oQBIjmHHZP7ZEjuqVHO7Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "9rfGlkZ9WMAUo942FMnq5A==": { "id": "9rfGlkZ9WMAUo942FMnq5A==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "9uaveyIiSEcdU4MrDHbJ2Q==": { "id": "9uaveyIiSEcdU4MrDHbJ2Q==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "9uo4qIbgVv97/yzslhE6/g==": { "id": "9uo4qIbgVv97/yzslhE6/g==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "9vaAmbFDwko+7w/wBDHWvg==": { "id": "9vaAmbFDwko+7w/wBDHWvg==", "updater": "rhel-vex", "name": "CVE-2023-28617", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.", "issued": "2023-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28617 https://bugzilla.redhat.com/show_bug.cgi?id=2180544 https://www.cve.org/CVERecord?id=CVE-2023-28617 https://nvd.nist.gov/vuln/detail/CVE-2023-28617 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28617.json https://access.redhat.com/errata/RHSA-2023:2074", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-6.el9_1.1", "arch_op": "pattern match" }, "9z2MVdoreqGVJcUFUz72OA==": { "id": "9z2MVdoreqGVJcUFUz72OA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "A/za5QfQmT4HYcIQ4RyCzA==": { "id": "A/za5QfQmT4HYcIQ4RyCzA==", "updater": "osv/go", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "A2YTvJXiGwe7aOSqWlEZhQ==": { "id": "A2YTvJXiGwe7aOSqWlEZhQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "A3ZYVQ8Z63tDAx8FSltQHw==": { "id": "A3ZYVQ8Z63tDAx8FSltQHw==", "updater": "rhel-vex", "name": "CVE-2025-7458", "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "issued": "2025-07-29T12:43:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7458 https://bugzilla.redhat.com/show_bug.cgi?id=2384237 https://www.cve.org/CVERecord?id=CVE-2025-7458 https://nvd.nist.gov/vuln/detail/CVE-2025-7458 https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A98JJ8FAQWnMhx8Nb3TYXA==": { "id": "A98JJ8FAQWnMhx8Nb3TYXA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "ABh4yTmrbQSCnnP4F8iX5A==": { "id": "ABh4yTmrbQSCnnP4F8iX5A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AEXyQvL2wFfW+v4I9XmTaQ==": { "id": "AEXyQvL2wFfW+v4I9XmTaQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "AI5OCFigX+y57buhAMK1UA==": { "id": "AI5OCFigX+y57buhAMK1UA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJcMDco3zISLrE/7+42hGA==": { "id": "AJcMDco3zISLrE/7+42hGA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "AJgpOdbNJblqS+xC52p8RA==": { "id": "AJgpOdbNJblqS+xC52p8RA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ANawluW+m7SrGs8Q9Odgow==": { "id": "ANawluW+m7SrGs8Q9Odgow==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "ANxFBq/yNQoElX4dsXb0wA==": { "id": "ANxFBq/yNQoElX4dsXb0wA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "AOVkipVLZLxGjwVCB/7mwg==": { "id": "AOVkipVLZLxGjwVCB/7mwg==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "AQa/gDZ0IemFxWbJIsU4yQ==": { "id": "AQa/gDZ0IemFxWbJIsU4yQ==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "AR31u5jCzWyawCxRWBepmw==": { "id": "AR31u5jCzWyawCxRWBepmw==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "AYXw2VaylssI+NkH09HL4Q==": { "id": "AYXw2VaylssI+NkH09HL4Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "AcbVYbhZ/tTIOm89OCy5kQ==": { "id": "AcbVYbhZ/tTIOm89OCy5kQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AfEBBMV7R48kk4frVmVcAg==": { "id": "AfEBBMV7R48kk4frVmVcAg==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ApGWymi9r75ZlVZNkjnd4w==": { "id": "ApGWymi9r75ZlVZNkjnd4w==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "Ar1hBHxUcHiCnqL+avGJRg==": { "id": "Ar1hBHxUcHiCnqL+avGJRg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AsiuN/8gu7sZ0PJCLihjmw==": { "id": "AsiuN/8gu7sZ0PJCLihjmw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Aspz79uO5bKpApwSqMsL8A==": { "id": "Aspz79uO5bKpApwSqMsL8A==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "AuT5DLBrUT23i8Fkzi5nrA==": { "id": "AuT5DLBrUT23i8Fkzi5nrA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Av6IvPz8z+8JAyypXmkbTA==": { "id": "Av6IvPz8z+8JAyypXmkbTA==", "updater": "rhel-vex", "name": "CVE-2025-23050", "description": "QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.", "issued": "2025-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23050 https://bugzilla.redhat.com/show_bug.cgi?id=2408769 https://www.cve.org/CVERecord?id=CVE-2025-23050 https://nvd.nist.gov/vuln/detail/CVE-2025-23050 https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 https://codereview.qt-project.org/q/QLowEnergyController https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23050.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AyHFH4N7lNUZlwVfgigcMA==": { "id": "AyHFH4N7lNUZlwVfgigcMA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ayn8XyGcXwYPR+J1PSWdHQ==": { "id": "Ayn8XyGcXwYPR+J1PSWdHQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "B+xaJOiguNTw6xGmTB+mZw==": { "id": "B+xaJOiguNTw6xGmTB+mZw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B0ZJnlI3io/AXTPjqyoADA==": { "id": "B0ZJnlI3io/AXTPjqyoADA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "B1FsL93s2G1YxIvrdDvTfg==": { "id": "B1FsL93s2G1YxIvrdDvTfg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "B1THb18jP+rSUaY77CvPng==": { "id": "B1THb18jP+rSUaY77CvPng==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "B1gQIzGtgKR02WiRgVPUgQ==": { "id": "B1gQIzGtgKR02WiRgVPUgQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "B3tKTgCVG9JSLHIgfbUFmw==": { "id": "B3tKTgCVG9JSLHIgfbUFmw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "B6kRennXxnam4nW6s2O9mQ==": { "id": "B6kRennXxnam4nW6s2O9mQ==", "updater": "rhel-vex", "name": "CVE-2022-30633", "description": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://www.cve.org/CVERecord?id=CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30633.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B7rM39vvdeIIjmDnRAuTIQ==": { "id": "B7rM39vvdeIIjmDnRAuTIQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "BBNgt41sCJ+dkDLhh8RM2Q==": { "id": "BBNgt41sCJ+dkDLhh8RM2Q==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "BCUOacmvjky6+oK/3U158Q==": { "id": "BCUOacmvjky6+oK/3U158Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "BCe3MuKRzryFB5SraMhsPw==": { "id": "BCe3MuKRzryFB5SraMhsPw==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "BEXy4ijrTQIkl+xEVZQ61w==": { "id": "BEXy4ijrTQIkl+xEVZQ61w==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BLPjiJKh0zrGI5mH+bPIGw==": { "id": "BLPjiJKh0zrGI5mH+bPIGw==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BXlYoXrAW947O+Adruh7Zw==": { "id": "BXlYoXrAW947O+Adruh7Zw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BceQQXlChHEbiy2YYN7FvA==": { "id": "BceQQXlChHEbiy2YYN7FvA==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "Bd+yU6xHUdyyaw65uiacIw==": { "id": "Bd+yU6xHUdyyaw65uiacIw==", "updater": "osv/go", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "issued": "2023-05-05T21:10:22Z", "links": "https://go.dev/issue/59721 https://go.dev/cl/491616 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BfJzk+M/zKnbrBHcCrvIlA==": { "id": "BfJzk+M/zKnbrBHcCrvIlA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "BgLn2RypgHsjIVj0SLunZg==": { "id": "BgLn2RypgHsjIVj0SLunZg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "BofAiVtqC38hX5ZAkBLTpA==": { "id": "BofAiVtqC38hX5ZAkBLTpA==", "updater": "osv/go", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "issued": "2024-03-05T22:15:00Z", "links": "https://go.dev/issue/65383 https://go.dev/cl/569341 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "Bp0jmZLVDqekxjq/Mq7PPA==": { "id": "Bp0jmZLVDqekxjq/Mq7PPA==", "updater": "rhel-vex", "name": "CVE-2022-1962", "description": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1962 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://www.cve.org/CVERecord?id=CVE-2022-1962 https://nvd.nist.gov/vuln/detail/CVE-2022-1962 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1962.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bp4O+K+hM5aEmCc59xUWdA==": { "id": "Bp4O+K+hM5aEmCc59xUWdA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "BsGuSaqfP6qrCK8KTTY4qw==": { "id": "BsGuSaqfP6qrCK8KTTY4qw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Bu9dxnhmsLXDd3x0oRPHfA==": { "id": "Bu9dxnhmsLXDd3x0oRPHfA==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bua36N02B8W4H7+P8yixkw==": { "id": "Bua36N02B8W4H7+P8yixkw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "BwQexIGmUvV9ONa+9gpe2w==": { "id": "BwQexIGmUvV9ONa+9gpe2w==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ByykkIf8cqMarBUwgOjK0g==": { "id": "ByykkIf8cqMarBUwgOjK0g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BzOgc4nzX2HHoodQY6X6vQ==": { "id": "BzOgc4nzX2HHoodQY6X6vQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Bzc4r1UXMoCf7blNLHkQGw==": { "id": "Bzc4r1UXMoCf7blNLHkQGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "C+2GxqMTQEZYKlJYDQE1Pg==": { "id": "C+2GxqMTQEZYKlJYDQE1Pg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C2ejCCBwa9n29Fq9gpW/sw==": { "id": "C2ejCCBwa9n29Fq9gpW/sw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "C7v5oMuGS9CuS5bfckNF/w==": { "id": "C7v5oMuGS9CuS5bfckNF/w==", "updater": "osv/go", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "issued": "2022-06-09T01:43:37Z", "links": "https://go.dev/cl/402257 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://go.dev/issue/52561 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "C9NKmmH/EbcYxVOEg1uY9g==": { "id": "C9NKmmH/EbcYxVOEg1uY9g==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "CAcAzU3FmPfcBEK+BF1wiQ==": { "id": "CAcAzU3FmPfcBEK+BF1wiQ==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "CBxUpiwpFiagAj3ihqf+vQ==": { "id": "CBxUpiwpFiagAj3ihqf+vQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CCQ15lzJdM5OqfQf0dLnJQ==": { "id": "CCQ15lzJdM5OqfQf0dLnJQ==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "CD0KTiCn+kQ9+lGQdzy4Lw==": { "id": "CD0KTiCn+kQ9+lGQdzy4Lw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "CFRtSPlXDJlgi28bdADXZg==": { "id": "CFRtSPlXDJlgi28bdADXZg==", "updater": "osv/go", "name": "GO-2024-3105", "description": "Stack exhaustion in all Parse functions in go/parser", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "CH/8kg0DShdiNjzv6+DZnA==": { "id": "CH/8kg0DShdiNjzv6+DZnA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CMGu0bZesU9cyPAc2vK34g==": { "id": "CMGu0bZesU9cyPAc2vK34g==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQXGvG5qF0LSGK3lgLUXJg==": { "id": "CQXGvG5qF0LSGK3lgLUXJg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CQY3y5mGXL6FhNg/bhr8Rw==": { "id": "CQY3y5mGXL6FhNg/bhr8Rw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "CSv4lPWUxMcEgRRI/WkPaA==": { "id": "CSv4lPWUxMcEgRRI/WkPaA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CVNFdSU8eHIr3mZk7+SX/Q==": { "id": "CVNFdSU8eHIr3mZk7+SX/Q==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "CW81Lp11K0nBc+3dYegY/g==": { "id": "CW81Lp11K0nBc+3dYegY/g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "CXlZx/1BY/yqrUCuQlON2w==": { "id": "CXlZx/1BY/yqrUCuQlON2w==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "CYbzKTdqzfhVDluEF23Dxg==": { "id": "CYbzKTdqzfhVDluEF23Dxg==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "CYkHBvLQQf6RYY/2Qkr5gw==": { "id": "CYkHBvLQQf6RYY/2Qkr5gw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CaVsGPkqzxcrIauiEFdPpw==": { "id": "CaVsGPkqzxcrIauiEFdPpw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CacO7saUr+KLTbynVQRYzg==": { "id": "CacO7saUr+KLTbynVQRYzg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Cbqd4MLPHY6FcToWh7U3IA==": { "id": "Cbqd4MLPHY6FcToWh7U3IA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "CebQRpRZjOcKyG6X/Hyb9g==": { "id": "CebQRpRZjOcKyG6X/Hyb9g==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cr4I2Hcgcf8xO3Bc2/KIfA==": { "id": "Cr4I2Hcgcf8xO3Bc2/KIfA==", "updater": "osv/go", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "issued": "2023-06-08T20:16:06Z", "links": "https://go.dev/issue/60272 https://go.dev/cl/501223 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.10" }, "CrxvMdhOPgYpnOjfUKfH3Q==": { "id": "CrxvMdhOPgYpnOjfUKfH3Q==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "CuWE9qOLaSI+JhOsCiY03Q==": { "id": "CuWE9qOLaSI+JhOsCiY03Q==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Cxqp3OmZ1TuIow2bpolrUA==": { "id": "Cxqp3OmZ1TuIow2bpolrUA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "D0qSEDt7Rns05A3ywUZLtw==": { "id": "D0qSEDt7Rns05A3ywUZLtw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "D1jz5P28B8rwvnVaChXHiw==": { "id": "D1jz5P28B8rwvnVaChXHiw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "D2PoAhXlfTjf0jSkt9i3qA==": { "id": "D2PoAhXlfTjf0jSkt9i3qA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "D4iEHIlb8qk7qBBIBLV2WA==": { "id": "D4iEHIlb8qk7qBBIBLV2WA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "D5TjVz7ghGYgdoVa5+N8bw==": { "id": "D5TjVz7ghGYgdoVa5+N8bw==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "DAwq8wwWp0GN/p0AvtHE9Q==": { "id": "DAwq8wwWp0GN/p0AvtHE9Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "DCflC/lDsmgt9IFXJM3PyA==": { "id": "DCflC/lDsmgt9IFXJM3PyA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "DDPdyyhkyoDS2Vq0O3We0w==": { "id": "DDPdyyhkyoDS2Vq0O3We0w==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DE3GDsNl2faTwlhxzYBbYw==": { "id": "DE3GDsNl2faTwlhxzYBbYw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DFOoWHynQeFD6fZDvPyKMg==": { "id": "DFOoWHynQeFD6fZDvPyKMg==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "DG5z7r6LqnKlVNwHAxeXgA==": { "id": "DG5z7r6LqnKlVNwHAxeXgA==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "DGtUYJS9TDm0sI7Gw7jCuA==": { "id": "DGtUYJS9TDm0sI7Gw7jCuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "DI5ofU0JT+/wsYx2AeXNiA==": { "id": "DI5ofU0JT+/wsYx2AeXNiA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "DI7HeHo8A/itZHGTOHOQIg==": { "id": "DI7HeHo8A/itZHGTOHOQIg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "DIXgPb+QqAbL75dH7f2Zww==": { "id": "DIXgPb+QqAbL75dH7f2Zww==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DJqdVbXk9Oqvq0nS8VYv5Q==": { "id": "DJqdVbXk9Oqvq0nS8VYv5Q==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DK1x7B/vzgaKlXynN3g1KA==": { "id": "DK1x7B/vzgaKlXynN3g1KA==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "DKQ/Jfye0O77T1m4bCFM9A==": { "id": "DKQ/Jfye0O77T1m4bCFM9A==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DPcSz1MBKzyaMMMhJWVyEA==": { "id": "DPcSz1MBKzyaMMMhJWVyEA==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "DQIgoLb/8+6+HRbr8B6wHw==": { "id": "DQIgoLb/8+6+HRbr8B6wHw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DZWopkvTJiWmVsAADTNOUw==": { "id": "DZWopkvTJiWmVsAADTNOUw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "Daj39cn0p5rpBblQYRpPNw==": { "id": "Daj39cn0p5rpBblQYRpPNw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "DhiTSAV5nEGdAk1xkbjRsw==": { "id": "DhiTSAV5nEGdAk1xkbjRsw==", "updater": "osv/go", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "issued": "2023-02-21T20:44:30Z", "links": "https://go.dev/issue/58006 https://go.dev/cl/468124 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "DjTY6HUnX+COP0+KJxD8lg==": { "id": "DjTY6HUnX+COP0+KJxD8lg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "DjpSix06K6wkPOmaLpbGWg==": { "id": "DjpSix06K6wkPOmaLpbGWg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DlS6uDYchj9S2LQucQuZxw==": { "id": "DlS6uDYchj9S2LQucQuZxw==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Dlv776lHnCBm01HWpf1zZQ==": { "id": "Dlv776lHnCBm01HWpf1zZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "DlzGGXSItv6fZobEGaNWCA==": { "id": "DlzGGXSItv6fZobEGaNWCA==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "Dp0x43cNy9IQTCa5Vb7Uyw==": { "id": "Dp0x43cNy9IQTCa5Vb7Uyw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "DqGYMV65C5QRFD63WuUcpg==": { "id": "DqGYMV65C5QRFD63WuUcpg==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DrIpfcclD2b0iXSNtu+I6Q==": { "id": "DrIpfcclD2b0iXSNtu+I6Q==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "DrL6S4TbqHyLJh/Go9vALA==": { "id": "DrL6S4TbqHyLJh/Go9vALA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "DtCtyEFA0WRhx44S/aRChA==": { "id": "DtCtyEFA0WRhx44S/aRChA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DtWvIa+898xLj3Yf8kKjtA==": { "id": "DtWvIa+898xLj3Yf8kKjtA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DtYmtBkxVMK6KVHn4U+2Yw==": { "id": "DtYmtBkxVMK6KVHn4U+2Yw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "DtkRUkQTzcJrj8ZsC36kqQ==": { "id": "DtkRUkQTzcJrj8ZsC36kqQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DyteGYzEcNMaIwU0U8gq/w==": { "id": "DyteGYzEcNMaIwU0U8gq/w==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "DzB2GvXN7uyOKTXPPshLvg==": { "id": "DzB2GvXN7uyOKTXPPshLvg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E7v1LWpr+8KCE/5szHqf2Q==": { "id": "E7v1LWpr+8KCE/5szHqf2Q==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "E90jB6HCh1KjzQXtmHMUUg==": { "id": "E90jB6HCh1KjzQXtmHMUUg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "EB6fg0YbdpF3FjycPEVN/Q==": { "id": "EB6fg0YbdpF3FjycPEVN/Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EBopL1hbi9GBQGXZUVNCAA==": { "id": "EBopL1hbi9GBQGXZUVNCAA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ECzeIHiPGDDmiEUQjBzFxg==": { "id": "ECzeIHiPGDDmiEUQjBzFxg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "EE23Ay78OLUGxmoM3vXPbA==": { "id": "EE23Ay78OLUGxmoM3vXPbA==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "EEMnwT7ARQJ+dbVETnKljw==": { "id": "EEMnwT7ARQJ+dbVETnKljw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.1.el9_6", "arch_op": "pattern match" }, "EEsEsfQRh24NPMdhg4HPHw==": { "id": "EEsEsfQRh24NPMdhg4HPHw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EFfUhTiwNATI8s7BT2T3xA==": { "id": "EFfUhTiwNATI8s7BT2T3xA==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EGDBCdh3xodxfhx6SFGa1w==": { "id": "EGDBCdh3xodxfhx6SFGa1w==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "EHdSTtZdfwUmOpf3vIeLWQ==": { "id": "EHdSTtZdfwUmOpf3vIeLWQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "ENoYJ+9TEzYG+jTQB5meaw==": { "id": "ENoYJ+9TEzYG+jTQB5meaw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ERpg5QsiyVdbxyySZngvaA==": { "id": "ERpg5QsiyVdbxyySZngvaA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "ETcQXJZrA6IUPRr4MXFUIw==": { "id": "ETcQXJZrA6IUPRr4MXFUIw==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "ETjF+btf4DIblmTTbHaZSA==": { "id": "ETjF+btf4DIblmTTbHaZSA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "EUzfiOQu+qZDEDuD1AbDtA==": { "id": "EUzfiOQu+qZDEDuD1AbDtA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EVXEAewBnzdtEIOYHBpZfA==": { "id": "EVXEAewBnzdtEIOYHBpZfA==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "EX/jsJKUxl+Y92LbkHwIVg==": { "id": "EX/jsJKUxl+Y92LbkHwIVg==", "updater": "osv/go", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "issued": "2023-11-08T22:42:19Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "EXWaDNivW550gBh9Dm6gCQ==": { "id": "EXWaDNivW550gBh9Dm6gCQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EXi8j2JWeu5xYuWml6Ellg==": { "id": "EXi8j2JWeu5xYuWml6Ellg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "EYkM0DDu8tbFKzGysEiO0Q==": { "id": "EYkM0DDu8tbFKzGysEiO0Q==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EZo12eG9Obl1kmhRKBmcvA==": { "id": "EZo12eG9Obl1kmhRKBmcvA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Ec/FYvTTz4riEqnQe1G+Fw==": { "id": "Ec/FYvTTz4riEqnQe1G+Fw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "EcsVvJ09ys7NpdNzv0A9zA==": { "id": "EcsVvJ09ys7NpdNzv0A9zA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "Ee2apAGC0PFcPNtPjyeqbg==": { "id": "Ee2apAGC0PFcPNtPjyeqbg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "EfJCfNem+1eUwnsxx2dNOg==": { "id": "EfJCfNem+1eUwnsxx2dNOg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "EhVqWSecC9djAkoW+k/+hQ==": { "id": "EhVqWSecC9djAkoW+k/+hQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EhcxS6FJz0RDq0+uuwuiEA==": { "id": "EhcxS6FJz0RDq0+uuwuiEA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "EhgsZTFIUAr2YMmtGzoFMQ==": { "id": "EhgsZTFIUAr2YMmtGzoFMQ==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "EjPl60c/5Xt+2Awh7Lu5jw==": { "id": "EjPl60c/5Xt+2Awh7Lu5jw==", "updater": "rhel-vex", "name": "CVE-2025-7546", "description": "A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.", "issued": "2025-07-13T22:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7546 https://bugzilla.redhat.com/show_bug.cgi?id=2379793 https://www.cve.org/CVERecord?id=CVE-2025-7546 https://nvd.nist.gov/vuln/detail/CVE-2025-7546 https://sourceware.org/bugzilla/attachment.cgi?id=16118 https://sourceware.org/bugzilla/show_bug.cgi?id=33050 https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b https://vuldb.com/?ctiid.316244 https://vuldb.com/?id.316244 https://vuldb.com/?submit.614375 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7546.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EpmDyksRTsldGi5rxDcMlA==": { "id": "EpmDyksRTsldGi5rxDcMlA==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Eptc9iAtWcHP72eK8tBCkA==": { "id": "Eptc9iAtWcHP72eK8tBCkA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Ewdn+P1XzA/h+WRvejvm/Q==": { "id": "Ewdn+P1XzA/h+WRvejvm/Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EzveB8rJWscHHRZtJKOdRA==": { "id": "EzveB8rJWscHHRZtJKOdRA==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "F/boCR7kXAGa4+GAELD7Tg==": { "id": "F/boCR7kXAGa4+GAELD7Tg==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F0PQEZy2PTlCGjp9J75Btw==": { "id": "F0PQEZy2PTlCGjp9J75Btw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "F1KNP85q9V8sONVWKuOzrw==": { "id": "F1KNP85q9V8sONVWKuOzrw==", "updater": "osv/go", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "issued": "2023-09-07T16:11:17Z", "links": "https://go.dev/issue/62196 https://go.dev/cl/526156 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "F2QVfam7Idr3v4Y7g3wf/Q==": { "id": "F2QVfam7Idr3v4Y7g3wf/Q==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "F4g8Bboy9/sMyy+EusFlpA==": { "id": "F4g8Bboy9/sMyy+EusFlpA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "F54ap+bUe0qceQi67ZX30w==": { "id": "F54ap+bUe0qceQi67ZX30w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "F6i42vx+GvZ/9LpnToKHcw==": { "id": "F6i42vx+GvZ/9LpnToKHcw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FAgeMhGaGcH9QOhQHw5rhQ==": { "id": "FAgeMhGaGcH9QOhQHw5rhQ==", "updater": "rhel-vex", "name": "CVE-2024-13978", "description": "A flaw was found in libtiff. The `t2p_read_tiff_init` function in the fax2ps component incorrectly handles TIFF files, leading to a null pointer dereference. A local attacker can trigger this condition by providing a specially crafted TIFF file. This can result in an application level denial of service.", "issued": "2025-08-01T21:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13978 https://bugzilla.redhat.com/show_bug.cgi?id=2386059 https://www.cve.org/CVERecord?id=CVE-2024-13978 https://nvd.nist.gov/vuln/detail/CVE-2024-13978 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 https://gitlab.com/libtiff/libtiff/-/issues/649 https://gitlab.com/libtiff/libtiff/-/merge_requests/667 https://vuldb.com/?ctiid.318355 https://vuldb.com/?id.318355 https://vuldb.com/?submit.624562 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13978.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FAoi5hf12Vg9h7NFehHyBg==": { "id": "FAoi5hf12Vg9h7NFehHyBg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.1.el9_6", "arch_op": "pattern match" }, "FE/mnRiATGHgivPxG+13dw==": { "id": "FE/mnRiATGHgivPxG+13dw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FKu6EFoCfpksmq+M7pL02Q==": { "id": "FKu6EFoCfpksmq+M7pL02Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FKuvvzZuxFLoDaTeoDMGIQ==": { "id": "FKuvvzZuxFLoDaTeoDMGIQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FM2lHn17qlO5uIZtM+Ehmg==": { "id": "FM2lHn17qlO5uIZtM+Ehmg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "FMzc9QFitxthf16XR1P0QA==": { "id": "FMzc9QFitxthf16XR1P0QA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "FOhuL+ZLaAMigc1crKc/uA==": { "id": "FOhuL+ZLaAMigc1crKc/uA==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "FPJOQAbsBSaId8RmD/1j8g==": { "id": "FPJOQAbsBSaId8RmD/1j8g==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "FTUrLe1XMNYvUzaxMdsWeQ==": { "id": "FTUrLe1XMNYvUzaxMdsWeQ==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "FUR7T9AnekkZ5hPUz2WP6Q==": { "id": "FUR7T9AnekkZ5hPUz2WP6Q==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "FUeASYCa2REKwmC0CFlz2g==": { "id": "FUeASYCa2REKwmC0CFlz2g==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "FV18DPtJsW6qZZIHDbkGJA==": { "id": "FV18DPtJsW6qZZIHDbkGJA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "FcmkgsiNKCrDAJ6OFK/Y8g==": { "id": "FcmkgsiNKCrDAJ6OFK/Y8g==", "updater": "osv/go", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "issued": "2023-10-11T16:49:53Z", "links": "https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.10" }, "FdtzK6tyT53moDNlzBGPBQ==": { "id": "FdtzK6tyT53moDNlzBGPBQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "FecDYUjbiWlU3PuXl5vs5w==": { "id": "FecDYUjbiWlU3PuXl5vs5w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Fg8qijPO2mYzPczZJG7NiQ==": { "id": "Fg8qijPO2mYzPczZJG7NiQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "FgTFx5g45j7WzA+bfAHPzQ==": { "id": "FgTFx5g45j7WzA+bfAHPzQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "Fi7GXCkkqJvYQw6Co8Nk7A==": { "id": "Fi7GXCkkqJvYQw6Co8Nk7A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "FjB9AnugxBHu7Kwf86C67w==": { "id": "FjB9AnugxBHu7Kwf86C67w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.1.el9_6", "arch_op": "pattern match" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FkUafBj1ekysZyPIbZi5fg==": { "id": "FkUafBj1ekysZyPIbZi5fg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "FkxoK2aSVfPglVllnxzplw==": { "id": "FkxoK2aSVfPglVllnxzplw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "FlgtpglQEkjGT66EnFUHMg==": { "id": "FlgtpglQEkjGT66EnFUHMg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FnsKxnhjNS+E4Y6hrazjUQ==": { "id": "FnsKxnhjNS+E4Y6hrazjUQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FpA1FaTnKUwdPkl0KHAbaw==": { "id": "FpA1FaTnKUwdPkl0KHAbaw==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FrIXKuepXZdWVsQ8gu1YHA==": { "id": "FrIXKuepXZdWVsQ8gu1YHA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FsYbwBEvKH6FW81JU3KSvw==": { "id": "FsYbwBEvKH6FW81JU3KSvw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Ft+9wGiX7gFQHYNS5do1oA==": { "id": "Ft+9wGiX7gFQHYNS5do1oA==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "FtF7hWwlQYu4clVsrpBd0Q==": { "id": "FtF7hWwlQYu4clVsrpBd0Q==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "FwvyPIBVlE1fAIgwJ1H6Sw==": { "id": "FwvyPIBVlE1fAIgwJ1H6Sw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FyNQxVBbour86huhtgTOzA==": { "id": "FyNQxVBbour86huhtgTOzA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "Fys7cTDgnkqkKy/A1tAWPQ==": { "id": "Fys7cTDgnkqkKy/A1tAWPQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "G/EKAYKB/V29JLdsy1wFCA==": { "id": "G/EKAYKB/V29JLdsy1wFCA==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "G/dmoDOpwh0GrsMovfySVw==": { "id": "G/dmoDOpwh0GrsMovfySVw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "G1biuc7MPjr1XA/l1R5EPQ==": { "id": "G1biuc7MPjr1XA/l1R5EPQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G1ju8KSMzz6zOg31bF5lRw==": { "id": "G1ju8KSMzz6zOg31bF5lRw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "G33a+jVnMZNg6liymp9Lyg==": { "id": "G33a+jVnMZNg6liymp9Lyg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-1.el9_7", "arch_op": "pattern match" }, "G77a8vVkDX/8Yt/v29MOhA==": { "id": "G77a8vVkDX/8Yt/v29MOhA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GDAkupnsjiTl71rwzH5RJg==": { "id": "GDAkupnsjiTl71rwzH5RJg==", "updater": "rhel-vex", "name": "CVE-2024-21538", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", "issued": "2024-11-08T05:00:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2324550 https://www.cve.org/CVERecord?id=CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21538.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GEDO3j20WMwIj0JMNMq5Iw==": { "id": "GEDO3j20WMwIj0JMNMq5Iw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "GJ6//hGiIsio2zBFuudd/Q==": { "id": "GJ6//hGiIsio2zBFuudd/Q==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GJy8g/4zoy4CPDvWLZr9kQ==": { "id": "GJy8g/4zoy4CPDvWLZr9kQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "GKtgrnguQJIeMtP51nnNZQ==": { "id": "GKtgrnguQJIeMtP51nnNZQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GVOb0whjVXBMMGVZhZjH0g==": { "id": "GVOb0whjVXBMMGVZhZjH0g==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GVXQ1XPPQkuhZ4SIFGoF+w==": { "id": "GVXQ1XPPQkuhZ4SIFGoF+w==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GW37uYQxwwgJBIDtA/dT2g==": { "id": "GW37uYQxwwgJBIDtA/dT2g==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXObP88ZOLkWQuVeVgHh/g==": { "id": "GXObP88ZOLkWQuVeVgHh/g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "GXVxiDj3UnyxgXg2cz7u0Q==": { "id": "GXVxiDj3UnyxgXg2cz7u0Q==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Ga3lVfExNl500JGwW345sQ==": { "id": "Ga3lVfExNl500JGwW345sQ==", "updater": "osv/go", "name": "GO-2025-3956", "description": "Unexpected paths returned from LookPath in os/exec", "issued": "2025-09-18T18:21:44Z", "links": "https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "GaZVgTbcdJiJMvdUeofqTA==": { "id": "GaZVgTbcdJiJMvdUeofqTA==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "GbZa+XIQtfFHtHWs5gm0wg==": { "id": "GbZa+XIQtfFHtHWs5gm0wg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "GeI10LHPuNgyyt295MOmIQ==": { "id": "GeI10LHPuNgyyt295MOmIQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "Geg0mw2hzdsfDbJ9adcmWg==": { "id": "Geg0mw2hzdsfDbJ9adcmWg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Gn9qNy1ITVhOKz+nUviaSg==": { "id": "Gn9qNy1ITVhOKz+nUviaSg==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GoHez0BYftW2Wj3h0K6Zxw==": { "id": "GoHez0BYftW2Wj3h0K6Zxw==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "GoHsuuxRgbGb3lm852rQmg==": { "id": "GoHsuuxRgbGb3lm852rQmg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GolUr/klMsQNQ9QFMdcAmw==": { "id": "GolUr/klMsQNQ9QFMdcAmw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GpJjElMhBMa2ZIh0g/0hAQ==": { "id": "GpJjElMhBMa2ZIh0g/0hAQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GwJvkFMzYrKrZEvvNMbc6A==": { "id": "GwJvkFMzYrKrZEvvNMbc6A==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "GwdBWjTMLLj14UbkCrmh/A==": { "id": "GwdBWjTMLLj14UbkCrmh/A==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "Gzt3Aov08YmfW0b/CN7tHw==": { "id": "Gzt3Aov08YmfW0b/CN7tHw==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "H+x0VPepDcitQiESaSwIwQ==": { "id": "H+x0VPepDcitQiESaSwIwQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "H003kvHQyN0gsWRXOrXzxA==": { "id": "H003kvHQyN0gsWRXOrXzxA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "H04yzALMJAjmclexKFeS2w==": { "id": "H04yzALMJAjmclexKFeS2w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "H4boG/V+MB7stA7jG8O6Tw==": { "id": "H4boG/V+MB7stA7jG8O6Tw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "H4hIo8QsJ8tJeirBCqwHFQ==": { "id": "H4hIo8QsJ8tJeirBCqwHFQ==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "H5HU/YMXz+3wwSlUv2hOEg==": { "id": "H5HU/YMXz+3wwSlUv2hOEg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "H5vm/YCKZciOb4TXZmGZlg==": { "id": "H5vm/YCKZciOb4TXZmGZlg==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "H7H9wMobv6DOqzUUAdOqGA==": { "id": "H7H9wMobv6DOqzUUAdOqGA==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBDLPf0FBMppxrTwW+gqlA==": { "id": "HBDLPf0FBMppxrTwW+gqlA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "HFchxDnUHv0YgEfYisGA6A==": { "id": "HFchxDnUHv0YgEfYisGA6A==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HHpOVRDbzmY2UhydU+uwcg==": { "id": "HHpOVRDbzmY2UhydU+uwcg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "HMF5qYGPMt4Fb5i6RtdwRA==": { "id": "HMF5qYGPMt4Fb5i6RtdwRA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "HMytRAMTGJlQRfqVbIzzVg==": { "id": "HMytRAMTGJlQRfqVbIzzVg==", "updater": "osv/go", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "issued": "2022-07-25T17:34:18Z", "links": "https://go.dev/cl/409874 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://go.dev/issue/53188 https://go.dev/cl/410714 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "HNWibMRA8AF0jyyBYQthdA==": { "id": "HNWibMRA8AF0jyyBYQthdA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HS96brYtpBiaYpW7OxT5Wg==": { "id": "HS96brYtpBiaYpW7OxT5Wg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "HT2SNCYX7dkF36jwcJ6tBg==": { "id": "HT2SNCYX7dkF36jwcJ6tBg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "HW1HxtJFrKBktMKHARGGeQ==": { "id": "HW1HxtJFrKBktMKHARGGeQ==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "HeemEcWe2JVMYkjGWbuiFA==": { "id": "HeemEcWe2JVMYkjGWbuiFA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "HfjDJmml2JYJ9YjdaPe+zQ==": { "id": "HfjDJmml2JYJ9YjdaPe+zQ==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "HiF486OoQCfE4Hwc8DTxrQ==": { "id": "HiF486OoQCfE4Hwc8DTxrQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "HjJnWaqrr4SaFPjzu8hVkg==": { "id": "HjJnWaqrr4SaFPjzu8hVkg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlmfsCkhcIqBoptvS1F7pQ==": { "id": "HlmfsCkhcIqBoptvS1F7pQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HmZXdUV/ycFcRK+m71pC+w==": { "id": "HmZXdUV/ycFcRK+m71pC+w==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "HnNhAdInEg3yPEHYo7Hl+Q==": { "id": "HnNhAdInEg3yPEHYo7Hl+Q==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "HqbYURF/7TaXoQPMqtdsIA==": { "id": "HqbYURF/7TaXoQPMqtdsIA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "HrQTGWot7zXPyYbisnzShg==": { "id": "HrQTGWot7zXPyYbisnzShg==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "Ht/FCT7E55SLIJNr/AHy9A==": { "id": "Ht/FCT7E55SLIJNr/AHy9A==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "HuVZNoL6F1XG6bLXPdhmWQ==": { "id": "HuVZNoL6F1XG6bLXPdhmWQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxiMqPnG14UzA9oHqqI6Ng==": { "id": "HxiMqPnG14UzA9oHqqI6Ng==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "I1n6/nf1BmKoqYe/GXCV3A==": { "id": "I1n6/nf1BmKoqYe/GXCV3A==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "I2w7mAdeccRvDV/HeaBOoA==": { "id": "I2w7mAdeccRvDV/HeaBOoA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "I3+uP7bb+nPtzRYHH2UUgw==": { "id": "I3+uP7bb+nPtzRYHH2UUgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I362Vwh1x92yigOP2ZDpKA==": { "id": "I362Vwh1x92yigOP2ZDpKA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "I3Zso12Z+9mUcVEvUKWJ8w==": { "id": "I3Zso12Z+9mUcVEvUKWJ8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I44fXMfux3yPYaBHaNxgsg==": { "id": "I44fXMfux3yPYaBHaNxgsg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "I5CKvoKqBhFd1vY7fxFKtQ==": { "id": "I5CKvoKqBhFd1vY7fxFKtQ==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "I9Xc2JiRiPWfOFS5AHY1Ww==": { "id": "I9Xc2JiRiPWfOFS5AHY1Ww==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "IDAwc/hZzIcM4IBkaUT9YA==": { "id": "IDAwc/hZzIcM4IBkaUT9YA==", "updater": "osv/go", "name": "GO-2025-3563", "description": "Request smuggling due to acceptance of invalid chunked data in net/http", "issued": "2025-04-08T19:46:23Z", "links": "https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.8" }, "IDDFCE+x3YM7koS2SvW5fA==": { "id": "IDDFCE+x3YM7koS2SvW5fA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IENtFrOwfEqYX/lp+0u2Gw==": { "id": "IENtFrOwfEqYX/lp+0u2Gw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "IERk9xwccKWSGr20Hb5U6g==": { "id": "IERk9xwccKWSGr20Hb5U6g==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "IGsR1pj6qXRBH+0hYVXsew==": { "id": "IGsR1pj6qXRBH+0hYVXsew==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IH0yoiWyuDmG+HH8h9dKLw==": { "id": "IH0yoiWyuDmG+HH8h9dKLw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IIfJmT1yzMqBOVKMy3nlyQ==": { "id": "IIfJmT1yzMqBOVKMy3nlyQ==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "IL9yoqEJiA7P9oRxQrj7SQ==": { "id": "IL9yoqEJiA7P9oRxQrj7SQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "IRgMJoQA4x1xizY2hEw96w==": { "id": "IRgMJoQA4x1xizY2hEw96w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ISgjA2mi+Q9vbdNEhDKXOA==": { "id": "ISgjA2mi+Q9vbdNEhDKXOA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ITIiuf1dzb05+JHj8h65fg==": { "id": "ITIiuf1dzb05+JHj8h65fg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "IUI8ka2AYA1twZAQi4gL5Q==": { "id": "IUI8ka2AYA1twZAQi4gL5Q==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "IV554NtP1F9KO4IyBit26g==": { "id": "IV554NtP1F9KO4IyBit26g==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IWplUWF011EXddGnkU5Png==": { "id": "IWplUWF011EXddGnkU5Png==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.1.el9_6", "arch_op": "pattern match" }, "IaNq7BGSUI5KW7kcB5RXdQ==": { "id": "IaNq7BGSUI5KW7kcB5RXdQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "IbhdAqkTe4EMzAhoNvBoZw==": { "id": "IbhdAqkTe4EMzAhoNvBoZw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfZDrkeHpfXHfjHzETuKbw==": { "id": "IfZDrkeHpfXHfjHzETuKbw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ih4ScPgmvAttJN/czzciaQ==": { "id": "Ih4ScPgmvAttJN/czzciaQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IkLJJWoz7DjiEwkwHd9+Bw==": { "id": "IkLJJWoz7DjiEwkwHd9+Bw==", "updater": "osv/go", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "issued": "2024-03-05T22:15:40Z", "links": "https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "IoeuDKI/vu/XCDGoDKzX3g==": { "id": "IoeuDKI/vu/XCDGoDKzX3g==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "IqAfwTRGJO3I/HkfDNLMoQ==": { "id": "IqAfwTRGJO3I/HkfDNLMoQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "Ira5htRPGofy9veGMRD7Vg==": { "id": "Ira5htRPGofy9veGMRD7Vg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IsqBfnAxrh9UbW8oQaSR7w==": { "id": "IsqBfnAxrh9UbW8oQaSR7w==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "ItuvzyMGym4CNyVuxWwH3w==": { "id": "ItuvzyMGym4CNyVuxWwH3w==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IxsDQKwy6X02Ak7TSjZKpA==": { "id": "IxsDQKwy6X02Ak7TSjZKpA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "IzDqrZ8Ru35rI4iCSSk/pw==": { "id": "IzDqrZ8Ru35rI4iCSSk/pw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "J+a2wc6cR5fLyNj39ghgVg==": { "id": "J+a2wc6cR5fLyNj39ghgVg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "J/vqYu1qTz7dsS8oVaCTTw==": { "id": "J/vqYu1qTz7dsS8oVaCTTw==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "J1MkSCEBivWCQoYUEvHXOw==": { "id": "J1MkSCEBivWCQoYUEvHXOw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "J1SK5zSFZI94azX3jybBbw==": { "id": "J1SK5zSFZI94azX3jybBbw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J3RGaCFhZHnCvtta/VAJIw==": { "id": "J3RGaCFhZHnCvtta/VAJIw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "J4ecrOEw69avIhhOznG+2w==": { "id": "J4ecrOEw69avIhhOznG+2w==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "J5i8I5ZRQGDUXQI4WkC0FQ==": { "id": "J5i8I5ZRQGDUXQI4WkC0FQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "J6GavUf0zh8+C0zHHTDYfw==": { "id": "J6GavUf0zh8+C0zHHTDYfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "J9wD9ZF9kAJd1nu03TllBQ==": { "id": "J9wD9ZF9kAJd1nu03TllBQ==", "updater": "osv/go", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "issued": "2024-03-05T22:15:02Z", "links": "https://go.dev/issue/65065 https://go.dev/cl/569340 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "JBIWl7TA4AzjcNVfFPjHaw==": { "id": "JBIWl7TA4AzjcNVfFPjHaw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JLZyRakMGnyMKNtD6nnqpQ==": { "id": "JLZyRakMGnyMKNtD6nnqpQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "JLdsQ9mzV76+v5Ttq5j2hA==": { "id": "JLdsQ9mzV76+v5Ttq5j2hA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "JMtxzN1jgVs2Gwo2QsOKnQ==": { "id": "JMtxzN1jgVs2Gwo2QsOKnQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "JMuZ2WXBBx9rW6/jTPLu0A==": { "id": "JMuZ2WXBBx9rW6/jTPLu0A==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "JQe3P/odATa/OKbzn309dw==": { "id": "JQe3P/odATa/OKbzn309dw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "JS6LnmY1PZfE5YxJsCWPPQ==": { "id": "JS6LnmY1PZfE5YxJsCWPPQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "JS9NNql9cJTDkzzfXyJzDQ==": { "id": "JS9NNql9cJTDkzzfXyJzDQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVp8gcuEEeRLeKprUvrBUg==": { "id": "JVp8gcuEEeRLeKprUvrBUg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JWrwO52d5SNbcmJ2KpFaJQ==": { "id": "JWrwO52d5SNbcmJ2KpFaJQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JXQAkdur2asBQ4qeq789Ew==": { "id": "JXQAkdur2asBQ4qeq789Ew==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "JZIEpU7UdEXuAMj6emkt5A==": { "id": "JZIEpU7UdEXuAMj6emkt5A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "JZVeRC2oy93Tv6vLZpVqJQ==": { "id": "JZVeRC2oy93Tv6vLZpVqJQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "JZouihQMnG3T6XSUXqYbkA==": { "id": "JZouihQMnG3T6XSUXqYbkA==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "JegoLVJD+r1CNqau++1Vlw==": { "id": "JegoLVJD+r1CNqau++1Vlw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "JeqcZQqZ6re77qRb9vpAHQ==": { "id": "JeqcZQqZ6re77qRb9vpAHQ==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "JfmoxvDj+qKmecssvuGVyA==": { "id": "JfmoxvDj+qKmecssvuGVyA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JiPLnE3IM4/yPxZ8earXLg==": { "id": "JiPLnE3IM4/yPxZ8earXLg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "JmAt+4wqaQRWn+7jyy1oCQ==": { "id": "JmAt+4wqaQRWn+7jyy1oCQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jo0GiPh7MZcVuLsVDbp7qg==": { "id": "Jo0GiPh7MZcVuLsVDbp7qg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "Jq9s0m8iiaLnslijc1N/kw==": { "id": "Jq9s0m8iiaLnslijc1N/kw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "JrT9jqBaZlLgPCS0RLnpPQ==": { "id": "JrT9jqBaZlLgPCS0RLnpPQ==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "JsF5ac8+OAOWxsV80iUiIw==": { "id": "JsF5ac8+OAOWxsV80iUiIw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.1.el9_6", "arch_op": "pattern match" }, "JtCpNcg8egZjbdozD9CAJQ==": { "id": "JtCpNcg8egZjbdozD9CAJQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JwRn6LaXs4DLH+aotGHcIQ==": { "id": "JwRn6LaXs4DLH+aotGHcIQ==", "updater": "osv/go", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "issued": "2022-07-20T17:02:29Z", "links": "https://go.dev/cl/417066 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "Jx8Savf4pVqPTLt8HsgoXA==": { "id": "Jx8Savf4pVqPTLt8HsgoXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "K/Jzpgc6xwHh47HFu+S8BQ==": { "id": "K/Jzpgc6xwHh47HFu+S8BQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K0/KdAmlvzyf53kjXgfoRA==": { "id": "K0/KdAmlvzyf53kjXgfoRA==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "K12v1aAHn6bz+NiEB1W7GA==": { "id": "K12v1aAHn6bz+NiEB1W7GA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "K5fLrkou5COixf2q2qhQ5Q==": { "id": "K5fLrkou5COixf2q2qhQ5Q==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "KBpYoBBh5AFRsvma/sImeA==": { "id": "KBpYoBBh5AFRsvma/sImeA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KEWGfOVGYNjr6kNjpQx0qg==": { "id": "KEWGfOVGYNjr6kNjpQx0qg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KM/iKSazFyPeIBezQXviSQ==": { "id": "KM/iKSazFyPeIBezQXviSQ==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "KM3euWq+O2CS0VP936TjVg==": { "id": "KM3euWq+O2CS0VP936TjVg==", "updater": "osv/go", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "issued": "2023-12-06T16:22:36Z", "links": "https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.12" }, "KTLyj41W+cHfjH/HBrA7BQ==": { "id": "KTLyj41W+cHfjH/HBrA7BQ==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KXAIwMyIqS4MKyyyosxjhw==": { "id": "KXAIwMyIqS4MKyyyosxjhw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "KXzUsn7IGL3ZRMjBL3QOng==": { "id": "KXzUsn7IGL3ZRMjBL3QOng==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kcd+UQxBw37KfFkRbn1QXw==": { "id": "Kcd+UQxBw37KfFkRbn1QXw==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "KewD59oo2UdDLsWiOrUjzQ==": { "id": "KewD59oo2UdDLsWiOrUjzQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "KhBWOViCuCZdWqrkDlYvOA==": { "id": "KhBWOViCuCZdWqrkDlYvOA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KhtP1/ZJ9jcZ6Whijt7vkw==": { "id": "KhtP1/ZJ9jcZ6Whijt7vkw==", "updater": "osv/go", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "issued": "2023-02-16T22:31:36Z", "links": "https://go.dev/issue/57855 https://go.dev/cl/468135 https://go.dev/cl/468295 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Km0Kj8/PT21DcOVckLYRyA==": { "id": "Km0Kj8/PT21DcOVckLYRyA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Kp6vEAyTjVJyCperHJ2MsQ==": { "id": "Kp6vEAyTjVJyCperHJ2MsQ==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "Kqi7XT4SGpqJzglrXFbYsQ==": { "id": "Kqi7XT4SGpqJzglrXFbYsQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "KwXuJ1mZuqgv14dKI+DdIw==": { "id": "KwXuJ1mZuqgv14dKI+DdIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "L+KHKrPvSxZVeDMiWq92vw==": { "id": "L+KHKrPvSxZVeDMiWq92vw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "L/8naYULbNo7VCB5WzvpDw==": { "id": "L/8naYULbNo7VCB5WzvpDw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "L04cc8NCPjDZYnxYDnO5+A==": { "id": "L04cc8NCPjDZYnxYDnO5+A==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "L0O+Qmwnpkk+Rg/VqN7QWA==": { "id": "L0O+Qmwnpkk+Rg/VqN7QWA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "L2l/2cM7p8mbRx8/RerNPg==": { "id": "L2l/2cM7p8mbRx8/RerNPg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "L309n8CXvBj9wPx3UR7JGQ==": { "id": "L309n8CXvBj9wPx3UR7JGQ==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3Sq7FQbQmRq1R8Dn0eFww==": { "id": "L3Sq7FQbQmRq1R8Dn0eFww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "L5u3G3ilU8/0RtMpJ7kdKQ==": { "id": "L5u3G3ilU8/0RtMpJ7kdKQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "L7bRdQbudZhoHiefk8z45A==": { "id": "L7bRdQbudZhoHiefk8z45A==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "L9hbhq3wsZ5QkKEIo/fhYQ==": { "id": "L9hbhq3wsZ5QkKEIo/fhYQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "LAdEFhGjw+B+5uRqObeXiQ==": { "id": "LAdEFhGjw+B+5uRqObeXiQ==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "LBK9PqJKfCEUpttQCyryqw==": { "id": "LBK9PqJKfCEUpttQCyryqw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "LBzBPjCNeeSOWXyc2o2hnQ==": { "id": "LBzBPjCNeeSOWXyc2o2hnQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "LCRgl8qKc2VcXP1ILfaS6A==": { "id": "LCRgl8qKc2VcXP1ILfaS6A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "LDhDJjeJTHD14xx6vYgQUQ==": { "id": "LDhDJjeJTHD14xx6vYgQUQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LKHvKuMU+ZaZN+c9jQoc8A==": { "id": "LKHvKuMU+ZaZN+c9jQoc8A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "LMcwA00QGnxriAXkZQIhHw==": { "id": "LMcwA00QGnxriAXkZQIhHw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LULa++Og4kM4JJrQxnZj0w==": { "id": "LULa++Og4kM4JJrQxnZj0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.1.el9_6", "arch_op": "pattern match" }, "LUlesLbzv1yf48cLqYDxTg==": { "id": "LUlesLbzv1yf48cLqYDxTg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LXj+7NB7elh/3U/gcE77cw==": { "id": "LXj+7NB7elh/3U/gcE77cw==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Lc7NiV76Y8Ubl6+6Vgd+sw==": { "id": "Lc7NiV76Y8Ubl6+6Vgd+sw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "LcEYljn+QTWUC36NwQCf7w==": { "id": "LcEYljn+QTWUC36NwQCf7w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Lcg+9plLPEAo58BHKBlIGw==": { "id": "Lcg+9plLPEAo58BHKBlIGw==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "LczpEojKeJQxs4tAiPNubw==": { "id": "LczpEojKeJQxs4tAiPNubw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Lex02lwAwiaMkFn9DV9FuA==": { "id": "Lex02lwAwiaMkFn9DV9FuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkG+n79mbPHrPl1sC2ee1w==": { "id": "LkG+n79mbPHrPl1sC2ee1w==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LlIx9R1y9EWEYmMjr1l1rw==": { "id": "LlIx9R1y9EWEYmMjr1l1rw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "Lsd0oY+cRz3Y5y3+G6CYMA==": { "id": "Lsd0oY+cRz3Y5y3+G6CYMA==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "Lw4KgrwWujzRmDjtibR3+Q==": { "id": "Lw4KgrwWujzRmDjtibR3+Q==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "LyEH4RIrJnMwmS9bxL322w==": { "id": "LyEH4RIrJnMwmS9bxL322w==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LzfcsSJMzHmJVjI8xrynCA==": { "id": "LzfcsSJMzHmJVjI8xrynCA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1Z06nydk707qbRpFiKmaA==": { "id": "M1Z06nydk707qbRpFiKmaA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M3xoPIiF+fvDRyYkizrMWQ==": { "id": "M3xoPIiF+fvDRyYkizrMWQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M4/opsM/3qe/3m0zjGkItQ==": { "id": "M4/opsM/3qe/3m0zjGkItQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "M5aJiMv2/MaWINKfor0BrQ==": { "id": "M5aJiMv2/MaWINKfor0BrQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M6ssHrt9pKPpEPr7O0Tc/A==": { "id": "M6ssHrt9pKPpEPr7O0Tc/A==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "M9nh4Ryt6GwPUlLoItHqnA==": { "id": "M9nh4Ryt6GwPUlLoItHqnA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MAL36hvDgZ40KRvk279OJA==": { "id": "MAL36hvDgZ40KRvk279OJA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "MGoFQMcsriBEPanvv9LYcQ==": { "id": "MGoFQMcsriBEPanvv9LYcQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "MJ6xN5o4V2wpv4hjMTwHAA==": { "id": "MJ6xN5o4V2wpv4hjMTwHAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "MJtIM09Jw6pIepBEcf4LwQ==": { "id": "MJtIM09Jw6pIepBEcf4LwQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MOUExK9O9qzIs9ukHaS2ew==": { "id": "MOUExK9O9qzIs9ukHaS2ew==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "MVGmB/UrNlB0PqdbI1X5iA==": { "id": "MVGmB/UrNlB0PqdbI1X5iA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "MYhgpNDg22nk0/HCSwm/gw==": { "id": "MYhgpNDg22nk0/HCSwm/gw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "McBbvTJIAPyP1aOW8M+hzw==": { "id": "McBbvTJIAPyP1aOW8M+hzw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "Mds6YkAImABVZfFVPdan5w==": { "id": "Mds6YkAImABVZfFVPdan5w==", "updater": "osv/go", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "issued": "2022-07-15T23:30:12Z", "links": "https://go.dev/cl/399539 https://go.dev/issue/52313 https://go.dev/cl/400074 https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.2" }, "Mgu68G03r/7Tj/zMomkJZw==": { "id": "Mgu68G03r/7Tj/zMomkJZw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Mhh/p16eoRFTSGC5EJRZEw==": { "id": "Mhh/p16eoRFTSGC5EJRZEw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "Mo/R2a7u4vWlPy8O1jH7HQ==": { "id": "Mo/R2a7u4vWlPy8O1jH7HQ==", "updater": "rhel-vex", "name": "CVE-2024-8244", "description": "The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.", "issued": "2025-08-06T15:32:27Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8244 https://bugzilla.redhat.com/show_bug.cgi?id=2386885 https://www.cve.org/CVERecord?id=CVE-2024-8244 https://nvd.nist.gov/vuln/detail/CVE-2024-8244 https://go.dev/issue/70007 https://pkg.go.dev/vuln/GO-2025-9999 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8244.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Mo4ARlLui4P8nHgMUyYhSw==": { "id": "Mo4ARlLui4P8nHgMUyYhSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Mqs34KD77Q9uZxNX/8mz0Q==": { "id": "Mqs34KD77Q9uZxNX/8mz0Q==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MrRavbeiISRcJtBRJ3ZRsA==": { "id": "MrRavbeiISRcJtBRJ3ZRsA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "MrpKafmPiKoIdSrqC/r3Sg==": { "id": "MrpKafmPiKoIdSrqC/r3Sg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "Mrux1XY1LZVvkWuUp2MCHQ==": { "id": "Mrux1XY1LZVvkWuUp2MCHQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "MtExg9vrmkuo/+/XELnvpA==": { "id": "MtExg9vrmkuo/+/XELnvpA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Mukn5ixgUb/zb+mcMFd16Q==": { "id": "Mukn5ixgUb/zb+mcMFd16Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "Mv7iQu0SgLhcoLH3nS/HZw==": { "id": "Mv7iQu0SgLhcoLH3nS/HZw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "MvPzfqdptyOBxzxR1iCL3g==": { "id": "MvPzfqdptyOBxzxR1iCL3g==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MwRbFLckfwf7ZXLrr6KBUQ==": { "id": "MwRbFLckfwf7ZXLrr6KBUQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N6/VXIOitxRZPgnZMgm+4A==": { "id": "N6/VXIOitxRZPgnZMgm+4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "N6xCmSIsupN7OsJaYpsl6Q==": { "id": "N6xCmSIsupN7OsJaYpsl6Q==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "N6yyVyHeduwThpSSvA2dVQ==": { "id": "N6yyVyHeduwThpSSvA2dVQ==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "NAN7p79skZ+eBA0xQMnnqw==": { "id": "NAN7p79skZ+eBA0xQMnnqw==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ND8tA1FahvMc/ZIGpyoj3g==": { "id": "ND8tA1FahvMc/ZIGpyoj3g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NDTeUbmjAj/XEHx68pTD9A==": { "id": "NDTeUbmjAj/XEHx68pTD9A==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NFJR7P8KL9HNF/dsA5opTw==": { "id": "NFJR7P8KL9HNF/dsA5opTw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NGHtfO55iqBhbAmqujAqHA==": { "id": "NGHtfO55iqBhbAmqujAqHA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "NJhwMDbt0IMvlSLLB4cUVA==": { "id": "NJhwMDbt0IMvlSLLB4cUVA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "NLs2bAzfO2YzrBTddmvvkQ==": { "id": "NLs2bAzfO2YzrBTddmvvkQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "NNyvMdW5UTPp1jGH161XDQ==": { "id": "NNyvMdW5UTPp1jGH161XDQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "NObEgWpn6tAdrn33X3GoKw==": { "id": "NObEgWpn6tAdrn33X3GoKw==", "updater": "rhel-vex", "name": "CVE-2022-32148", "description": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-32148 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://www.cve.org/CVERecord?id=CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-32148.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NPJh6PwkJYtfpkFMxFCfIA==": { "id": "NPJh6PwkJYtfpkFMxFCfIA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NQ+dtAZLrUPoMA29mi1Odg==": { "id": "NQ+dtAZLrUPoMA29mi1Odg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "NUj8ykIgUTA27ShVMCBysA==": { "id": "NUj8ykIgUTA27ShVMCBysA==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NW78+g0sKpejEre7I2lCOA==": { "id": "NW78+g0sKpejEre7I2lCOA==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NWqPMtB06drZmdGhOgqvEA==": { "id": "NWqPMtB06drZmdGhOgqvEA==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NXkuwjwxMseOUUaLQCgnuQ==": { "id": "NXkuwjwxMseOUUaLQCgnuQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "NdlKBrj70+HY4gSgv+wTmA==": { "id": "NdlKBrj70+HY4gSgv+wTmA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NeoXfJYSR9hqSpA4BJOyWQ==": { "id": "NeoXfJYSR9hqSpA4BJOyWQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfM08djkMgc3ukqHI37OMg==": { "id": "NfM08djkMgc3ukqHI37OMg==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfOajNNzWnotxhFpYD5Nfg==": { "id": "NfOajNNzWnotxhFpYD5Nfg==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "NkAsviHzXhNrys9cILlYeQ==": { "id": "NkAsviHzXhNrys9cILlYeQ==", "updater": "osv/go", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "issued": "2023-11-08T22:42:14Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY https://go.dev/issue/64028 https://go.dev/cl/541175 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "Nl5OfrnQ/SPbLIWCvdxEHw==": { "id": "Nl5OfrnQ/SPbLIWCvdxEHw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NoEVAwQMgkCr1UvAm6iQBQ==": { "id": "NoEVAwQMgkCr1UvAm6iQBQ==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "NpKL2jmktUTvYJUFA1mjww==": { "id": "NpKL2jmktUTvYJUFA1mjww==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "NplyvjxiuekBB/5QKoOJbw==": { "id": "NplyvjxiuekBB/5QKoOJbw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "O+NG96g+kK1DtaJEFTfwuA==": { "id": "O+NG96g+kK1DtaJEFTfwuA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "O+a4984RTSUBIVVJsZTw1A==": { "id": "O+a4984RTSUBIVVJsZTw1A==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "O0QnjS+0zUH+vff5xaIpCw==": { "id": "O0QnjS+0zUH+vff5xaIpCw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "O0ZHj1wCkn8EgvHd15dYqA==": { "id": "O0ZHj1wCkn8EgvHd15dYqA==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "O24do/xbIwz1BfQU4lBl5A==": { "id": "O24do/xbIwz1BfQU4lBl5A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "O41Bejc6em2i0QjOrjliKQ==": { "id": "O41Bejc6em2i0QjOrjliKQ==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "O4VudlVyChnCKHP9qhS59g==": { "id": "O4VudlVyChnCKHP9qhS59g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "O7l2OQQ3NRM4VNrd4YvEaA==": { "id": "O7l2OQQ3NRM4VNrd4YvEaA==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "O8btQzgzPf/pU7XfP3wqPw==": { "id": "O8btQzgzPf/pU7XfP3wqPw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "OIcx4C9IsgtrAE0nDs9GdA==": { "id": "OIcx4C9IsgtrAE0nDs9GdA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "OJ5Ok6CMeJ8/3txCizz4cg==": { "id": "OJ5Ok6CMeJ8/3txCizz4cg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "OOCO13z2+atrfqEfCsJ3/w==": { "id": "OOCO13z2+atrfqEfCsJ3/w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "OUOPFj6v5qm/F5KSXf7dVw==": { "id": "OUOPFj6v5qm/F5KSXf7dVw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oaw7/z6QEDwwzKvMQmdriQ==": { "id": "Oaw7/z6QEDwwzKvMQmdriQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OhQ6agVzWuY02NakmnlJmw==": { "id": "OhQ6agVzWuY02NakmnlJmw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "Oi+2EF5+FNNGg+4WyowonQ==": { "id": "Oi+2EF5+FNNGg+4WyowonQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "Ojd6gfhf5HOGBRFGRWmKOg==": { "id": "Ojd6gfhf5HOGBRFGRWmKOg==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ok4YXGXw7Ua7qgtxqZcqhg==": { "id": "Ok4YXGXw7Ua7qgtxqZcqhg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "OleRcJ5uCI7wOsxOqMjRlg==": { "id": "OleRcJ5uCI7wOsxOqMjRlg==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "OlhZuHzjnGJlFRoEEZLvZw==": { "id": "OlhZuHzjnGJlFRoEEZLvZw==", "updater": "rhel-vex", "name": "CVE-2022-1705", "description": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://www.cve.org/CVERecord?id=CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://go.dev/issue/53188 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1705.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OlzUZywb212kcLte3jiS3g==": { "id": "OlzUZywb212kcLte3jiS3g==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "OoUkTYhn9kcAyWK8OpWEvg==": { "id": "OoUkTYhn9kcAyWK8OpWEvg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "OqWPbZZgGqlPCMzbmClfHA==": { "id": "OqWPbZZgGqlPCMzbmClfHA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "OtUtUn02ewCzaijseyEVUA==": { "id": "OtUtUn02ewCzaijseyEVUA==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "OuZBWnWNFHYdTgntdOB15Q==": { "id": "OuZBWnWNFHYdTgntdOB15Q==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "OvvtykNCZtfooZWGyghXfg==": { "id": "OvvtykNCZtfooZWGyghXfg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ox1tNe9huq3q2onFJsX0QA==": { "id": "Ox1tNe9huq3q2onFJsX0QA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "OxOc7/P4x7mjEZNhGnABDA==": { "id": "OxOc7/P4x7mjEZNhGnABDA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "Oz/6eC07LwyvcoelwlI47w==": { "id": "Oz/6eC07LwyvcoelwlI47w==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "P0aqIEFHW71uwsNt2kNw4A==": { "id": "P0aqIEFHW71uwsNt2kNw4A==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "P1K1eUbqwgam0P6f7iB/IA==": { "id": "P1K1eUbqwgam0P6f7iB/IA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "P2LAyAbSFxWVwlNB9c/A2g==": { "id": "P2LAyAbSFxWVwlNB9c/A2g==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "P8ATyyToJgziJaUXIjyPvA==": { "id": "P8ATyyToJgziJaUXIjyPvA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "PAVfrfQyg9ezKUDPbI/Nmw==": { "id": "PAVfrfQyg9ezKUDPbI/Nmw==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "PB44uTo7NGwmA/fjSEQPBA==": { "id": "PB44uTo7NGwmA/fjSEQPBA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "PDkkYuYRnbObAyDWKDapig==": { "id": "PDkkYuYRnbObAyDWKDapig==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "PEaU9hApxjdZ1D4R2OUZpw==": { "id": "PEaU9hApxjdZ1D4R2OUZpw==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "PHRlWl/iCYco+xAVn6SmKQ==": { "id": "PHRlWl/iCYco+xAVn6SmKQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "PJ/Blkuxb9rGhjSw0f3NrA==": { "id": "PJ/Blkuxb9rGhjSw0f3NrA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "PLT6ItGnGibNqyU7ikhmRA==": { "id": "PLT6ItGnGibNqyU7ikhmRA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PMaPI3hRDt0vFaerryvY/g==": { "id": "PMaPI3hRDt0vFaerryvY/g==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "POO0JR6PIxa5cAikhYHhiQ==": { "id": "POO0JR6PIxa5cAikhYHhiQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "POSFLQ5mtdC9jMcn5UF8FA==": { "id": "POSFLQ5mtdC9jMcn5UF8FA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "PRErogcN/aXkh7DLlBPLlw==": { "id": "PRErogcN/aXkh7DLlBPLlw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "PTaioV6jy0S7VQV20A7R+A==": { "id": "PTaioV6jy0S7VQV20A7R+A==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "PYQ8GtvInfQ411U5gwbErQ==": { "id": "PYQ8GtvInfQ411U5gwbErQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Pd5fn59ga3nlH8XsDKvDWA==": { "id": "Pd5fn59ga3nlH8XsDKvDWA==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "PdGhfwK5tePs8ngzFuopoA==": { "id": "PdGhfwK5tePs8ngzFuopoA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "PdNX5RN9keIsqOloxy7mkg==": { "id": "PdNX5RN9keIsqOloxy7mkg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "Pdc4LabMMVIl3+kSdEepMw==": { "id": "Pdc4LabMMVIl3+kSdEepMw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "PgPRtFXcN+6zuIY77w+muQ==": { "id": "PgPRtFXcN+6zuIY77w+muQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PhzQEpAkCFfaNfVzGQzMgg==": { "id": "PhzQEpAkCFfaNfVzGQzMgg==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "PnyZkAM4ZwDECggE7QV89A==": { "id": "PnyZkAM4ZwDECggE7QV89A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Po+GLdyrucAyVatfOmZxGg==": { "id": "Po+GLdyrucAyVatfOmZxGg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PwX0RLPO5W1w6VDjSgcV8A==": { "id": "PwX0RLPO5W1w6VDjSgcV8A==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q1F3DVZZ3gpMNQT3yhbiSg==": { "id": "Q1F3DVZZ3gpMNQT3yhbiSg==", "updater": "rhel-vex", "name": "CVE-2025-10911", "description": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.", "issued": "2025-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10911 https://bugzilla.redhat.com/show_bug.cgi?id=2397838 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://nvd.nist.gov/vuln/detail/CVE-2025-10911 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10911.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2+f0ITzWPp+YCesnwp1Ng==": { "id": "Q2+f0ITzWPp+YCesnwp1Ng==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q9syyD8a/4l/mc50UAvBnQ==": { "id": "Q9syyD8a/4l/mc50UAvBnQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "QBD2bakyMRLlWNUWb7c8Ng==": { "id": "QBD2bakyMRLlWNUWb7c8Ng==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "QBNxNqNCcUL/GHKqOh7Fyw==": { "id": "QBNxNqNCcUL/GHKqOh7Fyw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QDYJ95dZNazClKtqoRJQeQ==": { "id": "QDYJ95dZNazClKtqoRJQeQ==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "QHS4gwmQURKolJEnj/ZMHw==": { "id": "QHS4gwmQURKolJEnj/ZMHw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "QL7KLbo+Ri9Q4aoq0+/c2w==": { "id": "QL7KLbo+Ri9Q4aoq0+/c2w==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "QNVm3dpa9lFJUb6FBjjc1g==": { "id": "QNVm3dpa9lFJUb6FBjjc1g==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "QNeXj0/uAU3vww6deBbkrw==": { "id": "QNeXj0/uAU3vww6deBbkrw==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QSEpEyTM9A7rsX/qx644wQ==": { "id": "QSEpEyTM9A7rsX/qx644wQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QX1bQ/CZA5mRbcqjpTc9aA==": { "id": "QX1bQ/CZA5mRbcqjpTc9aA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QXekSyzWiuaI8YTxDgngHw==": { "id": "QXekSyzWiuaI8YTxDgngHw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "QY4aLgQQjP1oPPp38ArMrQ==": { "id": "QY4aLgQQjP1oPPp38ArMrQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QZ7uKIt3KkZJfzRLCLWsIg==": { "id": "QZ7uKIt3KkZJfzRLCLWsIg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "QZQvSq0tzcJY8GfiU/aXpg==": { "id": "QZQvSq0tzcJY8GfiU/aXpg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgyYiUqrv2nc1+RqO1bM4A==": { "id": "QgyYiUqrv2nc1+RqO1bM4A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "QhESIu1eoXqoSNW7jNhlZg==": { "id": "QhESIu1eoXqoSNW7jNhlZg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.1.el9_6", "arch_op": "pattern match" }, "Qimhraux3dZtFrPRbNJqyw==": { "id": "Qimhraux3dZtFrPRbNJqyw==", "updater": "osv/go", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "issued": "2023-09-07T16:11:59Z", "links": "https://go.dev/issue/62197 https://go.dev/cl/526157 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "QireWdVPs8MzNOJ1scQvdA==": { "id": "QireWdVPs8MzNOJ1scQvdA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QjS6b4li9vRMvS2l49iyfw==": { "id": "QjS6b4li9vRMvS2l49iyfw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Qp7j7oFs4UbVUHVGblDM1w==": { "id": "Qp7j7oFs4UbVUHVGblDM1w==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "QqK1O3FCNB9QbClJ7bZ6YA==": { "id": "QqK1O3FCNB9QbClJ7bZ6YA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "QqNagWxBuciWgmqsaHDwZw==": { "id": "QqNagWxBuciWgmqsaHDwZw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "Qr2/3ufYTxjXiJuEKM7I7w==": { "id": "Qr2/3ufYTxjXiJuEKM7I7w==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "QsR+n6O0ULfYayvahAaltg==": { "id": "QsR+n6O0ULfYayvahAaltg==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "QwkBpizF3mo2JpevPMDeaw==": { "id": "QwkBpizF3mo2JpevPMDeaw==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "QxQ47SEMl+UFCOv8XVwx9A==": { "id": "QxQ47SEMl+UFCOv8XVwx9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "QznSXY89jmEtP62PhxgH1g==": { "id": "QznSXY89jmEtP62PhxgH1g==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "R1Akf7BYKFH+Usf+3IS0Cg==": { "id": "R1Akf7BYKFH+Usf+3IS0Cg==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R6drGbgnzqKGDiX/RNUdqw==": { "id": "R6drGbgnzqKGDiX/RNUdqw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "R7XEe59RfqPZwHJmDbOyww==": { "id": "R7XEe59RfqPZwHJmDbOyww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "R9lgi90skf6A+gEQ2Lu8dg==": { "id": "R9lgi90skf6A+gEQ2Lu8dg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "RA9ILX3H27ou2ro1GzHq8Q==": { "id": "RA9ILX3H27ou2ro1GzHq8Q==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RDlpzaleAPnYWwZyjvoRug==": { "id": "RDlpzaleAPnYWwZyjvoRug==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "RFeq5rwe+sxgyWgUXeEitA==": { "id": "RFeq5rwe+sxgyWgUXeEitA==", "updater": "osv/go", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "issued": "2022-07-20T20:52:06Z", "links": "https://go.dev/cl/417061 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "RJziShukaon2ShF1sKdneQ==": { "id": "RJziShukaon2ShF1sKdneQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "RKG7TR5VLN5EK2rg7nfjuQ==": { "id": "RKG7TR5VLN5EK2rg7nfjuQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "RLGDcCcECNxfaKqTkhDvew==": { "id": "RLGDcCcECNxfaKqTkhDvew==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RPWIFXazUxYQ5Q1rBYTqdg==": { "id": "RPWIFXazUxYQ5Q1rBYTqdg==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RPlldG/r8WWd2UCSZ1vzsg==": { "id": "RPlldG/r8WWd2UCSZ1vzsg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "RReWBnQmCp2XJDUh6xioRQ==": { "id": "RReWBnQmCp2XJDUh6xioRQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RU6xHn/9SV8lotyX3JW1ZQ==": { "id": "RU6xHn/9SV8lotyX3JW1ZQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "RUDcnDBVSmf+/LWMe4Tqgw==": { "id": "RUDcnDBVSmf+/LWMe4Tqgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "RXSYUreBGXQz5Vll3C130A==": { "id": "RXSYUreBGXQz5Vll3C130A==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdY/UQx2FGTtVn1x7G1KkA==": { "id": "RdY/UQx2FGTtVn1x7G1KkA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rf7m+dbWxZxBNm1A9nfdqg==": { "id": "Rf7m+dbWxZxBNm1A9nfdqg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RfXeDDRCykmZZMDXVfaGtg==": { "id": "RfXeDDRCykmZZMDXVfaGtg==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "RgBI11FezD5/LF6u61IQtw==": { "id": "RgBI11FezD5/LF6u61IQtw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "Rm7aeXEOy4+PSaaC/AfGyw==": { "id": "Rm7aeXEOy4+PSaaC/AfGyw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "RnzVpoLf3gQvIDiBFFXm6w==": { "id": "RnzVpoLf3gQvIDiBFFXm6w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rs2w9Uui+dW2Lg48Ml6jpw==": { "id": "Rs2w9Uui+dW2Lg48Ml6jpw==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxiYxX3H5lL8cc7k0ac/mQ==": { "id": "RxiYxX3H5lL8cc7k0ac/mQ==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxmnlWamNxvphCIuarducQ==": { "id": "RxmnlWamNxvphCIuarducQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ry6vRm+cs1w4rnhTcw+4ww==": { "id": "Ry6vRm+cs1w4rnhTcw+4ww==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "Rz0KcMyzx8GC2p+YUZpHPQ==": { "id": "Rz0KcMyzx8GC2p+YUZpHPQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "S01BJ2Ht59Iq71LsHWKLzg==": { "id": "S01BJ2Ht59Iq71LsHWKLzg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "S2g7delheJOLf2DxVbw0Hg==": { "id": "S2g7delheJOLf2DxVbw0Hg==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "S2kC/8+NtHD0EdQuoPqXlg==": { "id": "S2kC/8+NtHD0EdQuoPqXlg==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "S3c04CkV3MUFBzUssTpBSg==": { "id": "S3c04CkV3MUFBzUssTpBSg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S9GgHs7lpMPNDjvswObhPg==": { "id": "S9GgHs7lpMPNDjvswObhPg==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "SBAWrxfXaQ2Ka48xajW62A==": { "id": "SBAWrxfXaQ2Ka48xajW62A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "SFiwTqc+C9HkxslIGbfU0g==": { "id": "SFiwTqc+C9HkxslIGbfU0g==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "SFoELvc6okNKWKi7mExikA==": { "id": "SFoELvc6okNKWKi7mExikA==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "SIPkCsjtWsrsJnfVRjxnKA==": { "id": "SIPkCsjtWsrsJnfVRjxnKA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "SKOD3G/MxX5t9s/HjT+ehg==": { "id": "SKOD3G/MxX5t9s/HjT+ehg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "SKyAPnATFclliIE0mjtq+w==": { "id": "SKyAPnATFclliIE0mjtq+w==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRL0fsSEDtOf7vYyf/BewQ==": { "id": "SRL0fsSEDtOf7vYyf/BewQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SS38Q6SbT7pMry4emWgqdg==": { "id": "SS38Q6SbT7pMry4emWgqdg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "SU1MGh9+Zg3Zuy+khiN0Og==": { "id": "SU1MGh9+Zg3Zuy+khiN0Og==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "SWMi5UoagLshKWAW26MJTw==": { "id": "SWMi5UoagLshKWAW26MJTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SXF95Q57bdA0qf3iy/XSPw==": { "id": "SXF95Q57bdA0qf3iy/XSPw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "SaWdJL5a+HL0ZieRiKpgNA==": { "id": "SaWdJL5a+HL0ZieRiKpgNA==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "Sal0GJMIh5Nqb3U4N6ro0g==": { "id": "Sal0GJMIh5Nqb3U4N6ro0g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SbrfelK/hRkg8QJAv7881A==": { "id": "SbrfelK/hRkg8QJAv7881A==", "updater": "osv/go", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "issued": "2023-02-16T22:24:51Z", "links": "https://go.dev/issue/58001 https://go.dev/cl/468125 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "SduSwzmffGiGJfqQDrSyEA==": { "id": "SduSwzmffGiGJfqQDrSyEA==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Sfn7NNniMfKKkrbS2KIlnA==": { "id": "Sfn7NNniMfKKkrbS2KIlnA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "SjbW0rogoRJo0my37ozMDg==": { "id": "SjbW0rogoRJo0my37ozMDg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Sn+Wd5xIJ9cLZDfoyJlgkw==": { "id": "Sn+Wd5xIJ9cLZDfoyJlgkw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SnI5fUbXuT/Xt+VkGvddww==": { "id": "SnI5fUbXuT/Xt+VkGvddww==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "SnYLkLUk0dFIFA/itR5yrA==": { "id": "SnYLkLUk0dFIFA/itR5yrA==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "SqKI5VB6698Nen4zsScUuw==": { "id": "SqKI5VB6698Nen4zsScUuw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "SsFE9yHqow9BNx1O4nMcCg==": { "id": "SsFE9yHqow9BNx1O4nMcCg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SsNZleqCp7tmOqFZQ6ZaBA==": { "id": "SsNZleqCp7tmOqFZQ6ZaBA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Stfm7ne4Ofst02xkZn9K1w==": { "id": "Stfm7ne4Ofst02xkZn9K1w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Sw8bDdvvxQW2LmbjS6B1hg==": { "id": "Sw8bDdvvxQW2LmbjS6B1hg==", "updater": "rhel-vex", "name": "CVE-2022-30630", "description": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://www.cve.org/CVERecord?id=CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30630.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T1160/hke2bN2YNtHQGAVQ==": { "id": "T1160/hke2bN2YNtHQGAVQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "T2rcJ7DPtdiGNP7r4L5R2g==": { "id": "T2rcJ7DPtdiGNP7r4L5R2g==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "T38zlL6BTag6EVZfMAMcaw==": { "id": "T38zlL6BTag6EVZfMAMcaw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "T4bxk7MHk24P39KEeRKoig==": { "id": "T4bxk7MHk24P39KEeRKoig==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "T5/Q0DOZypWV6o3x9ziKqw==": { "id": "T5/Q0DOZypWV6o3x9ziKqw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "T507T5wFbtPlOW9lG7LxIA==": { "id": "T507T5wFbtPlOW9lG7LxIA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T9nCb/lA5TdipGMhtb6HJA==": { "id": "T9nCb/lA5TdipGMhtb6HJA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TAntNn3gBlGhX3mRHNXfWw==": { "id": "TAntNn3gBlGhX3mRHNXfWw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "TCtup4kp9cBGgmnLMbI+rw==": { "id": "TCtup4kp9cBGgmnLMbI+rw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TFku8MBahkkWbmKYS7dbIQ==": { "id": "TFku8MBahkkWbmKYS7dbIQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "TGe682MVp+b3S1lDl9HTLw==": { "id": "TGe682MVp+b3S1lDl9HTLw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "TGjVfFW0jWP1/Slr8hCo8Q==": { "id": "TGjVfFW0jWP1/Slr8hCo8Q==", "updater": "osv/go", "name": "GO-2025-3751", "description": "Sensitive headers not cleared on cross-origin redirect in net/http", "issued": "2025-06-11T16:23:58Z", "links": "https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "TI1OyePXauC23iR42z7HKg==": { "id": "TI1OyePXauC23iR42z7HKg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TK/tQUH9MhuStrQUTQS1ZQ==": { "id": "TK/tQUH9MhuStrQUTQS1ZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "TN9ZqAQo2vEW/Tx62EpRcg==": { "id": "TN9ZqAQo2vEW/Tx62EpRcg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "TNb7OrRxFn2Bis7zp2oi8A==": { "id": "TNb7OrRxFn2Bis7zp2oi8A==", "updater": "rhel-vex", "name": "CVE-2025-9165", "description": "A memory leak flaw was found in LibTIFF. This vulnerability affects the _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution.", "issued": "2025-08-19T20:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9165 https://bugzilla.redhat.com/show_bug.cgi?id=2389574 https://www.cve.org/CVERecord?id=CVE-2025-9165 https://nvd.nist.gov/vuln/detail/CVE-2025-9165 http://www.libtiff.org/ https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?ctiid.320543 https://vuldb.com/?id.320543 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9165.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TPp/bXEhRpApQLMY2Ppr9g==": { "id": "TPp/bXEhRpApQLMY2Ppr9g==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "TQEoFglRNgkSreqoAySz5A==": { "id": "TQEoFglRNgkSreqoAySz5A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "TRd8qEGSmZkjG+mmOfTmTg==": { "id": "TRd8qEGSmZkjG+mmOfTmTg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "TTh9HGJJgt1I4lhDqtPBIA==": { "id": "TTh9HGJJgt1I4lhDqtPBIA==", "updater": "osv/go", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "issued": "2022-11-01T23:55:57Z", "links": "https://go.dev/issue/56284 https://go.dev/cl/446916 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.8" }, "TU6sUeJdvbpf1Uxt7QBVXQ==": { "id": "TU6sUeJdvbpf1Uxt7QBVXQ==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "TUvm6koxiDQRc/8CJ4TCOA==": { "id": "TUvm6koxiDQRc/8CJ4TCOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ThUekCEizKQbaM9qGtWShw==": { "id": "ThUekCEizKQbaM9qGtWShw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ThjoilITJToSra2xx7nmXA==": { "id": "ThjoilITJToSra2xx7nmXA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "TiGGrcjH9zkR+9PywLxD8Q==": { "id": "TiGGrcjH9zkR+9PywLxD8Q==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ToyZiPOtBFPiNJOZ8QaYng==": { "id": "ToyZiPOtBFPiNJOZ8QaYng==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "TrfUjn7Hi6JPe4l/9tuyAQ==": { "id": "TrfUjn7Hi6JPe4l/9tuyAQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "TsVNXuAeF3PhiRZhIOjjtQ==": { "id": "TsVNXuAeF3PhiRZhIOjjtQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TteHTvD/qC9z9/bg4D+o8w==": { "id": "TteHTvD/qC9z9/bg4D+o8w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.1.el9_6", "arch_op": "pattern match" }, "U/ITon4/vjzN/EsZEGI38Q==": { "id": "U/ITon4/vjzN/EsZEGI38Q==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "U06t0kkLaLeKpn0QxtZUSg==": { "id": "U06t0kkLaLeKpn0QxtZUSg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "U2e7dgKDqk0OlJ2oJw2iuw==": { "id": "U2e7dgKDqk0OlJ2oJw2iuw==", "updater": "osv/go", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "issued": "2022-10-06T16:42:43Z", "links": "https://go.dev/issue/54663 https://go.dev/cl/432976 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "U2w6LmoqKmaGSd6IxLZGKg==": { "id": "U2w6LmoqKmaGSd6IxLZGKg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "U31VkPC5v6K7XIsRFDo19w==": { "id": "U31VkPC5v6K7XIsRFDo19w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "U47k8+SGMpP7nHNJFxv5oA==": { "id": "U47k8+SGMpP7nHNJFxv5oA==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "U61IeOaU1v6bOHJxSPbCCw==": { "id": "U61IeOaU1v6bOHJxSPbCCw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "U7q9649W3+OXGS9kMwowkw==": { "id": "U7q9649W3+OXGS9kMwowkw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U86hsRMcoSpvWp72aUJNFQ==": { "id": "U86hsRMcoSpvWp72aUJNFQ==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UApauQbQz6UZdsAuW9miOQ==": { "id": "UApauQbQz6UZdsAuW9miOQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "UBV+Z4vQ/HB9/cVGq/+u3w==": { "id": "UBV+Z4vQ/HB9/cVGq/+u3w==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UC0U9/zd+klwBmGR1YYVPg==": { "id": "UC0U9/zd+klwBmGR1YYVPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "UEW14H6J4RBSZEjpG6p4bw==": { "id": "UEW14H6J4RBSZEjpG6p4bw==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "UEgRngB2KVq3bhFU/6+13Q==": { "id": "UEgRngB2KVq3bhFU/6+13Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "UH1xPpnVOud+f1gKl26ATQ==": { "id": "UH1xPpnVOud+f1gKl26ATQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "UPjX59r3QHIaBVa54cqtzA==": { "id": "UPjX59r3QHIaBVa54cqtzA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "USroe8+XCxLDwAOkjWfs+Q==": { "id": "USroe8+XCxLDwAOkjWfs+Q==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "UTm7DZVRUmqWWBx0Js7vCA==": { "id": "UTm7DZVRUmqWWBx0Js7vCA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "UV2MuUVVyu0L6wfdUc0Qpg==": { "id": "UV2MuUVVyu0L6wfdUc0Qpg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "UVRy+pWnw+7xa7f2U2B15Q==": { "id": "UVRy+pWnw+7xa7f2U2B15Q==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "UWR5dcXlfiNMz/BIfTGvfQ==": { "id": "UWR5dcXlfiNMz/BIfTGvfQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ub9JoNToSyT09hD5MOIlGA==": { "id": "Ub9JoNToSyT09hD5MOIlGA==", "updater": "rhel-vex", "name": "CVE-2025-8961", "description": "A memory corruption flaw was found in libTIFF. This issue affects the May function of the tiffcrop.c file in the tiffcrop component. This attack needs to be approached locally.", "issued": "2025-08-14T12:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8961 https://bugzilla.redhat.com/show_bug.cgi?id=2388541 https://www.cve.org/CVERecord?id=CVE-2025-8961 https://nvd.nist.gov/vuln/detail/CVE-2025-8961 http://www.libtiff.org/ https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 https://vuldb.com/?ctiid.319955 https://vuldb.com/?id.319955 https://vuldb.com/?submit.627957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8961.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbJne6U4WRZmmyYLeEtt4w==": { "id": "UbJne6U4WRZmmyYLeEtt4w==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "UcI2WjL14mHQYOfXIkpuzA==": { "id": "UcI2WjL14mHQYOfXIkpuzA==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "UcSRaJxHOHBFxbLpeEwTSA==": { "id": "UcSRaJxHOHBFxbLpeEwTSA==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "UeuwcxsDMDrcMU7c13lXsQ==": { "id": "UeuwcxsDMDrcMU7c13lXsQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "Uh6QIejNBmYSJ+kLmnZWzw==": { "id": "Uh6QIejNBmYSJ+kLmnZWzw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "UhBP4F/rEtGjZG3U8Wvp2Q==": { "id": "UhBP4F/rEtGjZG3U8Wvp2Q==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "UiO8eKIdcPJIKIj94tK4ug==": { "id": "UiO8eKIdcPJIKIj94tK4ug==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "UjXmsuFAyS2A1LN7d6S/5w==": { "id": "UjXmsuFAyS2A1LN7d6S/5w==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "UoBD3GwEne6Zwl54oZgCCg==": { "id": "UoBD3GwEne6Zwl54oZgCCg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Us6zMNu9gwaRC0UH2SSoQw==": { "id": "Us6zMNu9gwaRC0UH2SSoQw==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "UsE9/aKvx7HhPwZe6KY1zw==": { "id": "UsE9/aKvx7HhPwZe6KY1zw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "UsTHWG7fBbgk8T9K0i79Ww==": { "id": "UsTHWG7fBbgk8T9K0i79Ww==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "UuV6vmv/pMSyQBUW2Wn3bA==": { "id": "UuV6vmv/pMSyQBUW2Wn3bA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Uy8P+1ImBLgh4EjZYlMO1Q==": { "id": "Uy8P+1ImBLgh4EjZYlMO1Q==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "UykJtPxmRiaRteAhKYbbOQ==": { "id": "UykJtPxmRiaRteAhKYbbOQ==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V+7K8Rg1uux3xnVmyH12/A==": { "id": "V+7K8Rg1uux3xnVmyH12/A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "V0awGVhndNVps/Yhh/P2GQ==": { "id": "V0awGVhndNVps/Yhh/P2GQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "V2C0OnbFKs9wiV3IrUOPew==": { "id": "V2C0OnbFKs9wiV3IrUOPew==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "V8n5VKFkjNZwkLq+W6E59g==": { "id": "V8n5VKFkjNZwkLq+W6E59g==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "V9f8Tc0z/tWsm1egJDudPA==": { "id": "V9f8Tc0z/tWsm1egJDudPA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VDQb6roo+zwBamxPu+hGeQ==": { "id": "VDQb6roo+zwBamxPu+hGeQ==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VDdxJUjxgL4zXvGWC/1xnw==": { "id": "VDdxJUjxgL4zXvGWC/1xnw==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "VDqplxSZcK9CHQ9RjGiEqQ==": { "id": "VDqplxSZcK9CHQ9RjGiEqQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "VGewdTS02tdqYoORYHK7Rg==": { "id": "VGewdTS02tdqYoORYHK7Rg==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "VJAm4vMolMmA2ytzFknQUA==": { "id": "VJAm4vMolMmA2ytzFknQUA==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "VJggyJ1jjyIM3XdMGzsDrg==": { "id": "VJggyJ1jjyIM3XdMGzsDrg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "VMOHtQeyAtpNyzG6HE0XhQ==": { "id": "VMOHtQeyAtpNyzG6HE0XhQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "VMyDbkft4E3T+1eXNk/i7A==": { "id": "VMyDbkft4E3T+1eXNk/i7A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "VNA7ljkMyeRq9SDNO9drHQ==": { "id": "VNA7ljkMyeRq9SDNO9drHQ==", "updater": "osv/go", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "issued": "2023-02-16T19:49:19Z", "links": "https://go.dev/issue/57274 https://go.dev/cl/468123 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "VQ+eWJsUMBep4PD4xfj8Vw==": { "id": "VQ+eWJsUMBep4PD4xfj8Vw==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "VUNwpBj4hvcLARxqxrvCCg==": { "id": "VUNwpBj4hvcLARxqxrvCCg==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "VVUozaap6uAAqX8QCLFGyg==": { "id": "VVUozaap6uAAqX8QCLFGyg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VZxWbc2wJwiwTLhillEtpA==": { "id": "VZxWbc2wJwiwTLhillEtpA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "Vbqm1jpiIiIM2rxq++FdoQ==": { "id": "Vbqm1jpiIiIM2rxq++FdoQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "VcgFEXPgpzLsj5tOjILVtw==": { "id": "VcgFEXPgpzLsj5tOjILVtw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "VdMk4kWMgrdK/5+i3n6XhA==": { "id": "VdMk4kWMgrdK/5+i3n6XhA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "VdavXNeRp4EjkXxldYSiUw==": { "id": "VdavXNeRp4EjkXxldYSiUw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ve1jg9SxTDjeNdfGHjxP2g==": { "id": "Ve1jg9SxTDjeNdfGHjxP2g==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VgTIKWxJpYFkd788UcqT3A==": { "id": "VgTIKWxJpYFkd788UcqT3A==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "VgaIsJDFBatjqT1h+RQLFQ==": { "id": "VgaIsJDFBatjqT1h+RQLFQ==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Vl7X+IopOqzOWh1MyUOYCw==": { "id": "Vl7X+IopOqzOWh1MyUOYCw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "VxNINARrmRd6QnZ2htNesA==": { "id": "VxNINARrmRd6QnZ2htNesA==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "VyeYHICkBiXwLbWKsz4//A==": { "id": "VyeYHICkBiXwLbWKsz4//A==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "W01A5sOetTjsV/4bYawPgA==": { "id": "W01A5sOetTjsV/4bYawPgA==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "W08Ska67/8hV/b3GYflglQ==": { "id": "W08Ska67/8hV/b3GYflglQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W3qe9/KhW5BUF2s+kXxVcA==": { "id": "W3qe9/KhW5BUF2s+kXxVcA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "W5birtu1clZwp55QDPxkAA==": { "id": "W5birtu1clZwp55QDPxkAA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "W9IdHW1dLxMcDTawlof8yw==": { "id": "W9IdHW1dLxMcDTawlof8yw==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "W9Pcn9xdPg78KgFAK5oOyQ==": { "id": "W9Pcn9xdPg78KgFAK5oOyQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WACsy7vAhq3GJRyxAuj7NA==": { "id": "WACsy7vAhq3GJRyxAuj7NA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "WALxwIFXDH8ZvKesDKBFiQ==": { "id": "WALxwIFXDH8ZvKesDKBFiQ==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "WCZXmTnbo+2lbMuZdpH8NA==": { "id": "WCZXmTnbo+2lbMuZdpH8NA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "WFXV6zzHKCX8JuqtokClVw==": { "id": "WFXV6zzHKCX8JuqtokClVw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WGccGAwrqbQSNjycPuaPsA==": { "id": "WGccGAwrqbQSNjycPuaPsA==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WKC52So9Haaq0Y0pkIeTJg==": { "id": "WKC52So9Haaq0Y0pkIeTJg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WLpGLJSV+lV8a0xggVfA3A==": { "id": "WLpGLJSV+lV8a0xggVfA3A==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "WLri8p9NfgX8reKybIYziw==": { "id": "WLri8p9NfgX8reKybIYziw==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "WNA27LqRIql90O1m/PSAgQ==": { "id": "WNA27LqRIql90O1m/PSAgQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "WNRX1UWo4fDLFOhq9mcbIA==": { "id": "WNRX1UWo4fDLFOhq9mcbIA==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "WOIdi+BEnCeSEkfRBmj1AA==": { "id": "WOIdi+BEnCeSEkfRBmj1AA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "WOmMgxwwjpbn/RLQX8HPBg==": { "id": "WOmMgxwwjpbn/RLQX8HPBg==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "WPitnGSVxSl/y97AJTQIFQ==": { "id": "WPitnGSVxSl/y97AJTQIFQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "WU+A3QdBd331DcSM3AXFew==": { "id": "WU+A3QdBd331DcSM3AXFew==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "WV6CLob4bxW/eDgXBTJfxA==": { "id": "WV6CLob4bxW/eDgXBTJfxA==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "WVPPqMDSvwuthc5RexsDjg==": { "id": "WVPPqMDSvwuthc5RexsDjg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WVkwWFZlIInzrX99VsKBBQ==": { "id": "WVkwWFZlIInzrX99VsKBBQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "Wd+GQ3y21/7kl1XV9m/oiQ==": { "id": "Wd+GQ3y21/7kl1XV9m/oiQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "WhaoYkvfheR7Tz30m0/IKA==": { "id": "WhaoYkvfheR7Tz30m0/IKA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "WlLXHoXR9O8Ph+uSZ6aDCg==": { "id": "WlLXHoXR9O8Ph+uSZ6aDCg==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WnkMM/SD0E+7EEac0/vMVg==": { "id": "WnkMM/SD0E+7EEac0/vMVg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "WoF8HAs7BhQT5cycNGL9tw==": { "id": "WoF8HAs7BhQT5cycNGL9tw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WorXACje3vTXq/wv3RUODg==": { "id": "WorXACje3vTXq/wv3RUODg==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "WqlqRQL17MeMqdTx+SuEyw==": { "id": "WqlqRQL17MeMqdTx+SuEyw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ws0fZZUTvLi37jSEx1MM5g==": { "id": "Ws0fZZUTvLi37jSEx1MM5g==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Wv5rERdynoJ/gHM2CtgXiw==": { "id": "Wv5rERdynoJ/gHM2CtgXiw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WwkM3aNBW0LnenEr6xDxWQ==": { "id": "WwkM3aNBW0LnenEr6xDxWQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "Wy87cIX7luFb8A/riFwUyw==": { "id": "Wy87cIX7luFb8A/riFwUyw==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "WzMeKgvORq7XF2Xr4q+JaQ==": { "id": "WzMeKgvORq7XF2Xr4q+JaQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "X+rjva7ecn1JedeVO9IX9w==": { "id": "X+rjva7ecn1JedeVO9IX9w==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X2wqIFGbKlJQpE/DojrwxA==": { "id": "X2wqIFGbKlJQpE/DojrwxA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "X3NBOrSivf9I926V0a2/oQ==": { "id": "X3NBOrSivf9I926V0a2/oQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X3WuoMxfqKQH/0bF7PkAAQ==": { "id": "X3WuoMxfqKQH/0bF7PkAAQ==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X9G3TF69Pz3xUY5yIPno7w==": { "id": "X9G3TF69Pz3xUY5yIPno7w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "X9na4KYJ5u50u+KLDr2iTQ==": { "id": "X9na4KYJ5u50u+KLDr2iTQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "XAIf2EIgyFF5+OA6csVS5w==": { "id": "XAIf2EIgyFF5+OA6csVS5w==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XC3MXlpMb9D+YigNspsXlA==": { "id": "XC3MXlpMb9D+YigNspsXlA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "XEJhztOC2qEngMnVDsmKtA==": { "id": "XEJhztOC2qEngMnVDsmKtA==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XEhX6upCFgCYuF9SSk9Iyg==": { "id": "XEhX6upCFgCYuF9SSk9Iyg==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "XH8pWtqEhhBDhQuq+NWhvQ==": { "id": "XH8pWtqEhhBDhQuq+NWhvQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "XHSXqyF2rScxnK03VnME5Q==": { "id": "XHSXqyF2rScxnK03VnME5Q==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "XIb0YQoMG8k0zzVWHpmvAA==": { "id": "XIb0YQoMG8k0zzVWHpmvAA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XM09w+ZScTz4IEN6LeAUgg==": { "id": "XM09w+ZScTz4IEN6LeAUgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XSCYGr+cvuvD+k3V0XhWSw==": { "id": "XSCYGr+cvuvD+k3V0XhWSw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "XTLakHdORg480i8g31JU6A==": { "id": "XTLakHdORg480i8g31JU6A==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "XVnPYCI1ck0zTs/Cz6Yl5A==": { "id": "XVnPYCI1ck0zTs/Cz6Yl5A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWfDomoStj3uOui0AGO+Tg==": { "id": "XWfDomoStj3uOui0AGO+Tg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "XXYPGOxEabdavz27Qo+rWQ==": { "id": "XXYPGOxEabdavz27Qo+rWQ==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "XXaDpMG90Mb3fV4QxoLqXA==": { "id": "XXaDpMG90Mb3fV4QxoLqXA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "XctMW4QJZO0RsDAv/VoABQ==": { "id": "XctMW4QJZO0RsDAv/VoABQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "XfjE+J06ONMJAg7vkQ3tbQ==": { "id": "XfjE+J06ONMJAg7vkQ3tbQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XhhNgYgTJmDdYc90YuE8vw==": { "id": "XhhNgYgTJmDdYc90YuE8vw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "XjQpmqOxrg5I1zgVKxswFw==": { "id": "XjQpmqOxrg5I1zgVKxswFw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Xrz5/LPkSDdzEfbSbOXzZA==": { "id": "Xrz5/LPkSDdzEfbSbOXzZA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y+LzorqDQD2Povh+kyYSqw==": { "id": "Y+LzorqDQD2Povh+kyYSqw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y08Ni7+TSPQ/xSSRr851zQ==": { "id": "Y08Ni7+TSPQ/xSSRr851zQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Y2pXpR4HKVIWAZ1sDtjo8A==": { "id": "Y2pXpR4HKVIWAZ1sDtjo8A==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Y3PSsgfYVK7+nWpNGBO9lQ==": { "id": "Y3PSsgfYVK7+nWpNGBO9lQ==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y7ypeGdtYfJMJApDHYX9tg==": { "id": "Y7ypeGdtYfJMJApDHYX9tg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "Y9X/nbUFq4l8+xowG5hDkg==": { "id": "Y9X/nbUFq4l8+xowG5hDkg==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "YCFy9R5BUcPVuUEYQkJQ4w==": { "id": "YCFy9R5BUcPVuUEYQkJQ4w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "YHdZ6rml8dKQg9XmpjCrnw==": { "id": "YHdZ6rml8dKQg9XmpjCrnw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "YJkc0fG7G+dwREiIQihS/A==": { "id": "YJkc0fG7G+dwREiIQihS/A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YPJKJ4DYdTXL0BJCCS9pgA==": { "id": "YPJKJ4DYdTXL0BJCCS9pgA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "YPUY4Y/POEizUQSOdGH26g==": { "id": "YPUY4Y/POEizUQSOdGH26g==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "YQVoCJX8BLl6S5wPwmTGtg==": { "id": "YQVoCJX8BLl6S5wPwmTGtg==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YVYIQ/H++AefhUYldlykPg==": { "id": "YVYIQ/H++AefhUYldlykPg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "YZq+CTlAXva/aUDDEFdZNQ==": { "id": "YZq+CTlAXva/aUDDEFdZNQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YfE+7ocdRscmJ75uekg0tA==": { "id": "YfE+7ocdRscmJ75uekg0tA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "YgD8tCzB10z/Jq6XOfCfgQ==": { "id": "YgD8tCzB10z/Jq6XOfCfgQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Ygj77GRBaQkoNVODBO6xEQ==": { "id": "Ygj77GRBaQkoNVODBO6xEQ==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YgwLp863ho/Lz7XdBK6IXw==": { "id": "YgwLp863ho/Lz7XdBK6IXw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.1.el9_6", "arch_op": "pattern match" }, "YjXf6yY9feRqNoLqPt5iEQ==": { "id": "YjXf6yY9feRqNoLqPt5iEQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YlN21JbaOAqORXBYjgJOYA==": { "id": "YlN21JbaOAqORXBYjgJOYA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "YmjsPDVfe7xyjGwOgJunGw==": { "id": "YmjsPDVfe7xyjGwOgJunGw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "YnyGgq68v/XTMEk0yU1qsA==": { "id": "YnyGgq68v/XTMEk0yU1qsA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Yp6L2DOgQNnvp2uXVvH8NA==": { "id": "Yp6L2DOgQNnvp2uXVvH8NA==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YpjyzhR3jAhlzb479lBoJw==": { "id": "YpjyzhR3jAhlzb479lBoJw==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "YuJLEitJYK/0Cuux1rRK+Q==": { "id": "YuJLEitJYK/0Cuux1rRK+Q==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "YvRDVCmqISFAkWCu7WaKkQ==": { "id": "YvRDVCmqISFAkWCu7WaKkQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z5H14Z81HW+BVvKWtV5kDQ==": { "id": "Z5H14Z81HW+BVvKWtV5kDQ==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Z707rrfU/uxs1xujVpKMRA==": { "id": "Z707rrfU/uxs1xujVpKMRA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Z9vlvDewcgZxmJe4Kp3wxA==": { "id": "Z9vlvDewcgZxmJe4Kp3wxA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZAKrc32qORy4LwsxMQgfrw==": { "id": "ZAKrc32qORy4LwsxMQgfrw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "ZAUFPHu5UQZ+B2n+SrWIqQ==": { "id": "ZAUFPHu5UQZ+B2n+SrWIqQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "ZBDjl4GlHR5BEu3WvRQHHQ==": { "id": "ZBDjl4GlHR5BEu3WvRQHHQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ZC2BsE3IgWbuyuu1cz3YMQ==": { "id": "ZC2BsE3IgWbuyuu1cz3YMQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "ZCWnPSXILcJ9aE646DCmag==": { "id": "ZCWnPSXILcJ9aE646DCmag==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZMp4FVCkBvOUuQnhgF/KRQ==": { "id": "ZMp4FVCkBvOUuQnhgF/KRQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ZNESegZx5Vgpkv3OXwE5Cw==": { "id": "ZNESegZx5Vgpkv3OXwE5Cw==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZQsszFOlqLuLyfXZGfRKxQ==": { "id": "ZQsszFOlqLuLyfXZGfRKxQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "ZUoGCxFJ/+PUPUdg60izwg==": { "id": "ZUoGCxFJ/+PUPUdg60izwg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ZZEVbWhAYTXw9FIX3zIAtw==": { "id": "ZZEVbWhAYTXw9FIX3zIAtw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZZLfaN7MH3nRy8BlgA10kg==": { "id": "ZZLfaN7MH3nRy8BlgA10kg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZZj+FChMvULXnT4QSAEvQQ==": { "id": "ZZj+FChMvULXnT4QSAEvQQ==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zc9mVAa+SgrDGA78Zo8GIg==": { "id": "Zc9mVAa+SgrDGA78Zo8GIg==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "ZeLcisCXFaeQKOi8dej/BQ==": { "id": "ZeLcisCXFaeQKOi8dej/BQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zg/5yy5ojZu/q0X+9MCQQA==": { "id": "Zg/5yy5ojZu/q0X+9MCQQA==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZhxWQvKqBGgL77fuUQ4Ghg==": { "id": "ZhxWQvKqBGgL77fuUQ4Ghg==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "ZiZuAbc4Tq3tBRSI53FjWg==": { "id": "ZiZuAbc4Tq3tBRSI53FjWg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Zk3m2J10w4VuwKsJJMXB2Q==": { "id": "Zk3m2J10w4VuwKsJJMXB2Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmOheSIAULld8cF9POTj/w==": { "id": "ZmOheSIAULld8cF9POTj/w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Zn86UzCNWJIJ8FVaY91JYg==": { "id": "Zn86UzCNWJIJ8FVaY91JYg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZoK4/bCJQ036BMFIy2mG8g==": { "id": "ZoK4/bCJQ036BMFIy2mG8g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZpoRIduwcda+XFGXyoaDAA==": { "id": "ZpoRIduwcda+XFGXyoaDAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZrKcftBnwBVZKQlRJoJcLw==": { "id": "ZrKcftBnwBVZKQlRJoJcLw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "ZtlPcxFiuXhGia0ZM6cNBg==": { "id": "ZtlPcxFiuXhGia0ZM6cNBg==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "Zv+LSqi94387CYLrb5PiCw==": { "id": "Zv+LSqi94387CYLrb5PiCw==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "a+77t9fGz9BxOnJlGe2W1Q==": { "id": "a+77t9fGz9BxOnJlGe2W1Q==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "a1E+QseojoZ2Q73j8WWCLg==": { "id": "a1E+QseojoZ2Q73j8WWCLg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a7PsXEXsbw8aTCMWFxM9mg==": { "id": "a7PsXEXsbw8aTCMWFxM9mg==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "a7WPDd2/UqA1rqbo6pjM9Q==": { "id": "a7WPDd2/UqA1rqbo6pjM9Q==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aDJK/oIxfKTdGBwKif3CBA==": { "id": "aDJK/oIxfKTdGBwKif3CBA==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aFDenLkUq0L68+/zzTfPpQ==": { "id": "aFDenLkUq0L68+/zzTfPpQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "aJcuD8I2FFtYOQG27x05WQ==": { "id": "aJcuD8I2FFtYOQG27x05WQ==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "aQ/ax84rpyWNveVTm/MQww==": { "id": "aQ/ax84rpyWNveVTm/MQww==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aR+DKIj7GETMsDtNSfYXNA==": { "id": "aR+DKIj7GETMsDtNSfYXNA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "aUFq3vh1h0/30jIMgLEGbg==": { "id": "aUFq3vh1h0/30jIMgLEGbg==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ac4lX1PsJ8EE0cPV3DeA7Q==": { "id": "ac4lX1PsJ8EE0cPV3DeA7Q==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "ah5gJjq6ntKGHe05l2QLEA==": { "id": "ah5gJjq6ntKGHe05l2QLEA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "akEF6NF80R9wfgwbXmOEDA==": { "id": "akEF6NF80R9wfgwbXmOEDA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "alSeOMnzCu4eh8h4VjVrpA==": { "id": "alSeOMnzCu4eh8h4VjVrpA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "am8Nu2Xz4xTgOxf+V74bZg==": { "id": "am8Nu2Xz4xTgOxf+V74bZg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "anPJmbS134IB2gfGIWKJ0Q==": { "id": "anPJmbS134IB2gfGIWKJ0Q==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ao8l/bKVk/yRH6auM4IE9g==": { "id": "ao8l/bKVk/yRH6auM4IE9g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "aouER1d5ARUcTEP5rjxlQA==": { "id": "aouER1d5ARUcTEP5rjxlQA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "aqaaxa85Ibw3RSMRWLL7yg==": { "id": "aqaaxa85Ibw3RSMRWLL7yg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "arPTXFJYsCT564EgyQClGA==": { "id": "arPTXFJYsCT564EgyQClGA==", "updater": "rhel-vex", "name": "CVE-2021-31535", "description": "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "issued": "2021-05-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31535 https://bugzilla.redhat.com/show_bug.cgi?id=1961822 https://www.cve.org/CVERecord?id=CVE-2021-31535 https://nvd.nist.gov/vuln/detail/CVE-2021-31535 https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31535.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "atAnLiOuVhy8qyEUVNzM2w==": { "id": "atAnLiOuVhy8qyEUVNzM2w==", "updater": "rhel-vex", "name": "CVE-2022-48338", "description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48338.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "b+wJbUYHuGJqeuEtodqG3A==": { "id": "b+wJbUYHuGJqeuEtodqG3A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "b/JoMKSdjTg9hoFgyAsYGg==": { "id": "b/JoMKSdjTg9hoFgyAsYGg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "b0xlBSDO/qp5khqjIfXlSQ==": { "id": "b0xlBSDO/qp5khqjIfXlSQ==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b8cX6Z3ptet250uYs1XjIQ==": { "id": "b8cX6Z3ptet250uYs1XjIQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "b93ucKpooFuvf5DZpkuQ4Q==": { "id": "b93ucKpooFuvf5DZpkuQ4Q==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bDMsFO9+dr7IgrwHxKJ/2g==": { "id": "bDMsFO9+dr7IgrwHxKJ/2g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bDvGK7B1/5BJREOCtiSQyw==": { "id": "bDvGK7B1/5BJREOCtiSQyw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "bKE3ov27WR5dMz8a/M+jUA==": { "id": "bKE3ov27WR5dMz8a/M+jUA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bOMmd0jIpY2e7Cl4owS24g==": { "id": "bOMmd0jIpY2e7Cl4owS24g==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "bVLJeNp3UltT+T1xu6C55A==": { "id": "bVLJeNp3UltT+T1xu6C55A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "bb9X6domCAmA+m40PgE/jg==": { "id": "bb9X6domCAmA+m40PgE/jg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "bdJdbp3pWxo6biBmwKijBQ==": { "id": "bdJdbp3pWxo6biBmwKijBQ==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "be+F+Fkt9wYh4z6YwfNqdw==": { "id": "be+F+Fkt9wYh4z6YwfNqdw==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bfa/XbakkA2/5GrUyvwSyw==": { "id": "bfa/XbakkA2/5GrUyvwSyw==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bj9lurrpBxE/q4lRd2Wp7A==": { "id": "bj9lurrpBxE/q4lRd2Wp7A==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "bjkXZ4ZTp29EFzF+wMw4xw==": { "id": "bjkXZ4ZTp29EFzF+wMw4xw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "bklfMYFV2WKM17hKPU+5BA==": { "id": "bklfMYFV2WKM17hKPU+5BA==", "updater": "osv/go", "name": "GO-2025-3373", "description": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "bmNjdpodhrAjmmeNv8j2ZA==": { "id": "bmNjdpodhrAjmmeNv8j2ZA==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bmwYxyT6fmHIa8FODhI70w==": { "id": "bmwYxyT6fmHIa8FODhI70w==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "bmyf3V3WjS7kQmiAcGoBiQ==": { "id": "bmyf3V3WjS7kQmiAcGoBiQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bpM7BDVV04atOPduc9mI8Q==": { "id": "bpM7BDVV04atOPduc9mI8Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bqEGDVpuXY3j7Kr18B5E4w==": { "id": "bqEGDVpuXY3j7Kr18B5E4w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bqKZTtfId9l8zdFZE/mZZg==": { "id": "bqKZTtfId9l8zdFZE/mZZg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "brTmpkOORx2yJvCnkPzYRw==": { "id": "brTmpkOORx2yJvCnkPzYRw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "by+PAyhAcd2LS2O/tZxbRQ==": { "id": "by+PAyhAcd2LS2O/tZxbRQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by4qEj8r2+yQ8xw2ZHB4/Q==": { "id": "by4qEj8r2+yQ8xw2ZHB4/Q==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "bytYw82gsP7fmiiqIEcGNw==": { "id": "bytYw82gsP7fmiiqIEcGNw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bzewxC8waOXL414yMxKcqQ==": { "id": "bzewxC8waOXL414yMxKcqQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "c+walK0V+dA1g3qnPME4Ow==": { "id": "c+walK0V+dA1g3qnPME4Ow==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "c/+IhJOZwrUFnxH/AA8NiA==": { "id": "c/+IhJOZwrUFnxH/AA8NiA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "c/EuG5G0xeL87UQs3yxxqQ==": { "id": "c/EuG5G0xeL87UQs3yxxqQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "c/TMKje5Txl9grWesV+S0A==": { "id": "c/TMKje5Txl9grWesV+S0A==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "c0R7sQMFyTIRhp8ZTCTmlw==": { "id": "c0R7sQMFyTIRhp8ZTCTmlw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "c3ac46MKEwGXSYV8lTnQoA==": { "id": "c3ac46MKEwGXSYV8lTnQoA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "c3eMx85yv79gfxNsxZXPHQ==": { "id": "c3eMx85yv79gfxNsxZXPHQ==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "c4b8AyMPp1ls7ClKiTCbAg==": { "id": "c4b8AyMPp1ls7ClKiTCbAg==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c9kKQdmqE31JfE8hW1jBfg==": { "id": "c9kKQdmqE31JfE8hW1jBfg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cA4I0UWWtzTwMIMUTfN+Sg==": { "id": "cA4I0UWWtzTwMIMUTfN+Sg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "cBmZwV0l/QLSSsoNwTuUWA==": { "id": "cBmZwV0l/QLSSsoNwTuUWA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "cD+9p+2eb4ubWbn/ynDqrQ==": { "id": "cD+9p+2eb4ubWbn/ynDqrQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.1.el9_6", "arch_op": "pattern match" }, "cJ4BQpErMW3FIQ2vBfopJw==": { "id": "cJ4BQpErMW3FIQ2vBfopJw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "cKtHM3xMrk1VjV0S8Zl4qQ==": { "id": "cKtHM3xMrk1VjV0S8Zl4qQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "cLetPtVgm731iRPvGEIeyw==": { "id": "cLetPtVgm731iRPvGEIeyw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cNsQU/uNFf7PsCWqaKxjAQ==": { "id": "cNsQU/uNFf7PsCWqaKxjAQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "cS8BJbrTN4Z2MOJCTGMR8w==": { "id": "cS8BJbrTN4Z2MOJCTGMR8w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "cSPoRTB3BjDaa16wszdN3g==": { "id": "cSPoRTB3BjDaa16wszdN3g==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cUH9U4T8Wpzm/UIIektEAQ==": { "id": "cUH9U4T8Wpzm/UIIektEAQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "cWbhx4ozV3Pkh4rK/phNRA==": { "id": "cWbhx4ozV3Pkh4rK/phNRA==", "updater": "osv/go", "name": "GO-2025-3420", "description": "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "ca+BSCGp5tEYAgJqvm8GFw==": { "id": "ca+BSCGp5tEYAgJqvm8GFw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cbSiFirRdrVkpUeOLy/CjA==": { "id": "cbSiFirRdrVkpUeOLy/CjA==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "cex7jEfdv/MaWi3px1ZgxQ==": { "id": "cex7jEfdv/MaWi3px1ZgxQ==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "cgUuYY1sKP0jeDPr/wEn4w==": { "id": "cgUuYY1sKP0jeDPr/wEn4w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "cje1a6rWyE5Ko85v8goPNQ==": { "id": "cje1a6rWyE5Ko85v8goPNQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cm/gvI0AVbEJW8SbZVw6fw==": { "id": "cm/gvI0AVbEJW8SbZVw6fw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cr4RGJYSJM2QUssm6cAQ4w==": { "id": "cr4RGJYSJM2QUssm6cAQ4w==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "cv/HKlhaI7EJMBLIaTimwg==": { "id": "cv/HKlhaI7EJMBLIaTimwg==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "cw4W3PskPKPJZy+QzFk5bA==": { "id": "cw4W3PskPKPJZy+QzFk5bA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1fus7ZZWC8VndZJIxm7pQ==": { "id": "d1fus7ZZWC8VndZJIxm7pQ==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1j+WeBwgxUY2DD8tjQwMA==": { "id": "d1j+WeBwgxUY2DD8tjQwMA==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "d2mdhZ97rWRfD+pslcl6uw==": { "id": "d2mdhZ97rWRfD+pslcl6uw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "d8O/Pp2nkWZxFhUyXQucZg==": { "id": "d8O/Pp2nkWZxFhUyXQucZg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "d9qJI4TyihrqXixZ+S73jg==": { "id": "d9qJI4TyihrqXixZ+S73jg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dMO4fX/IkQ2bi0ds65uBZA==": { "id": "dMO4fX/IkQ2bi0ds65uBZA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "dN3ZkuuHRauklH+tfqwFYA==": { "id": "dN3ZkuuHRauklH+tfqwFYA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO3yYWRHtCsx6+NRjjAIsg==": { "id": "dO3yYWRHtCsx6+NRjjAIsg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dPlld/v+ZrL/y3NT/M5t9A==": { "id": "dPlld/v+ZrL/y3NT/M5t9A==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dRNxgKG0w/nM5rSMcvz/kQ==": { "id": "dRNxgKG0w/nM5rSMcvz/kQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "dT4TBdsMnRpAlGfPboRcFg==": { "id": "dT4TBdsMnRpAlGfPboRcFg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "dTT2owdN4FTG/LqoICFf+w==": { "id": "dTT2owdN4FTG/LqoICFf+w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "dWdVOD7SorvI9CNble8XGw==": { "id": "dWdVOD7SorvI9CNble8XGw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "dXgWtIQra5a7FOM/lmTQMQ==": { "id": "dXgWtIQra5a7FOM/lmTQMQ==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dgwlwyboh6/BQfJsyoE8Eg==": { "id": "dgwlwyboh6/BQfJsyoE8Eg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "dhk9SR7XgMlUT1SwbOzs0A==": { "id": "dhk9SR7XgMlUT1SwbOzs0A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dhv7M9LLYIyyRsKi71f6Ew==": { "id": "dhv7M9LLYIyyRsKi71f6Ew==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "dkB2JDRx/pLwN9EbsYh6UA==": { "id": "dkB2JDRx/pLwN9EbsYh6UA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "dkGOl+YKkRksmyjmvQ3FsA==": { "id": "dkGOl+YKkRksmyjmvQ3FsA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dkvelc7KXIcNmlVEKWwOSg==": { "id": "dkvelc7KXIcNmlVEKWwOSg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqYoyBWLAQszVE/IX85oqg==": { "id": "dqYoyBWLAQszVE/IX85oqg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dr+z30s3mVMvpF2iMBJ7YA==": { "id": "dr+z30s3mVMvpF2iMBJ7YA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "du8AOXnNlQgdqsSZceyiaQ==": { "id": "du8AOXnNlQgdqsSZceyiaQ==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "dwNH2KaulTKNFX+9quNpvw==": { "id": "dwNH2KaulTKNFX+9quNpvw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dxRzT6G0UObuWf8SWujnng==": { "id": "dxRzT6G0UObuWf8SWujnng==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "e+8uKOviBSOTR4ltKl/Y5Q==": { "id": "e+8uKOviBSOTR4ltKl/Y5Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e37CxvNgywelF2ouwzqL2Q==": { "id": "e37CxvNgywelF2ouwzqL2Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8Ba4iAzVtDvrookiM9XAg==": { "id": "e8Ba4iAzVtDvrookiM9XAg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "e91QDoc1m7i0h9Urg1XIuQ==": { "id": "e91QDoc1m7i0h9Urg1XIuQ==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "eDxAdI0cgddAZnBSd4FI0Q==": { "id": "eDxAdI0cgddAZnBSd4FI0Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eGYBZQZGb7FuYNSi9wuFzg==": { "id": "eGYBZQZGb7FuYNSi9wuFzg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "eKKwwoH894W3Vae5kYCKtA==": { "id": "eKKwwoH894W3Vae5kYCKtA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "eKvGCJDf1Iytf5g2d8kaFQ==": { "id": "eKvGCJDf1Iytf5g2d8kaFQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eMVMlNYLRzjk+Xt/peAYqg==": { "id": "eMVMlNYLRzjk+Xt/peAYqg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eNUwUuL3W5wSpnxJfClXhg==": { "id": "eNUwUuL3W5wSpnxJfClXhg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "eOOfcRLf3CHL5spaYEPovQ==": { "id": "eOOfcRLf3CHL5spaYEPovQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eT0Z6G4b2zSUUUSLlyL8Tg==": { "id": "eT0Z6G4b2zSUUUSLlyL8Tg==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "eTM7aUBt48fzJjd2YY1Kaw==": { "id": "eTM7aUBt48fzJjd2YY1Kaw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "eXNCnm2O3ulyDBrjgqgngA==": { "id": "eXNCnm2O3ulyDBrjgqgngA==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "eZ2tz3j+u7GWuS6rb2RB7g==": { "id": "eZ2tz3j+u7GWuS6rb2RB7g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "eZDuJI6jaohxUM7fcdYEYA==": { "id": "eZDuJI6jaohxUM7fcdYEYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eaW+XnaOzUpP/JmOZv+wCg==": { "id": "eaW+XnaOzUpP/JmOZv+wCg==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "ecYseAb1rFmqPx4kHRWeQQ==": { "id": "ecYseAb1rFmqPx4kHRWeQQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "edf9qrl//4hhbTQ8nlVN7g==": { "id": "edf9qrl//4hhbTQ8nlVN7g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "eeetX6Vv3iXNMfmjNIPkQg==": { "id": "eeetX6Vv3iXNMfmjNIPkQg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "eejojwYHRaSarkdAMLD2OA==": { "id": "eejojwYHRaSarkdAMLD2OA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eh1RT9v3ol1cjACTvuohFQ==": { "id": "eh1RT9v3ol1cjACTvuohFQ==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "eh73UwgswuQUUBPGmZNxLg==": { "id": "eh73UwgswuQUUBPGmZNxLg==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ekipReKDch8nQkv6wLHVww==": { "id": "ekipReKDch8nQkv6wLHVww==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "eoZiXVXIYF5HZwY9O+NvfQ==": { "id": "eoZiXVXIYF5HZwY9O+NvfQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "eqZVUGTs5pHRR/tV2jQA/Q==": { "id": "eqZVUGTs5pHRR/tV2jQA/Q==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "esWNnTXfVcQMP31EwLadpw==": { "id": "esWNnTXfVcQMP31EwLadpw==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ewA3f3GyFBJhwPX+CvDYtg==": { "id": "ewA3f3GyFBJhwPX+CvDYtg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "f+wdQFOhBCEFYs6UTbgVcw==": { "id": "f+wdQFOhBCEFYs6UTbgVcw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "f5rDGDIgGLk7iLvtlKjm1w==": { "id": "f5rDGDIgGLk7iLvtlKjm1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f6K2rwitLCyOeqkSvuUcFA==": { "id": "f6K2rwitLCyOeqkSvuUcFA==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "f6muqKqBGKMbn75htgvMLQ==": { "id": "f6muqKqBGKMbn75htgvMLQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "f9AAdWBkmOO1/+acrJji3Q==": { "id": "f9AAdWBkmOO1/+acrJji3Q==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "fBIyxzoMf4PtxmiD953WFg==": { "id": "fBIyxzoMf4PtxmiD953WFg==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "fD8Z9mQCc8h27ZwElVMLmA==": { "id": "fD8Z9mQCc8h27ZwElVMLmA==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fDvGbDNJpsxaSncFLSlH5Q==": { "id": "fDvGbDNJpsxaSncFLSlH5Q==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "fEW9HCDGh5vauL1jhvKpFQ==": { "id": "fEW9HCDGh5vauL1jhvKpFQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "fHxgcXxpn2MkgE/aUd2Vkw==": { "id": "fHxgcXxpn2MkgE/aUd2Vkw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "fI1ruEtJ325PbGUQKXuiVA==": { "id": "fI1ruEtJ325PbGUQKXuiVA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fKSzg5ZVW35n1QRKSQYbUA==": { "id": "fKSzg5ZVW35n1QRKSQYbUA==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "fM+r7qYMTXMx81IJhr45YA==": { "id": "fM+r7qYMTXMx81IJhr45YA==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fMQ6kctftYthbGvZli2/sg==": { "id": "fMQ6kctftYthbGvZli2/sg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT2bR3Pvvu+yOGDatxsWcw==": { "id": "fT2bR3Pvvu+yOGDatxsWcw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "fUkL/QrHEZtoCydnxvHQYQ==": { "id": "fUkL/QrHEZtoCydnxvHQYQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "fUlz8/rwVV2PbflGdFYCdw==": { "id": "fUlz8/rwVV2PbflGdFYCdw==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "fVstMFtDcM3yfjjb8mKxrg==": { "id": "fVstMFtDcM3yfjjb8mKxrg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fZX9tMkRg8Ij95v2HLw9Ew==": { "id": "fZX9tMkRg8Ij95v2HLw9Ew==", "updater": "osv/go", "name": "GO-2025-3750", "description": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "issued": "2025-06-11T16:59:06Z", "links": "https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fcEhBEQT+7+nxaOwZEIInQ==": { "id": "fcEhBEQT+7+nxaOwZEIInQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "fcJXnA1/CqZDeUcxpMPyzg==": { "id": "fcJXnA1/CqZDeUcxpMPyzg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "fdA0Wp/waErtsQk4sTTbPQ==": { "id": "fdA0Wp/waErtsQk4sTTbPQ==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fdpDWwmwFLyFeyU+CnbxxQ==": { "id": "fdpDWwmwFLyFeyU+CnbxxQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fezwmAwUNAjVNYh+YY0Wrw==": { "id": "fezwmAwUNAjVNYh+YY0Wrw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "ff3woW6bpDBZXooXnBPlNQ==": { "id": "ff3woW6bpDBZXooXnBPlNQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "fh2y5aivazupTx0EZ+2Cag==": { "id": "fh2y5aivazupTx0EZ+2Cag==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fjsXh+vV+qSWYTJhGoqerg==": { "id": "fjsXh+vV+qSWYTJhGoqerg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "flC/+W9ll6TqBKBRm/YUiA==": { "id": "flC/+W9ll6TqBKBRm/YUiA==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "ftPQfiVA8qRKJwxT2xcXRw==": { "id": "ftPQfiVA8qRKJwxT2xcXRw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fu2viInfwA1Zq9LmALUkzg==": { "id": "fu2viInfwA1Zq9LmALUkzg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "fv3/0oUmGvxLyxCaIIt3kg==": { "id": "fv3/0oUmGvxLyxCaIIt3kg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "fvxiOpnl4vL2UcobmeaYnA==": { "id": "fvxiOpnl4vL2UcobmeaYnA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "fwXkQZwZsVuPtoAZBIG06w==": { "id": "fwXkQZwZsVuPtoAZBIG06w==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "fwfAtjf5gVRneidAp93edQ==": { "id": "fwfAtjf5gVRneidAp93edQ==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fxc/de3PyQgiwjyykMQ4ow==": { "id": "fxc/de3PyQgiwjyykMQ4ow==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fyE+IA6J77V4hC6QL4QCJQ==": { "id": "fyE+IA6J77V4hC6QL4QCJQ==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "g2+VTeiFdddqhRpToXK2Vw==": { "id": "g2+VTeiFdddqhRpToXK2Vw==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "g29pa0L/tOFblhQQDFeJbA==": { "id": "g29pa0L/tOFblhQQDFeJbA==", "updater": "osv/go", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "issued": "2022-07-28T17:25:07Z", "links": "https://go.dev/cl/401595 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://go.dev/issue/52476 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "g3/sX4CO9sGFGMvToQ+how==": { "id": "g3/sX4CO9sGFGMvToQ+how==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g63+znub5tyxpqqmyP8Tjg==": { "id": "g63+znub5tyxpqqmyP8Tjg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g9gU2/SbcO/F9X65zpT4Uw==": { "id": "g9gU2/SbcO/F9X65zpT4Uw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gC8lb/CZmVxLK6PkYWC9cw==": { "id": "gC8lb/CZmVxLK6PkYWC9cw==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCKIolAPxKn/MwnZqQ5viA==": { "id": "gCKIolAPxKn/MwnZqQ5viA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "gEN3j5KPSWh2c+RarvSBNQ==": { "id": "gEN3j5KPSWh2c+RarvSBNQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gIt1VKjk5s7zkgD1H7aLmQ==": { "id": "gIt1VKjk5s7zkgD1H7aLmQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "gJ/fF2D4AXb0sjRGNWgixw==": { "id": "gJ/fF2D4AXb0sjRGNWgixw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gR+h15dyWueqbKII4cPOWg==": { "id": "gR+h15dyWueqbKII4cPOWg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "gZKcOjx7BKTLxDMH6ZvfGw==": { "id": "gZKcOjx7BKTLxDMH6ZvfGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "gZW7OlWAfe3YqvPh9YUqJA==": { "id": "gZW7OlWAfe3YqvPh9YUqJA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "gaDJ+6UMi8jegvsDECsoeg==": { "id": "gaDJ+6UMi8jegvsDECsoeg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "gchW+O287jwZk0Cnma5sKw==": { "id": "gchW+O287jwZk0Cnma5sKw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "gg092DB69lXLcZyDPZ/RtQ==": { "id": "gg092DB69lXLcZyDPZ/RtQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "ggJq5z8YW0kySCUAGUYdXg==": { "id": "ggJq5z8YW0kySCUAGUYdXg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "gh3MdGIod7lYo7rDnSpHLw==": { "id": "gh3MdGIod7lYo7rDnSpHLw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gjn1JHWHaWtPNhKrrRINWw==": { "id": "gjn1JHWHaWtPNhKrrRINWw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "gl5O329psI82Wn7F+BP/pw==": { "id": "gl5O329psI82Wn7F+BP/pw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "glwEUWfaBwNPBrXUJo34tg==": { "id": "glwEUWfaBwNPBrXUJo34tg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gmo+iv72N8R3ZKjUbp9DXg==": { "id": "gmo+iv72N8R3ZKjUbp9DXg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "goLAuNZUT0caQTKiv7m0Fg==": { "id": "goLAuNZUT0caQTKiv7m0Fg==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "gpPTgXxcA95Uk2vaf3/2dw==": { "id": "gpPTgXxcA95Uk2vaf3/2dw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gqWTMUdDL1db9YSLA4qpRQ==": { "id": "gqWTMUdDL1db9YSLA4qpRQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "grZJQsj3BT+fQns8dkci1g==": { "id": "grZJQsj3BT+fQns8dkci1g==", "updater": "osv/go", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "issued": "2022-07-28T17:23:05Z", "links": "https://go.dev/cl/412857 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "gs7k9o3a1jAc/zZ5AEytpQ==": { "id": "gs7k9o3a1jAc/zZ5AEytpQ==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "guovo7cvog/lYbVq887U/w==": { "id": "guovo7cvog/lYbVq887U/w==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "gwO7tO+7wG4yYN77KHpJIg==": { "id": "gwO7tO+7wG4yYN77KHpJIg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "gxC5QcXnizTYqfkIqc6zTA==": { "id": "gxC5QcXnizTYqfkIqc6zTA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h/OVEZRz5ndHYLHsNXXXMg==": { "id": "h/OVEZRz5ndHYLHsNXXXMg==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "h08ca9AawAYymWtiO1A44A==": { "id": "h08ca9AawAYymWtiO1A44A==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h5U/sk69K9TcWs3P9TuKxQ==": { "id": "h5U/sk69K9TcWs3P9TuKxQ==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "h7m1EaKKCwaqq30R6Q/BlQ==": { "id": "h7m1EaKKCwaqq30R6Q/BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "h7rVfEQf7/yrRLndyq6HvA==": { "id": "h7rVfEQf7/yrRLndyq6HvA==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "h8RB92Gx2aWFJ7WtAQ4wDA==": { "id": "h8RB92Gx2aWFJ7WtAQ4wDA==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "h8nlVtUPrGKdJF9xyffy7g==": { "id": "h8nlVtUPrGKdJF9xyffy7g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hECLdfUszFQo2UbzQI3BMQ==": { "id": "hECLdfUszFQo2UbzQI3BMQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "hEt6vsfHYq4kHELEO5xWxA==": { "id": "hEt6vsfHYq4kHELEO5xWxA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "hGz8R5Dny4UCIDPZzXbK3g==": { "id": "hGz8R5Dny4UCIDPZzXbK3g==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hHQvhYHv8KxCCQMiFpmyWg==": { "id": "hHQvhYHv8KxCCQMiFpmyWg==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "hIHRMVndQh85jnW2uCawbw==": { "id": "hIHRMVndQh85jnW2uCawbw==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "hIP4iOnrw2sfStgfnTKJKw==": { "id": "hIP4iOnrw2sfStgfnTKJKw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "hJqH5PsFQ03HT/LzTwaCXA==": { "id": "hJqH5PsFQ03HT/LzTwaCXA==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hK/f5zoJDHjYWcidbJwYsg==": { "id": "hK/f5zoJDHjYWcidbJwYsg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "hMwTXtuK2CPZup51st8vag==": { "id": "hMwTXtuK2CPZup51st8vag==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hOaq2CFtnMvxmr4bZOUh6A==": { "id": "hOaq2CFtnMvxmr4bZOUh6A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "hRSnphgIhBaU8a2RyBPsuA==": { "id": "hRSnphgIhBaU8a2RyBPsuA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "hUC86VV8kD262xFcev0ZiA==": { "id": "hUC86VV8kD262xFcev0ZiA==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hWXaFNGw43ZC0VkI4/s2Pw==": { "id": "hWXaFNGw43ZC0VkI4/s2Pw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hYg6jGCQ5Nuq7UsitAzuiw==": { "id": "hYg6jGCQ5Nuq7UsitAzuiw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "hazOAbpBSQ6ZcoEMkq6UhQ==": { "id": "hazOAbpBSQ6ZcoEMkq6UhQ==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "helnYsRUBV0VLNZe0kvTiA==": { "id": "helnYsRUBV0VLNZe0kvTiA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "hfVFht+buqTExOEVhwr1xQ==": { "id": "hfVFht+buqTExOEVhwr1xQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hgtI79dU1WVsnkd0nzqqTg==": { "id": "hgtI79dU1WVsnkd0nzqqTg==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "hinEteXkZ2xZbWF5lSQDEw==": { "id": "hinEteXkZ2xZbWF5lSQDEw==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "hjzu3I+m68mPWogOfZscVg==": { "id": "hjzu3I+m68mPWogOfZscVg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "hlV8M1lvezTjDMlaNPSTvg==": { "id": "hlV8M1lvezTjDMlaNPSTvg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "hnVuaDEhxbGffMCkOiTy1A==": { "id": "hnVuaDEhxbGffMCkOiTy1A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "htRPPeb7P9MNS47zhEuuaw==": { "id": "htRPPeb7P9MNS47zhEuuaw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "hv1o+8ALinWTDa5cH4j3rA==": { "id": "hv1o+8ALinWTDa5cH4j3rA==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "hwn8HSXSxoAi1TYe+ACqPA==": { "id": "hwn8HSXSxoAi1TYe+ACqPA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "hx3c9WG+Xum3pwxo0+FyRQ==": { "id": "hx3c9WG+Xum3pwxo0+FyRQ==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hzkoKs3QdYyXJMnifzGbxA==": { "id": "hzkoKs3QdYyXJMnifzGbxA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "i+IfpRQo89HWL/sPRoOFsw==": { "id": "i+IfpRQo89HWL/sPRoOFsw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "i1aZclSgDVfSpq3wWatknQ==": { "id": "i1aZclSgDVfSpq3wWatknQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i3BrKsmhYf5wZYkQCBxUGw==": { "id": "i3BrKsmhYf5wZYkQCBxUGw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "iA/QQjWhvxyNLUaetWDlcQ==": { "id": "iA/QQjWhvxyNLUaetWDlcQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "iACEEOg8p4u2oul22eTv+Q==": { "id": "iACEEOg8p4u2oul22eTv+Q==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "iAZzrtYDqIG5uluq/FjhDA==": { "id": "iAZzrtYDqIG5uluq/FjhDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "iE+bfILM7uszXcxvEd6gYA==": { "id": "iE+bfILM7uszXcxvEd6gYA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "iJ/65EjB0RUIoiFFN5HgAw==": { "id": "iJ/65EjB0RUIoiFFN5HgAw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iKVtZrDNXfISjmDp1xYKBQ==": { "id": "iKVtZrDNXfISjmDp1xYKBQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "iL/VOECJBzyFgTCwWDppVw==": { "id": "iL/VOECJBzyFgTCwWDppVw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iMwaCmNtKHrK2+scb+hkxw==": { "id": "iMwaCmNtKHrK2+scb+hkxw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iPCZH9YqKm3Qb2Qeqw32sA==": { "id": "iPCZH9YqKm3Qb2Qeqw32sA==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iQtqv3HeCGvWBf2ImnFK1w==": { "id": "iQtqv3HeCGvWBf2ImnFK1w==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "iRRK+UGfH5YqM+4LOHExpQ==": { "id": "iRRK+UGfH5YqM+4LOHExpQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "iRvSvKSGVLHqIXREJ4Ht/w==": { "id": "iRvSvKSGVLHqIXREJ4Ht/w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "iSsTR9jTS/494HfIgB9pGQ==": { "id": "iSsTR9jTS/494HfIgB9pGQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iUURXijANkMZIH/VbXWyYQ==": { "id": "iUURXijANkMZIH/VbXWyYQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "iWeHI13pT0mygP25w8npPg==": { "id": "iWeHI13pT0mygP25w8npPg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ibGOv13N1m/577Kb32wGxw==": { "id": "ibGOv13N1m/577Kb32wGxw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "ihcyIiYlnktNuXSrEgrQjg==": { "id": "ihcyIiYlnktNuXSrEgrQjg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ijNNBHI8o+gObvRZ97LRdA==": { "id": "ijNNBHI8o+gObvRZ97LRdA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ikYp9FVR/trdSFxeYpqAcA==": { "id": "ikYp9FVR/trdSFxeYpqAcA==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "ipjYj7xm8hx7kmgjjp0cpg==": { "id": "ipjYj7xm8hx7kmgjjp0cpg==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "iveVedfC78Qk/6ltHJ21kQ==": { "id": "iveVedfC78Qk/6ltHJ21kQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixlSuy1zsWjDOO7lFuUNAQ==": { "id": "ixlSuy1zsWjDOO7lFuUNAQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "izYg2kL7sTEI8ASmlxRCdA==": { "id": "izYg2kL7sTEI8ASmlxRCdA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "j/6W06GHqfn2irJJ7LDKTQ==": { "id": "j/6W06GHqfn2irJJ7LDKTQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "j7HjBQaZ5PNpv7JydPZ8OQ==": { "id": "j7HjBQaZ5PNpv7JydPZ8OQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j8vL1GycOevI00+qC9aKmw==": { "id": "j8vL1GycOevI00+qC9aKmw==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "j9SRMWigV/U3u/1hsi7gLA==": { "id": "j9SRMWigV/U3u/1hsi7gLA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jAwMSdGdL8Maby3fRvFUDA==": { "id": "jAwMSdGdL8Maby3fRvFUDA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jDj44frt+6TCj0cwExt14w==": { "id": "jDj44frt+6TCj0cwExt14w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "jL7k69KOM8ZjTH+gwznwQg==": { "id": "jL7k69KOM8ZjTH+gwznwQg==", "updater": "osv/go", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "issued": "2022-10-06T16:42:07Z", "links": "https://go.dev/issue/55949 https://go.dev/cl/439356 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "jVClMHCoFf8RUCB6W2c2cQ==": { "id": "jVClMHCoFf8RUCB6W2c2cQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jY7qsjEMOfcaNJkgI4dijw==": { "id": "jY7qsjEMOfcaNJkgI4dijw==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "jYkhobM1mHtLOwQie8WeWA==": { "id": "jYkhobM1mHtLOwQie8WeWA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "jYmxPZjDM/CNw9uJ4rnMHQ==": { "id": "jYmxPZjDM/CNw9uJ4rnMHQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "jZXEa4mdIQd85t4aOIhsfA==": { "id": "jZXEa4mdIQd85t4aOIhsfA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "jb1tyEUU0h95jkJRbmTeVg==": { "id": "jb1tyEUU0h95jkJRbmTeVg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "jbS9IFs59O0uPYg9IZeksQ==": { "id": "jbS9IFs59O0uPYg9IZeksQ==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "jcBNjU0VQp8W5rs9GaZnrw==": { "id": "jcBNjU0VQp8W5rs9GaZnrw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "jdtzUluiOvXnFmwaOX/6KQ==": { "id": "jdtzUluiOvXnFmwaOX/6KQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "je5QkI9XlXAaLqMv+l8ztQ==": { "id": "je5QkI9XlXAaLqMv+l8ztQ==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jecTmyeay6DKd/7zioYjow==": { "id": "jecTmyeay6DKd/7zioYjow==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "jh1Mqm3BaTYV6MdA+4D74g==": { "id": "jh1Mqm3BaTYV6MdA+4D74g==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlQB8YKpspXbBoHQT0JY7A==": { "id": "jlQB8YKpspXbBoHQT0JY7A==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jlm8MnE+Ua07hmnpXd564A==": { "id": "jlm8MnE+Ua07hmnpXd564A==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "jmCYpsGWnnwiehZQL2tyGg==": { "id": "jmCYpsGWnnwiehZQL2tyGg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "juRvPdedfeoW/YVn4PBM8Q==": { "id": "juRvPdedfeoW/YVn4PBM8Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jvIOr2cGPChl6X44xwkz2w==": { "id": "jvIOr2cGPChl6X44xwkz2w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "jweM09oSTMKt4t5s2Lpg9g==": { "id": "jweM09oSTMKt4t5s2Lpg9g==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "jyRfRwiUvNWAyNlZmv3MkQ==": { "id": "jyRfRwiUvNWAyNlZmv3MkQ==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "k+Eb8x9IQ/IHa5nSq7kcSQ==": { "id": "k+Eb8x9IQ/IHa5nSq7kcSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "k/2DvTn2KLL28Yuh/WFLmw==": { "id": "k/2DvTn2KLL28Yuh/WFLmw==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "k/RAvY71xpuUVrSpsGkYlA==": { "id": "k/RAvY71xpuUVrSpsGkYlA==", "updater": "osv/go", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "issued": "2022-12-07T16:08:45Z", "links": "https://go.dev/issue/56694 https://go.dev/cl/455716 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "k4dDUqBohIhzwbUS8fZiCA==": { "id": "k4dDUqBohIhzwbUS8fZiCA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "k5LjlV1zmKau2rAIOnay6g==": { "id": "k5LjlV1zmKau2rAIOnay6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "k9Yjqv3ifDP4XwsJSZ8XiQ==": { "id": "k9Yjqv3ifDP4XwsJSZ8XiQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kBdyi87P4B1cTF5hLS7ByA==": { "id": "kBdyi87P4B1cTF5hLS7ByA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "kCgZMoKRMbRx90oiE7jJ+w==": { "id": "kCgZMoKRMbRx90oiE7jJ+w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "kCqPC9VTuWeNYsZfiAbN4g==": { "id": "kCqPC9VTuWeNYsZfiAbN4g==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kFbIkTDdc0p9e6ndPrAnHA==": { "id": "kFbIkTDdc0p9e6ndPrAnHA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "kHC7JlgJ1gpjDIHxKgXZuQ==": { "id": "kHC7JlgJ1gpjDIHxKgXZuQ==", "updater": "osv/go", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "issued": "2024-03-05T22:15:04Z", "links": "https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "kJ/PUfmUBn2Ep03yRLItuQ==": { "id": "kJ/PUfmUBn2Ep03yRLItuQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kMB61Eclf1Qb2Suk3JRmXw==": { "id": "kMB61Eclf1Qb2Suk3JRmXw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kQEcZDAS6Ka6J710VZUH9w==": { "id": "kQEcZDAS6Ka6J710VZUH9w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kRGVc4s/SuXPOfCHc7Q9ug==": { "id": "kRGVc4s/SuXPOfCHc7Q9ug==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kRa60N9SRvgjl+iiwZ9fZg==": { "id": "kRa60N9SRvgjl+iiwZ9fZg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "kRj1Frl5pmWWgd5LR0IPyw==": { "id": "kRj1Frl5pmWWgd5LR0IPyw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "kRqkfuoNHXgeW9vp8iyzQw==": { "id": "kRqkfuoNHXgeW9vp8iyzQw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "kTasTqgA/HsT2H85z8VDPw==": { "id": "kTasTqgA/HsT2H85z8VDPw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kVJhm1LYIfhvn92InJZLDQ==": { "id": "kVJhm1LYIfhvn92InJZLDQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "kVjUyjaMJ0bXnwb03Ksw3A==": { "id": "kVjUyjaMJ0bXnwb03Ksw3A==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kXL26w3j4LcAqSQ9tOuWMA==": { "id": "kXL26w3j4LcAqSQ9tOuWMA==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kdSSzkEHTOGF0fpTfXjzcg==": { "id": "kdSSzkEHTOGF0fpTfXjzcg==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "keMF1HAI1OIF8MvJtPZQ+g==": { "id": "keMF1HAI1OIF8MvJtPZQ+g==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kgCv9K1pgDK48LdFtpFN9Q==": { "id": "kgCv9K1pgDK48LdFtpFN9Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "khaGOQZwNAF+Kql1EAlBfw==": { "id": "khaGOQZwNAF+Kql1EAlBfw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "khwtIlYEcWkkzJP1rg7BNg==": { "id": "khwtIlYEcWkkzJP1rg7BNg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "kiHPM08GilYyFXQYDbdefw==": { "id": "kiHPM08GilYyFXQYDbdefw==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "kkBeA26IUhnokem2LDfx1A==": { "id": "kkBeA26IUhnokem2LDfx1A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "kkxgUCDqJw1GL8dK+Je2RA==": { "id": "kkxgUCDqJw1GL8dK+Je2RA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "knD9e5c9mhfEteHg6iIbAQ==": { "id": "knD9e5c9mhfEteHg6iIbAQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "koaJtTt9+fGxG4OSw5hxFA==": { "id": "koaJtTt9+fGxG4OSw5hxFA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.1.el9_6", "arch_op": "pattern match" }, "ktNuCXztDAtRpUWlUtIWUg==": { "id": "ktNuCXztDAtRpUWlUtIWUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ktZZSLvjrHrh7DYZ23sMhw==": { "id": "ktZZSLvjrHrh7DYZ23sMhw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kxjEyJZKMrQwjAj12bH0Ag==": { "id": "kxjEyJZKMrQwjAj12bH0Ag==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ky4IJ5u2Ib7CaDmE7xOysg==": { "id": "ky4IJ5u2Ib7CaDmE7xOysg==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "kyjbj2qojW5SnPuCG4+T3A==": { "id": "kyjbj2qojW5SnPuCG4+T3A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l2fXal/tlhZFSzN3bmiLSg==": { "id": "l2fXal/tlhZFSzN3bmiLSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "l3j9C20yHr6ZHIXLApzl0A==": { "id": "l3j9C20yHr6ZHIXLApzl0A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "l7gfVyLrNH9qcWdXdRt9Kg==": { "id": "l7gfVyLrNH9qcWdXdRt9Kg==", "updater": "rhel-vex", "name": "CVE-2022-30632", "description": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://www.cve.org/CVERecord?id=CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30632.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l8driNMmALQs2/V7+uCq+w==": { "id": "l8driNMmALQs2/V7+uCq+w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.1.el9_6", "arch_op": "pattern match" }, "l8z3hCmcLYlZgxzha0zw+g==": { "id": "l8z3hCmcLYlZgxzha0zw+g==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "lBoi08D0xA11v+agRADO8A==": { "id": "lBoi08D0xA11v+agRADO8A==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "lCd4ciOqH+xVdJTAK6erDg==": { "id": "lCd4ciOqH+xVdJTAK6erDg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "lG2c0hNx+Fgq8Zf8B1rJyw==": { "id": "lG2c0hNx+Fgq8Zf8B1rJyw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "lH27Z8PmZeo/EM/AegpCTA==": { "id": "lH27Z8PmZeo/EM/AegpCTA==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lIzMhy2E3/kAp+LsQCQyCA==": { "id": "lIzMhy2E3/kAp+LsQCQyCA==", "updater": "osv/go", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "issued": "2023-04-05T21:04:28Z", "links": "https://go.dev/issue/58975 https://go.dev/cl/481994 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "lJ8RTw7m+AgAnWW6upSntA==": { "id": "lJ8RTw7m+AgAnWW6upSntA==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJah2RfNfRF+vEQdCucT7w==": { "id": "lJah2RfNfRF+vEQdCucT7w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lM6Cai1zYvH4FYQ8nb6tQg==": { "id": "lM6Cai1zYvH4FYQ8nb6tQg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lO89yYeT5Xt1E5KBgR1OXw==": { "id": "lO89yYeT5Xt1E5KBgR1OXw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "lQ+CMunyB1B/r/pkv6U72w==": { "id": "lQ+CMunyB1B/r/pkv6U72w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.1.el9_6", "arch_op": "pattern match" }, "lWKRi6BgpanbsQgeIct91A==": { "id": "lWKRi6BgpanbsQgeIct91A==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "lWdVDKK0NI1ECjrQyrQZhA==": { "id": "lWdVDKK0NI1ECjrQyrQZhA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lbvVctqpDivb/6OV/xVV+A==": { "id": "lbvVctqpDivb/6OV/xVV+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lc0ErrFagkcQxsv9AGKTjw==": { "id": "lc0ErrFagkcQxsv9AGKTjw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ldTn/Q3i3BpKZ95U4mfrcQ==": { "id": "ldTn/Q3i3BpKZ95U4mfrcQ==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "lgYZVj6kPc0Poy1meDiyZQ==": { "id": "lgYZVj6kPc0Poy1meDiyZQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "lh/EYac7XXFvwJr7gkU1TA==": { "id": "lh/EYac7XXFvwJr7gkU1TA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ljT4JJv6XdYorFfJ6zbfog==": { "id": "ljT4JJv6XdYorFfJ6zbfog==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lnhGLE2iCT1nizqrTioMEA==": { "id": "lnhGLE2iCT1nizqrTioMEA==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "lsfrxxENmZMCtV8uOKkr8Q==": { "id": "lsfrxxENmZMCtV8uOKkr8Q==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "ltoIfsso65jjPxRqV9UMRw==": { "id": "ltoIfsso65jjPxRqV9UMRw==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "ltryu+P4IG4b3EAJKjyGHQ==": { "id": "ltryu+P4IG4b3EAJKjyGHQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "lv4eSxX+AEAW88phUmOolQ==": { "id": "lv4eSxX+AEAW88phUmOolQ==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m+ltkfB6bwuyxpSjgAFr9w==": { "id": "m+ltkfB6bwuyxpSjgAFr9w==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "m/d6QTwNzEzxGSR3T2263Q==": { "id": "m/d6QTwNzEzxGSR3T2263Q==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "m02T5S9rBezyv/+a/R6Fkw==": { "id": "m02T5S9rBezyv/+a/R6Fkw==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m0VRm0XEm9FSwttsQ8QLaQ==": { "id": "m0VRm0XEm9FSwttsQ8QLaQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "m2sL00H9lvJ4xs2UqwHxiQ==": { "id": "m2sL00H9lvJ4xs2UqwHxiQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "m4A081U6rE2WLJ4u/pMkqg==": { "id": "m4A081U6rE2WLJ4u/pMkqg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m5AiZOpiUf+2oOMwsbQnSg==": { "id": "m5AiZOpiUf+2oOMwsbQnSg==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m77LjZYd/4k9LSozG2S2mA==": { "id": "m77LjZYd/4k9LSozG2S2mA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m94VQcvA5qigjAcL/i2L2Q==": { "id": "m94VQcvA5qigjAcL/i2L2Q==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.1.el9_6", "arch_op": "pattern match" }, "mAh/ixYuQOgKvSoO2gk7SQ==": { "id": "mAh/ixYuQOgKvSoO2gk7SQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "mBrf1Yfgr5icNwG8S0edeA==": { "id": "mBrf1Yfgr5icNwG8S0edeA==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "mIzvIMMUHDBMdt3eAx+4Rw==": { "id": "mIzvIMMUHDBMdt3eAx+4Rw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mL/QvlBQrld+4EwXWLYTNQ==": { "id": "mL/QvlBQrld+4EwXWLYTNQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "mPAC5fvINjFbBEv6qTd6tQ==": { "id": "mPAC5fvINjFbBEv6qTd6tQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "mQKKxdEERDHEVyOMhYExEw==": { "id": "mQKKxdEERDHEVyOMhYExEw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "mUXGZjQ6odB/7zYNoJjJRA==": { "id": "mUXGZjQ6odB/7zYNoJjJRA==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "mX276ORRxpj/FeNL+3OrXg==": { "id": "mX276ORRxpj/FeNL+3OrXg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mXfTdwl2racpbSHHHKO6EA==": { "id": "mXfTdwl2racpbSHHHKO6EA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "mbMEAQXpYoMKq7Io1LfrJA==": { "id": "mbMEAQXpYoMKq7Io1LfrJA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "mfYVQsCdSPyqR1UobqhEIw==": { "id": "mfYVQsCdSPyqR1UobqhEIw==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "miA8N3aOifbt6s11v8VS/A==": { "id": "miA8N3aOifbt6s11v8VS/A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "mjI/WzMYY52AQdc1No8ugQ==": { "id": "mjI/WzMYY52AQdc1No8ugQ==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mjV/DAgymXlZYSj9rj04pg==": { "id": "mjV/DAgymXlZYSj9rj04pg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mk/9oG3VlXeyR83vbnlC7g==": { "id": "mk/9oG3VlXeyR83vbnlC7g==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mpDlR2Lk6PsJrTVRdAvAng==": { "id": "mpDlR2Lk6PsJrTVRdAvAng==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "mqxlcVJc3F4dPOTEtUve1Q==": { "id": "mqxlcVJc3F4dPOTEtUve1Q==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "mwpgk/i3GXoSJDpblt44zg==": { "id": "mwpgk/i3GXoSJDpblt44zg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mypK4Oz3YEbjmcF//Lb3ug==": { "id": "mypK4Oz3YEbjmcF//Lb3ug==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "n+8zHdzpUdNYaOfjqM+rvQ==": { "id": "n+8zHdzpUdNYaOfjqM+rvQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "n0AAvWWXPdMdY6hEXZez1A==": { "id": "n0AAvWWXPdMdY6hEXZez1A==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "n2MoI6iOOGKJg6CiwpZkxg==": { "id": "n2MoI6iOOGKJg6CiwpZkxg==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n5bOb2nwIXCE6i6WEpGlzA==": { "id": "n5bOb2nwIXCE6i6WEpGlzA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6Vm6uSXhVeVnZmJCVL4pw==": { "id": "n6Vm6uSXhVeVnZmJCVL4pw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n78TtR5pw5YtOwMk7gVGmg==": { "id": "n78TtR5pw5YtOwMk7gVGmg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "n9h0mZrBntcdO8rut9mZew==": { "id": "n9h0mZrBntcdO8rut9mZew==", "updater": "osv/go", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "issued": "2023-04-05T21:05:27Z", "links": "https://go.dev/issue/59234 https://go.dev/cl/482079 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "nD4gdXb8ND61ypX9fYklTQ==": { "id": "nD4gdXb8ND61ypX9fYklTQ==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "nF1VC5iJhTtrDBwL8mfOiw==": { "id": "nF1VC5iJhTtrDBwL8mfOiw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "nFaODSvvA4RrGIiPJ9FjRA==": { "id": "nFaODSvvA4RrGIiPJ9FjRA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.1.el9_6", "arch_op": "pattern match" }, "nKGJQ32gv73mgVLbPDD8Qg==": { "id": "nKGJQ32gv73mgVLbPDD8Qg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "nLbsKQgcqXqFJTjqeQs6Vg==": { "id": "nLbsKQgcqXqFJTjqeQs6Vg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "nM+XWkmaG537tz4PDM13+w==": { "id": "nM+XWkmaG537tz4PDM13+w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "nNNVXLjFvnegTKkITfCBuA==": { "id": "nNNVXLjFvnegTKkITfCBuA==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "nNzRt87EkCVymyYuDyEW2w==": { "id": "nNzRt87EkCVymyYuDyEW2w==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "nOD1OtMP4aGP/bT3iktDEQ==": { "id": "nOD1OtMP4aGP/bT3iktDEQ==", "updater": "osv/go", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "issued": "2022-12-08T19:01:21Z", "links": "https://go.dev/issue/56350 https://go.dev/cl/455717 https://go.dev/cl/455635 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "nPl1VYR04nooFy6e74yZlg==": { "id": "nPl1VYR04nooFy6e74yZlg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "nRYrn2tFn8hdV0x+2YRPYQ==": { "id": "nRYrn2tFn8hdV0x+2YRPYQ==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "nRlBpDuWR9J0Ttd/BugkSQ==": { "id": "nRlBpDuWR9J0Ttd/BugkSQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "nS4rhARAcjvkSY8dJUFdOA==": { "id": "nS4rhARAcjvkSY8dJUFdOA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "nSAqYkKsqi7arKT9mgba5w==": { "id": "nSAqYkKsqi7arKT9mgba5w==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "nVEuAeNYaydUTqNE5GOm/w==": { "id": "nVEuAeNYaydUTqNE5GOm/w==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "nVgNlf1p1N8UKAkTllJrCA==": { "id": "nVgNlf1p1N8UKAkTllJrCA==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "nW07GBIUhWrN6iKB9MBAkg==": { "id": "nW07GBIUhWrN6iKB9MBAkg==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "naO+9RNjE/hIMaezFHe7IA==": { "id": "naO+9RNjE/hIMaezFHe7IA==", "updater": "osv/go", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "nbtTb8L4YMUxpajoNaatQg==": { "id": "nbtTb8L4YMUxpajoNaatQg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "nfRozYKxaq/cbStnERagAQ==": { "id": "nfRozYKxaq/cbStnERagAQ==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "nhTPOqyx5Hjq5RaQThVb3A==": { "id": "nhTPOqyx5Hjq5RaQThVb3A==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "noShzkxXeZ6xaXHAA8su4g==": { "id": "noShzkxXeZ6xaXHAA8su4g==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "ntPgpTaOsf+PmS8l/Ba/Gw==": { "id": "ntPgpTaOsf+PmS8l/Ba/Gw==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "nxT/hl64jXfWptNxWhmDuA==": { "id": "nxT/hl64jXfWptNxWhmDuA==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "nzSVb3AtyNNflDi2DJAqSg==": { "id": "nzSVb3AtyNNflDi2DJAqSg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "o+oNdKG9C3ouEb/OQo1GOQ==": { "id": "o+oNdKG9C3ouEb/OQo1GOQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "o/JG334q9R0nTyZD1vNw7w==": { "id": "o/JG334q9R0nTyZD1vNw7w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o1V8hGX+jv19u/R1lSOgXA==": { "id": "o1V8hGX+jv19u/R1lSOgXA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "o2Jv7s2Wil4Jz6qK6599ww==": { "id": "o2Jv7s2Wil4Jz6qK6599ww==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "o2RzBkbyaO/aJUexQwQheA==": { "id": "o2RzBkbyaO/aJUexQwQheA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "o3TqxXhqdegYIl51fSMQ1A==": { "id": "o3TqxXhqdegYIl51fSMQ1A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "o52gvb+djtuOAe8fWpXboQ==": { "id": "o52gvb+djtuOAe8fWpXboQ==", "updater": "osv/go", "name": "GO-2025-3849", "description": "Incorrect results returned from Rows.Scan in database/sql", "issued": "2025-08-07T15:07:27Z", "links": "https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "o6arI4B+lOjvgV6k7kauyw==": { "id": "o6arI4B+lOjvgV6k7kauyw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "o7U6pbXnKgxDi4OXl/ryRA==": { "id": "o7U6pbXnKgxDi4OXl/ryRA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o94cfzaEslnrzBtYm19DkA==": { "id": "o94cfzaEslnrzBtYm19DkA==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "oAa5rQ+ettvHgaEihiWA9A==": { "id": "oAa5rQ+ettvHgaEihiWA9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "oBl0IuwDdaD9PwMwSDcQpg==": { "id": "oBl0IuwDdaD9PwMwSDcQpg==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "oCDLcNdeKQmSOcg6w237gw==": { "id": "oCDLcNdeKQmSOcg6w237gw==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "oDGZCaWnkiaSQdz+QhIr5Q==": { "id": "oDGZCaWnkiaSQdz+QhIr5Q==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oEKqq2GIVwWjorWJihmJiw==": { "id": "oEKqq2GIVwWjorWJihmJiw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "oGKMWwqd8g23cJbO7k5MNA==": { "id": "oGKMWwqd8g23cJbO7k5MNA==", "updater": "osv/go", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "issued": "2023-05-05T21:10:24Z", "links": "https://go.dev/issue/59722 https://go.dev/cl/491617 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oGhsPyoyEtiEHT7/0qF+CQ==": { "id": "oGhsPyoyEtiEHT7/0qF+CQ==", "updater": "rhel-vex", "name": "CVE-2025-7545", "description": "A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.", "issued": "2025-07-13T21:44:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7545 https://bugzilla.redhat.com/show_bug.cgi?id=2379785 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7545.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oNps3pS/KBKadK++zlgktA==": { "id": "oNps3pS/KBKadK++zlgktA==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "oPNobp4gxHQj7UMaryNaHw==": { "id": "oPNobp4gxHQj7UMaryNaHw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "oQ3Lediq93z2xbrIoJUi7Q==": { "id": "oQ3Lediq93z2xbrIoJUi7Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oQ8YhXsWl1bwUCG1x+HzDQ==": { "id": "oQ8YhXsWl1bwUCG1x+HzDQ==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "oUbBUuaPbKO68xR8hm0EKg==": { "id": "oUbBUuaPbKO68xR8hm0EKg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "oVI7j6msaWseNIkn6m/3+A==": { "id": "oVI7j6msaWseNIkn6m/3+A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oXbtPoAI0xd/D3jVRZ8E8Q==": { "id": "oXbtPoAI0xd/D3jVRZ8E8Q==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "oYEyIJ07SURdsg7rK6qrYw==": { "id": "oYEyIJ07SURdsg7rK6qrYw==", "updater": "osv/go", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "issued": "2022-10-06T16:26:05Z", "links": "https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "oZ/2a9w+ysaJ6Y0prrNk0g==": { "id": "oZ/2a9w+ysaJ6Y0prrNk0g==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "obSzOBXxlQxURPk04eb+8Q==": { "id": "obSzOBXxlQxURPk04eb+8Q==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "obTTrP5oWTTgSGItpJqyKg==": { "id": "obTTrP5oWTTgSGItpJqyKg==", "updater": "rhel-vex", "name": "CVE-2022-30631", "description": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://www.cve.org/CVERecord?id=CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ohJ0B7EgOJ9MaxYsbvhjIA==": { "id": "ohJ0B7EgOJ9MaxYsbvhjIA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "okRzJuZWda3BPI4wHU6OSg==": { "id": "okRzJuZWda3BPI4wHU6OSg==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "okW8xf+CinO7BWuM9dEk4Q==": { "id": "okW8xf+CinO7BWuM9dEk4Q==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "opnb226IH8+SU+iAVOx8hw==": { "id": "opnb226IH8+SU+iAVOx8hw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osxk1q2jE3TCrr5JCQRhNA==": { "id": "osxk1q2jE3TCrr5JCQRhNA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "owALVsfUiwMtDqenpdt7Zg==": { "id": "owALVsfUiwMtDqenpdt7Zg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "oybDfBRpKC7mq0IkNE/WbA==": { "id": "oybDfBRpKC7mq0IkNE/WbA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ozbcadljjD/zIm3hj6kVaw==": { "id": "ozbcadljjD/zIm3hj6kVaw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "p2+Y5XRhYt7mgZ7H+35S0w==": { "id": "p2+Y5XRhYt7mgZ7H+35S0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.1.el9_6", "arch_op": "pattern match" }, "p2D36zAi5tbYfUPJhBVLhg==": { "id": "p2D36zAi5tbYfUPJhBVLhg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "p4PSGpZ+FENmdQZ22vQ2FQ==": { "id": "p4PSGpZ+FENmdQZ22vQ2FQ==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "p5Ki7Z96ChbT07EZ4WnnKg==": { "id": "p5Ki7Z96ChbT07EZ4WnnKg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "p8XKlr7C/uFXLykQP2132Q==": { "id": "p8XKlr7C/uFXLykQP2132Q==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "pEwkPeffucbY50JSGQdERQ==": { "id": "pEwkPeffucbY50JSGQdERQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "pFXK+S/0lzfxv0ToVY49hA==": { "id": "pFXK+S/0lzfxv0ToVY49hA==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "pGkOHCsusTyFHJ/G9JGXiA==": { "id": "pGkOHCsusTyFHJ/G9JGXiA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "pGvoS/decJ8g3YpAYIFmmw==": { "id": "pGvoS/decJ8g3YpAYIFmmw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "pHq3XsQe5Y157BuUHMufyg==": { "id": "pHq3XsQe5Y157BuUHMufyg==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "pIJllB0DitFR4biXCLWlfQ==": { "id": "pIJllB0DitFR4biXCLWlfQ==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "pLMgO5RHEs1yrujEkb226g==": { "id": "pLMgO5RHEs1yrujEkb226g==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pN9L6/wRgu21CuY/FfnkIA==": { "id": "pN9L6/wRgu21CuY/FfnkIA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "pNsmsBM6zioL8gqkR9CNUA==": { "id": "pNsmsBM6zioL8gqkR9CNUA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pT+67u2xHyxzA5Cl+Ui55Q==": { "id": "pT+67u2xHyxzA5Cl+Ui55Q==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "pTT7g2z3OsAYgdVqJMZOLQ==": { "id": "pTT7g2z3OsAYgdVqJMZOLQ==", "updater": "osv/go", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "issued": "2022-07-20T17:02:04Z", "links": "https://go.dev/cl/417062 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pWQV0Z8XQHYl5n7sHUZBqA==": { "id": "pWQV0Z8XQHYl5n7sHUZBqA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "pX9giWYBuTR0yK974RC2ng==": { "id": "pX9giWYBuTR0yK974RC2ng==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "pd2B9G+4ekvOFTzso0NXCw==": { "id": "pd2B9G+4ekvOFTzso0NXCw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "peuiWx2cfvlg0ej3db5p4Q==": { "id": "peuiWx2cfvlg0ej3db5p4Q==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "pfNYlxG8sY9hFt3528zJoA==": { "id": "pfNYlxG8sY9hFt3528zJoA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pfZcHRowGRRifIIMXAg+9w==": { "id": "pfZcHRowGRRifIIMXAg+9w==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pg+SRV3v3Mv4Yg+0x76+jg==": { "id": "pg+SRV3v3Mv4Yg+0x76+jg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "piA8HykwHgm/u3haFYSPzw==": { "id": "piA8HykwHgm/u3haFYSPzw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pl0eAtev2igDstYhHd6sxw==": { "id": "pl0eAtev2igDstYhHd6sxw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "plTl3JV8fPj1sUiMh31FmQ==": { "id": "plTl3JV8fPj1sUiMh31FmQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "pmYCdyBPlSpsjaT+VrrmLg==": { "id": "pmYCdyBPlSpsjaT+VrrmLg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "pp3PQor2CpTCVnKZusQgwg==": { "id": "pp3PQor2CpTCVnKZusQgwg==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "pp7NHxA1qAOUnsy/IRCLbw==": { "id": "pp7NHxA1qAOUnsy/IRCLbw==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "psR1kVsSZz19yYKHsoaoNg==": { "id": "psR1kVsSZz19yYKHsoaoNg==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "psr6EfqmKkDu2s/af+27mw==": { "id": "psr6EfqmKkDu2s/af+27mw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "pv5Nm8Lwfq3X5Sm3cuoD1g==": { "id": "pv5Nm8Lwfq3X5Sm3cuoD1g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pvm4gwkuqzgisbgZu1oTlQ==": { "id": "pvm4gwkuqzgisbgZu1oTlQ==", "updater": "osv/go", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "issued": "2022-07-20T20:52:22Z", "links": "https://go.dev/cl/417065 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pvtiIO9KHqFscFbvNo86Dw==": { "id": "pvtiIO9KHqFscFbvNo86Dw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "pwFS1oPwyZIRVgVgtAgSPQ==": { "id": "pwFS1oPwyZIRVgVgtAgSPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "pwNeC1oSJCRKeW3NQ1Zwmw==": { "id": "pwNeC1oSJCRKeW3NQ1Zwmw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "pwSWzlcJAuR/J5zikGUxiw==": { "id": "pwSWzlcJAuR/J5zikGUxiw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pxuVFZsuUa8YFBkmcjpnxQ==": { "id": "pxuVFZsuUa8YFBkmcjpnxQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "q29SxeDdhfgnRkudvf3mdA==": { "id": "q29SxeDdhfgnRkudvf3mdA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "q4W6wpO2YbOLS87LUXPVBw==": { "id": "q4W6wpO2YbOLS87LUXPVBw==", "updater": "rhel-vex", "name": "CVE-2025-8851", "description": "A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the context of the affected process.", "issued": "2025-08-11T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8851 https://bugzilla.redhat.com/show_bug.cgi?id=2387618 https://www.cve.org/CVERecord?id=CVE-2025-8851 https://nvd.nist.gov/vuln/detail/CVE-2025-8851 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8851.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q6x8gUSR0HLnQLHLmB4Htw==": { "id": "q6x8gUSR0HLnQLHLmB4Htw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "q7IyWv1MOsi/PXOLUGKElQ==": { "id": "q7IyWv1MOsi/PXOLUGKElQ==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "q9L+6bHSCCXbReRfXEPeTg==": { "id": "q9L+6bHSCCXbReRfXEPeTg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qB1uVwi5ydv4et+JpGcenw==": { "id": "qB1uVwi5ydv4et+JpGcenw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "qEQEeZkI3fZm1RmMiKeYYg==": { "id": "qEQEeZkI3fZm1RmMiKeYYg==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFhnV7djagzTbJn2rH4ndA==": { "id": "qFhnV7djagzTbJn2rH4ndA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "qI12E1AIG5PjZFUHEhSkgw==": { "id": "qI12E1AIG5PjZFUHEhSkgw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qIRy7/v51ILezECGLzLGBw==": { "id": "qIRy7/v51ILezECGLzLGBw==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "qLHoaQ/4ax3G7SRd9aV2yg==": { "id": "qLHoaQ/4ax3G7SRd9aV2yg==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "qMnTnRnGw88RiTP1PFxynA==": { "id": "qMnTnRnGw88RiTP1PFxynA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "qNhEJopIC+OWvXbrkilAfQ==": { "id": "qNhEJopIC+OWvXbrkilAfQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "qOdN56IOMUot4YWCQPjPvA==": { "id": "qOdN56IOMUot4YWCQPjPvA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "qPGxfT+FyuMifHo1C/aY6w==": { "id": "qPGxfT+FyuMifHo1C/aY6w==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "qQxzRYdLEwZ+uwtq33H+Uw==": { "id": "qQxzRYdLEwZ+uwtq33H+Uw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qV/TxipuOJ9b9a/x4IT2cw==": { "id": "qV/TxipuOJ9b9a/x4IT2cw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXBiVfXy4luW+BbyG9z9BQ==": { "id": "qXBiVfXy4luW+BbyG9z9BQ==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qYLCfB1EzRWGloOr+Ke8RA==": { "id": "qYLCfB1EzRWGloOr+Ke8RA==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qZqMILFWCv2+sfRyc+XFfg==": { "id": "qZqMILFWCv2+sfRyc+XFfg==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qaC6F9Z9j5kAaiDeRwL7nA==": { "id": "qaC6F9Z9j5kAaiDeRwL7nA==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "qb5Q/H2wcR/YimCQn+AUYw==": { "id": "qb5Q/H2wcR/YimCQn+AUYw==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "qbsbXExNvRlblIMDPNkFzA==": { "id": "qbsbXExNvRlblIMDPNkFzA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qcGz8bluItM475eimPK89w==": { "id": "qcGz8bluItM475eimPK89w==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "qdWe9wwJNQD9uM1J1li1Vg==": { "id": "qdWe9wwJNQD9uM1J1li1Vg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "qdXDrJ7D0lw6kIY2dy+1KQ==": { "id": "qdXDrJ7D0lw6kIY2dy+1KQ==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "qhSIFNwi876BQWyJqx7TXw==": { "id": "qhSIFNwi876BQWyJqx7TXw==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "qhl/5MtAFFjdvINFEhyFsg==": { "id": "qhl/5MtAFFjdvINFEhyFsg==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "qhxrSy/lodS857k/RFYSFg==": { "id": "qhxrSy/lodS857k/RFYSFg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qj3kMXpJzib/tg7NOcmtdQ==": { "id": "qj3kMXpJzib/tg7NOcmtdQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "qnfP2y61ycFKlR/SBnZ5sw==": { "id": "qnfP2y61ycFKlR/SBnZ5sw==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "qpRD6NPbAOP7sG5S6hInXg==": { "id": "qpRD6NPbAOP7sG5S6hInXg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qr6Jra3xQBxvbIQJAqILNQ==": { "id": "qr6Jra3xQBxvbIQJAqILNQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "qsn7RE1KMH045/wAyIDw7A==": { "id": "qsn7RE1KMH045/wAyIDw7A==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "qtpMNZ+V4szO/Tox+eT3Cg==": { "id": "qtpMNZ+V4szO/Tox+eT3Cg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "quMgsZt2z8hlQ+HzwzaVJQ==": { "id": "quMgsZt2z8hlQ+HzwzaVJQ==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r+NuuQcHZ5hOWGRHanlG0w==": { "id": "r+NuuQcHZ5hOWGRHanlG0w==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "r0yngP+sUJvKraMLgaaWww==": { "id": "r0yngP+sUJvKraMLgaaWww==", "updater": "osv/go", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "issued": "2023-04-05T21:05:07Z", "links": "https://go.dev/issue/59180 https://go.dev/cl/482078 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "r35oOcTyVY7X2QLaChkjdw==": { "id": "r35oOcTyVY7X2QLaChkjdw==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r3htJBqpa1VO27wdQgcGyw==": { "id": "r3htJBqpa1VO27wdQgcGyw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r8kk8OjPGZXkalD/ogI9TQ==": { "id": "r8kk8OjPGZXkalD/ogI9TQ==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "r9W84DjqWVoSeRkzoMmOdA==": { "id": "r9W84DjqWVoSeRkzoMmOdA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "r9qwoudvbxrKUZqCmUc7NA==": { "id": "r9qwoudvbxrKUZqCmUc7NA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rBDj6tuhee896qgiVA2peA==": { "id": "rBDj6tuhee896qgiVA2peA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "rDeZ9YqARbQ/8OcOA5Tn4g==": { "id": "rDeZ9YqARbQ/8OcOA5Tn4g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "rDx7RcnC1Ce961LxuRo53Q==": { "id": "rDx7RcnC1Ce961LxuRo53Q==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rFWIZJAOzhCWoZKNelyFsQ==": { "id": "rFWIZJAOzhCWoZKNelyFsQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "rIk/NHa428tmc6oDgqypQw==": { "id": "rIk/NHa428tmc6oDgqypQw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "rJHkC74NrobNudSijB/y4A==": { "id": "rJHkC74NrobNudSijB/y4A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rKpZxH2tXrNLthuse32FWg==": { "id": "rKpZxH2tXrNLthuse32FWg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "rPXe6sMC/46EZbom2R58Iw==": { "id": "rPXe6sMC/46EZbom2R58Iw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rRfIMqTlNWlpWE9Bi6NGYw==": { "id": "rRfIMqTlNWlpWE9Bi6NGYw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rWYn/Km2lN55sVL7Ui4zmQ==": { "id": "rWYn/Km2lN55sVL7Ui4zmQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "rXJvA1HAsx+E4rVQeqU3qQ==": { "id": "rXJvA1HAsx+E4rVQeqU3qQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ra+5M5K0yyS4TNorJBFVYw==": { "id": "ra+5M5K0yyS4TNorJBFVYw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "rcUIg6JYVsZx379+fVhSVg==": { "id": "rcUIg6JYVsZx379+fVhSVg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "rct+rak3m0uMzU51NldQpg==": { "id": "rct+rak3m0uMzU51NldQpg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rkpLgzhV90FRHYY3ESWHfw==": { "id": "rkpLgzhV90FRHYY3ESWHfw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "rm3fF4UjNztR1JpYwTPaVg==": { "id": "rm3fF4UjNztR1JpYwTPaVg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "roGA0nQUzXWg+M1vb3jr3g==": { "id": "roGA0nQUzXWg+M1vb3jr3g==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "rpqh6K+YqMAxf172QUbycQ==": { "id": "rpqh6K+YqMAxf172QUbycQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "rpwsfSDtxz8KgCjcE5LUgg==": { "id": "rpwsfSDtxz8KgCjcE5LUgg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rpzV0o5XSSiqAfiLvn+7sw==": { "id": "rpzV0o5XSSiqAfiLvn+7sw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.1.el9_6", "arch_op": "pattern match" }, "rtmfAClgZr+pMIYCffofpQ==": { "id": "rtmfAClgZr+pMIYCffofpQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "ruok+KtL5TC6jhvqLAZEzw==": { "id": "ruok+KtL5TC6jhvqLAZEzw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rwX0WRiXvDcxdTv5pslgxw==": { "id": "rwX0WRiXvDcxdTv5pslgxw==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "ryPu/punYtMOzifbFWj3Xg==": { "id": "ryPu/punYtMOzifbFWj3Xg==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "ryv0HUHLJe8DIxGNl9VAgQ==": { "id": "ryv0HUHLJe8DIxGNl9VAgQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "s+/PgMrbczH4dntN+Uku4A==": { "id": "s+/PgMrbczH4dntN+Uku4A==", "updater": "osv/go", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "issued": "2023-04-05T21:04:39Z", "links": "https://go.dev/issue/59153 https://go.dev/cl/482076 https://go.dev/cl/482075 https://go.dev/cl/482077 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "s/wLIAA4VDi9HrbyrnYgbg==": { "id": "s/wLIAA4VDi9HrbyrnYgbg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "s0BW8R7FNYnFn+nWkJnUqQ==": { "id": "s0BW8R7FNYnFn+nWkJnUqQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "s0PUMgVnEtuqOkBdJNAqUA==": { "id": "s0PUMgVnEtuqOkBdJNAqUA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "s20Tn7zOYHvK/n/K8/hWrA==": { "id": "s20Tn7zOYHvK/n/K8/hWrA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s4mktw9S/tOEdbFRu8ZxjA==": { "id": "s4mktw9S/tOEdbFRu8ZxjA==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s6zRbI6E6xMFwOoLRjlPfw==": { "id": "s6zRbI6E6xMFwOoLRjlPfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "s9zla+0u22E+Nq1zlK4A0A==": { "id": "s9zla+0u22E+Nq1zlK4A0A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sEXYrXIRghEOX+5cKfh4HA==": { "id": "sEXYrXIRghEOX+5cKfh4HA==", "updater": "osv/go", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "issued": "2022-07-20T20:52:11Z", "links": "https://go.dev/cl/417067 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "sEY+u8JcXEvFyPiUDTNKow==": { "id": "sEY+u8JcXEvFyPiUDTNKow==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "sFUeaSTxmIP9ksmZtDFy/w==": { "id": "sFUeaSTxmIP9ksmZtDFy/w==", "updater": "rhel-vex", "name": "CVE-2025-9301", "description": "A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.", "issued": "2025-08-21T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9301 https://bugzilla.redhat.com/show_bug.cgi?id=2390085 https://www.cve.org/CVERecord?id=CVE-2025-9301 https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629 https://vuldb.com/?ctiid.320906 https://vuldb.com/?id.320906 https://vuldb.com/?submit.632369 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9301.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "cmake", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGBviOATX07Y4438NYu+Aw==": { "id": "sGBviOATX07Y4438NYu+Aw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "sHu0Ihy6+HrKJvDoll9f5g==": { "id": "sHu0Ihy6+HrKJvDoll9f5g==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "sHvGKpRovk0D6WznAeRDaw==": { "id": "sHvGKpRovk0D6WznAeRDaw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "sJOXRbCL0QuUC1P4v8JTZA==": { "id": "sJOXRbCL0QuUC1P4v8JTZA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sQrexr1vAx+h04KwvoON3w==": { "id": "sQrexr1vAx+h04KwvoON3w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "sQzygdvKruRINz20KeXUpg==": { "id": "sQzygdvKruRINz20KeXUpg==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "sSpyMuxbh/+/Nula2ikXPw==": { "id": "sSpyMuxbh/+/Nula2ikXPw==", "updater": "rhel-vex", "name": "CVE-2017-17973", "description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "issued": "2017-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17973 https://bugzilla.redhat.com/show_bug.cgi?id=1530912 https://www.cve.org/CVERecord?id=CVE-2017-17973 https://nvd.nist.gov/vuln/detail/CVE-2017-17973 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17973.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sTJKOfHbxppSoExQl7mYpQ==": { "id": "sTJKOfHbxppSoExQl7mYpQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "sTWSbUm1UHqZR0zHxPPV1A==": { "id": "sTWSbUm1UHqZR0zHxPPV1A==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sVTwqtGyRA8GgZdyQgXnqw==": { "id": "sVTwqtGyRA8GgZdyQgXnqw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "sWPZolO+x42N83xPk/byrw==": { "id": "sWPZolO+x42N83xPk/byrw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "sXReFixXG4Bn4+eq/AJDBA==": { "id": "sXReFixXG4Bn4+eq/AJDBA==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "sXnCRVNv4i/ZmrJ0YxWonw==": { "id": "sXnCRVNv4i/ZmrJ0YxWonw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "sY8NON9Vp1LES9AwtY+jzA==": { "id": "sY8NON9Vp1LES9AwtY+jzA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "sYa4l6veBD/KmL7osWW7fQ==": { "id": "sYa4l6veBD/KmL7osWW7fQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "sa5mIA5TIgDDEs7v0PwTjQ==": { "id": "sa5mIA5TIgDDEs7v0PwTjQ==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "scmQI6T6oitCtZW5973ovw==": { "id": "scmQI6T6oitCtZW5973ovw==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "sgKxepKQb+uxgfzzrcWS7w==": { "id": "sgKxepKQb+uxgfzzrcWS7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "skjryijgaN9YVeVVq8xZmA==": { "id": "skjryijgaN9YVeVVq8xZmA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sna4IH0E1Ui1jpzpKgnFOg==": { "id": "sna4IH0E1Ui1jpzpKgnFOg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "sosNUrsbT764ZsBIEQm5Tw==": { "id": "sosNUrsbT764ZsBIEQm5Tw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "srkxdJQ82zHIMw9egdZc5w==": { "id": "srkxdJQ82zHIMw9egdZc5w==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "ssYEt3aOFwnaqoufFlsCAw==": { "id": "ssYEt3aOFwnaqoufFlsCAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "svdlbVzNwZE9P/M3GvQ7Xw==": { "id": "svdlbVzNwZE9P/M3GvQ7Xw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "sx5ziSZauoyjmcMB827V/Q==": { "id": "sx5ziSZauoyjmcMB827V/Q==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "sxxGu02J6Xp0UskX/yPO4w==": { "id": "sxxGu02J6Xp0UskX/yPO4w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "szMAuHDpCq8KehOnG/58kg==": { "id": "szMAuHDpCq8KehOnG/58kg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "t+vHm4kt0AB+tq2CG41TQQ==": { "id": "t+vHm4kt0AB+tq2CG41TQQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tC2r7U8qVBEhU9NaT3fMVg==": { "id": "tC2r7U8qVBEhU9NaT3fMVg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "tDVJVtVXjEp2hZmPcOFM9w==": { "id": "tDVJVtVXjEp2hZmPcOFM9w==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "tEG4S6zEddB/Fl32LgLV+A==": { "id": "tEG4S6zEddB/Fl32LgLV+A==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "tJJUE3O+B2dj0YzqLSTtDA==": { "id": "tJJUE3O+B2dj0YzqLSTtDA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "tKVE3VH+DixxL49Cbeit6Q==": { "id": "tKVE3VH+DixxL49Cbeit6Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tLfvNXQJ1ryG1oIjuKoLPQ==": { "id": "tLfvNXQJ1ryG1oIjuKoLPQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tNFH1YUHHwU3vwUWrO3mLQ==": { "id": "tNFH1YUHHwU3vwUWrO3mLQ==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "tQmmf4j1ZMloac9gv7yd7w==": { "id": "tQmmf4j1ZMloac9gv7yd7w==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "tTdsNcqGarFD7KtMB1ag6Q==": { "id": "tTdsNcqGarFD7KtMB1ag6Q==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "tVvgs8QNtuRqLgnWoPIWbw==": { "id": "tVvgs8QNtuRqLgnWoPIWbw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "tW4ew6Bpf68YpYbdwMyYGA==": { "id": "tW4ew6Bpf68YpYbdwMyYGA==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "tZCJ3EMmfQYEKmNY0R6pgg==": { "id": "tZCJ3EMmfQYEKmNY0R6pgg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "tZSfr7Q1QfQP2u7Sjxqmrw==": { "id": "tZSfr7Q1QfQP2u7Sjxqmrw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "taWP10HWuyQrPSEFSUjPPw==": { "id": "taWP10HWuyQrPSEFSUjPPw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tboTb+/fwz1O/l+3w5n9ew==": { "id": "tboTb+/fwz1O/l+3w5n9ew==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "te0mQBJAxCZ9Xzg2xrzQcg==": { "id": "te0mQBJAxCZ9Xzg2xrzQcg==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "tiOci2zd4htCAwtqrJPUhA==": { "id": "tiOci2zd4htCAwtqrJPUhA==", "updater": "rhel-vex", "name": "CVE-2025-9390", "description": "A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.", "issued": "2025-08-24T14:02:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9390 https://bugzilla.redhat.com/show_bug.cgi?id=2390603 https://www.cve.org/CVERecord?id=CVE-2025-9390 https://nvd.nist.gov/vuln/detail/CVE-2025-9390 https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0 https://github.com/vim/vim/issues/17944 https://github.com/vim/vim/pull/17947 https://github.com/vim/vim/releases/tag/v9.1.1616 https://vuldb.com/?ctiid.321223 https://vuldb.com/?id.321223 https://vuldb.com/?submit.630903 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9390.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tjg7NtH3QatPaaScohSsZg==": { "id": "tjg7NtH3QatPaaScohSsZg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "tlbehmhIbT1WwXt6llfQYw==": { "id": "tlbehmhIbT1WwXt6llfQYw==", "updater": "osv/go", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "issued": "2022-07-20T17:01:45Z", "links": "https://go.dev/cl/417063 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "toXp/ZwNqXAUsdXRb/4DVg==": { "id": "toXp/ZwNqXAUsdXRb/4DVg==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "u+eDY1Q5WfNp0Krtzvv+AQ==": { "id": "u+eDY1Q5WfNp0Krtzvv+AQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "u/b1G56mYgMO4E+lYxSxjA==": { "id": "u/b1G56mYgMO4E+lYxSxjA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "u0MfT/CHY1AhIYRRjCtdhw==": { "id": "u0MfT/CHY1AhIYRRjCtdhw==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "u0i6Tc2zpzW8/pMdj7AH4w==": { "id": "u0i6Tc2zpzW8/pMdj7AH4w==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u3VIQ3Bv2EdQNxxr10FAOQ==": { "id": "u3VIQ3Bv2EdQNxxr10FAOQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "u6PjuomLq+nVKrTw/0Jyeg==": { "id": "u6PjuomLq+nVKrTw/0Jyeg==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "uDUK/vmP915z5uyCv2VhVg==": { "id": "uDUK/vmP915z5uyCv2VhVg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFR2NXYHCgkD0jUkHBTh3g==": { "id": "uFR2NXYHCgkD0jUkHBTh3g==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "uFRb2siFSROrNSaSMqsvqQ==": { "id": "uFRb2siFSROrNSaSMqsvqQ==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uGPuYR0b3uiHdpdRa97mfw==": { "id": "uGPuYR0b3uiHdpdRa97mfw==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "uGxAJHfmN99PtsQCJqV/nQ==": { "id": "uGxAJHfmN99PtsQCJqV/nQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "uILMvGS6obqeMj18FLYSbg==": { "id": "uILMvGS6obqeMj18FLYSbg==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "uJDCv1FWYpz7eywFMZ5WnA==": { "id": "uJDCv1FWYpz7eywFMZ5WnA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uOeAKP5ZyZtLLU7CjOuFcw==": { "id": "uOeAKP5ZyZtLLU7CjOuFcw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "uPUYRQErrH0+5XWkYAjsjw==": { "id": "uPUYRQErrH0+5XWkYAjsjw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "uRGTeRjJyz2NEeH/TpkK8Q==": { "id": "uRGTeRjJyz2NEeH/TpkK8Q==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "uTjjTMH3twVH5hmw0Wmskw==": { "id": "uTjjTMH3twVH5hmw0Wmskw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "uW/TgHSIKlO53BnXG1YZSA==": { "id": "uW/TgHSIKlO53BnXG1YZSA==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "uWvHibmfs86jbjyb5h+qpg==": { "id": "uWvHibmfs86jbjyb5h+qpg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "uXRgwaipa8s2OMXjAf1Thg==": { "id": "uXRgwaipa8s2OMXjAf1Thg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ueWEd2PE6kwBx153FL1eIA==": { "id": "ueWEd2PE6kwBx153FL1eIA==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ug2Mk8LI1eIN0hRNT0s8JQ==": { "id": "ug2Mk8LI1eIN0hRNT0s8JQ==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ugAB401UYtKGrqztlPOlZA==": { "id": "ugAB401UYtKGrqztlPOlZA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uhGUZtCY1OXgM1L55/upYA==": { "id": "uhGUZtCY1OXgM1L55/upYA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "uioq0s2+upthXeIfuu8dpA==": { "id": "uioq0s2+upthXeIfuu8dpA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ujzNJ5kQVFINisRmEnkrzA==": { "id": "ujzNJ5kQVFINisRmEnkrzA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ukBMje282PDzxzC8wCZoJA==": { "id": "ukBMje282PDzxzC8wCZoJA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ulsMCA3bm5VANCxYIf54Zw==": { "id": "ulsMCA3bm5VANCxYIf54Zw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ummv/ARHzS4IbQ59dpGtvQ==": { "id": "ummv/ARHzS4IbQ59dpGtvQ==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "urOIF+inUTTF1gL7DeWkzg==": { "id": "urOIF+inUTTF1gL7DeWkzg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "uvaZxZFE7cKBjyjVQ/t6lg==": { "id": "uvaZxZFE7cKBjyjVQ/t6lg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "v+VZolEvt4HU4yiZTpFx+Q==": { "id": "v+VZolEvt4HU4yiZTpFx+Q==", "updater": "osv/go", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "issued": "2024-04-03T21:12:01Z", "links": "https://go.dev/issue/65051 https://go.dev/cl/576155 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.9" }, "v+qPraJNH1peMhjiTk1OgA==": { "id": "v+qPraJNH1peMhjiTk1OgA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "v/LL4YgDGZJlkF77eUtvPw==": { "id": "v/LL4YgDGZJlkF77eUtvPw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "v6t7qJCF3xL8IO0nPwJX1g==": { "id": "v6t7qJCF3xL8IO0nPwJX1g==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "v9nWDWoVTUzEu77hVCL+xw==": { "id": "v9nWDWoVTUzEu77hVCL+xw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "vAAzy4RBfYsNO+V3LlPJ7A==": { "id": "vAAzy4RBfYsNO+V3LlPJ7A==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "vBXrhxnu9HxQSmN5xWhZaQ==": { "id": "vBXrhxnu9HxQSmN5xWhZaQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "vHIEJpBGkCNiUPmahPyLqQ==": { "id": "vHIEJpBGkCNiUPmahPyLqQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "vJceii8mKrpQPBtlAKleGQ==": { "id": "vJceii8mKrpQPBtlAKleGQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "vLDNpmPSXi+t8ebIQHILIw==": { "id": "vLDNpmPSXi+t8ebIQHILIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "vLLr24Ej4L78gTG08XYkRg==": { "id": "vLLr24Ej4L78gTG08XYkRg==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vLgELeoIueNM9KX5ZIMtjg==": { "id": "vLgELeoIueNM9KX5ZIMtjg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "vPDXRcEg4abq9PCqTBFkAg==": { "id": "vPDXRcEg4abq9PCqTBFkAg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "vQedZoMzqBElfCAKIwQo5w==": { "id": "vQedZoMzqBElfCAKIwQo5w==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "vWwpCPVTGndMb9IraxXgGg==": { "id": "vWwpCPVTGndMb9IraxXgGg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "vZzq+XzhXQpcGK6x6C81SQ==": { "id": "vZzq+XzhXQpcGK6x6C81SQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vagSYtfX2ayPhseLZe8kAA==": { "id": "vagSYtfX2ayPhseLZe8kAA==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "vb7DdaxZjPV5NEcCqN9EkQ==": { "id": "vb7DdaxZjPV5NEcCqN9EkQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.1.el9_6", "arch_op": "pattern match" }, "vbUGycVGGL83rd1I5CfHuQ==": { "id": "vbUGycVGGL83rd1I5CfHuQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "vc3i6DfzTVpLFX6x0zKE4A==": { "id": "vc3i6DfzTVpLFX6x0zKE4A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "vceRrCjaQs4/Tb9s36m+gQ==": { "id": "vceRrCjaQs4/Tb9s36m+gQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "vdokiHWKHEv0aYbydeDs5Q==": { "id": "vdokiHWKHEv0aYbydeDs5Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ve8kNOScD+vxLjbMehgbRA==": { "id": "ve8kNOScD+vxLjbMehgbRA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vekzBecfH1YN/Zd4MHsZmA==": { "id": "vekzBecfH1YN/Zd4MHsZmA==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "ves1GfNCYjdCXJceNwT2Lw==": { "id": "ves1GfNCYjdCXJceNwT2Lw==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vgP3FAR9tXjiqUc0mFlRrg==": { "id": "vgP3FAR9tXjiqUc0mFlRrg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.1.el9_6", "arch_op": "pattern match" }, "viJWUTYaczSUI8knrOEDyQ==": { "id": "viJWUTYaczSUI8knrOEDyQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "vn/18J5TIuzcd8MxdMgYlw==": { "id": "vn/18J5TIuzcd8MxdMgYlw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vnBlYA/0lXrfCSSYxgwhSQ==": { "id": "vnBlYA/0lXrfCSSYxgwhSQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vnQE6sVVricZrrWA9Xv5RQ==": { "id": "vnQE6sVVricZrrWA9Xv5RQ==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "vpkqaxRDIkUCRIT3f2sk6Q==": { "id": "vpkqaxRDIkUCRIT3f2sk6Q==", "updater": "osv/go", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "issued": "2024-03-05T22:14:58Z", "links": "https://go.dev/issue/65390 https://go.dev/cl/569339 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "vu4nws6mMs6GJYT1BNu9DQ==": { "id": "vu4nws6mMs6GJYT1BNu9DQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwUe6Dpe5Fb7V8GdyGEhjA==": { "id": "vwUe6Dpe5Fb7V8GdyGEhjA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwdkC2aeXSkn642Di7lXbw==": { "id": "vwdkC2aeXSkn642Di7lXbw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "vy6yzxdusLc9vaaiu2HI2w==": { "id": "vy6yzxdusLc9vaaiu2HI2w==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "vz18/+7m2wxxY2NMQUQ6Yg==": { "id": "vz18/+7m2wxxY2NMQUQ6Yg==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "w/NMuS0o9hChTkNvZhIOtg==": { "id": "w/NMuS0o9hChTkNvZhIOtg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "w/qPRfgu7T1MbY4EuhkWZw==": { "id": "w/qPRfgu7T1MbY4EuhkWZw==", "updater": "osv/go", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "issued": "2022-07-28T17:24:57Z", "links": "https://go.dev/cl/405994 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://go.dev/issue/52814 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w93rRV74Y3Xaae9j4uy2iQ==": { "id": "w93rRV74Y3Xaae9j4uy2iQ==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "wBC264S906jsJ9EHip/24A==": { "id": "wBC264S906jsJ9EHip/24A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wCl622H8UElXM4AFHot1bA==": { "id": "wCl622H8UElXM4AFHot1bA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "wEVnFZ6M5zpBHSw+nqU0rg==": { "id": "wEVnFZ6M5zpBHSw+nqU0rg==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "wEZLQNUZyYD6Rz0ucz5fzQ==": { "id": "wEZLQNUZyYD6Rz0ucz5fzQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.1.el9_6", "arch_op": "pattern match" }, "wG1iwTc5HBr1VKWUstaeHw==": { "id": "wG1iwTc5HBr1VKWUstaeHw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wL88v46Y3XlOQ8xtlmBugA==": { "id": "wL88v46Y3XlOQ8xtlmBugA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "wMpTUDltgKPDv4b44/0Spg==": { "id": "wMpTUDltgKPDv4b44/0Spg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wN+C2Zg1myHVbcMR/36bqA==": { "id": "wN+C2Zg1myHVbcMR/36bqA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "wO2dcFx5JhDjz2K4QDYydw==": { "id": "wO2dcFx5JhDjz2K4QDYydw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "wSNG00q+az+IW0NBCU7MPQ==": { "id": "wSNG00q+az+IW0NBCU7MPQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "wTqPXpGv5suIYx7xVHwxzw==": { "id": "wTqPXpGv5suIYx7xVHwxzw==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "wVu6Drfzxh1KT5UxKndpTQ==": { "id": "wVu6Drfzxh1KT5UxKndpTQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "wXA+dwIpPFBMKZHFylJdgg==": { "id": "wXA+dwIpPFBMKZHFylJdgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "walyEMfvPvVh3KXxCNA/pQ==": { "id": "walyEMfvPvVh3KXxCNA/pQ==", "updater": "osv/go", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "issued": "2023-05-05T21:10:20Z", "links": "https://go.dev/issue/59720 https://go.dev/cl/491615 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "wbgbZuReVn7DfcAmqe3XZA==": { "id": "wbgbZuReVn7DfcAmqe3XZA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "wc5lIWGg0A45t1Tgl/aghw==": { "id": "wc5lIWGg0A45t1Tgl/aghw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "wed5fBK5xYyUEx1EpoQtEg==": { "id": "wed5fBK5xYyUEx1EpoQtEg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "wfyGNkRP1AKTpRqTPf0oQQ==": { "id": "wfyGNkRP1AKTpRqTPf0oQQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "wgjZroGG2ECX8FlIRRqZmw==": { "id": "wgjZroGG2ECX8FlIRRqZmw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "wh8UL6jE02MHJgululn0nA==": { "id": "wh8UL6jE02MHJgululn0nA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "whMVc0u5Lzujkr6AuzQzMw==": { "id": "whMVc0u5Lzujkr6AuzQzMw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "wj5w4kQEe9iH2tb9jj1wEA==": { "id": "wj5w4kQEe9iH2tb9jj1wEA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "wjPVtpb8yNf3j3pc1wfy6A==": { "id": "wjPVtpb8yNf3j3pc1wfy6A==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "wlPwpwE94ExdZ/N5EaE3ow==": { "id": "wlPwpwE94ExdZ/N5EaE3ow==", "updater": "rhel-vex", "name": "CVE-2023-2491", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 https://www.cve.org/CVERecord?id=CVE-2023-2491 https://nvd.nist.gov/vuln/detail/CVE-2023-2491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2491.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "wn4STzMt4ytbVHyERUyNoA==": { "id": "wn4STzMt4ytbVHyERUyNoA==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "wqIGHEm21/U4VCTr0VeLVw==": { "id": "wqIGHEm21/U4VCTr0VeLVw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ws4rNVATNtezkRTpFfdzmA==": { "id": "ws4rNVATNtezkRTpFfdzmA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "x+9X6oSMihxrE4Tni3a4Zw==": { "id": "x+9X6oSMihxrE4Tni3a4Zw==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "x+E+r7arkKvVcXf/ay8rdg==": { "id": "x+E+r7arkKvVcXf/ay8rdg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "x0tnd8GOUfHQCdr5bXMpHA==": { "id": "x0tnd8GOUfHQCdr5bXMpHA==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "x2hzd4kogrK1x2HyIGmxuw==": { "id": "x2hzd4kogrK1x2HyIGmxuw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "x4dqDafgKW8Zo/is+xcVZQ==": { "id": "x4dqDafgKW8Zo/is+xcVZQ==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x5MnAXJPkWBC+zd+i08Svw==": { "id": "x5MnAXJPkWBC+zd+i08Svw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "xDXpto7iDgv1dyFWeDEVcQ==": { "id": "xDXpto7iDgv1dyFWeDEVcQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "xEtBJoALTqnQBn0TOsRe9w==": { "id": "xEtBJoALTqnQBn0TOsRe9w==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "xF20fK5dvutyLkWcMLVDPw==": { "id": "xF20fK5dvutyLkWcMLVDPw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "xIqTu52elcgV5FuN0Fuj4Q==": { "id": "xIqTu52elcgV5FuN0Fuj4Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xKFSWwGN4NIDnytC6SdEvg==": { "id": "xKFSWwGN4NIDnytC6SdEvg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKgvhqTYvQwR5QWUkRuf6Q==": { "id": "xKgvhqTYvQwR5QWUkRuf6Q==", "updater": "osv/go", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "issued": "2022-07-20T20:52:17Z", "links": "https://go.dev/cl/417064 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "xNJWUdryH0nBQB/93HRNuw==": { "id": "xNJWUdryH0nBQB/93HRNuw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "xP/kV8YDeJxssrXaMcjXUg==": { "id": "xP/kV8YDeJxssrXaMcjXUg==", "updater": "osv/go", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "issued": "2023-12-05T16:16:44Z", "links": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.0" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xUBSdDBs0fiKOh6BCZPXOA==": { "id": "xUBSdDBs0fiKOh6BCZPXOA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "xVnM1Y5F9hIYQN1//jfY7Q==": { "id": "xVnM1Y5F9hIYQN1//jfY7Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "xYZxVBz2xY/aoDQPqi4nCQ==": { "id": "xYZxVBz2xY/aoDQPqi4nCQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "xcQReVPnPEIim0iMTZWDwA==": { "id": "xcQReVPnPEIim0iMTZWDwA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "xhnxsdmWc6+n3gUj6yqBpw==": { "id": "xhnxsdmWc6+n3gUj6yqBpw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "xjE2Ua1GOmdwVi+xIIGVeQ==": { "id": "xjE2Ua1GOmdwVi+xIIGVeQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "xmhlBgW9Qhx+a2k3SdfUzA==": { "id": "xmhlBgW9Qhx+a2k3SdfUzA==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "xoMyxEWbrnIOZWHnwVuShQ==": { "id": "xoMyxEWbrnIOZWHnwVuShQ==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "xqLSmaq+0/3ps+9zoCEL9g==": { "id": "xqLSmaq+0/3ps+9zoCEL9g==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "xsP7BCzVmEb3+qivw8mFIQ==": { "id": "xsP7BCzVmEb3+qivw8mFIQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "xsiKeHcIwwzMLDEPFdNSFQ==": { "id": "xsiKeHcIwwzMLDEPFdNSFQ==", "updater": "rhel-vex", "name": "CVE-2020-28362", "description": "A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "issued": "2020-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-28362 https://bugzilla.redhat.com/show_bug.cgi?id=1897635 https://www.cve.org/CVERecord?id=CVE-2020-28362 https://nvd.nist.gov/vuln/detail/CVE-2020-28362 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-28362.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xvZ+aaak6OxbCE7Nu46XhA==": { "id": "xvZ+aaak6OxbCE7Nu46XhA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xxrk6qwvf/BkNdal8rz/jA==": { "id": "xxrk6qwvf/BkNdal8rz/jA==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "xzz0v3ajpuFhN3HDJCDDYg==": { "id": "xzz0v3ajpuFhN3HDJCDDYg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y0c8SsIbu7kpkqoaDhf8/A==": { "id": "y0c8SsIbu7kpkqoaDhf8/A==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "y1Qpo5IDwj5DRizBbMgltw==": { "id": "y1Qpo5IDwj5DRizBbMgltw==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y1VRnBNNx34t1XvqjEl7IQ==": { "id": "y1VRnBNNx34t1XvqjEl7IQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "y5N73UEFT/BHwjJkVAx22A==": { "id": "y5N73UEFT/BHwjJkVAx22A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "y64mIHRpNx52AEpoGbOyzQ==": { "id": "y64mIHRpNx52AEpoGbOyzQ==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y6Uu3YyF1CrzpsmxAF1m9w==": { "id": "y6Uu3YyF1CrzpsmxAF1m9w==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yCrfh+WfD/7UJatf+Ek6jA==": { "id": "yCrfh+WfD/7UJatf+Ek6jA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "yF/CyvOlKzDmpBu26JCuEg==": { "id": "yF/CyvOlKzDmpBu26JCuEg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "yIgeDQgyoDXR+INQbK5bbA==": { "id": "yIgeDQgyoDXR+INQbK5bbA==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "yK3vcSC4PlKQSa9IQKCw1w==": { "id": "yK3vcSC4PlKQSa9IQKCw1w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yNIngFjcdt+ETIv0YvW+4Q==": { "id": "yNIngFjcdt+ETIv0YvW+4Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "yOFL3ef2F8Ux3GMySAVXxg==": { "id": "yOFL3ef2F8Ux3GMySAVXxg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "yRV28i/MrM7mz4Vw1MzWxA==": { "id": "yRV28i/MrM7mz4Vw1MzWxA==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "yU3Lpv2jlcYSr1/M/dL33A==": { "id": "yU3Lpv2jlcYSr1/M/dL33A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yV3QixxBrXQjuo0c4OIL/w==": { "id": "yV3QixxBrXQjuo0c4OIL/w==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ybQbHANLbpeKvvvpnEOh2Q==": { "id": "ybQbHANLbpeKvvvpnEOh2Q==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "ybg9o/djfKR8D2l5wfz/6g==": { "id": "ybg9o/djfKR8D2l5wfz/6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ycihN0043OihPtrAPlFZyA==": { "id": "ycihN0043OihPtrAPlFZyA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.1.el9_6", "arch_op": "pattern match" }, "ydN/9qW+IO/7qUsy09APhw==": { "id": "ydN/9qW+IO/7qUsy09APhw==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ydg80VAiaAwfrueUhGEKNA==": { "id": "ydg80VAiaAwfrueUhGEKNA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "ygPqOnRCEHz9NjTVM+wIZA==": { "id": "ygPqOnRCEHz9NjTVM+wIZA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ymBGTBftPxHJSbwAfx3uNA==": { "id": "ymBGTBftPxHJSbwAfx3uNA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "ynnULh1l7jTnQPnMak7suQ==": { "id": "ynnULh1l7jTnQPnMak7suQ==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "yq06et41/lBQ0nsMvLOG/A==": { "id": "yq06et41/lBQ0nsMvLOG/A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "yrD0ecVnK2Y23POHVpCwiA==": { "id": "yrD0ecVnK2Y23POHVpCwiA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "yrkfySEOvQHtbEYpAUNs0Q==": { "id": "yrkfySEOvQHtbEYpAUNs0Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "yubezWiwTBzlJyfKBBah5A==": { "id": "yubezWiwTBzlJyfKBBah5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yz/zQzn72boszb6Cab3Y9w==": { "id": "yz/zQzn72boszb6Cab3Y9w==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "z/LMTnJeia+du5LSYhMD2w==": { "id": "z/LMTnJeia+du5LSYhMD2w==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "z1fiDjJjV7T+4MZClzquUA==": { "id": "z1fiDjJjV7T+4MZClzquUA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "z1wZ8EsA73QQBAtKsHeNNA==": { "id": "z1wZ8EsA73QQBAtKsHeNNA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "z52r/0OKaWAkLWR5L4SEkQ==": { "id": "z52r/0OKaWAkLWR5L4SEkQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "z6u9MfxJ5450gPIBXVMBZg==": { "id": "z6u9MfxJ5450gPIBXVMBZg==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zBm31RctqcDF3ITqeA/9oA==": { "id": "zBm31RctqcDF3ITqeA/9oA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zEKtVLhCQn3xgvKNhFo2bg==": { "id": "zEKtVLhCQn3xgvKNhFo2bg==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zFG8iDklz8FcuYliYZGkqA==": { "id": "zFG8iDklz8FcuYliYZGkqA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "zFZE1hLph4hR8T7aNvRt0w==": { "id": "zFZE1hLph4hR8T7aNvRt0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.1.el9_6", "arch_op": "pattern match" }, "zH/R3mCgsX+vslxcP7p4cg==": { "id": "zH/R3mCgsX+vslxcP7p4cg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "zLUPO/DSeItPLWNqYd2DSQ==": { "id": "zLUPO/DSeItPLWNqYd2DSQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zNwhU1to6ohdg5Ws/JmM/Q==": { "id": "zNwhU1to6ohdg5Ws/JmM/Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zRaIctSo0IHgkpOD2xBvHw==": { "id": "zRaIctSo0IHgkpOD2xBvHw==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "zdrK/Mitm8rUuLp2HwWnmQ==": { "id": "zdrK/Mitm8rUuLp2HwWnmQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.1.1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "zi+zTCtHwI+xWITxpaOJBw==": { "id": "zi+zTCtHwI+xWITxpaOJBw==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zidvm9MkkP4S62Ofl4+xSQ==": { "id": "zidvm9MkkP4S62Ofl4+xSQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "zjZHjKf2l5+qY9/XYdFMQQ==": { "id": "zjZHjKf2l5+qY9/XYdFMQQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "zmJCk6ssM8yXKzXcDFtbsA==": { "id": "zmJCk6ssM8yXKzXcDFtbsA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "zoCeQAIu1TFmWIYHnlYddg==": { "id": "zoCeQAIu1TFmWIYHnlYddg==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ztlVnn1P+W74ZN9vh2BisQ==": { "id": "ztlVnn1P+W74ZN9vh2BisQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "zwpNi+NBoVUfQ5Ed4vkNug==": { "id": "zwpNi+NBoVUfQ5Ed4vkNug==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+LQ46YAn9giMKDZRMCUpfg==": [ "ZAUFPHu5UQZ+B2n+SrWIqQ==", "wEZLQNUZyYD6Rz0ucz5fzQ==" ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ "FKu6EFoCfpksmq+M7pL02Q==", "XPUXyp+BOEJyEGOgXafi8Q==", "eDxAdI0cgddAZnBSd4FI0Q==" ], "+yIdH2Pb8SGFuXnry3uK/A==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "i1aZclSgDVfSpq3wWatknQ==" ], "/FMjm+UzO0PTaS3Td0lhkw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "/t0e+LuglIbDcO/k67Hr2A==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "/th8aUKrkgR3Sw9KSBM+CA==": [ "s0PUMgVnEtuqOkBdJNAqUA==" ], "0N0D43vK8KV4kQOq2LQn7g==": [ "jVClMHCoFf8RUCB6W2c2cQ==", "CSv4lPWUxMcEgRRI/WkPaA==", "aQ/ax84rpyWNveVTm/MQww==", "eMVMlNYLRzjk+Xt/peAYqg==", "Rf7m+dbWxZxBNm1A9nfdqg==", "eOOfcRLf3CHL5spaYEPovQ==", "glwEUWfaBwNPBrXUJo34tg==", "GEDO3j20WMwIj0JMNMq5Iw==", "G77a8vVkDX/8Yt/v29MOhA==", "0UWL07sxLog3CGNaaYYQxQ==", "31zk833ZdfHhkO9sg82MSw==", "ihcyIiYlnktNuXSrEgrQjg==", "Q2+f0ITzWPp+YCesnwp1Ng==", "G/dmoDOpwh0GrsMovfySVw==", "O0QnjS+0zUH+vff5xaIpCw==", "AJcMDco3zISLrE/7+42hGA==", "lbvVctqpDivb/6OV/xVV+A==", "2DPl1NLEsHotw7kYOPR/8A==", "2432H9ZBrMWDJ7HhyQT63A==", "QY4aLgQQjP1oPPp38ArMrQ==", "xYZxVBz2xY/aoDQPqi4nCQ==", "pwFS1oPwyZIRVgVgtAgSPQ==", "IfZDrkeHpfXHfjHzETuKbw==", "cUH9U4T8Wpzm/UIIektEAQ==", "7CqLd0zk1hiFU3yrvTTdyg==", "DCflC/lDsmgt9IFXJM3PyA==", "o3TqxXhqdegYIl51fSMQ1A==", "LcEYljn+QTWUC36NwQCf7w==", "bKE3ov27WR5dMz8a/M+jUA==", "SjbW0rogoRJo0my37ozMDg==", "whMVc0u5Lzujkr6AuzQzMw==", "uhGUZtCY1OXgM1L55/upYA==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "8utuZQ/Ix8fDNAmmSZivvQ==", "x0tnd8GOUfHQCdr5bXMpHA==", "HjJnWaqrr4SaFPjzu8hVkg==" ], "0wIoN0pFyBSc9eVtRdIOWA==": [ "tZCJ3EMmfQYEKmNY0R6pgg==", "WALxwIFXDH8ZvKesDKBFiQ==", "3wnJ6TxCGJITikNK4m6q+g==", "4JIGhO7+fAz+LPTFEuBHUg==", "PHRlWl/iCYco+xAVn6SmKQ==", "JQe3P/odATa/OKbzn309dw==", "SRL0fsSEDtOf7vYyf/BewQ==", "J6GavUf0zh8+C0zHHTDYfw==", "U61IeOaU1v6bOHJxSPbCCw==", "SU1MGh9+Zg3Zuy+khiN0Og==", "XhhNgYgTJmDdYc90YuE8vw==", "bpM7BDVV04atOPduc9mI8Q==", "kRj1Frl5pmWWgd5LR0IPyw==", "FUR7T9AnekkZ5hPUz2WP6Q==", "tDVJVtVXjEp2hZmPcOFM9w==", "IsqBfnAxrh9UbW8oQaSR7w==", "O+NG96g+kK1DtaJEFTfwuA==", "eNUwUuL3W5wSpnxJfClXhg==", "jbS9IFs59O0uPYg9IZeksQ==", "EzveB8rJWscHHRZtJKOdRA==", "Qp7j7oFs4UbVUHVGblDM1w==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "qpRD6NPbAOP7sG5S6hInXg==", "mUXGZjQ6odB/7zYNoJjJRA==", "Bzc4r1UXMoCf7blNLHkQGw==", "8BMA6LbX8vjrr4aUcmHB5w==", "pd2B9G+4ekvOFTzso0NXCw==", "FgTFx5g45j7WzA+bfAHPzQ==", "nNzRt87EkCVymyYuDyEW2w==", "L04cc8NCPjDZYnxYDnO5+A==", "yrkfySEOvQHtbEYpAUNs0Q==", "/+t6edjy50ibBAIw8q+CWg==", "hECLdfUszFQo2UbzQI3BMQ==", "lJah2RfNfRF+vEQdCucT7w==", "84g+WJ21VVZ5YgyE9krInA==", "y0c8SsIbu7kpkqoaDhf8/A==", "S2g7delheJOLf2DxVbw0Hg==", "0Gq5wAUiCXaH50wxZYx9MQ==", "M9nh4Ryt6GwPUlLoItHqnA==", "fMQ6kctftYthbGvZli2/sg==", "4K1RYkumn7qw6Pk7lwpfbA==", "hHQvhYHv8KxCCQMiFpmyWg==", "Y3PSsgfYVK7+nWpNGBO9lQ==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "ohJ0B7EgOJ9MaxYsbvhjIA==" ], "13i0QoQ6Q4yBI5RUf20lXA==": [ "h7m1EaKKCwaqq30R6Q/BlQ==", "Uy8P+1ImBLgh4EjZYlMO1Q==", "7NIMWPjl58dCiuwwIe4bGg==" ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ "rtmfAClgZr+pMIYCffofpQ==", "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "eT0Z6G4b2zSUUUSLlyL8Tg==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "vy6yzxdusLc9vaaiu2HI2w==", "0MBdby0uigxg//rv2xd7SQ==", "WPitnGSVxSl/y97AJTQIFQ==", "H4boG/V+MB7stA7jG8O6Tw==", "dRNxgKG0w/nM5rSMcvz/kQ==", "cJ4BQpErMW3FIQ2vBfopJw==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "DqGYMV65C5QRFD63WuUcpg==", "1lRtJofWFCTkQi0dreTmvg==", "/rVEaWl0l9u8biVEKbZTFg==", "2vr/twKdnITJOKu9ARCAXQ==", "lKniGV6mBq1xFWJ6V0QVvA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "H4hIo8QsJ8tJeirBCqwHFQ==", "dPlld/v+ZrL/y3NT/M5t9A==" ], "2REYKadw7TKFiuC+OnoHmA==": [ "ijNNBHI8o+gObvRZ97LRdA==", "CH/8kg0DShdiNjzv6+DZnA==", "L3Sq7FQbQmRq1R8Dn0eFww==", "JegoLVJD+r1CNqau++1Vlw==", "2UhjmcPUkGmILpYJPZEiNQ==", "UWR5dcXlfiNMz/BIfTGvfQ==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "Jo0GiPh7MZcVuLsVDbp7qg==", "CMGu0bZesU9cyPAc2vK34g==" ], "3688bXyK/nwHthXLLVH24g==": [ "teVzqeXKz5qAL9KrVUsKAA==", "IWplUWF011EXddGnkU5Png==" ], "3DTA/XNFCCDFf6sfX96bGg==": [ "CQY3y5mGXL6FhNg/bhr8Rw==", "rpzV0o5XSSiqAfiLvn+7sw==" ], "3RQKCmep11B4hkfn96QJTA==": [ "WxO9le6q4ACTs4KnSuckDw==", "QNeXj0/uAU3vww6deBbkrw==" ], "3iIPR0bjuCPQ2+48pSdeHg==": [ "+WB02bbxvRVZgJj5gYjJ7w==", "4gO4ls/gy0nmsC3NeXvyVQ==" ], "4Aph2Qer6+KdCecFsU0TXg==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "AsiuN/8gu7sZ0PJCLihjmw==", "0u9BhQlRGnXqmFj5VxmVgw==" ], "4DM2GB9KLL7/xWypPdz7vA==": [ "8QRmG/+fMsQQzP2maaxOag==", "9b3CWaJsQwdqnuBJDBMt8g==", "f6K2rwitLCyOeqkSvuUcFA==", "VgaIsJDFBatjqT1h+RQLFQ==", "m77LjZYd/4k9LSozG2S2mA==", "KJGsgMArislsisVXSZHY4A==", "pr6wo3A29JKUBSVK/BGExw==", "WIbunUW6+W30QKZc5Tmqzw==", "9UTiJlsfYxfa60iynbYgLg==", "VGewdTS02tdqYoORYHK7Rg==", "0PMktbRk+B4fdwvvP1VWUg==", "V9lyeZvue30g1R6RiITjAw==", "qIRy7/v51ILezECGLzLGBw==", "2vidY7qxU0KDMpAzTaXQCw==", "5z9ZOzxJREYn5oM+HAm6dA==", "E90jB6HCh1KjzQXtmHMUUg==", "iSsTR9jTS/494HfIgB9pGQ==", "2VowcBblBj36IfwmFRwcwg==", "3FdyvSRS+ECfT74KYiCcLA==", "peMVLpnT962hXrm4IDBPqg==", "JTwzSHX5xKxgTtyprecVew==", "2k/PqFfUaKNy33VkAbVD6g==", "1oKL9ZSv1M4CmxUhNFjpmg==" ], "4ImdKzJ7uZoaviIayzuoUg==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "1SDdOQM609JpOnF4Vx/qwQ==", "2j4vw/Ef1McLxa/C6FEQvA==", "iL/VOECJBzyFgTCwWDppVw==", "ITIiuf1dzb05+JHj8h65fg==", "gCKIolAPxKn/MwnZqQ5viA==", "ANxFBq/yNQoElX4dsXb0wA==", "562erF6ddCIyzi5oV/IzHQ==", "81Pd3WxGavo8vEw0GcfWBQ==", "iWeHI13pT0mygP25w8npPg==", "gh3MdGIod7lYo7rDnSpHLw==", "49jEi4xCgfg8T8qzhNobIA==", "NfOajNNzWnotxhFpYD5Nfg==", "5ZJ6PuXfgRMCarpNow00ew==", "hMwTXtuK2CPZup51st8vag==", "uJDCv1FWYpz7eywFMZ5WnA==", "VZxWbc2wJwiwTLhillEtpA==", "dhk9SR7XgMlUT1SwbOzs0A==", "ybQbHANLbpeKvvvpnEOh2Q==", "iUURXijANkMZIH/VbXWyYQ==", "vZzq+XzhXQpcGK6x6C81SQ==", "X+rjva7ecn1JedeVO9IX9w==", "7B4LUCjMkCM+NcHtyQXyFA==", "9z2MVdoreqGVJcUFUz72OA==", "am8Nu2Xz4xTgOxf+V74bZg==", "H5vm/YCKZciOb4TXZmGZlg==", "YpjyzhR3jAhlzb479lBoJw==", "bmNjdpodhrAjmmeNv8j2ZA==", "OOCO13z2+atrfqEfCsJ3/w==", "NplyvjxiuekBB/5QKoOJbw==", "cv/HKlhaI7EJMBLIaTimwg==", "L9hbhq3wsZ5QkKEIo/fhYQ==", "iE+bfILM7uszXcxvEd6gYA==", "VcgFEXPgpzLsj5tOjILVtw==", "kBdyi87P4B1cTF5hLS7ByA==", "71rWwrWl22424P8D9sWBZg==", "bb9X6domCAmA+m40PgE/jg==", "ISgjA2mi+Q9vbdNEhDKXOA==", "3a2lYBlaR2GDen/lmTlCyg==", "hzkoKs3QdYyXJMnifzGbxA==", "WLri8p9NfgX8reKybIYziw==", "3wP/Eggf7Bu35MpzNr1Fog==", "ToyZiPOtBFPiNJOZ8QaYng==", "fezwmAwUNAjVNYh+YY0Wrw==", "EBopL1hbi9GBQGXZUVNCAA==", "GJ6//hGiIsio2zBFuudd/Q==", "GVXQ1XPPQkuhZ4SIFGoF+w==", "0LvlxzvH25js4ffWzvLRTQ==", "/U86DUGeHRSAL0GvmlifyA==", "rkpLgzhV90FRHYY3ESWHfw==", "MrRavbeiISRcJtBRJ3ZRsA==", "VdMk4kWMgrdK/5+i3n6XhA==", "fUkL/QrHEZtoCydnxvHQYQ==", "WU+A3QdBd331DcSM3AXFew==", "TQEoFglRNgkSreqoAySz5A==", "9NxQaPp619Bd0qky1dvzZg==", "MVGmB/UrNlB0PqdbI1X5iA==", "nhTPOqyx5Hjq5RaQThVb3A==", "keMF1HAI1OIF8MvJtPZQ+g==", "EXi8j2JWeu5xYuWml6Ellg==", "VQ+eWJsUMBep4PD4xfj8Vw==", "ND8tA1FahvMc/ZIGpyoj3g==", "78Ya60ppwS4OL6ZK9P90Qw==", "ZCWnPSXILcJ9aE646DCmag==", "UH1xPpnVOud+f1gKl26ATQ==", "WNRX1UWo4fDLFOhq9mcbIA==", "JZIEpU7UdEXuAMj6emkt5A==", "nKGJQ32gv73mgVLbPDD8Qg==", "k9Yjqv3ifDP4XwsJSZ8XiQ==", "7TWJhc3cfFgph89dsQ0nBA==", "jyRfRwiUvNWAyNlZmv3MkQ==", "iMwaCmNtKHrK2+scb+hkxw==", "LMcwA00QGnxriAXkZQIhHw==", "tjg7NtH3QatPaaScohSsZg==", "IRgMJoQA4x1xizY2hEw96w==", "9ia70lNV6NYvmzB7WlbYQw==", "LkG+n79mbPHrPl1sC2ee1w==", "r9W84DjqWVoSeRkzoMmOdA==", "Ira5htRPGofy9veGMRD7Vg==", "dgwlwyboh6/BQfJsyoE8Eg==", "UhBP4F/rEtGjZG3U8Wvp2Q==", "YPJKJ4DYdTXL0BJCCS9pgA==", "eh73UwgswuQUUBPGmZNxLg==", "bytYw82gsP7fmiiqIEcGNw==", "O4VudlVyChnCKHP9qhS59g==", "XfjE+J06ONMJAg7vkQ3tbQ==", "esWNnTXfVcQMP31EwLadpw==", "osxk1q2jE3TCrr5JCQRhNA==", "TI1OyePXauC23iR42z7HKg==", "o6arI4B+lOjvgV6k7kauyw==", "0O2I0zrYDyiCiU68WyBLvw==", "lG2c0hNx+Fgq8Zf8B1rJyw==", "FsYbwBEvKH6FW81JU3KSvw==", "m2sL00H9lvJ4xs2UqwHxiQ==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "sXnCRVNv4i/ZmrJ0YxWonw==", "Uh6QIejNBmYSJ+kLmnZWzw==" ], "5NZNFErDrBiBoorV+igTjg==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "9M1meEoYiMYlmYR7kKfweg==", "ZeLcisCXFaeQKOi8dej/BQ==", "XHSXqyF2rScxnK03VnME5Q==", "QZQvSq0tzcJY8GfiU/aXpg==", "Geg0mw2hzdsfDbJ9adcmWg==", "1QQmDcMkRqvOte/bR8QEuQ==", "w93rRV74Y3Xaae9j4uy2iQ==", "Oaw7/z6QEDwwzKvMQmdriQ==", "N6xCmSIsupN7OsJaYpsl6Q==", "hv1o+8ALinWTDa5cH4j3rA==", "q6x8gUSR0HLnQLHLmB4Htw==", "yz/zQzn72boszb6Cab3Y9w==", "GolUr/klMsQNQ9QFMdcAmw==", "9uaveyIiSEcdU4MrDHbJ2Q==", "X9na4KYJ5u50u+KLDr2iTQ==", "qXBiVfXy4luW+BbyG9z9BQ==", "c3eMx85yv79gfxNsxZXPHQ==", "12PmpsYpKqbguwokcjBXqw==", "wEVnFZ6M5zpBHSw+nqU0rg==", "nD4gdXb8ND61ypX9fYklTQ==", "5vR/2ZAfb0swnLBKDl3Bzg==", "quMgsZt2z8hlQ+HzwzaVJQ==", "70HU3efHkL/3G4Y44qZmGA==", "fUlz8/rwVV2PbflGdFYCdw==", "4K7cGcsZltSw5Ayu8+A5rA==", "ETcQXJZrA6IUPRr4MXFUIw==", "ZZj+FChMvULXnT4QSAEvQQ==", "qLHoaQ/4ax3G7SRd9aV2yg==", "AQa/gDZ0IemFxWbJIsU4yQ==", "ug2Mk8LI1eIN0hRNT0s8JQ==", "O41Bejc6em2i0QjOrjliKQ==", "VJAm4vMolMmA2ytzFknQUA==", "RReWBnQmCp2XJDUh6xioRQ==", "vAAzy4RBfYsNO+V3LlPJ7A==", "2eKcZq74WOmYmPDTZ8L+Jg==", "1PYvw1fdwe6hM2UBdw4Itw==", "qdXDrJ7D0lw6kIY2dy+1KQ==", "jY7qsjEMOfcaNJkgI4dijw==", "K0/KdAmlvzyf53kjXgfoRA==", "LXj+7NB7elh/3U/gcE77cw==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "xQ6R88+x8IssPvOAavmZXw==", "r3RLKNYtYvKarBqnnrlrew==", "Z0bbSkX8e3OUKdJa86CbBw==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "RUDcnDBVSmf+/LWMe4Tqgw==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6VAQWTpZhN9PW7YCmVhxsw==": [ "03F5BM6+dlM9pg6rJMb2UA==", "0P/5eKFuPPXM3bHgeAHWxw==", "JfmoxvDj+qKmecssvuGVyA==", "2bOVXniSdlE0fZB1iot4yQ==", "8gQtKtb/Xr3aGfsLtKyetA==", "bqEGDVpuXY3j7Kr18B5E4w==", "YnyGgq68v/XTMEk0yU1qsA==", "vLDNpmPSXi+t8ebIQHILIw==", "eqZVUGTs5pHRR/tV2jQA/Q==", "sTJKOfHbxppSoExQl7mYpQ==", "PnyZkAM4ZwDECggE7QV89A==", "qI12E1AIG5PjZFUHEhSkgw==", "51jf2IrfzMdepCjAvXkPMw==", "kJ/PUfmUBn2Ep03yRLItuQ==", "1/PWApRfYh/rLEOR0JZLsw==", "wbgbZuReVn7DfcAmqe3XZA==", "Wd+GQ3y21/7kl1XV9m/oiQ==", "fcJXnA1/CqZDeUcxpMPyzg==", "n5bOb2nwIXCE6i6WEpGlzA==", "taWP10HWuyQrPSEFSUjPPw==", "EfJCfNem+1eUwnsxx2dNOg==", "ktNuCXztDAtRpUWlUtIWUg==", "UuV6vmv/pMSyQBUW2Wn3bA==", "f5rDGDIgGLk7iLvtlKjm1w==", "lO89yYeT5Xt1E5KBgR1OXw==", "S3c04CkV3MUFBzUssTpBSg==", "wXA+dwIpPFBMKZHFylJdgg==", "ljT4JJv6XdYorFfJ6zbfog==", "830L36AKCoBHnXPHE6R6uQ==", "4Uca8szOo7gGoVgv+DjeUA==", "knD9e5c9mhfEteHg6iIbAQ==", "BfJzk+M/zKnbrBHcCrvIlA==" ], "7JHS+mBQfJeJoy73lvm4lw==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "jecTmyeay6DKd/7zioYjow==", "XXaDpMG90Mb3fV4QxoLqXA==", "7uj4PEKyThSRh2msjDtceg==", "s9zla+0u22E+Nq1zlK4A0A==", "1aPjlkabj3eUY8WGb+gz+g==", "McBbvTJIAPyP1aOW8M+hzw==", "7ZyXE8z7uZKjHitrjhSWQQ==", "x2hzd4kogrK1x2HyIGmxuw==", "aouER1d5ARUcTEP5rjxlQA==", "gEN3j5KPSWh2c+RarvSBNQ==", "6fJcYsi1gPQNv5g1ujEPdA==", "ktZZSLvjrHrh7DYZ23sMhw==", "0TUqdQNGOvjHNFjkDen1Sg==", "63po8QED6nDungBQEqHIyA==", "NXkuwjwxMseOUUaLQCgnuQ==", "/bIhvJWw2AYMGyJtBaoH6A==", "LUlesLbzv1yf48cLqYDxTg==", "rct+rak3m0uMzU51NldQpg==", "oBl0IuwDdaD9PwMwSDcQpg==", "srkxdJQ82zHIMw9egdZc5w==", "k5LjlV1zmKau2rAIOnay6g==", "edf9qrl//4hhbTQ8nlVN7g==", "ve8kNOScD+vxLjbMehgbRA==", "o+oNdKG9C3ouEb/OQo1GOQ==", "eh1RT9v3ol1cjACTvuohFQ==", "c4b8AyMPp1ls7ClKiTCbAg==", "9C6WGntg4UmJkjiylWVxnw==", "7tWeNpgpS6TZ4aQUo8g9NQ==", "rWYn/Km2lN55sVL7Ui4zmQ==", "QqNagWxBuciWgmqsaHDwZw==", "UV2MuUVVyu0L6wfdUc0Qpg==", "QwkBpizF3mo2JpevPMDeaw==", "fVstMFtDcM3yfjjb8mKxrg==", "qOdN56IOMUot4YWCQPjPvA==", "2wnmmIxGcmTTQ7kdV4Q55Q==", "6bZ4UNaa9jRLVZoZHQgYtQ==", "rXJvA1HAsx+E4rVQeqU3qQ==", "BsGuSaqfP6qrCK8KTTY4qw==", "4eh40PtMaL3JhPlCzb+8jA==", "zdrK/Mitm8rUuLp2HwWnmQ==", "zidvm9MkkP4S62Ofl4+xSQ==", "kXL26w3j4LcAqSQ9tOuWMA==", "o2RzBkbyaO/aJUexQwQheA==", "kVJhm1LYIfhvn92InJZLDQ==", "H7H9wMobv6DOqzUUAdOqGA==", "xVnM1Y5F9hIYQN1//jfY7Q==", "0ZGrJGNNqDLH/sZXsRkfvA==", "VyeYHICkBiXwLbWKsz4//A==", "QX1bQ/CZA5mRbcqjpTc9aA==", "IV554NtP1F9KO4IyBit26g==", "wed5fBK5xYyUEx1EpoQtEg==", "+pWnGgJUL0jrC1yhwq+kNw==", "8/mZoUg5ZlBapu2isiHzqg==", "WnkMM/SD0E+7EEac0/vMVg==", "tboTb+/fwz1O/l+3w5n9ew==", "FMzc9QFitxthf16XR1P0QA==", "9gB7mQN0y1Zy9EiaXIHFew==", "M4/opsM/3qe/3m0zjGkItQ==", "Y7ypeGdtYfJMJApDHYX9tg==", "SnI5fUbXuT/Xt+VkGvddww==", "ftPQfiVA8qRKJwxT2xcXRw==", "/G3xQo8kmNMyu7hycZYF/A==", "06GjiUkv66Ek9Iq8u3SFSA==", "u3VIQ3Bv2EdQNxxr10FAOQ==", "psR1kVsSZz19yYKHsoaoNg==", "T2rcJ7DPtdiGNP7r4L5R2g==", "pmYCdyBPlSpsjaT+VrrmLg==", "9PE6ZiUdIaAWtCsUgesEZA==", "eejojwYHRaSarkdAMLD2OA==", "JZouihQMnG3T6XSUXqYbkA==", "JXQAkdur2asBQ4qeq789Ew==", "pNsmsBM6zioL8gqkR9CNUA==", "bjkXZ4ZTp29EFzF+wMw4xw==", "ZAKrc32qORy4LwsxMQgfrw==", "jh1Mqm3BaTYV6MdA+4D74g==", "7Q0Bus9RTfFy/UrxkfH2sQ==", "D1jz5P28B8rwvnVaChXHiw==", "hx3c9WG+Xum3pwxo0+FyRQ==", "j7HjBQaZ5PNpv7JydPZ8OQ==", "yF/CyvOlKzDmpBu26JCuEg==", "A2YTvJXiGwe7aOSqWlEZhQ==", "W08Ska67/8hV/b3GYflglQ==", "cNsQU/uNFf7PsCWqaKxjAQ==", "98vR1ByhE/Y9cvB+lRN3LA==", "CW81Lp11K0nBc+3dYegY/g==", "hlV8M1lvezTjDMlaNPSTvg==", "OqWPbZZgGqlPCMzbmClfHA==", "9lOT/bRPy9mu1knhwrLw8Q==", "/WghVlKV6eiRYf2iGmk9sQ==", "UsE9/aKvx7HhPwZe6KY1zw==", "1LTKa378StuY8O3o3G26jw==", "r+NuuQcHZ5hOWGRHanlG0w==", "RU6xHn/9SV8lotyX3JW1ZQ==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "q9L+6bHSCCXbReRfXEPeTg==", "29Fo/GOP7MILPepOrnMgjA==", "/E8Khm0ZXy1gRiDom4c+aw==", "yq06et41/lBQ0nsMvLOG/A==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "84WodsWNE9m9GIrBiKl02g==": [ "XctMW4QJZO0RsDAv/VoABQ==" ], "8Ky53YwzOPM2pkEIVuuuBg==": [ "LCRgl8qKc2VcXP1ILfaS6A==", "T9nCb/lA5TdipGMhtb6HJA==", "FnsKxnhjNS+E4Y6hrazjUQ==", "GoHsuuxRgbGb3lm852rQmg==", "mL/QvlBQrld+4EwXWLYTNQ==", "TUvm6koxiDQRc/8CJ4TCOA==", "v9nWDWoVTUzEu77hVCL+xw==", "c/+IhJOZwrUFnxH/AA8NiA==", "uPUYRQErrH0+5XWkYAjsjw==", "YJkc0fG7G+dwREiIQihS/A==", "KewD59oo2UdDLsWiOrUjzQ==", "n+8zHdzpUdNYaOfjqM+rvQ==", "B1gQIzGtgKR02WiRgVPUgQ==", "QireWdVPs8MzNOJ1scQvdA==", "F2QVfam7Idr3v4Y7g3wf/Q==", "ynnULh1l7jTnQPnMak7suQ==", "HuVZNoL6F1XG6bLXPdhmWQ==", "FlgtpglQEkjGT66EnFUHMg==", "n6Vm6uSXhVeVnZmJCVL4pw==", "t+vHm4kt0AB+tq2CG41TQQ==", "ixlSuy1zsWjDOO7lFuUNAQ==", "+rCn8yfwQj/rMH9c7+J0ww==", "IzDqrZ8Ru35rI4iCSSk/pw==", "HxiMqPnG14UzA9oHqqI6Ng==", "JtCpNcg8egZjbdozD9CAJQ==", "rRfIMqTlNWlpWE9Bi6NGYw==", "/l+w9tCELORzNXZA4/qNsw==", "ENoYJ+9TEzYG+jTQB5meaw==", "V9f8Tc0z/tWsm1egJDudPA==", "vu4nws6mMs6GJYT1BNu9DQ==", "nLbsKQgcqXqFJTjqeQs6Vg==", "CXlZx/1BY/yqrUCuQlON2w==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "Fi7GXCkkqJvYQw6Co8Nk7A==", "QsR+n6O0ULfYayvahAaltg==" ], "9WzsXAqqRoLidXM4HaB8/w==": [ "oNps3pS/KBKadK++zlgktA==", "TPp/bXEhRpApQLMY2Ppr9g==", "SnYLkLUk0dFIFA/itR5yrA==", "7U+8ffRP7ahu1ot4Zj5Zlw==", "G33a+jVnMZNg6liymp9Lyg==" ], "9hWn3VgLVkzmMJln7S0UCQ==": [ "rFWIZJAOzhCWoZKNelyFsQ==", "a7WPDd2/UqA1rqbo6pjM9Q==", "EZo12eG9Obl1kmhRKBmcvA==", "76ytKtBeQe8L2T7nxeVp/g==", "QjS6b4li9vRMvS2l49iyfw==", "pxuVFZsuUa8YFBkmcjpnxQ==", "DQIgoLb/8+6+HRbr8B6wHw==", "6WQjHZdyTC+aVOSwNc3+BQ==", "pwNeC1oSJCRKeW3NQ1Zwmw==", "Jq9s0m8iiaLnslijc1N/kw==", "oUbBUuaPbKO68xR8hm0EKg==", "dXgWtIQra5a7FOM/lmTQMQ==", "4PXcy6CSX2EaPwYEdLkfbw==", "IGsR1pj6qXRBH+0hYVXsew==", "AI5OCFigX+y57buhAMK1UA==", "J5i8I5ZRQGDUXQI4WkC0FQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "oXbtPoAI0xd/D3jVRZ8E8Q==", "M5aJiMv2/MaWINKfor0BrQ==", "oAa5rQ+ettvHgaEihiWA9A==", "sQrexr1vAx+h04KwvoON3w==", "J1SK5zSFZI94azX3jybBbw==", "WVkwWFZlIInzrX99VsKBBQ==", "Ewdn+P1XzA/h+WRvejvm/Q==", "4RaJ63cwUpp+QWj0IKysEw==", "wCl622H8UElXM4AFHot1bA==", "tTdsNcqGarFD7KtMB1ag6Q==", "/+enDTB16pRyR8XOMcf3ug==", "Cbqd4MLPHY6FcToWh7U3IA==", "748UmdVwB73z0xvCImrQmA==", "ItuvzyMGym4CNyVuxWwH3w==", "24Paca4PaySz9eM+VJu4ew==", "DrL6S4TbqHyLJh/Go9vALA==" ], "ARxZCHzD7KB2Pu4aHl7POw==": [ "ntPgpTaOsf+PmS8l/Ba/Gw==", "a7PsXEXsbw8aTCMWFxM9mg==", "qaC6F9Z9j5kAaiDeRwL7nA==", "3BY1OD4rYtX6LEFO6X+/Yw==", "72/cPQH5mNLd1/e3j2Vn+Q==", "2QjZksAOTEJVwk59l2QYOQ==", "plTl3JV8fPj1sUiMh31FmQ==", "Lw4KgrwWujzRmDjtibR3+Q==", "2M5CwoqtCrF9ix+6ghISOg==", "ZMp4FVCkBvOUuQnhgF/KRQ==", "OoUkTYhn9kcAyWK8OpWEvg==", "xF20fK5dvutyLkWcMLVDPw==", "uRGTeRjJyz2NEeH/TpkK8Q==", "Gn9qNy1ITVhOKz+nUviaSg==", "W9Pcn9xdPg78KgFAK5oOyQ==", "N6/VXIOitxRZPgnZMgm+4A==", "MvPzfqdptyOBxzxR1iCL3g==", "GbZa+XIQtfFHtHWs5gm0wg==", "HmZXdUV/ycFcRK+m71pC+w==", "f9AAdWBkmOO1/+acrJji3Q==", "JLdsQ9mzV76+v5Ttq5j2hA==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "MrpKafmPiKoIdSrqC/r3Sg==", "VDdxJUjxgL4zXvGWC/1xnw==", "gZKcOjx7BKTLxDMH6ZvfGw==", "9fvqDo3ARbJLIgwR1oX6QQ==", "+do0gu6vrF3ZT5my5V6+CQ==", "+Q1v3N9+IP1xQOJnmQWDyQ==", "Wv5rERdynoJ/gHM2CtgXiw==", "uDUK/vmP915z5uyCv2VhVg==", "9oQBIjmHHZP7ZEjuqVHO7Q==", "6miUB07ljV2HaYX/rZ1yjg==", "JiPLnE3IM4/yPxZ8earXLg==", "U31VkPC5v6K7XIsRFDo19w==", "DZWopkvTJiWmVsAADTNOUw==", "bOMmd0jIpY2e7Cl4owS24g==", "kVjUyjaMJ0bXnwb03Ksw3A==", "3CUrg7YVjtx0L5aX+iMRxA==", "Q9syyD8a/4l/mc50UAvBnQ==", "WCZXmTnbo+2lbMuZdpH8NA==", "qV/TxipuOJ9b9a/x4IT2cw==", "6q1zANz+NJU+U0TPL1Xa2g==", "xUBSdDBs0fiKOh6BCZPXOA==" ], "AdRs6lk9yzTM3HvjeEThKA==": [ "AsiuN/8gu7sZ0PJCLihjmw==", "4JsZIRvQ+13IMgBIUPH0jA==", "P2LAyAbSFxWVwlNB9c/A2g==" ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ "3D/COcmVFbxgINNliqKHgw==", "M1Z06nydk707qbRpFiKmaA==", "QHS4gwmQURKolJEnj/ZMHw==", "p2D36zAi5tbYfUPJhBVLhg==", "7T9qiwKBE1swIXuW9Zvewg==", "WGccGAwrqbQSNjycPuaPsA==", "L2l/2cM7p8mbRx8/RerNPg==", "uvaZxZFE7cKBjyjVQ/t6lg==", "RPlldG/r8WWd2UCSZ1vzsg==", "HS96brYtpBiaYpW7OxT5Wg==", "kkBeA26IUhnokem2LDfx1A==", "aR+DKIj7GETMsDtNSfYXNA==", "urOIF+inUTTF1gL7DeWkzg==", "fEW9HCDGh5vauL1jhvKpFQ==", "HfjDJmml2JYJ9YjdaPe+zQ==", "pT+67u2xHyxzA5Cl+Ui55Q==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "ff3woW6bpDBZXooXnBPlNQ==", "NJhwMDbt0IMvlSLLB4cUVA==", "++J1c+9mFiyHFShlJEQFeA==", "H+x0VPepDcitQiESaSwIwQ==", "KXzUsn7IGL3ZRMjBL3QOng==", "NNyvMdW5UTPp1jGH161XDQ==", "1nX4t0Z3G1H45fqJox3f4Q==", "67Q/SCDsFWutXyKWQ9JQdQ==", "PdGhfwK5tePs8ngzFuopoA==", "dqYoyBWLAQszVE/IX85oqg==", "EYkM0DDu8tbFKzGysEiO0Q==", "be+F+Fkt9wYh4z6YwfNqdw==", "ETjF+btf4DIblmTTbHaZSA==", "gR+h15dyWueqbKII4cPOWg==", "qMnTnRnGw88RiTP1PFxynA==", "0LMSjLLjEqlpe4LAE1rWJA==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "Mgu68G03r/7Tj/zMomkJZw==", "Ok4YXGXw7Ua7qgtxqZcqhg==", "aFDenLkUq0L68+/zzTfPpQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "8Efa1m3XsyOFY5vSd2fHNQ==", "fv3/0oUmGvxLyxCaIIt3kg==", "dTT2owdN4FTG/LqoICFf+w==" ], "CjFzfz4zBZj7fcwIrVHCRA==": [ "GtECMHzRoeZKh1TLvpCt+A==", "FjB9AnugxBHu7Kwf86C67w==" ], "Ct/46Ed7Asmqt98kLc0FLw==": [ "kQq8hvN2yLWiupMaLbRduA==", "vgP3FAR9tXjiqUc0mFlRrg==" ], "D/XNnExpupd1bO9ZIJIE9w==": [ "0W0/E/g2cPvxNF42LmIwRg==", "JsF5ac8+OAOWxsV80iUiIw==" ], "D0GGDit/UxegO+/A5R03SA==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ "W3qe9/KhW5BUF2s+kXxVcA==", "5073UNZPtR+lsy1kIMhUEA==", "GoHez0BYftW2Wj3h0K6Zxw==", "wL88v46Y3XlOQ8xtlmBugA==", "15uVNLTcXPHEO0XVoOOwZw==", "BCe3MuKRzryFB5SraMhsPw==", "PMaPI3hRDt0vFaerryvY/g==", "nSAqYkKsqi7arKT9mgba5w==", "5EPGtk7Hqn2hqOaxgmNiSQ==", "EE23Ay78OLUGxmoM3vXPbA==", "s4mktw9S/tOEdbFRu8ZxjA==", "V+7K8Rg1uux3xnVmyH12/A==", "OxOc7/P4x7mjEZNhGnABDA==", "hazOAbpBSQ6ZcoEMkq6UhQ==", "WorXACje3vTXq/wv3RUODg==", "E7v1LWpr+8KCE/5szHqf2Q==", "mpDlR2Lk6PsJrTVRdAvAng==", "+ieGB56AL1fLbXEZaHIRig==", "PTaioV6jy0S7VQV20A7R+A==", "O0ZHj1wCkn8EgvHd15dYqA==", "hgtI79dU1WVsnkd0nzqqTg==", "OleRcJ5uCI7wOsxOqMjRlg==", "HnNhAdInEg3yPEHYo7Hl+Q==", "R6drGbgnzqKGDiX/RNUdqw==", "nRYrn2tFn8hdV0x+2YRPYQ==", "5j7D/WXFLHsZYUeUrskpMA==" ], "E7ikPxWehuEw+6yIZODYlQ==": [ "b/JoMKSdjTg9hoFgyAsYGg==", "Us6zMNu9gwaRC0UH2SSoQw==", "vn/18J5TIuzcd8MxdMgYlw==", "HeemEcWe2JVMYkjGWbuiFA==", "FtF7hWwlQYu4clVsrpBd0Q==", "1ICypZP/7UrDVdoDevopUA==", "SIPkCsjtWsrsJnfVRjxnKA==", "NpKL2jmktUTvYJUFA1mjww==", "KBpYoBBh5AFRsvma/sImeA==", "rpwsfSDtxz8KgCjcE5LUgg==", "0kDaqIpbO93XpnbaK6KFUg==", "zjZHjKf2l5+qY9/XYdFMQQ==", "ves1GfNCYjdCXJceNwT2Lw==", "6K5O0xmJnJtZcGmUaZ+P/w==", "0MVVcjDKfdLbs80csEfrOw==", "RA9ILX3H27ou2ro1GzHq8Q==", "miA8N3aOifbt6s11v8VS/A==", "QBD2bakyMRLlWNUWb7c8Ng==", "Mhh/p16eoRFTSGC5EJRZEw==", "BzOgc4nzX2HHoodQY6X6vQ==", "wVu6Drfzxh1KT5UxKndpTQ==", "IERk9xwccKWSGr20Hb5U6g==", "pIJllB0DitFR4biXCLWlfQ==", "r8kk8OjPGZXkalD/ogI9TQ==", "29JfppZedoclZHW2coehcQ==", "c3ac46MKEwGXSYV8lTnQoA==", "x4dqDafgKW8Zo/is+xcVZQ==", "mAh/ixYuQOgKvSoO2gk7SQ==", "OuZBWnWNFHYdTgntdOB15Q==", "mypK4Oz3YEbjmcF//Lb3ug==", "X9G3TF69Pz3xUY5yIPno7w==", "JrT9jqBaZlLgPCS0RLnpPQ==", "mk/9oG3VlXeyR83vbnlC7g==", "LyEH4RIrJnMwmS9bxL322w==", "ipjYj7xm8hx7kmgjjp0cpg==", "6VA82zmenvpHf3qd7c6BQg==", "N6yyVyHeduwThpSSvA2dVQ==", "SS38Q6SbT7pMry4emWgqdg==", "SsNZleqCp7tmOqFZQ6ZaBA==", "pwSWzlcJAuR/J5zikGUxiw==", "WOmMgxwwjpbn/RLQX8HPBg==", "+Q9jA+OXah1xDhJvsj+1OQ==", "GwJvkFMzYrKrZEvvNMbc6A==", "2/I3PyWTnfJdMedKAemp8Q==", "svdlbVzNwZE9P/M3GvQ7Xw==", "qhl/5MtAFFjdvINFEhyFsg==", "PAVfrfQyg9ezKUDPbI/Nmw==", "2y2LXrQ+Jdr+fioSazFF4w==", "q29SxeDdhfgnRkudvf3mdA==", "UPjX59r3QHIaBVa54cqtzA==", "09S7nCU8PMWz5tWquOFCaQ==", "n2MoI6iOOGKJg6CiwpZkxg==", "QDYJ95dZNazClKtqoRJQeQ==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "EgjLGZKjPtqIaFVLlFAAPg==": [ "gchW+O287jwZk0Cnma5sKw==", "tVvgs8QNtuRqLgnWoPIWbw==", "7QBYsSaCu8T87GZR3WHxyw==", "BBNgt41sCJ+dkDLhh8RM2Q==", "87p97+dH2sU2JVQ8vQ+Xuw==", "hK/f5zoJDHjYWcidbJwYsg==", "p8XKlr7C/uFXLykQP2132Q==", "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "0wh4c9Z6sNxM5NAXtzaMNg==", "khaGOQZwNAF+Kql1EAlBfw==", "8ZrkaQ6B1f36PC2cIg9i6A==", "T5/Q0DOZypWV6o3x9ziKqw==", "MOUExK9O9qzIs9ukHaS2ew==", "ikYp9FVR/trdSFxeYpqAcA==", "BceQQXlChHEbiy2YYN7FvA==" ], "EuqqL3yIFMd5VRAfuufJgg==": [ "jdtzUluiOvXnFmwaOX/6KQ==", "CBxUpiwpFiagAj3ihqf+vQ==", "tLfvNXQJ1ryG1oIjuKoLPQ==", "1KxLqY5vPHnDfUxdviejiw==", "7SutUCP3yRd4o5ryN/dDZA==", "6JXvoql3pzMfkGQb7H+Jqg==", "o1V8hGX+jv19u/R1lSOgXA==", "m4A081U6rE2WLJ4u/pMkqg==", "DtCtyEFA0WRhx44S/aRChA==", "7Q4dYBj4wFa2768mWculSQ==", "yU3Lpv2jlcYSr1/M/dL33A==", "oDGZCaWnkiaSQdz+QhIr5Q==", "EEsEsfQRh24NPMdhg4HPHw==", "DE3GDsNl2faTwlhxzYBbYw==", "B+xaJOiguNTw6xGmTB+mZw==", "DFOoWHynQeFD6fZDvPyKMg==", "5hOM1HtOhjQV1yizNCgxBg==", "P8ATyyToJgziJaUXIjyPvA==", "ecYseAb1rFmqPx4kHRWeQQ==", "ruok+KtL5TC6jhvqLAZEzw==", "kgCv9K1pgDK48LdFtpFN9Q==", "4CRDu/yV+Tfg3mSUobPIUg==", "Cxqp3OmZ1TuIow2bpolrUA==", "oQ3Lediq93z2xbrIoJUi7Q==", "z52r/0OKaWAkLWR5L4SEkQ==", "Lex02lwAwiaMkFn9DV9FuA==", "VMyDbkft4E3T+1eXNk/i7A==", "yK3vcSC4PlKQSa9IQKCw1w==", "bmyf3V3WjS7kQmiAcGoBiQ==", "YZq+CTlAXva/aUDDEFdZNQ==", "YjXf6yY9feRqNoLqPt5iEQ==", "4QiWtYafAt/cFOvYpyJONw==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "89XrIFUuuXy08LkDR6XMOw==", "g8hJlpBfWMarbfdU+OkQdw==", "SaWdJL5a+HL0ZieRiKpgNA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "z/LMTnJeia+du5LSYhMD2w==" ], "Fy3bplraTnRnJlV5RewauA==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "aJcuD8I2FFtYOQG27x05WQ==", "qhSIFNwi876BQWyJqx7TXw==", "Sfn7NNniMfKKkrbS2KIlnA==" ], "GVmxmNcJqT3ovg+RwjJg1A==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "7BER6omsA92tkjpEqGZJLA==", "szMAuHDpCq8KehOnG/58kg==", "SRtj8i4HsQkjCyC1YPMDYw==", "bmwYxyT6fmHIa8FODhI70w==", "ztlVnn1P+W74ZN9vh2BisQ==", "vQedZoMzqBElfCAKIwQo5w==", "c+walK0V+dA1g3qnPME4Ow==", "v/LL4YgDGZJlkF77eUtvPw==", "5ro53BoC7BlAtEu1loQCSw==", "sosNUrsbT764ZsBIEQm5Tw==", "VUNwpBj4hvcLARxqxrvCCg==", "XSCYGr+cvuvD+k3V0XhWSw==", "MJtIM09Jw6pIepBEcf4LwQ==", "4Utc/6C5f6+A3gsr9KU/IA==", "8kPW6EH9br7BQBK1DHvQsA==", "pp3PQor2CpTCVnKZusQgwg==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "hIP4iOnrw2sfStgfnTKJKw==", "mfYVQsCdSPyqR1UobqhEIw==", "NGHtfO55iqBhbAmqujAqHA==", "E6F4Bsc58fK+0x+N9LY6gA==", "UC0U9/zd+klwBmGR1YYVPg==", "ZMCWgxkMJ4LjF/nj5/+01g==", "fdpDWwmwFLyFeyU+CnbxxQ==", "pFXK+S/0lzfxv0ToVY49hA==", "Pd5fn59ga3nlH8XsDKvDWA==", "03WJApqdfWbzHtZHpqBt1Q==", "d2mdhZ97rWRfD+pslcl6uw==", "RLGDcCcECNxfaKqTkhDvew==", "5BXX9+pRVay9wrZAORfhhQ==", "/0WOR5Jn6BKoC/9+5dlz1Q==", "ekipReKDch8nQkv6wLHVww==", "GjK0gO1QmNQJ/ZsCakqCdA==", "jYmxPZjDM/CNw9uJ4rnMHQ==", "Ox1tNe9huq3q2onFJsX0QA==", "TN9ZqAQo2vEW/Tx62EpRcg==", "tQmmf4j1ZMloac9gv7yd7w==", "5ua6yduRd8slR+XckPuEJw==", "POSFLQ5mtdC9jMcn5UF8FA==", "PB44uTo7NGwmA/fjSEQPBA==", "5TfU8//dfsOlT82byi0lug==", "tNFH1YUHHwU3vwUWrO3mLQ==", "KtIlAO0V0/KiMbIbmHHMGw==", "TK/tQUH9MhuStrQUTQS1ZQ==", "PEaU9hApxjdZ1D4R2OUZpw==", "uGPuYR0b3uiHdpdRa97mfw==", "sHu0Ihy6+HrKJvDoll9f5g==", "ThUekCEizKQbaM9qGtWShw==", "6Qa2KBduT2HgJC4kctpUnw==", "vnBlYA/0lXrfCSSYxgwhSQ==", "9Ck8qx7KCeVOhknvjhQwsA==", "B0ZJnlI3io/AXTPjqyoADA==", "XIb0YQoMG8k0zzVWHpmvAA==", "Hk/EnuFgs+4rtDh2D0OPZg==", "FPJOQAbsBSaId8RmD/1j8g==", "F54ap+bUe0qceQi67ZX30w==", "yIgeDQgyoDXR+INQbK5bbA==", "LFiejdPb02ZvCk9/k6M2OA==", "4xxaXkxeYvxr8HgxLSDyHw==", "ANawluW+m7SrGs8Q9Odgow==", "KWqotAAFzFGFp1GIUjXi0g==", "L+KHKrPvSxZVeDMiWq92vw==", "I362Vwh1x92yigOP2ZDpKA==", "0gEzVf04N4WWI36MnLXr1w==", "SFiwTqc+C9HkxslIGbfU0g==", "SBAWrxfXaQ2Ka48xajW62A==", "Bp4O+K+hM5aEmCc59xUWdA==", "Nsd5wG+dBhUvVktxuz/adg==", "HFchxDnUHv0YgEfYisGA6A==", "95p6rGNUFNsCWfXMBirOLg==", "e2U3+rnCE0yJbEhq/B49zQ==", "EGDBCdh3xodxfhx6SFGa1w==", "9XbremjCd0rS6zu/GB+mjA==", "rTV9bjfy2M3+eJBkP+611w==", "fM+r7qYMTXMx81IJhr45YA==", "W9IdHW1dLxMcDTawlof8yw==", "cLetPtVgm731iRPvGEIeyw==", "S01BJ2Ht59Iq71LsHWKLzg==", "DyteGYzEcNMaIwU0U8gq/w==", "u0MfT/CHY1AhIYRRjCtdhw==", "b3gcqhWrOMtSFjkTMyyWQw==", "AJgpOdbNJblqS+xC52p8RA==", "dpCbBO9jgzvekz9nKJpSRA==", "70+Z8jFk8NJbHxPCoxDRng==", "8BsUEMjLB96UtpRd1ludrg==", "xcQReVPnPEIim0iMTZWDwA==", "ZoK4/bCJQ036BMFIy2mG8g==", "5lHEu4ueMJgetLv/GfKHtg==", "vagSYtfX2ayPhseLZe8kAA==", "guovo7cvog/lYbVq887U/w==", "1eXmoeT5Qd9M0GiSJ3z2mg==", "+63s7h05SP1xmH1EyLoL/Q==", "sGBviOATX07Y4438NYu+Aw==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "WV6CLob4bxW/eDgXBTJfxA==", "cwXdqs9AFOcThYn4e8y3yw==", "oGVW07Zdco+t8LxGqPbEUA==", "oCDLcNdeKQmSOcg6w237gw==", "9b3hAQW/ubh4v6zyl2M5Ig==", "M0WxNlBrWr1WR0ACcsFS3w==" ], "HbglDdnV9yne0i8jQL30HA==": [ "VMOHtQeyAtpNyzG6HE0XhQ==", "fDvGbDNJpsxaSncFLSlH5Q==" ], "J0HrVYoM3raELvTfJ82QMA==": [ "+nrMi8U389zlK2TEsOUGbw==", "cD+9p+2eb4ubWbn/ynDqrQ==" ], "JHQdC8JdSGipvO0sCig0cQ==": [ "UVRy+pWnw+7xa7f2U2B15Q==", "AsiuN/8gu7sZ0PJCLihjmw==", "74B4VkBJHkNvj2AsRU4uTw==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "vekzBecfH1YN/Zd4MHsZmA==" ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ "C0udSo+foVK8TphEaJ9u7g==", "RLfmH4oizoEHB59VpAV6Kg==", "2A2BjgErU1GldRQi2g+XQg==", "Jek37tQeVdKEwtu+6a9/CA==", "9Yjf3Ev3R8wbqlhNdfwPQQ==", "2Z/NA7sGgadio/qisfiC3Q==", "CoMZiX0VsWNhKSQo1NCYkg==", "9vaAmbFDwko+7w/wBDHWvg==", "wlPwpwE94ExdZ/N5EaE3ow==", "7v+kCrIi/mMmyn+o9Uh+oA==", "ZPTYG1GW4N8khhdO0sFXlQ==", "atAnLiOuVhy8qyEUVNzM2w==", "BQivQt20Anl3mLgiJoMKAA==", "noUIfMZn5dUZdEKTi/GsOA==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "dO3yYWRHtCsx6+NRjjAIsg==", "8vc1CEh/sS08VpWYipw3xA==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "L4diUjusARli24fy/u9lAw==": [ "FkUafBj1ekysZyPIbZi5fg==", "l8driNMmALQs2/V7+uCq+w==" ], "LD9yEwGtdZJl2S96EO58PQ==": [ "RgBI11FezD5/LF6u61IQtw==", "yrD0ecVnK2Y23POHVpCwiA==" ], "LR+S3JloJQ5YEViBpmcLkA==": [ "ydg80VAiaAwfrueUhGEKNA==", "toXp/ZwNqXAUsdXRb/4DVg==", "ApGWymi9r75ZlVZNkjnd4w==", "b0xlBSDO/qp5khqjIfXlSQ==", "pp7NHxA1qAOUnsy/IRCLbw==", "iQtqv3HeCGvWBf2ImnFK1w==", "PhzQEpAkCFfaNfVzGQzMgg==", "J4ecrOEw69avIhhOznG+2w==", "dhv7M9LLYIyyRsKi71f6Ew==", "lnhGLE2iCT1nizqrTioMEA==", "ummv/ARHzS4IbQ59dpGtvQ==", "3S91ZYwiienVlUnFeIzkRw==" ], "MJmw8vClC4VAn/J4MfhK2Q==": [ "DWl94vpEWRXsnNv1XWboVA==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "tJJUE3O+B2dj0YzqLSTtDA==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "ydN/9qW+IO/7qUsy09APhw==", "Av6IvPz8z+8JAyypXmkbTA==", "hGz8R5Dny4UCIDPZzXbK3g==", "SPxMxLW2DZ8IvP04UR/H6g==", "kUo4IyXRh1XFppRDAqTNnw==", "WKEI7EQhRkCAgIF18HZjKg==", "gvOYexCvSFjRc1ovPwHsww==" ], "N4dB55YYjGYeXRj+vLBatg==": [ "14EBaSYBL4fLL4zgayhBkg==", "lQ+CMunyB1B/r/pkv6U72w==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "PHkBez1UE90U9LJepncOKQ==": [ "Jx8Savf4pVqPTLt8HsgoXA==", "842T09LMtibo6aQ7X6A47A==" ], "Q+exKQZH61PI/8YfpN472w==": [ "j9SRMWigV/U3u/1hsi7gLA==", "Ih4ScPgmvAttJN/czzciaQ==", "Mo4ARlLui4P8nHgMUyYhSw==", "99Q540ZW70Bq59gE8MRNHA==", "DzB2GvXN7uyOKTXPPshLvg==", "70rtBro0k4gOrF1v9b0LPQ==", "4zvDuRN18ZTgEdA+auow3w==", "pv5Nm8Lwfq3X5Sm3cuoD1g==", "RXSYUreBGXQz5Vll3C130A==", "XM09w+ZScTz4IEN6LeAUgg==", "MJ6xN5o4V2wpv4hjMTwHAA==", "jmCYpsGWnnwiehZQL2tyGg==", "cKtHM3xMrk1VjV0S8Zl4qQ==", "L0O+Qmwnpkk+Rg/VqN7QWA==", "eZDuJI6jaohxUM7fcdYEYA==", "LBK9PqJKfCEUpttQCyryqw==", "LzfcsSJMzHmJVjI8xrynCA==", "rJHkC74NrobNudSijB/y4A==", "F6i42vx+GvZ/9LpnToKHcw==", "8ML0IVFlCjXlypnsSOqB1Q==", "vwUe6Dpe5Fb7V8GdyGEhjA==", "bzewxC8waOXL414yMxKcqQ==", "KhBWOViCuCZdWqrkDlYvOA==", "Po+GLdyrucAyVatfOmZxGg==", "sEY+u8JcXEvFyPiUDTNKow==", "wMpTUDltgKPDv4b44/0Spg==", "k+Eb8x9IQ/IHa5nSq7kcSQ==", "/kFHc0+JKhJmQT3bM6TpTQ==", "rpqh6K+YqMAxf172QUbycQ==", "Y+LzorqDQD2Povh+kyYSqw==", "XjQpmqOxrg5I1zgVKxswFw==", "6Za/T764+Wnq0wfxFjEvGw==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "y9E+Lh5SpPDKe0DW19HLjA==", "AYOaUiAITXfmzrid+CR2Og==", "kCqPC9VTuWeNYsZfiAbN4g==", "YuJLEitJYK/0Cuux1rRK+Q==", "UBV+Z4vQ/HB9/cVGq/+u3w==", "dMO4fX/IkQ2bi0ds65uBZA==", "HOYwG5Rw5KtCLqSTp9IaXQ==", "de6Wm8GcUOvZ/vqX7ogEtQ==", "CAcAzU3FmPfcBEK+BF1wiQ==", "sY8NON9Vp1LES9AwtY+jzA==", "0w7yDxNwDisUMkIdlkUTZw==", "lgYZVj6kPc0Poy1meDiyZQ==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==" ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ "rIk/NHa428tmc6oDgqypQw==", "1q7YjyB3mR25zvqxJ6Zk3w==" ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "UbJne6U4WRZmmyYLeEtt4w==", "cBmZwV0l/QLSSsoNwTuUWA==", "MYhgpNDg22nk0/HCSwm/gw==", "wO2dcFx5JhDjz2K4QDYydw==", "e37CxvNgywelF2ouwzqL2Q==", "6thTxik/0CDWjirwYbVkYw==", "hwn8HSXSxoAi1TYe+ACqPA==", "jb1tyEUU0h95jkJRbmTeVg==", "eGYBZQZGb7FuYNSi9wuFzg==", "oybDfBRpKC7mq0IkNE/WbA==", "Kcd+UQxBw37KfFkRbn1QXw==", "gl5O329psI82Wn7F+BP/pw==", "0ahYjiLWT0VE+MRcEm8yAQ==", "pl0eAtev2igDstYhHd6sxw==", "5XT+5ghtfmJFJSJCERGwhQ==", "kFbIkTDdc0p9e6ndPrAnHA==", "5N/eQ/DLmsm7yS6+3apC5A==", "owALVsfUiwMtDqenpdt7Zg==", "AuT5DLBrUT23i8Fkzi5nrA==", "0ZniYEExf5hn6bWx9CxbmA==", "HBDLPf0FBMppxrTwW+gqlA==", "Y08Ni7+TSPQ/xSSRr851zQ==", "1CDGyH/KaS7DctjOTuk4Gg==", "IL9yoqEJiA7P9oRxQrj7SQ==", "kxjEyJZKMrQwjAj12bH0Ag==", "5ejk3bhFpvIIABy9EwjwqQ==", "WzMeKgvORq7XF2Xr4q+JaQ==", "6pPl5aD/FZ2M/6Yaa588Aw==", "qYLCfB1EzRWGloOr+Ke8RA==", "QL7KLbo+Ri9Q4aoq0+/c2w==", "Oi+2EF5+FNNGg+4WyowonQ==", "XC3MXlpMb9D+YigNspsXlA==", "NFJR7P8KL9HNF/dsA5opTw==", "HiF486OoQCfE4Hwc8DTxrQ==", "/YIHlhDwc0XvwYDDbGEIMg==", "SFoELvc6okNKWKi7mExikA==", "r9qwoudvbxrKUZqCmUc7NA==", "anPJmbS134IB2gfGIWKJ0Q==", "wc5lIWGg0A45t1Tgl/aghw==", "X2wqIFGbKlJQpE/DojrwxA==", "qr6Jra3xQBxvbIQJAqILNQ==", "z6u9MfxJ5450gPIBXVMBZg==", "kRGVc4s/SuXPOfCHc7Q9ug==", "Dlv776lHnCBm01HWpf1zZQ==", "6/Rn1WFxVO6aopyr8psGfQ==", "UEgRngB2KVq3bhFU/6+13Q==", "SXF95Q57bdA0qf3iy/XSPw==", "qEQEeZkI3fZm1RmMiKeYYg==", "1/xm1gDhSpcAv1vbsLnNhA==", "+1zjTJXhgIQ5uwrI0Po3UA==", "Eptc9iAtWcHP72eK8tBCkA==", "XWfDomoStj3uOui0AGO+Tg==", "0DVnsi7oVeiCakd5LIvqig==", "DjTY6HUnX+COP0+KJxD8lg==", "pWQV0Z8XQHYl5n7sHUZBqA==", "4N3POA/rTFsL9RdGINkq1A==", "gs7k9o3a1jAc/zZ5AEytpQ==", "NPJh6PwkJYtfpkFMxFCfIA==", "HlmfsCkhcIqBoptvS1F7pQ==", "KM/iKSazFyPeIBezQXviSQ==", "F4g8Bboy9/sMyy+EusFlpA==", "zBm31RctqcDF3ITqeA/9oA==", "pfNYlxG8sY9hFt3528zJoA==", "7oEe6HdmVrscCmplGQsEeQ==", "POO0JR6PIxa5cAikhYHhiQ==", "o7U6pbXnKgxDi4OXl/ryRA==", "oQ8YhXsWl1bwUCG1x+HzDQ==", "L5u3G3ilU8/0RtMpJ7kdKQ==", "u/b1G56mYgMO4E+lYxSxjA==", "w/NMuS0o9hChTkNvZhIOtg==", "jYkhobM1mHtLOwQie8WeWA==", "m/d6QTwNzEzxGSR3T2263Q==", "eZ2tz3j+u7GWuS6rb2RB7g==", "ZZEVbWhAYTXw9FIX3zIAtw==", "F0PQEZy2PTlCGjp9J75Btw==", "9kpPzhUEkQr6h/4fDNnSuA==", "yCrfh+WfD/7UJatf+Ek6jA==", "Ht/FCT7E55SLIJNr/AHy9A==", "vBXrhxnu9HxQSmN5xWhZaQ==", "Ee2apAGC0PFcPNtPjyeqbg==", "JS6LnmY1PZfE5YxJsCWPPQ==", "mbMEAQXpYoMKq7Io1LfrJA==", "ByykkIf8cqMarBUwgOjK0g==", "AcbVYbhZ/tTIOm89OCy5kQ==", "43uaBOp3I4s6BbwM75Dtcg==", "6qJXB6OTmGgjS8WJVVTxvQ==", "ujzNJ5kQVFINisRmEnkrzA==", "kTasTqgA/HsT2H85z8VDPw==", "DAwq8wwWp0GN/p0AvtHE9Q==", "V0awGVhndNVps/Yhh/P2GQ==", "psr6EfqmKkDu2s/af+27mw==", "jcBNjU0VQp8W5rs9GaZnrw==", "kdSSzkEHTOGF0fpTfXjzcg==" ], "RhNJQyxUHoA1z70UtgAC4Q==": [ "kwBmjCC7+d5xUliMZJPNWA==", "vb7DdaxZjPV5NEcCqN9EkQ==" ], "RjsHhFfoWvmQBIu8lxYZjw==": [ "iK/w4oP0ry88Fhi1iG/FpA==", "ycihN0043OihPtrAPlFZyA==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "GAn7gWUe2pFr7PbwechqxA==", "AUiFITCnRjRxctzqqbDeeA==" ], "SV9uo4F9Li9vAHBKYcAlZA==": [ "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "2IUiS8eDJ2evZHzBkLGqPw==", "UeuwcxsDMDrcMU7c13lXsQ==" ], "TANtf1h6RhI5yVQQhHFTbg==": [ "QxQ47SEMl+UFCOv8XVwx9A==", "XPUXyp+BOEJyEGOgXafi8Q==", "6rBlrHxkkFbqVRbyfq+scg==" ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ "rd7C8AD7IYUHYPSfAYtKrQ==", "0hxAfeI84l0pzeedcqmGpQ==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "H003kvHQyN0gsWRXOrXzxA==", "QgyYiUqrv2nc1+RqO1bM4A==", "FyNQxVBbour86huhtgTOzA==", "qnfP2y61ycFKlR/SBnZ5sw==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "+SOMbfLFiy8gAeP6YTZQLA==", "7HuMMq7XSYKaQG/oWdxnyg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "Gzt3Aov08YmfW0b/CN7tHw==", "d8O/Pp2nkWZxFhUyXQucZg==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "z1wZ8EsA73QQBAtKsHeNNA==", "1XwPa50Si6EKs+Oms8SLUA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "pX9giWYBuTR0yK974RC2ng==", "qj3kMXpJzib/tg7NOcmtdQ==", "5Dh9IlEeZc9EPevqDNDlAQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "T1160/hke2bN2YNtHQGAVQ==", "gwO7tO+7wG4yYN77KHpJIg==", "pGvoS/decJ8g3YpAYIFmmw==" ], "Uui1iXuECCOB7NgLQMsJpg==": [ "ao8l/bKVk/yRH6auM4IE9g==", "2pofu/QdlV4xoXosgfKRNw==", "zNwhU1to6ohdg5Ws/JmM/Q==", "lM6Cai1zYvH4FYQ8nb6tQg==", "MtExg9vrmkuo/+/XELnvpA==", "0QqnWQey4QRkB1tBadW1jg==", "WoF8HAs7BhQT5cycNGL9tw==", "PLT6ItGnGibNqyU7ikhmRA==", "ewA3f3GyFBJhwPX+CvDYtg==", "Nl5OfrnQ/SPbLIWCvdxEHw==", "ybg9o/djfKR8D2l5wfz/6g==", "UApauQbQz6UZdsAuW9miOQ==", "nRlBpDuWR9J0Ttd/BugkSQ==", "70Ajh2QFCXmrQTWVljWbIg==", "U7q9649W3+OXGS9kMwowkw==", "0wSMVHwI5T4EgYqkub8RhA==", "g63+znub5tyxpqqmyP8Tjg==", "B7rM39vvdeIIjmDnRAuTIQ==", "bVLJeNp3UltT+T1xu6C55A==", "e+8uKOviBSOTR4ltKl/Y5Q==", "Pdc4LabMMVIl3+kSdEepMw==", "brTmpkOORx2yJvCnkPzYRw==", "T4bxk7MHk24P39KEeRKoig==", "WNA27LqRIql90O1m/PSAgQ==", "C9NKmmH/EbcYxVOEg1uY9g==", "ZpoRIduwcda+XFGXyoaDAA==", "7XM4eB5q+q78IrA8abl57g==", "JWrwO52d5SNbcmJ2KpFaJQ==", "EUzfiOQu+qZDEDuD1AbDtA==", "9lOiMN/e99o1oI1dhS9S2Q==", "fxc/de3PyQgiwjyykMQ4ow==", "XVnPYCI1ck0zTs/Cz6Yl5A==" ], "VFldiAD+rTFuce+kutFUuA==": [ "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "qNhEJopIC+OWvXbrkilAfQ==", "+YsItiFwLsY/quEIP17M6A==", "3cVM/UH6o+8G2FMQ1Gl/Ww==", "O24do/xbIwz1BfQU4lBl5A==", "zi+zTCtHwI+xWITxpaOJBw==", "69HZBPjw2QR8kIdKeSUwQg==", "24Ysg4Ma/AJz8Z93D2PzNQ==", "tZSfr7Q1QfQP2u7Sjxqmrw==", "iACEEOg8p4u2oul22eTv+Q==", "55nFlly0ydgYROdIHNoLjg==", "sJOXRbCL0QuUC1P4v8JTZA==", "CebQRpRZjOcKyG6X/Hyb9g==", "W5birtu1clZwp55QDPxkAA==", "FUeASYCa2REKwmC0CFlz2g==", "iRvSvKSGVLHqIXREJ4Ht/w==", "ABh4yTmrbQSCnnP4F8iX5A==", "mX276ORRxpj/FeNL+3OrXg==", "aqaaxa85Ibw3RSMRWLL7yg==", "rBDj6tuhee896qgiVA2peA==", "khwtIlYEcWkkzJP1rg7BNg==", "zLUPO/DSeItPLWNqYd2DSQ==", "mXfTdwl2racpbSHHHKO6EA==", "UoBD3GwEne6Zwl54oZgCCg==", "Zg/5yy5ojZu/q0X+9MCQQA==", "GXVxiDj3UnyxgXg2cz7u0Q==", "xIqTu52elcgV5FuN0Fuj4Q==", "m+ltkfB6bwuyxpSjgAFr9w==", "5pFK2pddNfoGuwrNwC3BlQ==", "rDeZ9YqARbQ/8OcOA5Tn4g==", "s0BW8R7FNYnFn+nWkJnUqQ==", "gZW7OlWAfe3YqvPh9YUqJA==", "I1n6/nf1BmKoqYe/GXCV3A==", "b93ucKpooFuvf5DZpkuQ4Q==", "pfZcHRowGRRifIIMXAg+9w==", "Z9vlvDewcgZxmJe4Kp3wxA==", "BCUOacmvjky6+oK/3U158Q==", "Y9X/nbUFq4l8+xowG5hDkg==", "xzz0v3ajpuFhN3HDJCDDYg==", "3A+d+ITPUBtAGX1jTlLhKg==", "+xzMjgQ/BhN1jTBlVwQfIA==", "akEF6NF80R9wfgwbXmOEDA==", "iA/QQjWhvxyNLUaetWDlcQ==" ], "VKbklzwNVEem7m1iQRERDg==": [ "C7v5oMuGS9CuS5bfckNF/w==", "Mds6YkAImABVZfFVPdan5w==", "tlbehmhIbT1WwXt6llfQYw==", "grZJQsj3BT+fQns8dkci1g==", "pTT7g2z3OsAYgdVqJMZOLQ==", "JwRn6LaXs4DLH+aotGHcIQ==", "RFeq5rwe+sxgyWgUXeEitA==", "sEXYrXIRghEOX+5cKfh4HA==", "HMytRAMTGJlQRfqVbIzzVg==", "xKgvhqTYvQwR5QWUkRuf6Q==", "pvm4gwkuqzgisbgZu1oTlQ==", "w/qPRfgu7T1MbY4EuhkWZw==", "8bMBj5vTG1tOpQ1wuVD1bQ==", "g29pa0L/tOFblhQQDFeJbA==", "7aOJwf1br9gIaC1RH6UwDQ==", "8m+MeF1Vk+YvSROjY2pN5Q==", "oYEyIJ07SURdsg7rK6qrYw==", "U2e7dgKDqk0OlJ2oJw2iuw==", "jL7k69KOM8ZjTH+gwznwQg==", "TTh9HGJJgt1I4lhDqtPBIA==", "k/RAvY71xpuUVrSpsGkYlA==", "nOD1OtMP4aGP/bT3iktDEQ==", "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "W+js148eF9SSUbrTSIRvOQ==": [ "EHdSTtZdfwUmOpf3vIeLWQ==", "5EJ0MC7TgiGIlilbbiOvfQ==", "dN3ZkuuHRauklH+tfqwFYA==", "Ry6vRm+cs1w4rnhTcw+4ww==", "yV3QixxBrXQjuo0c4OIL/w==", "kCgZMoKRMbRx90oiE7jJ+w==", "PYQ8GtvInfQ411U5gwbErQ==", "Vbqm1jpiIiIM2rxq++FdoQ==", "8ez1JQpqUyVUQaplF/dpog==", "2n2n++65Q4X6kZeNZUZXMw==", "GpJjElMhBMa2ZIh0g/0hAQ==", "lWKRi6BgpanbsQgeIct91A==", "Ws0fZZUTvLi37jSEx1MM5g==", "IH0yoiWyuDmG+HH8h9dKLw==", "NdlKBrj70+HY4gSgv+wTmA==", "1ylYMOLaPUA6xIkqwKBb9w==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "JLZyRakMGnyMKNtD6nnqpQ==", "8lLGaMUZk8kOHbicsIjPjw==", "lh/EYac7XXFvwJr7gkU1TA==", "RnzVpoLf3gQvIDiBFFXm6w==", "ZZLfaN7MH3nRy8BlgA10kg==", "Stfm7ne4Ofst02xkZn9K1w==", "P1K1eUbqwgam0P6f7iB/IA==", "wjPVtpb8yNf3j3pc1wfy6A==", "kRa60N9SRvgjl+iiwZ9fZg==", "zFG8iDklz8FcuYliYZGkqA==", "d9qJI4TyihrqXixZ+S73jg==", "/m4KubgMsY+Uf3GqqbY5Og==", "82S4cf8ecOlHYb8LNQQn+w==", "I44fXMfux3yPYaBHaNxgsg==", "UsTHWG7fBbgk8T9K0i79Ww==", "WwkM3aNBW0LnenEr6xDxWQ==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ "3O4R28kD2w0Acw7XQvAZ3Q==", "gmo+iv72N8R3ZKjUbp9DXg==" ], "WIBkwuKReD+vnev0WY88mA==": [ "Mo/R2a7u4vWlPy8O1jH7HQ==", "//NR3gdAYSoDJ/e4qJeTJg==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "4MoaZecth+9t4X3jdykhZg==", "0U0p6zwok5l6rbIxjBRN7w==" ], "WXfnWfq5UvDl4B0hS+0enw==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "WgTBt6b85L1bF7WXV5bQRA==": [ "LMrJ8zW3vxlqJrvFMbbCGA==", "YgwLp863ho/Lz7XdBK6IXw==" ], "WuHt6bav9qTQn9+qCLLu3w==": [ "ZmOheSIAULld8cF9POTj/w==", "ulsMCA3bm5VANCxYIf54Zw==", "TRd8qEGSmZkjG+mmOfTmTg==", "vLgELeoIueNM9KX5ZIMtjg==", "ssYEt3aOFwnaqoufFlsCAw==", "ZUoGCxFJ/+PUPUdg60izwg==" ], "XD0JiZBKTweysL9d3sIzpw==": [ "eERb0a2u5NJoo8XHmwI23A==", "LULa++Og4kM4JJrQxnZj0w==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "4rkDoNFFNCrcnkPj+GN2vA==", "fvxiOpnl4vL2UcobmeaYnA==", "1NnjgULlQBpIVsNocYb9uw==", "QNVm3dpa9lFJUb6FBjjc1g==", "vbUGycVGGL83rd1I5CfHuQ==", "NoEVAwQMgkCr1UvAm6iQBQ==", "RfXeDDRCykmZZMDXVfaGtg==", "VgTIKWxJpYFkd788UcqT3A==", "cex7jEfdv/MaWi3px1ZgxQ==", "ozbcadljjD/zIm3hj6kVaw==", "P0aqIEFHW71uwsNt2kNw4A==", "xoMyxEWbrnIOZWHnwVuShQ==", "by4qEj8r2+yQ8xw2ZHB4/Q==", "4YMcCEsfWO5KpctoAqwrFQ==", "uioq0s2+upthXeIfuu8dpA==", "zmJCk6ssM8yXKzXcDFtbsA==", "4hX2FW/Yj9HDbKRBqrhgdg==", "A98JJ8FAQWnMhx8Nb3TYXA==", "kQEcZDAS6Ka6J710VZUH9w==", "9rfGlkZ9WMAUo942FMnq5A==", "TU6sUeJdvbpf1Uxt7QBVXQ==", "hYg6jGCQ5Nuq7UsitAzuiw==", "vwdkC2aeXSkn642Di7lXbw==", "r35oOcTyVY7X2QLaChkjdw==", "ZrKcftBnwBVZKQlRJoJcLw==", "lBoi08D0xA11v+agRADO8A==" ], "XX1gx35T8rMzed7p4qESdA==": [ "cSPoRTB3BjDaa16wszdN3g==", "rKpZxH2tXrNLthuse32FWg==" ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "5xW5MMwESxiksXgaLrFCnQ==", "GaZVgTbcdJiJMvdUeofqTA==", "8Zz8gP9QPTYBttUQXDeNpg==", "e8Ba4iAzVtDvrookiM9XAg==", "nNNVXLjFvnegTKkITfCBuA==", "FdtzK6tyT53moDNlzBGPBQ==", "sHvGKpRovk0D6WznAeRDaw==", "iveVedfC78Qk/6ltHJ21kQ==", "9SrODyBGF+py5BfKYxVllg==", "x+E+r7arkKvVcXf/ay8rdg==", "oVI7j6msaWseNIkn6m/3+A==", "5/L+eT1BzZSWVW4ZLUXszw==" ], "Y2WVn7YbALZNiKrMVF83bA==": [ "Rm7aeXEOy4+PSaaC/AfGyw==", "O8btQzgzPf/pU7XfP3wqPw==", "9lxLFgIezXSh1WnSsRhwNQ==", "GJy8g/4zoy4CPDvWLZr9kQ==", "34lrKmSrRttv8Ef8QZo+Cw==", "uGxAJHfmN99PtsQCJqV/nQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==" ], "YRfO+WACNVQDTEO1DaRoPw==": [ "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "KEWGfOVGYNjr6kNjpQx0qg==", "D4iEHIlb8qk7qBBIBLV2WA==", "fcEhBEQT+7+nxaOwZEIInQ==", "9CmH5Y/MDHXGbta8UBA5HQ==", "NLs2bAzfO2YzrBTddmvvkQ==", "9ca/WR2Db6VUKD0h31yyGw==" ], "ZEh/5caJmj5WMgoK5/jyfw==": [ "KTLyj41W+cHfjH/HBrA7BQ==", "fHxgcXxpn2MkgE/aUd2Vkw==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "Lcg+9plLPEAo58BHKBlIGw==", "QznSXY89jmEtP62PhxgH1g==", "JBIWl7TA4AzjcNVfFPjHaw==", "vc3i6DfzTVpLFX6x0zKE4A==" ], "aW0vfCmvp3ku6dMkvaoZGw==": [ "FAES1XlWFCETbKQytoq57Q==", "2oTX17kDUCTK4lHB98r0SQ==" ], "ao0mLJHwgqEhua26lzg6gQ==": [ "helnYsRUBV0VLNZe0kvTiA==", "L/8naYULbNo7VCB5WzvpDw==", "4L3dk768qs7Sg3jWyr+5Ug==", "hEt6vsfHYq4kHELEO5xWxA==", "mIzvIMMUHDBMdt3eAx+4Rw==", "okW8xf+CinO7BWuM9dEk4Q==", "KwXuJ1mZuqgv14dKI+DdIw==", "l3j9C20yHr6ZHIXLApzl0A==", "9Bnr48B1Gkm5b1u7nixqng==", "wBC264S906jsJ9EHip/24A==", "DGtUYJS9TDm0sI7Gw7jCuA==", "alSeOMnzCu4eh8h4VjVrpA==", "ZQsszFOlqLuLyfXZGfRKxQ==", "1sD6TJmtoMKm89Mo2ka5lA==", "0bsVwLbC3DjqoPdFlpHGrA==", "USroe8+XCxLDwAOkjWfs+Q==", "FrIXKuepXZdWVsQ8gu1YHA==", "mjV/DAgymXlZYSj9rj04pg==", "lc0ErrFagkcQxsv9AGKTjw==", "eKvGCJDf1Iytf5g2d8kaFQ==", "5MGCN705vR5eWycZyFuYJQ==", "H04yzALMJAjmclexKFeS2w==", "qQxzRYdLEwZ+uwtq33H+Uw==", "8qeM99NPNtS3R0CIVDnqTw==", "DjpSix06K6wkPOmaLpbGWg==", "c9kKQdmqE31JfE8hW1jBfg==", "wSNG00q+az+IW0NBCU7MPQ==", "OvvtykNCZtfooZWGyghXfg==", "EB6fg0YbdpF3FjycPEVN/Q==", "g3/sX4CO9sGFGMvToQ+how==", "AyHFH4N7lNUZlwVfgigcMA==", "FV18DPtJsW6qZZIHDbkGJA==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "/rVEaWl0l9u8biVEKbZTFg==", "ymBGTBftPxHJSbwAfx3uNA==", "1VKGbptJGVhPmMaic8aidg==", "dkB2JDRx/pLwN9EbsYh6UA==", "xhnxsdmWc6+n3gUj6yqBpw==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "J/vqYu1qTz7dsS8oVaCTTw==", "vJceii8mKrpQPBtlAKleGQ==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "YmjsPDVfe7xyjGwOgJunGw==", "QXekSyzWiuaI8YTxDgngHw==", "H5HU/YMXz+3wwSlUv2hOEg==", "WKC52So9Haaq0Y0pkIeTJg==", "qsn7RE1KMH045/wAyIDw7A==", "ZtlPcxFiuXhGia0ZM6cNBg==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "WACsy7vAhq3GJRyxAuj7NA==", "wn4STzMt4ytbVHyERUyNoA==", "1Iwd54Uz+8MDWoeCI9f7Iw==", "ThjoilITJToSra2xx7nmXA==", "ltryu+P4IG4b3EAJKjyGHQ==", "75kzXqx/LGJU9hkFlgdGGA==" ], "byfHs8LLvbAc+YzK8+QmXA==": [ "0EBjG0eDRuUxNmTKolYVYQ==", "VdavXNeRp4EjkXxldYSiUw==", "EXWaDNivW550gBh9Dm6gCQ==", "gJ/fF2D4AXb0sjRGNWgixw==", "GVOb0whjVXBMMGVZhZjH0g==", "8OhIIjb+vwm01NjtGgcnDw==", "SWMi5UoagLshKWAW26MJTw==", "SsFE9yHqow9BNx1O4nMcCg==", "eoZiXVXIYF5HZwY9O+NvfQ==", "5zg9huqgOp8E89z3dxtcHg==", "1XBQq3flp6UCNWfTuRjE6g==", "kMB61Eclf1Qb2Suk3JRmXw==", "8eY8PV83CN3R/MV2hK7XHA==", "V2C0OnbFKs9wiV3IrUOPew==", "gqWTMUdDL1db9YSLA4qpRQ==", "wqIGHEm21/U4VCTr0VeLVw==", "FKuvvzZuxFLoDaTeoDMGIQ==", "OUOPFj6v5qm/F5KSXf7dVw==", "yubezWiwTBzlJyfKBBah5A==", "qbsbXExNvRlblIMDPNkFzA==", "juRvPdedfeoW/YVn4PBM8Q==", "k4dDUqBohIhzwbUS8fZiCA==", "4IznDha57aCNWoI0Hc828Q==", "1BGBx+ICmx9ndSR1J6c9Rw==", "DDPdyyhkyoDS2Vq0O3We0w==", "SKyAPnATFclliIE0mjtq+w==", "ukBMje282PDzxzC8wCZoJA==", "cm/gvI0AVbEJW8SbZVw6fw==", "vHIEJpBGkCNiUPmahPyLqQ==", "C+2GxqMTQEZYKlJYDQE1Pg==", "ZBDjl4GlHR5BEu3WvRQHHQ==", "y5N73UEFT/BHwjJkVAx22A==" ], "c+W6x4Mcea6sasJQFpayfg==": [ "ryPu/punYtMOzifbFWj3Xg==", "cr4RGJYSJM2QUssm6cAQ4w==", "XH8pWtqEhhBDhQuq+NWhvQ==" ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ "/KRhrFyFO2WBBj1/Wnbnrg==", "4iFNln+X4k0SeUiw/ueLUA==", "sQzygdvKruRINz20KeXUpg==", "0DSgRHOq1OLwMX3biKMcbA==", "UcI2WjL14mHQYOfXIkpuzA==", "e91QDoc1m7i0h9Urg1XIuQ==", "UTm7DZVRUmqWWBx0Js7vCA==", "HW1HxtJFrKBktMKHARGGeQ==", "9lAt/24IrVKtsskC+grSQQ==", "sa5mIA5TIgDDEs7v0PwTjQ==", "5sY/WncZRmQ7FUzZZ4kBfQ==", "b8cX6Z3ptet250uYs1XjIQ==", "h/OVEZRz5ndHYLHsNXXXMg==", "d1j+WeBwgxUY2DD8tjQwMA==", "Ec/FYvTTz4riEqnQe1G+Fw==", "7SyD51cUTMP7ddBSGNw3Iw==", "LKHvKuMU+ZaZN+c9jQoc8A==", "Dp0x43cNy9IQTCa5Vb7Uyw==", "9U8BTRqVPM+WCls5RolwuQ==", "c/TMKje5Txl9grWesV+S0A==", "Ayn8XyGcXwYPR+J1PSWdHQ==", "O7l2OQQ3NRM4VNrd4YvEaA==", "SqKI5VB6698Nen4zsScUuw==", "pHq3XsQe5Y157BuUHMufyg==", "CuWE9qOLaSI+JhOsCiY03Q==", "nzSVb3AtyNNflDi2DJAqSg==", "DI7HeHo8A/itZHGTOHOQIg==", "RKG7TR5VLN5EK2rg7nfjuQ==", "flC/+W9ll6TqBKBRm/YUiA==", "U86hsRMcoSpvWp72aUJNFQ==", "h5U/sk69K9TcWs3P9TuKxQ==", "8ImlkqI0B9hvKdKXJLla/w==", "lH27Z8PmZeo/EM/AegpCTA==", "W01A5sOetTjsV/4bYawPgA==", "DlS6uDYchj9S2LQucQuZxw==", "xxrk6qwvf/BkNdal8rz/jA==", "x+9X6oSMihxrE4Tni3a4Zw==", "hjzu3I+m68mPWogOfZscVg==", "WOIdi+BEnCeSEkfRBmj1AA==", "nfRozYKxaq/cbStnERagAQ==", "+DDOZxWQYsdNCtZZs4LB2w==", "Fys7cTDgnkqkKy/A1tAWPQ==", "Bua36N02B8W4H7+P8yixkw==", "nVEuAeNYaydUTqNE5GOm/w==", "96QbNqFHhG4RmHyIqvnk+w==", "0ZQtBpkFjRCvM3RNGGREDQ==", "UjXmsuFAyS2A1LN7d6S/5w==", "yOFL3ef2F8Ux3GMySAVXxg==", "5RT9+X+8xx3rC02gOnVsjQ==", "Km0Kj8/PT21DcOVckLYRyA==", "DrIpfcclD2b0iXSNtu+I6Q==", "Z5H14Z81HW+BVvKWtV5kDQ==", "hIHRMVndQh85jnW2uCawbw==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "OJ5Ok6CMeJ8/3txCizz4cg==", "x5MnAXJPkWBC+zd+i08Svw==", "vdokiHWKHEv0aYbydeDs5Q==", "opnb226IH8+SU+iAVOx8hw==" ], "caF9WsICRhpk2jJBTv5OsQ==": [ "x4y353xwTKkgu0582Qh5wg==", "m94VQcvA5qigjAcL/i2L2Q==" ], "cj0M8yBzJA8j5tTGHOqDIw==": [ "5AQXXWGtKGeqoPkMqmVzTg==", "FAoi5hf12Vg9h7NFehHyBg==" ], "clGQ5Kq/RKZZziBln/4BLA==": [ "R9lgi90skf6A+gEQ2Lu8dg==", "koaJtTt9+fGxG4OSw5hxFA==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "M6ssHrt9pKPpEPr7O0Tc/A==", "ac4lX1PsJ8EE0cPV3DeA7Q==", "/rVEaWl0l9u8biVEKbZTFg==", "EcsVvJ09ys7NpdNzv0A9zA==", "IbhdAqkTe4EMzAhoNvBoZw==" ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "pvtiIO9KHqFscFbvNo86Dw==", "iAZzrtYDqIG5uluq/FjhDA==", "q7IyWv1MOsi/PXOLUGKElQ==", "zH/R3mCgsX+vslxcP7p4cg==", "cS8BJbrTN4Z2MOJCTGMR8w==", "rcUIg6JYVsZx379+fVhSVg==", "uWvHibmfs86jbjyb5h+qpg==", "sXReFixXG4Bn4+eq/AJDBA==", "XEhX6upCFgCYuF9SSk9Iyg==", "HrQTGWot7zXPyYbisnzShg==", "SKOD3G/MxX5t9s/HjT+ehg==", "jvIOr2cGPChl6X44xwkz2w==", "gIt1VKjk5s7zkgD1H7aLmQ==", "nPl1VYR04nooFy6e74yZlg==" ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ "sFUeaSTxmIP9ksmZtDFy/w==" ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ "bDvGK7B1/5BJREOCtiSQyw==", "BwQexIGmUvV9ONa+9gpe2w==", "xmhlBgW9Qhx+a2k3SdfUzA==", "lv4eSxX+AEAW88phUmOolQ==", "L7bRdQbudZhoHiefk8z45A==", "14Etv/7765FAI8QbzsokBQ==", "0Tr3QMpqaFB6S//rbJ/Onw==", "GeI10LHPuNgyyt295MOmIQ==", "wj5w4kQEe9iH2tb9jj1wEA==", "9RLVzTylr5Ocdbql97n+1Q==", "C2ejCCBwa9n29Fq9gpW/sw==", "ZC2BsE3IgWbuyuu1cz3YMQ==", "y1VRnBNNx34t1XvqjEl7IQ==", "qB1uVwi5ydv4et+JpGcenw==", "s6zRbI6E6xMFwOoLRjlPfw==", "fwXkQZwZsVuPtoAZBIG06w==", "fjsXh+vV+qSWYTJhGoqerg==", "+pLPiYWkQ9M+8Zi7lKlOZA==", "RDlpzaleAPnYWwZyjvoRug==", "dkvelc7KXIcNmlVEKWwOSg==", "NUj8ykIgUTA27ShVMCBysA==", "MwRbFLckfwf7ZXLrr6KBUQ==" ], "eckWZv7IBjaLZNS/vZ1gWg==": [ "h8RB92Gx2aWFJ7WtAQ4wDA==" ], "ey7Cn3NmMZ6qorZvUccGqA==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "viJWUTYaczSUI8knrOEDyQ==", "AYXw2VaylssI+NkH09HL4Q==", "Fg8qijPO2mYzPczZJG7NiQ==", "bqKZTtfId9l8zdFZE/mZZg==", "PRErogcN/aXkh7DLlBPLlw==", "uOeAKP5ZyZtLLU7CjOuFcw==", "mqxlcVJc3F4dPOTEtUve1Q==", "0E3jDwz9OiQ7ty2SI9zDYQ==", "scmQI6T6oitCtZW5973ovw==", "mQKKxdEERDHEVyOMhYExEw==", "0RLigWktH24pjgFtIwRH2A==", "4vS3iu8lvGukFpBFqYCdVg==", "ra+5M5K0yyS4TNorJBFVYw==", "LBzBPjCNeeSOWXyc2o2hnQ==", "xvZ+aaak6OxbCE7Nu46XhA==", "roGA0nQUzXWg+M1vb3jr3g==", "5pINgBOJXOluBJi9rQyioQ==", "39KBEdrZX0FwGoQxYgkupQ==", "cje1a6rWyE5Ko85v8goPNQ==", "7FDf95fwOcyZ1YXNVDIx0A==", "IqAfwTRGJO3I/HkfDNLMoQ==", "9HkrQyk+mvh4YcyBYw6eQg==", "kiHPM08GilYyFXQYDbdefw==", "pGkOHCsusTyFHJ/G9JGXiA==", "xDXpto7iDgv1dyFWeDEVcQ==", "IaNq7BGSUI5KW7kcB5RXdQ==", "wfyGNkRP1AKTpRqTPf0oQQ==", "HT2SNCYX7dkF36jwcJ6tBg==", "3wYf+EaP3IAW5wHFWATuaw==", "wN+C2Zg1myHVbcMR/36bqA==", "QZ7uKIt3KkZJfzRLCLWsIg==", "ECzeIHiPGDDmiEUQjBzFxg==", "wgjZroGG2ECX8FlIRRqZmw==" ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ "EhgsZTFIUAr2YMmtGzoFMQ==", "EhcxS6FJz0RDq0+uuwuiEA==", "fyE+IA6J77V4hC6QL4QCJQ==", "gg092DB69lXLcZyDPZ/RtQ==", "nS4rhARAcjvkSY8dJUFdOA==", "g2+VTeiFdddqhRpToXK2Vw==", "9/6RhDAFXPVo7L6QeEsy9w==", "Zv+LSqi94387CYLrb5PiCw==", "ltoIfsso65jjPxRqV9UMRw==", "UcSRaJxHOHBFxbLpeEwTSA==", "Zc9mVAa+SgrDGA78Zo8GIg==", "S2kC/8+NtHD0EdQuoPqXlg==", "Vl7X+IopOqzOWh1MyUOYCw==", "LczpEojKeJQxs4tAiPNubw==", "sVTwqtGyRA8GgZdyQgXnqw==", "l8z3hCmcLYlZgxzha0zw+g==", "nVgNlf1p1N8UKAkTllJrCA==", "AR31u5jCzWyawCxRWBepmw==", "7bYXVEfvDWEIL53s8ARxGg==", "3SaNoRivMP21uU5flMCqrg==", "YPUY4Y/POEizUQSOdGH26g==", "du8AOXnNlQgdqsSZceyiaQ==", "7czTMSwqOjLz2LigIYHAeg==", "vceRrCjaQs4/Tb9s36m+gQ==", "p5Ki7Z96ChbT07EZ4WnnKg==", "ERpg5QsiyVdbxyySZngvaA==", "U06t0kkLaLeKpn0QxtZUSg==", "YHdZ6rml8dKQg9XmpjCrnw==", "AfEBBMV7R48kk4frVmVcAg==", "cgUuYY1sKP0jeDPr/wEn4w==", "+dqw6lT9TwTTzMp6O2vf1w==", "sx5ziSZauoyjmcMB827V/Q==", "7df4FOgRU0BSF6P5QJkjaQ==", "DG5z7r6LqnKlVNwHAxeXgA==", "rwX0WRiXvDcxdTv5pslgxw==", "+YVz742I3o3v3ix+O1wb3g==", "peuiWx2cfvlg0ej3db5p4Q==", "qcGz8bluItM475eimPK89w==", "7MUqmqmB2hEWys43ktPpcQ==", "xsiKeHcIwwzMLDEPFdNSFQ==", "NWqPMtB06drZmdGhOgqvEA==", "7cqLG7sQEqqh9WoHfpekpw==", "EFfUhTiwNATI8s7BT2T3xA==", "hJqH5PsFQ03HT/LzTwaCXA==", "Yp6L2DOgQNnvp2uXVvH8NA==", "l7gfVyLrNH9qcWdXdRt9Kg==", "UykJtPxmRiaRteAhKYbbOQ==", "BLPjiJKh0zrGI5mH+bPIGw==", "Sw8bDdvvxQW2LmbjS6B1hg==", "obTTrP5oWTTgSGItpJqyKg==", "OlhZuHzjnGJlFRoEEZLvZw==", "B6kRennXxnam4nW6s2O9mQ==", "je5QkI9XlXAaLqMv+l8ztQ==", "3hB+Mhm9+7AXsO3nGoz+Pg==", "XEJhztOC2qEngMnVDsmKtA==", "NObEgWpn6tAdrn33X3GoKw==", "/SEhubz8W4ZKbKg2+yh86Q==", "Bp0jmZLVDqekxjq/Mq7PPA==" ], "hGxLNL3q3tYYzz2uKfKB4A==": [ "y1Qpo5IDwj5DRizBbMgltw==", "DKQ/Jfye0O77T1m4bCFM9A==", "0EZfEnxlowgJ1Et69rh7Fg==", "5xY3IHUogqpqvbFwiQURyA==", "MAL36hvDgZ40KRvk279OJA==", "Xrz5/LPkSDdzEfbSbOXzZA==", "Aspz79uO5bKpApwSqMsL8A==", "TrfUjn7Hi6JPe4l/9tuyAQ==", "te0mQBJAxCZ9Xzg2xrzQcg==", "f6muqKqBGKMbn75htgvMLQ==", "/F62/Gd7cIE4aLRbxVnfCA==", "wTqPXpGv5suIYx7xVHwxzw==", "iRRK+UGfH5YqM+4LOHExpQ==", "4Ue6KfIGD2Yqlg6OG87Bzw==", "u+eDY1Q5WfNp0Krtzvv+AQ==", "RJziShukaon2ShF1sKdneQ==", "PDkkYuYRnbObAyDWKDapig==", "ldTn/Q3i3BpKZ95U4mfrcQ==", "J3RGaCFhZHnCvtta/VAJIw==" ], "hHL/OokyETnopazrev0shg==": [ "OtUtUn02ewCzaijseyEVUA==", "u6PjuomLq+nVKrTw/0Jyeg==" ], "hYEisV19Dxn4PvCvxJFm5A==": [ "Ygj77GRBaQkoNVODBO6xEQ==" ], "hasHd85qN7fkJeIIqjjDow==": [ "XPUXyp+BOEJyEGOgXafi8Q==", "92O2+eS3W5hGvsWPMPwTRQ==", "FecDYUjbiWlU3PuXl5vs5w==" ], "hvKbzRSMjrg1f3y/PRzGwg==": [ "7y5jXLyua18Srex9lNrfkQ==", "CYkHBvLQQf6RYY/2Qkr5gw==", "Rz0KcMyzx8GC2p+YUZpHPQ==", "oPNobp4gxHQj7UMaryNaHw==", "VVUozaap6uAAqX8QCLFGyg==", "gC8lb/CZmVxLK6PkYWC9cw==", "mwpgk/i3GXoSJDpblt44zg==", "WFXV6zzHKCX8JuqtokClVw==", "pEwkPeffucbY50JSGQdERQ==", "NQ+dtAZLrUPoMA29mi1Odg==", "Zn86UzCNWJIJ8FVaY91JYg==", "b+wJbUYHuGJqeuEtodqG3A==", "z1fiDjJjV7T+4MZClzquUA==", "vLLr24Ej4L78gTG08XYkRg==", "HqbYURF/7TaXoQPMqtdsIA==", "IDDFCE+x3YM7koS2SvW5fA==", "WVPPqMDSvwuthc5RexsDjg==", "LAdEFhGjw+B+5uRqObeXiQ==", "+hNDIOxLd94c7zDMEtwHAQ==", "FwvyPIBVlE1fAIgwJ1H6Sw==", "Zk3m2J10w4VuwKsJJMXB2Q==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "DIXgPb+QqAbL75dH7f2Zww==", "CQXGvG5qF0LSGK3lgLUXJg==", "gaDJ+6UMi8jegvsDECsoeg==", "nW07GBIUhWrN6iKB9MBAkg==", "NW78+g0sKpejEre7I2lCOA==", "6XzckJlhvkdWwkN1ERVdzg==", "j/6W06GHqfn2irJJ7LDKTQ==", "ueWEd2PE6kwBx153FL1eIA==", "Qr2/3ufYTxjXiJuEKM7I7w==", "J+a2wc6cR5fLyNj39ghgVg==", "T38zlL6BTag6EVZfMAMcaw==", "hOaq2CFtnMvxmr4bZOUh6A==", "f+wdQFOhBCEFYs6UTbgVcw==", "Z707rrfU/uxs1xujVpKMRA==", "UiO8eKIdcPJIKIj94tK4ug==", "hnVuaDEhxbGffMCkOiTy1A==", "fu2viInfwA1Zq9LmALUkzg==", "V8n5VKFkjNZwkLq+W6E59g==", "jlm8MnE+Ua07hmnpXd564A==", "JVp8gcuEEeRLeKprUvrBUg==", "oEKqq2GIVwWjorWJihmJiw==" ], "i1yNGcAdCbK2SnebCgMUqQ==": [ "I9Xc2JiRiPWfOFS5AHY1Ww==", "AsiuN/8gu7sZ0PJCLihjmw==", "pN9L6/wRgu21CuY/FfnkIA==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "xNJWUdryH0nBQB/93HRNuw==", "hfVFht+buqTExOEVhwr1xQ==" ], "iQnKl0+RxymKc9bhVdyuyQ==": [ "FM2lHn17qlO5uIZtM+Ehmg==", "zFZE1hLph4hR8T7aNvRt0w==" ], "jADxtb7PiatU9dihVhjp/Q==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ "dwNH2KaulTKNFX+9quNpvw==", "sxxGu02J6Xp0UskX/yPO4w==", "R7XEe59RfqPZwHJmDbOyww==", "6PfMuZGMOADiSo4Ifx0/Qw==", "eTM7aUBt48fzJjd2YY1Kaw==", "+Hel9A1WiSK+ZclItesXnQ==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "kEe4Kuw3hXrzhJ/JDjR7wg==", "LiT2UIJJCX7RQxuKZd5BaQ==", "i1iqh+iGOleBv5v21I50xw==" ], "kMrprdB/TspYL2Dyt9hBfw==": [ "nbtTb8L4YMUxpajoNaatQg==", "XPUXyp+BOEJyEGOgXafi8Q==", "qdWe9wwJNQD9uM1J1li1Vg==" ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ "CacO7saUr+KLTbynVQRYzg==", "XPUXyp+BOEJyEGOgXafi8Q==", "I3Zso12Z+9mUcVEvUKWJ8w==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "todSxpG0ADSu6dX8ZW+q4A==", "/rGrv6ID1FHztWkSNUU0Yw==", "ugk8bc5JAs//Hgj923HTXA==", "B/+SfhbeumQponnHheNEVg==" ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ "8QRmG/+fMsQQzP2maaxOag==", "O+a4984RTSUBIVVJsZTw1A==", "cA4I0UWWtzTwMIMUTfN+Sg==", "vPDXRcEg4abq9PCqTBFkAg==", "Ojd6gfhf5HOGBRFGRWmKOg==", "QTcHwvmTXpVKkHS0xdfb9g==", "SmczXqxeZRCcJykxG3Abrg==", "+wnQC0tYj+uyZzMNgN2bcw==", "kkxgUCDqJw1GL8dK+Je2RA==", "Mv7iQu0SgLhcoLH3nS/HZw==", "KXAIwMyIqS4MKyyyosxjhw==", "H8XwHNDIkW12mW+y74dsdQ==", "vnQE6sVVricZrrWA9Xv5RQ==", "I2w7mAdeccRvDV/HeaBOoA==", "ZNESegZx5Vgpkv3OXwE5Cw==", "MGoFQMcsriBEPanvv9LYcQ==", "uILMvGS6obqeMj18FLYSbg==", "6tML+4g9GkMhdrrSDsX4Zw==", "noShzkxXeZ6xaXHAA8su4g==", "Q2EySKz2roj2mYOhGJQA3A==", "AdhtRMEnBdpFFyeSlUP6fA==", "4comqU/5SRuDKC1qqBMlGQ==", "dWdVOD7SorvI9CNble8XGw==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "gpPTgXxcA95Uk2vaf3/2dw==", "TsVNXuAeF3PhiRZhIOjjtQ==", "DtkRUkQTzcJrj8ZsC36kqQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "CYbzKTdqzfhVDluEF23Dxg==", "TGe682MVp+b3S1lDl9HTLw==", "D2PoAhXlfTjf0jSkt9i3qA==", "n78TtR5pw5YtOwMk7gVGmg==", "yNIngFjcdt+ETIv0YvW+4Q==", "jDj44frt+6TCj0cwExt14w==", "BXlYoXrAW947O+Adruh7Zw==", "uW/TgHSIKlO53BnXG1YZSA==", "Daj39cn0p5rpBblQYRpPNw==", "PJ/Blkuxb9rGhjSw0f3NrA==", "IxsDQKwy6X02Ak7TSjZKpA==", "9uo4qIbgVv97/yzslhE6/g==", "uFR2NXYHCgkD0jUkHBTh3g==", "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "dr+z30s3mVMvpF2iMBJ7YA==", "n0AAvWWXPdMdY6hEXZez1A==", "uTjjTMH3twVH5hmw0Wmskw==", "eKKwwoH894W3Vae5kYCKtA==", "tKVE3VH+DixxL49Cbeit6Q==", "S9GgHs7lpMPNDjvswObhPg==", "J1MkSCEBivWCQoYUEvHXOw==", "qPGxfT+FyuMifHo1C/aY6w==", "pg+SRV3v3Mv4Yg+0x76+jg==", "32PT0J5usgv3laBJ37g1fA==", "bdJdbp3pWxo6biBmwKijBQ==", "YfE+7ocdRscmJ75uekg0tA==", "6E1YTgmxENPqo7FirtVNvw==" ], "lxyER9sFQyH/cLua8fAlfw==": [ "/MWzwBJlhhNbF+zp0zgq+A==", "p2+Y5XRhYt7mgZ7H+35S0w==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "G/EKAYKB/V29JLdsy1wFCA==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "8dqpgv7n5GVlIYVt/hP0Gg==", "v+qPraJNH1peMhjiTk1OgA==", "fBIyxzoMf4PtxmiD953WFg==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "tW4ew6Bpf68YpYbdwMyYGA==", "sgKxepKQb+uxgfzzrcWS7w==" ], "me8N6gnEhOLccvD/431aCw==": [ "sna4IH0E1Ui1jpzpKgnFOg==", "XPUXyp+BOEJyEGOgXafi8Q==", "bDMsFO9+dr7IgrwHxKJ/2g==" ], "mqd6XOc7hJ7OKe7FI62YlA==": [ "a5tv38r7RoeoKCznzGbyPQ==" ], "n2BikwI3Mg2dIr4kYK8New==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "nRx5HCyZ2M4L1LvJSclibw==": [ "Ft+9wGiX7gFQHYNS5do1oA==", "jZXEa4mdIQd85t4aOIhsfA==", "TAntNn3gBlGhX3mRHNXfWw==", "fKSzg5ZVW35n1QRKSQYbUA==", "6GILJqctNxTbZFPR6fLtoA==", "d1fus7ZZWC8VndZJIxm7pQ==", "D5TjVz7ghGYgdoVa5+N8bw==", "Mrux1XY1LZVvkWuUp2MCHQ==", "nF1VC5iJhTtrDBwL8mfOiw==", "2vdCDySzHer9qKv7EOUGqQ==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "noZz3cbDBX3Q1ohSWIKe1g==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "PwX0RLPO5W1w6VDjSgcV8A==", "RxmnlWamNxvphCIuarducQ==", "EVXEAewBnzdtEIOYHBpZfA==", "eeetX6Vv3iXNMfmjNIPkQg==", "NAN7p79skZ+eBA0xQMnnqw==", "hinEteXkZ2xZbWF5lSQDEw==", "cw4W3PskPKPJZy+QzFk5bA==", "/U8Jx7SKI9t4H3q4Xm/KEQ==", "TCtup4kp9cBGgmnLMbI+rw==", "AOVkipVLZLxGjwVCB/7mwg==", "NDTeUbmjAj/XEHx68pTD9A==", "rm3fF4UjNztR1JpYwTPaVg==", "i+IfpRQo89HWL/sPRoOFsw==", "CCQ15lzJdM5OqfQf0dLnJQ==", "GwdBWjTMLLj14UbkCrmh/A==", "k/2DvTn2KLL28Yuh/WFLmw==", "kRqkfuoNHXgeW9vp8iyzQw==", "tEG4S6zEddB/Fl32LgLV+A==", "4K4SQ2PlDqXihbvwEXiB/w==", "DPcSz1MBKzyaMMMhJWVyEA==", "EpmDyksRTsldGi5rxDcMlA==", "iJ/65EjB0RUIoiFFN5HgAw==", "vz18/+7m2wxxY2NMQUQ6Yg==", "eaW+XnaOzUpP/JmOZv+wCg==", "0nQVynV3NMmwash6dBc+8Q==", "vWwpCPVTGndMb9IraxXgGg==", "o94cfzaEslnrzBtYm19DkA==", "I5CKvoKqBhFd1vY7fxFKtQ==", "2t1KBK7sA8rKgVHavF6SZA==", "aUFq3vh1h0/30jIMgLEGbg==", "3f5N5l71YgnMV/U9whrIuA==", "obSzOBXxlQxURPk04eb+8Q==", "xjE2Ua1GOmdwVi+xIIGVeQ==", "CrxvMdhOPgYpnOjfUKfH3Q==", "XTLakHdORg480i8g31JU6A==", "zwpNi+NBoVUfQ5Ed4vkNug==", "cbSiFirRdrVkpUeOLy/CjA==", "YVYIQ/H++AefhUYldlykPg==", "AEXyQvL2wFfW+v4I9XmTaQ==", "SduSwzmffGiGJfqQDrSyEA==" ], "nwgNWiqPWTP9jQpHdB8CFA==": [ "c/EuG5G0xeL87UQs3yxxqQ==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "o3loazzxvm2hQ5N1QRaYvg==": [ "eXNCnm2O3ulyDBrjgqgngA==", "U2w6LmoqKmaGSd6IxLZGKg==", "FTUrLe1XMNYvUzaxMdsWeQ==", "VDqplxSZcK9CHQ9RjGiEqQ==", "TFku8MBahkkWbmKYS7dbIQ==", "c0R7sQMFyTIRhp8ZTCTmlw==", "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "DtYmtBkxVMK6KVHn4U+2Yw==", "B3tKTgCVG9JSLHIgfbUFmw==", "U47k8+SGMpP7nHNJFxv5oA==", "2GOqqUt4mwKng/FA0FV67w==", "mPAC5fvINjFbBEv6qTd6tQ==", "LDhDJjeJTHD14xx6vYgQUQ==" ], "oCbJhi6fmGrlKcF1SlNuYw==": [ "8QRmG/+fMsQQzP2maaxOag==", "XXYPGOxEabdavz27Qo+rWQ==", "VJggyJ1jjyIM3XdMGzsDrg==", "1378JmiuKDjVj7PZAMUvLg==", "HNWibMRA8AF0jyyBYQthdA==", "OIcx4C9IsgtrAE0nDs9GdA==", "13fIhbDHRYF0KXmxmJIfiA==", "qFhnV7djagzTbJn2rH4ndA==", "qb5Q/H2wcR/YimCQn+AUYw==", "OhQ6agVzWuY02NakmnlJmw==", "p4PSGpZ+FENmdQZ22vQ2FQ==", "/eIvRWSFFmU3q3Ki3j/gKA==", "nxT/hl64jXfWptNxWhmDuA==", "ygPqOnRCEHz9NjTVM+wIZA==", "4Gs7xCHPPMrNepkQNCPnkg==", "ZiZuAbc4Tq3tBRSI53FjWg==", "YgD8tCzB10z/Jq6XOfCfgQ==", "/pWkiqt8QgDCUksSSa24UQ==", "JMuZ2WXBBx9rW6/jTPLu0A==", "bfa/XbakkA2/5GrUyvwSyw==", "Oz/6eC07LwyvcoelwlI47w==", "Wy87cIX7luFb8A/riFwUyw==", "WqlqRQL17MeMqdTx+SuEyw==" ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ "l2+nQ26t0lYvVluseJErUQ==", "0UxirvKJMj5gY8fbrSf6sA==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "ugAB401UYtKGrqztlPOlZA==", "LlIx9R1y9EWEYmMjr1l1rw==" ], "om/hnbn42itSjLCSeL6+2A==": [ "JmAt+4wqaQRWn+7jyy1oCQ==", "QBNxNqNCcUL/GHKqOh7Fyw==" ], "p9BcHmUiqsfiDX2HpNFM5g==": [ "4Oz54fEBFyAJBdTJ/p2wxA==", "OlzUZywb212kcLte3jiS3g==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "dKzgwwkG/spsYd8PVvrk6A==", "iPCZH9YqKm3Qb2Qeqw32sA==" ], "peDze6790+ubKa/8hacS+w==": [ "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "pff1wMeg2U6ebqlGIkRlMg==": [ "8QRmG/+fMsQQzP2maaxOag==", "DK1x7B/vzgaKlXynN3g1KA==", "5fSQkV1bu4GJUiaWjO+PNQ==", "U/ITon4/vjzN/EsZEGI38Q==", "m02T5S9rBezyv/+a/R6Fkw==", "goLAuNZUT0caQTKiv7m0Fg==", "s/wLIAA4VDi9HrbyrnYgbg==", "R1Akf7BYKFH+Usf+3IS0Cg==", "fI1ruEtJ325PbGUQKXuiVA==", "+0Id+AHw3V8pYW+ywWnP+g==", "IENtFrOwfEqYX/lp+0u2Gw==", "Y2pXpR4HKVIWAZ1sDtjo8A==", "WLpGLJSV+lV8a0xggVfA3A==", "a+77t9fGz9BxOnJlGe2W1Q==", "9feM+1JJIYgC5OZCglyV3w==", "JZVeRC2oy93Tv6vLZpVqJQ==", "9Ad5Q6DJD1JusuIjCNfUvQ==", "mBrf1Yfgr5icNwG8S0edeA==", "B1THb18jP+rSUaY77CvPng==", "8oKavHMm8C7p1QC+rNA0zA==", "CD0KTiCn+kQ9+lGQdzy4Lw==", "fD8Z9mQCc8h27ZwElVMLmA==", "u0i6Tc2zpzW8/pMdj7AH4w==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "FOhuL+ZLaAMigc1crKc/uA==", "ryv0HUHLJe8DIxGNl9VAgQ==" ], "qIHoKDOcFEbVk0+xQvglbQ==": [ "K5fLrkou5COixf2q2qhQ5Q==", "K/Jzpgc6xwHh47HFu+S8BQ==", "FkxoK2aSVfPglVllnxzplw==", "kyjbj2qojW5SnPuCG4+T3A==", "B1FsL93s2G1YxIvrdDvTfg==", "QSEpEyTM9A7rsX/qx644wQ==", "JS9NNql9cJTDkzzfXyJzDQ==", "m0VRm0XEm9FSwttsQ8QLaQ==", "3E/EPC1OcoKQToPb+efdaQ==", "QqK1O3FCNB9QbClJ7bZ6YA==", "VDQb6roo+zwBamxPu+hGeQ==", "YvRDVCmqISFAkWCu7WaKkQ==", "wG1iwTc5HBr1VKWUstaeHw==", "piA8HykwHgm/u3haFYSPzw==", "YCFy9R5BUcPVuUEYQkJQ4w==", "gxC5QcXnizTYqfkIqc6zTA==", "wh8UL6jE02MHJgululn0nA==", "sTWSbUm1UHqZR0zHxPPV1A==", "ca+BSCGp5tEYAgJqvm8GFw==", "Sal0GJMIh5Nqb3U4N6ro0g==", "g9gU2/SbcO/F9X65zpT4Uw==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "PgPRtFXcN+6zuIY77w+muQ==", "xsP7BCzVmEb3+qivw8mFIQ==", "l2fXal/tlhZFSzN3bmiLSg==", "D0qSEDt7Rns05A3ywUZLtw==", "/+0dqY3HS0Vwp8Izm3R04Q==", "K12v1aAHn6bz+NiEB1W7GA==", "M3xoPIiF+fvDRyYkizrMWQ==", "5IIoRCBMIgus62mGlE3F9A==", "ZhxWQvKqBGgL77fuUQ4Ghg==", "lsfrxxENmZMCtV8uOKkr8Q==", "26JRymquUeoxtDSKcKSDSg==", "0KjhdYYIURWUfsbpzAdnPQ==", "8Ldq46rf2Z9JTBjkrtfV0g==", "EhVqWSecC9djAkoW+k/+hQ==", "Lc7NiV76Y8Ubl6+6Vgd+sw==", "dkGOl+YKkRksmyjmvQ3FsA==", "PdNX5RN9keIsqOloxy7mkg==", "uXRgwaipa8s2OMXjAf1Thg==", "HHpOVRDbzmY2UhydU+uwcg==", "6pBzw2YiS9JmVvplQUxl2Q==", "T507T5wFbtPlOW9lG7LxIA==" ], "qTTyL80F/2JUAy85WSpobg==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "rkUaC636uKZYge61PN1dew==": [ "lCd4ciOqH+xVdJTAK6erDg==", "nFaODSvvA4RrGIiPJ9FjRA==" ], "ryPyL0/oZK1jJ8umBZkZBA==": [ "ky4IJ5u2Ib7CaDmE7xOysg==", "7+mdkcJcBwtv88RB9AcmHQ==" ], "szNvvFbgC3+nu7+FkWHQxA==": [ "QQ1upjXEDW7OiB4aR8O/8A==", "QhESIu1eoXqoSNW7jNhlZg==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "HMF5qYGPMt4Fb5i6RtdwRA==", "tC2r7U8qVBEhU9NaT3fMVg==" ], "tsX00aIcJlVDdnN8EABj3g==": [ "SSAJUNd+iNG0Dh0JEHjSXA==", "EEMnwT7ARQJ+dbVETnKljw==" ], "uXpj8krYkomg5XDZ83F2kg==": [ "936XDvlfcwVB/34fQscf7w==", "qtpMNZ+V4szO/Tox+eT3Cg==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "i3BrKsmhYf5wZYkQCBxUGw==", "/EvgSih2YVXl7ohENLMJIQ==" ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ "Mukn5ixgUb/zb+mcMFd16Q==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "wXu3MDegq/TfLSbBy6aoBQ==": [ "3k2lNJd2kR3VB6gGhj547g==", "XPUXyp+BOEJyEGOgXafi8Q==", "Kqi7XT4SGpqJzglrXFbYsQ==" ], "wsc0mBnyNwrXYdpo0V+0aw==": [ "YSdK7PYtLQ7JLXu7W4mdRQ==", "TteHTvD/qC9z9/bg4D+o8w==" ], "xC2PhiBOHiQbniVjaMltjw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ "5MqCycBYSRDsdNOzvOandQ==", "XPUXyp+BOEJyEGOgXafi8Q==", "WhaoYkvfheR7Tz30m0/IKA==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "s20Tn7zOYHvK/n/K8/hWrA==", "+0pi5+jw8FdwHp5pZIVTBg==", "hRSnphgIhBaU8a2RyBPsuA==" ], "yLdg/zIMr1LMvkW9tAZlGw==": [ "0tfYnYhAiMREOXyqf/1Urw==", "fT2bR3Pvvu+yOGDatxsWcw==", "h8nlVtUPrGKdJF9xyffy7g==", "ggJq5z8YW0kySCUAGUYdXg==", "skjryijgaN9YVeVVq8xZmA==", "j8vL1GycOevI00+qC9aKmw==" ], "z/d/zUXK6aF2L4H7dfeSZw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "zPYyryKVwACz98/WbfSW6w==": [ "jlQB8YKpspXbBoHQT0JY7A==", "hWXaFNGw43ZC0VkI4/s2Pw==", "YlN21JbaOAqORXBYjgJOYA==", "CaVsGPkqzxcrIauiEFdPpw==", "o/JG334q9R0nTyZD1vNw7w==", "GXObP88ZOLkWQuVeVgHh/g==" ], "zpqzIc9TY4hiXJG024jdBQ==": [ "dT4TBdsMnRpAlGfPboRcFg==", "okRzJuZWda3BPI4wHU6OSg==", "rPXe6sMC/46EZbom2R58Iw==", "GKtgrnguQJIeMtP51nnNZQ==", "jweM09oSTMKt4t5s2Lpg9g==", "2tFr9TQJkcgsTrNAQX0kdw==", "rDx7RcnC1Ce961LxuRo53Q==", "6W4lt5SjUgXnbxNap1O0Cg==", "JMtxzN1jgVs2Gwo2QsOKnQ==", "BgLn2RypgHsjIVj0SLunZg==", "/HT2WOXIuvVNrzT1Wp3ntw==", "iKVtZrDNXfISjmDp1xYKBQ==", "JeqcZQqZ6re77qRb9vpAHQ==", "v6t7qJCF3xL8IO0nPwJX1g==", "10T7L0U8GuP9Qhz3unCqvw==", "DlzGGXSItv6fZobEGaNWCA==", "IoeuDKI/vu/XCDGoDKzX3g==", "6otwEH3RP+2A14zXLvGXpg==", "xEtBJoALTqnQBn0TOsRe9w==", "sWPZolO+x42N83xPk/byrw==", "o2Jv7s2Wil4Jz6qK6599ww==", "CVNFdSU8eHIr3mZk7+SX/Q==", "G1ju8KSMzz6zOg31bF5lRw==", "h7rVfEQf7/yrRLndyq6HvA==", "NeoXfJYSR9hqSpA4BJOyWQ==", "a1E+QseojoZ2Q73j8WWCLg==", "3E5wmOETiTx03Y24iDJEUg==", "yRV28i/MrM7mz4Vw1MzWxA==", "Kp6vEAyTjVJyCperHJ2MsQ==", "9lqG2xu+85HJHcn8UQyZ2A==", "nM+XWkmaG537tz4PDM13+w==", "zRaIctSo0IHgkpOD2xBvHw==", "UEW14H6J4RBSZEjpG6p4bw==", "bj9lurrpBxE/q4lRd2Wp7A==", "sYa4l6veBD/KmL7osWW7fQ==", "dxRzT6G0UObuWf8SWujnng==", "izYg2kL7sTEI8ASmlxRCdA==", "6Q0Sg/Y1lskU2n7rbcxAIw==", "r3htJBqpa1VO27wdQgcGyw==", "ibGOv13N1m/577Kb32wGxw==", "Lsd0oY+cRz3Y5y3+G6CYMA==", "00MQS+g+VNjKvRbuFWsWbQ==", "htRPPeb7P9MNS47zhEuuaw==", "NfM08djkMgc3ukqHI37OMg==", "gjn1JHWHaWtPNhKrrRINWw==", "IUI8ka2AYA1twZAQi4gL5Q==", "IIfJmT1yzMqBOVKMy3nlyQ==", "5gK/V8vtqDYoHf1LFdtSbA==", "DI5ofU0JT+/wsYx2AeXNiA==", "YQVoCJX8BLl6S5wPwmTGtg==", "6ysC6D7BSkYQ7y8vZ1O7HA==", "xqLSmaq+0/3ps+9zoCEL9g==", "VxNINARrmRd6QnZ2htNesA==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ] }, "enrichments": {} } pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 3, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: rsync-3.2.3-18.el9 (CVE-2024-12085), sqlite-3.34.1-6.el9_1 (CVE-2025-6965), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-6965), git-core-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), golang-src-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libtiff-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-12797), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), libtiff-devel-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-6965), openssl-1:3.0.1-47.el9_1 (CVE-2024-12797), libwebp-devel-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), openssh-clients-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-12797), golang-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), libwebp-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), delve-1.8.3-1.el9 (CVE-2024-34156), pam-1.5.1-12.el9 (CVE-2024-10963, CVE-2025-6020, CVE-2025-8941), python3-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), libarchive-3.5.3-3.el9 (CVE-2025-5914), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), go-toolset-1.18.9-1.el9_1 (CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), krb5-libs-1.19.1-24.el9_1 (CVE-2023-39975, CVE-2024-3596), glibc-common-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), freetype-2.10.4-9.el9 (CVE-2025-27363), emacs-filesystem-1:27.2-6.el9 (CVE-2023-2491, CVE-2023-28617, CVE-2025-1244), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), openssh-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), less-590-1.el9_0 (CVE-2024-32487), libeconf-0.4.1-2.el9 (CVE-2023-30079), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2024-6345), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), python3-cloud-what-1.29.30.1-1.el9_1 (CVE-2023-3899), libnghttp2-1.43.0-5.el9 (CVE-2023-44487), golang-bin-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libdnf-plugin-subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), python3-subscription-manager-rhsm-1.29.30.1-1.el9_1 (CVE-2023-3899), nodejs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2024-6345), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-38545), glibc-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libpq-devel-13.5-1.el9 (CVE-2025-1094), libpq-13.5-1.el9 (CVE-2025-1094), bsdtar-3.5.3-3.el9 (CVE-2025-5914), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), perl-Git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 228 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: expat-2.4.9-1.el9_1.1 (CVE-2025-59375)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: rpm-build-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), systemd-pam-250-12.el9_1.3 (CVE-2023-7008), rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), rsync-3.2.3-18.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747), perl-File-Find-1.37-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-overload-1.31-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-libs-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), perl-AutoLoader-5.74-479.el9 (CVE-2023-47038, CVE-2025-40909), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), perl-interpreter-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), git-core-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), golang-src-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-mro-1.23-479.el9 (CVE-2023-47038, CVE-2025-40909), libgomp-11.3.1-2.1.el9 (CVE-2020-11023), libtiff-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), openssl-devel-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), perl-Getopt-Std-1.12-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-POSIX-1.94-479.el9 (CVE-2023-47038, CVE-2025-40909), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), python3-idna-2.10-7.el9 (CVE-2024-3651), perl-Errno-1.30-479.el9 (CVE-2023-47038, CVE-2025-40909), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), openssl-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), gmp-1:6.2.0-10.el9 (CVE-2021-43618), systemd-rpm-macros-250-12.el9_1.3 (CVE-2023-7008), perl-lib-0.65-479.el9 (CVE-2023-47038, CVE-2025-40909), libicu-67.1-9.el9 (CVE-2025-5222), openssh-clients-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), openssl-libs-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), systemd-250-12.el9_1.3 (CVE-2023-7008), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), libgcc-11.3.1-2.1.el9 (CVE-2020-11023), golang-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), systemd-libs-250-12.el9_1.3 (CVE-2023-7008), perl-if-0.60.800-479.el9 (CVE-2023-47038, CVE-2025-40909), rpm-sign-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), delve-1.8.3-1.el9 (CVE-2024-45336, CVE-2025-22866, CVE-2025-58183), pam-1.5.1-12.el9 (CVE-2024-10041, CVE-2024-22365), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), gnutls-3.7.6-12.el9_0 (CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395), cpp-11.3.1-2.1.el9 (CVE-2020-11023), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), libstdc++-11.3.1-2.1.el9 (CVE-2020-11023), perl-File-stat-1.09-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Compare-1.100.600-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), python3-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), libarchive-3.5.3-3.el9 (CVE-2025-25724), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-DynaLoader-1.47-479.el9 (CVE-2023-47038, CVE-2025-40909), libgcrypt-1.10.0-8.el9_0 (CVE-2024-2236), git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), go-toolset-1.18.9-1.el9_1 (CVE-2023-29402, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), perl-subs-1.03-479.el9 (CVE-2023-47038, CVE-2025-40909), libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), krb5-libs-1.19.1-24.el9_1 (CVE-2020-17049, CVE-2023-36054, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528, CVE-2025-3576), perl-B-1.80-479.el9 (CVE-2023-47038, CVE-2025-40909), bzip2-1.0.8-8.el9 (CVE-2019-12900), perl-FileHandle-2.03-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-common-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-SelectSaver-1.02-479.el9 (CVE-2023-47038, CVE-2025-40909), go-srpm-macros-3.0.9-9.el9 (CVE-2025-47906), emacs-filesystem-1:27.2-6.el9 (CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), glib2-devel-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), gcc-c++-11.3.1-2.1.el9 (CVE-2020-11023), perl-IPC-Open3-1.21-479.el9 (CVE-2023-47038, CVE-2025-40909), openssh-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2025-22150, CVE-2025-23085, CVE-2025-31498), git-core-doc-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), python3-rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), binutils-gold-2.35.2-24.el9 (CVE-2022-4285), libjpeg-turbo-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), gcc-11.3.1-2.1.el9 (CVE-2020-11023), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), perl-Symbol-1.08-479.el9 (CVE-2023-47038, CVE-2025-40909), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), libeconf-0.4.1-2.el9 (CVE-2023-22652), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), perl-NDBM_File-1.15-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), perl-base-2.27-479.el9 (CVE-2023-47038, CVE-2025-40909), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), libstdc++-devel-11.3.1-2.1.el9 (CVE-2020-11023), perl-Fcntl-1.13-479.el9 (CVE-2023-47038, CVE-2025-40909), expat-2.4.9-1.el9_1.1 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), perl-Class-Struct-0.66-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-overloading-0.02-479.el9 (CVE-2023-47038, CVE-2025-40909), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), golang-bin-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), dmidecode-1:3.3-7.el9 (CVE-2023-30630), binutils-2.35.2-24.el9 (CVE-2022-4285), perl-File-Copy-2.34-479.el9 (CVE-2023-47038, CVE-2025-40909), libicu-devel-67.1-9.el9 (CVE-2025-5222), nodejs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), rpm-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), libcap-2.48-8.el9 (CVE-2023-2603), glibc-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libjpeg-turbo-devel-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), wget-1.21.1-7.el9 (CVE-2024-38428), bsdtar-3.5.3-3.el9 (CVE-2025-25724), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), perl-vars-1.05-479.el9 (CVE-2023-47038, CVE-2025-40909), pixman-0.40.0-5.el9 (CVE-2022-44638), glib2-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), perl-File-Basename-2.85-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-Git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-IO-1.43-479.el9 (CVE-2023-47038, CVE-2025-40909), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2020-11023)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 701 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: systemd-pam-250-12.el9_1.3 (CVE-2025-4598), rsync-3.2.3-18.el9 (CVE-2024-12086, CVE-2025-10158), sqlite-3.34.1-6.el9_1 (CVE-2025-52099), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-52099), python3-pip-wheel-21.2.3-6.el9 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), git-core-2.31.1-3.el9_1 (CVE-2025-48386), golang-src-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libX11-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libtiff-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), gdb-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-52099), systemd-rpm-macros-250-12.el9_1.3 (CVE-2025-4598), openssh-clients-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), systemd-250-12.el9_1.3 (CVE-2025-4598), golang-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libxml2-2.9.13-3.el9_1 (CVE-2025-9714), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5683), systemd-libs-250-12.el9_1.3 (CVE-2025-4598), lz4-libs-1.9.3-5.el9 (CVE-2025-62813), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), coreutils-single-8.32-32.el9 (CVE-2025-5278), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), python3-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libarchive-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), git-2.31.1-3.el9_1 (CVE-2025-48386), libxslt-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), go-toolset-1.18.9-1.el9_1 (CVE-2020-28362, CVE-2021-3115, CVE-2021-42574, CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libX11-xcb-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), gdb-gdbserver-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), gdb-headless-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), go-srpm-macros-3.0.9-9.el9 (CVE-2024-8244), openssh-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), git-core-doc-2.31.1-3.el9_1 (CVE-2025-48386), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), tar-2:1.34-6.el9_1 (CVE-2025-45582), binutils-gold-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), libX11-common-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libX11-devel-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), curl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), golang-bin-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), binutils-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), nodejs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), libpq-devel-13.5-1.el9 (CVE-2025-4207), libpq-13.5-1.el9 (CVE-2025-4207), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), bsdtar-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), perl-Git-2.31.1-3.el9_1 (CVE-2025-48386), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-9714)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 207 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: git-core-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), golang-src-1.18.9-1.el9_1 (CVE-2024-45341), libtiff-4.4.0-5.el9_1 (CVE-2023-6228), openssl-devel-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), gdb-10.2-10.el9 (CVE-2021-3826), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-6228), openssl-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), openssl-libs-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), golang-1.18.9-1.el9_1 (CVE-2024-45341), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458), glibc-headers-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), delve-1.8.3-1.el9 (CVE-2024-45341), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), file-5.39-10.el9 (CVE-2022-48554), shadow-utils-2:4.9-5.el9 (CVE-2023-4641, CVE-2024-56433), procps-ng-3.3.17-8.el9 (CVE-2023-4016), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), python3-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), libarchive-3.5.3-3.el9 (CVE-2022-36227), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), ncurses-6.2-8.20210508.el9 (CVE-2022-29458), go-toolset-1.18.9-1.el9_1 (CVE-2024-45341), krb5-libs-1.19.1-24.el9_1 (CVE-2024-26458, CVE-2024-26461), glibc-common-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), gdb-headless-10.2-10.el9 (CVE-2021-3826), lua-libs-5.4.4-2.el9_1 (CVE-2022-28805), glib2-devel-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2024-25629, CVE-2025-23165), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glibc-devel-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), curl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), golang-bin-1.18.9-1.el9_1 (CVE-2024-45341), nodejs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), file-libs-5.39-10.el9 (CVE-2022-48554), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), libcap-2.48-8.el9 (CVE-2023-2602), glibc-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), libpq-devel-13.5-1.el9 (CVE-2022-41862), libpq-13.5-1.el9 (CVE-2022-41862), bsdtar-3.5.3-3.el9 (CVE-2022-36227), python3-libs-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), glib2-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), glibc-locale-source-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), perl-Git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 187 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: sqlite-3.34.1-6.el9_1 (CVE-2024-0232), libpkgconf-1.7.3-9.el9 (CVE-2023-24056), sqlite-devel-3.34.1-6.el9_1 (CVE-2024-0232), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), libX11-1.7.0-7.el9 (CVE-2022-3555), libgomp-11.3.1-2.1.el9 (CVE-2022-27943), libtiff-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), sqlite-libs-3.34.1-6.el9_1 (CVE-2024-0232), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), openssl-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), libgcc-11.3.1-2.1.el9 (CVE-2022-27943), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), qt5-srpm-macros-5.15.3-1.el9 (CVE-2025-23050), pcre2-10.40-2.el9 (CVE-2022-41409), gawk-5.1.0-6.el9 (CVE-2023-4156), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), libpng-2:1.6.37-12.el9 (CVE-2022-3857), ncurses-base-6.2-8.20210508.el9 (CVE-2023-50495), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-50495), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), cpp-11.3.1-2.1.el9 (CVE-2022-27943), libstdc++-11.3.1-2.1.el9 (CVE-2022-27943), pkgconf-pkg-config-1.7.3-9.el9 (CVE-2023-24056), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), python3-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), libarchive-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libxslt-1.1.34-9.el9 (CVE-2025-11731), ncurses-6.2-8.20210508.el9 (CVE-2023-50495), libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), emacs-filesystem-1:27.2-6.el9 (CVE-2017-1000383), glib2-devel-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), gcc-c++-11.3.1-2.1.el9 (CVE-2022-27943), elfutils-debuginfod-client-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), pkgconf-1.7.3-9.el9 (CVE-2023-24056), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), tar-2:1.34-6.el9_1 (CVE-2023-39804), binutils-gold-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libxslt-devel-1.1.34-9.el9 (CVE-2025-11731), gcc-11.3.1-2.1.el9 (CVE-2022-27943), libX11-common-1.7.0-7.el9 (CVE-2022-3555), pkgconf-m4-1.7.3-9.el9 (CVE-2023-24056), libX11-devel-1.7.0-7.el9 (CVE-2022-3555), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), cmake-filesystem-3.20.2-7.el9 (CVE-2025-9301), curl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), libstdc++-devel-11.3.1-2.1.el9 (CVE-2022-27943), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258), pcre2-devel-10.40-2.el9 (CVE-2022-41409), binutils-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), elfutils-default-yama-scope-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), nodejs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), elfutils-libelf-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), elfutils-libs-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), bsdtar-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), glib2-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), patch-2.7.6-16.el9 (CVE-2021-45261), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 444 } }, { "msg": "Found packages with unknown vulnerabilities. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-devel-1.2.0-3.el9 (CVE-2023-5129), libwebp-1.2.0-3.el9 (CVE-2023-5129)", "name": "clair_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } } ] } ] {"vulnerabilities":{"critical":0,"high":228,"medium":701,"low":187,"unknown":2},"unpatched_vulnerabilities":{"critical":0,"high":1,"medium":207,"low":444,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "digests": ["sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:19:38+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | init container: place-scripts 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-0-sp6mw 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-1-ppxb4 pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 33.269 sec (0 m 33 s) Start Date: 2026:02:10 22:18:48 End Date: 2026:02:10 22:19:21 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "digests": ["sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f"]}} pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading df118636bfac clamscan-result-amd64.log Uploading 5426cc528b5a clamscan-ec-test-amd64.json Uploaded df118636bfac clamscan-result-amd64.log Uploaded 5426cc528b5a clamscan-ec-test-amd64.json Uploading ecbfcc68b3bc application/vnd.oci.image.manifest.v1+json Uploaded ecbfcc68b3bc application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:ecbfcc68b3bc5e508a9c8a48248197f3f1a5f57a52c2e8981a2915a837319199 pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | init container: prepare 2026/02/10 22:16:46 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | init container: place-scripts 2026/02/10 22:16:46 Decoded script /tekton/scripts/script-0-2c6vb 2026/02/10 22:16:46 Decoded script /tekton/scripts/script-1-vbfn4 pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761810.7409165,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761810.932223,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ 27c8fd00029d26c81cc79ce57fa942af87688b50 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761810.9322724,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761810.9608169,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 27c8fd00029d26c81cc79ce57fa942af87688b50 directly. pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | init container: prepare 2026/02/10 22:16:32 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | init container: place-scripts 2026/02/10 22:16:33 Decoded script /tekton/scripts/script-0-sck9r pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-m5bqj pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | container step-push: [2026-02-10T22:18:32,553826208+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.qWcUMGbNLh --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:sha256-ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f.dockerfile Dockerfile pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-mzv7w 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-hxfjz pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-118.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-123.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:33+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 3b606a9dd3a1 shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading c2ce31f509ee application/vnd.oci.image.manifest.v1+json Uploaded c2ce31f509ee application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:c2ce31f509ee781f8f6fe525190464042122a78749c4b4d8bda6d7c26900286d No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-kczxc 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-6w67x pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-urfrln INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-g7bbj 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-svf6q pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:33+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 901f6753eae2 application/vnd.oci.image.manifest.v1+json Uploaded 901f6753eae2 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:901f6753eae213758438b26a67853eca1d041ab28255303c1c74fc0577b96386 No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | init container: prepare 2026/02/10 22:16:54 Entrypoint initialization pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | init container: place-scripts 2026/02/10 22:16:54 Decoded script /tekton/scripts/script-0-mk4bd 2026/02/10 22:16:54 Decoded script /tekton/scripts/script-1-vkkxx pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | container step-sanitize-config-file-with-yq: pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | init container: place-scripts 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-0-d6zrd 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-1-xhrsx 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-2-px55g 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-3-qvnh5 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-4-cdqbc 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-5-tqbmr pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Auth json written to "/auth/auth.json". pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-set-skip-for-bundles: 2026/02/10 22:18:30 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-app-check: time="2026-02-10T22:18:30Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:18:30Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 for platform amd64" time="2026-02-10T22:18:30Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50" time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:19:08Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:19:08Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:19:36Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:19:36Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:19:36Z" level=info msg="This image's tag on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 will be paired with digest sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 117, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 27901, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 226, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:19:37Z" level=info msg="Preflight result: FAILED" pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761977","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761977","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} [FAILED] in [It] - /tmp/tmp.EaIZ2fdreL/tests/integration-service/group-snapshots-tests.go:161 @ 02/10/26 22:19:47.506 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc00190c420>: pod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:18:26Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50" time="2026-02-10T22:18:26Z" level=info msg="[param] Image digest: sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f" time="2026-02-10T22:18:26Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:18:26Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: prepare 2026/02/10 22:17:01 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: place-scripts 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-0-f8ndg 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-1-5gnxr 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-2-qnsmj 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-3-9r4cv 2026/02/10 22:17:01 Decoded script /tekton/scripts/script-4-6thh6 pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-build: [2026-02-10T22:17:05,864584967+00:00] Validate context path [2026-02-10T22:17:05,867867077+00:00] Update CA trust [2026-02-10T22:17:05,868901787+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:17:07,839308060+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:17:07,845030262+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:17:07,964595453+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4 Copying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3 Copying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09 Copying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83 Copying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301 Writing manifest to image destination Storing signatures [2026-02-10T22:17:20,354326246+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:17:07Z", "com.redhat.component": "go-toolset-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.k8s.description": "Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.", "io.k8s.display-name": "Go 1.18.9", "io.openshift.expose-services": "", "io.openshift.s2i.scripts-url": "image:///usr/libexec/s2i", "io.openshift.tags": "builder,golang,golang118,rh-golang118,go", "io.s2i.scripts-url": "image:///usr/libexec/s2i", "maintainer": "Red Hat, Inc.", "name": "rhel9/go-toolset", "release": "14", "summary": "Platform for building and running Go Applications", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/rhel9/go-toolset/images/1.18.9-14", "vcs-ref": "27c8fd00029d26c81cc79ce57fa942af87688b50", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.18.9", "org.opencontainers.image.revision": "27c8fd00029d26c81cc79ce57fa942af87688b50", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component", "quay.expires-after": "6h", "org.opencontainers.image.created": "2026-02-10T22:17:07Z" } [2026-02-10T22:17:20,401327792+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:17:20,404659713+00:00] Add secrets [2026-02-10T22:17:20,412092652+00:00] Run buildah build [2026-02-10T22:17:20,413176172+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=27c8fd00029d26c81cc79ce57fa942af87688b50 --label org.opencontainers.image.revision=27c8fd00029d26c81cc79ce57fa942af87688b50 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --label quay.expires-after=6h --label build-date=2026-02-10T22:17:07Z --label org.opencontainers.image.created=2026-02-10T22:17:07Z --annotation org.opencontainers.image.revision=27c8fd00029d26c81cc79ce57fa942af87688b50 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/group-snapshot-multi-component --annotation org.opencontainers.image.created=2026-02-10T22:17:07Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.giK5qO -t quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 . STEP 1/10: FROM registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 STEP 2/10: COPY . . STEP 3/10: RUN go mod download go: no module dependencies to download STEP 4/10: RUN go build -o ./main STEP 5/10: ENV PORT 8081 STEP 6/10: EXPOSE 8081 STEP 7/10: CMD [ "./main" ] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json STEP 9/10: COPY labels.json /root/buildinfo/labels.json STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="27c8fd00029d26c81cc79ce57fa942af87688b50" "org.opencontainers.image.revision"="27c8fd00029d26c81cc79ce57fa942af87688b50" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/group-snapshot-multi-component" "quay.expires-after"="6h" "build-date"="2026-02-10T22:17:07Z" "org.opencontainers.image.created"="2026-02-10T22:17:07Z" COMMIT quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 --> 8c5c151a0dfd Successfully tagged quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 [2026-02-10T22:17:23,506356829+00:00] Unsetting proxy [2026-02-10T22:17:23,507577474+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi9/go-toolset:1.18.9-14 registry.access.redhat.com/ubi9/go-toolset:1.18.9-14@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination [2026-02-10T22:17:30,467569407+00:00] End build pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-push: [2026-02-10T22:17:30,983025656+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:17:32,997958313+00:00] Convert image [2026-02-10T22:17:32,999018811+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-j4rb2-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:go-component-urfrln-on-pull-request-j4rb2-build-container Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination [2026-02-10T22:17:43,982105546+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Getting image source signatures Copying blob sha256:31bd23fe372cdae8c968db9d2c03cf3f6c7d52a9365a8f9540f176f1ff2b7a6f Copying blob sha256:d3f6a420cbadfb30033dc481690b39191ce6d2d841ccd54434c352f474ea54c3 Copying blob sha256:a653a5ff4eaef6037f4f354414ab251ac7218d2d42fc8326743fc63ecf2cabd5 Copying blob sha256:314640f419c581ddcac8f3618af39342a4571d5dc7a4e1f5b64d60f37e630b49 Copying blob sha256:db77b3de17313a3fab2620178c01a4ef8eb60cbe722a6e9390f3cbb1132a7d22 Copying config sha256:8c5c151a0dfd252c1787e1a5a54dcabfdfd8d8cd11415a6486fb318ca57b3e19 Writing manifest to image destination sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11fquay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 [2026-02-10T22:17:44,830009456+00:00] End push pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:17:45,086949377+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:18:05,773698387+00:00] End sbom-syft-generate pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-prepare-sboms: [2026-02-10T22:18:06,178434379+00:00] Prepare SBOM [2026-02-10T22:18:06,182245352+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:18:07,275 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:18:07,711 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi9/go-toolset@sha256:4e320bd8b62e406dfc567886aeab4914db125c73fe9ec308b306c72883101d51 2026-02-10 22:18:08,708 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:18:08,708 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:18:08,710 [INFO] mobster.log: Contextual workflow completed in 1.10s 2026-02-10 22:18:08,846 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:18:08,917535169+00:00] End prepare-sboms pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-upload-sbom: [2026-02-10T22:18:09,276180365+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:83fa50aefb3c8b6b1c6d9bbb337c00a378885adb77b7c6b69400f48ffabdf783 [2026-02-10T22:18:11,653971239+00:00] End upload-sbom pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | init container: prepare 2026/02/10 22:18:14 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | init container: place-scripts 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-0-wtdrv 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-1-tdmb6 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-2-6hl75 pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-build: [2026-02-10T22:18:18,329419522+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 55eb4bee09e9cd0cd650a640fe96b4922db4c80175f16d730ee45d42b5554c1f Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: go-component-urfrln-on-pull-request-j4rb2-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:18:20,552011027+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | init container: prepare 2026/02/10 22:18:23 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | init container: place-scripts 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-0-8cp2n 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-1-28g99 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-2-4rxdf 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-3-c58jm pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:18:31Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"}] 2026-02-10T22:18:31Z INF libvuln initialized component=libvuln/New 2026-02-10T22:18:32Z INF registered configured scanners component=libindex/New 2026-02-10T22:18:32Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:18:32Z INF index request start component=libindex/Libindex.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f 2026-02-10T22:18:32Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f 2026-02-10T22:18:32Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=CheckManifest 2026-02-10T22:18:32Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=FetchLayers 2026-02-10T22:18:43Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=ScanLayers 2026-02-10T22:18:43Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-9.1.0-1782 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-s2i-core-1-394 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-ubi9-s2i-base-1-421 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:44Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670 manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f path=root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:47Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=ScanLayers 2026-02-10T22:18:47Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexManifest 2026-02-10T22:18:47Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexFinished 2026-02-10T22:18:47Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f state=IndexFinished 2026-02-10T22:18:48Z INF index request done component=libindex/Libindex.Index manifest=sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f { "manifest_hash": "sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f", "packages": { "++K+RsmgWfVk2mj1+hzWKA==": { "id": "++K+RsmgWfVk2mj1+hzWKA==", "name": "zlib-devel", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+8O7w8gnK983LoZMdgIWhQ==": { "id": "+8O7w8gnK983LoZMdgIWhQ==", "name": "kernel-headers", "version": "5.14.0-162.18.1.el9_1", "kind": "binary", "source": { "id": "", "name": "kernel", "version": "5.14.0-162.18.1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+A7/nzEXX3Q/xJZ50VMnlQ==": { "id": "+A7/nzEXX3Q/xJZ50VMnlQ==", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.3.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+B22ALb6YCnXu+3s6afaLg==": { "id": "+B22ALb6YCnXu+3s6afaLg==", "name": "python3-decorator", "version": "4.4.2-6.el9", "kind": "binary", "source": { "id": "", "name": "python-decorator", "version": "4.4.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "+LQ46YAn9giMKDZRMCUpfg==": { "id": "+LQ46YAn9giMKDZRMCUpfg==", "name": "perl-lib", "version": "0.65-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Mkqc/Y23wK8i6e0RDbi0w==": { "id": "+Mkqc/Y23wK8i6e0RDbi0w==", "name": "libstdc++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+jCn1wujuDa5B1uNvCdVnw==": { "id": "+jCn1wujuDa5B1uNvCdVnw==", "name": "device-mapper-libs", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+yIdH2Pb8SGFuXnry3uK/A==": { "id": "+yIdH2Pb8SGFuXnry3uK/A==", "name": "gdb", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/FMjm+UzO0PTaS3Td0lhkw==": { "id": "/FMjm+UzO0PTaS3Td0lhkw==", "name": "pkgconf-pkg-config", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/L1kFEoHZTukrNTCQLypFQ==": { "id": "/L1kFEoHZTukrNTCQLypFQ==", "name": "xz-libs", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/dbWc/LExxt1O7duWFf9og==": { "id": "/dbWc/LExxt1O7duWFf9og==", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.3.3-0.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/t0e+LuglIbDcO/k67Hr2A==": { "id": "/t0e+LuglIbDcO/k67Hr2A==", "name": "elfutils-libs", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/th8aUKrkgR3Sw9KSBM+CA==": { "id": "/th8aUKrkgR3Sw9KSBM+CA==", "name": "python3-subscription-manager-rhsm", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "09fH92fqoWDOaYEpwQ9p2g==": { "id": "09fH92fqoWDOaYEpwQ9p2g==", "name": "ed", "version": "1.14.2-12.el9", "kind": "binary", "source": { "id": "", "name": "ed", "version": "1.14.2-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0N0D43vK8KV4kQOq2LQn7g==": { "id": "0N0D43vK8KV4kQOq2LQn7g==", "name": "glibc-locale-source", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0QIby1L00NbGeIw8oxRQWQ==": { "id": "0QIby1L00NbGeIw8oxRQWQ==", "name": "zip", "version": "3.0-33.el9", "kind": "binary", "source": { "id": "", "name": "zip", "version": "3.0-33.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0Yvc2+M8FAry625wuL4S5A==": { "id": "0Yvc2+M8FAry625wuL4S5A==", "name": "less", "version": "590-1.el9_0", "kind": "binary", "source": { "id": "", "name": "less", "version": "590-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0wIoN0pFyBSc9eVtRdIOWA==": { "id": "0wIoN0pFyBSc9eVtRdIOWA==", "name": "python3", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13/XvLtRK2RDQlcsZc1BtQ==": { "id": "13/XvLtRK2RDQlcsZc1BtQ==", "name": "gdb-gdbserver", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "13i0QoQ6Q4yBI5RUf20lXA==": { "id": "13i0QoQ6Q4yBI5RUf20lXA==", "name": "libwebp-devel", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1GZ5tdSeZY3Wi3x9/AVQ2Q==": { "id": "1GZ5tdSeZY3Wi3x9/AVQ2Q==", "name": "binutils-gold", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1T7WJ83NrIa0U7DlD1BR4Q==": { "id": "1T7WJ83NrIa0U7DlD1BR4Q==", "name": "python-srpm-macros", "version": "3.9-52.el9", "kind": "binary", "source": { "id": "", "name": "python-rpm-macros", "version": "3.9-52.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1XXuvf69/0I2dNHaU2UndQ==": { "id": "1XXuvf69/0I2dNHaU2UndQ==", "name": "patch", "version": "2.7.6-16.el9", "kind": "binary", "source": { "id": "", "name": "patch", "version": "2.7.6-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1dO83wB64hDLki3A4eA/Pg==": { "id": "1dO83wB64hDLki3A4eA/Pg==", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1h9uHE0QiXBO/zpJrT0VjA==": { "id": "1h9uHE0QiXBO/zpJrT0VjA==", "name": "ncurses-base", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "1iUaGpv40BOJQUks5I0iYg==": { "id": "1iUaGpv40BOJQUks5I0iYg==", "name": "libicu", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1m9sKqHTfU4F/K4fidg9cg==": { "id": "1m9sKqHTfU4F/K4fidg9cg==", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Exporter", "version": "5.74-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "2REYKadw7TKFiuC+OnoHmA==": { "id": "2REYKadw7TKFiuC+OnoHmA==", "name": "rpm-build-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2fg1ZRYCSPKKOgCxCcA36w==": { "id": "2fg1ZRYCSPKKOgCxCcA36w==", "name": "bzip2-libs", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "2w8qE/d9mqIY/9+1qBBrPg==": { "id": "2w8qE/d9mqIY/9+1qBBrPg==", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-IP", "version": "0.41-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3688bXyK/nwHthXLLVH24g==": { "id": "3688bXyK/nwHthXLLVH24g==", "name": "perl-overloading", "version": "0.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "3DTA/XNFCCDFf6sfX96bGg==": { "id": "3DTA/XNFCCDFf6sfX96bGg==", "name": "perl-Errno", "version": "1.30-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3RQKCmep11B4hkfn96QJTA==": { "id": "3RQKCmep11B4hkfn96QJTA==", "name": "shadow-utils", "version": "2:4.9-5.el9", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.9-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3iIPR0bjuCPQ2+48pSdeHg==": { "id": "3iIPR0bjuCPQ2+48pSdeHg==", "name": "perl-IO", "version": "1.43-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Aph2Qer6+KdCecFsU0TXg==": { "id": "4Aph2Qer6+KdCecFsU0TXg==", "name": "systemd-rpm-macros", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4DM2GB9KLL7/xWypPdz7vA==": { "id": "4DM2GB9KLL7/xWypPdz7vA==", "name": "git-core-doc", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "4ImdKzJ7uZoaviIayzuoUg==": { "id": "4ImdKzJ7uZoaviIayzuoUg==", "name": "nodejs-full-i18n", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4Kw/w2gH7CYCOCv19cdYYA==": { "id": "4Kw/w2gH7CYCOCv19cdYYA==", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Path", "version": "2.18-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "582nBqlxZXz0sTRmkFvU4Q==": { "id": "582nBqlxZXz0sTRmkFvU4Q==", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5EpVrCQ4OYKiPYYEOuUcmQ==": { "id": "5EpVrCQ4OYKiPYYEOuUcmQ==", "name": "perl-Scalar-List-Utils", "version": "4:1.56-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Scalar-List-Utils", "version": "1.56-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5JeNH+bHiuiK9wwBZqH10A==": { "id": "5JeNH+bHiuiK9wwBZqH10A==", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "binary", "source": { "id": "", "name": "libeconf", "version": "0.4.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5NZNFErDrBiBoorV+igTjg==": { "id": "5NZNFErDrBiBoorV+igTjg==", "name": "libtiff-devel", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5mmSudfrCeEmVSPweWmcVQ==": { "id": "5mmSudfrCeEmVSPweWmcVQ==", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5oq4jjwqdEJHokHmXZ7fFA==": { "id": "5oq4jjwqdEJHokHmXZ7fFA==", "name": "dwz", "version": "0.14-3.el9", "kind": "binary", "source": { "id": "", "name": "dwz", "version": "0.14-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5uy1J7qi/MafOdYJgaQeGw==": { "id": "5uy1J7qi/MafOdYJgaQeGw==", "name": "virt-what", "version": "1.25-1.el9", "kind": "binary", "source": { "id": "", "name": "virt-what", "version": "1.25-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "60b1mOIk+ncF/benyKWfug==": { "id": "60b1mOIk+ncF/benyKWfug==", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Data-Dumper", "version": "2.174-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "68hxwX7t9VVTsdLs/0iJBA==": { "id": "68hxwX7t9VVTsdLs/0iJBA==", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "695zXUDPsaaAbh1PGloHag==": { "id": "695zXUDPsaaAbh1PGloHag==", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "binary", "source": { "id": "", "name": "environment-modules", "version": "5.0.1-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6AYt+NWt55432RGa/HxiQg==": { "id": "6AYt+NWt55432RGa/HxiQg==", "name": "libXt", "version": "1.2.0-6.el9", "kind": "binary", "source": { "id": "", "name": "libXt", "version": "1.2.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6COiLlB/V7UlOwfuFJy77w==": { "id": "6COiLlB/V7UlOwfuFJy77w==", "name": "unzip", "version": "6.0-56.el9", "kind": "binary", "source": { "id": "", "name": "unzip", "version": "6.0-56.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G1ytjIPgX0NNsVwuPQKkQ==": { "id": "6G1ytjIPgX0NNsVwuPQKkQ==", "name": "python3-gpg", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6G4wapu2zP6UYfTP+Ip2pA==": { "id": "6G4wapu2zP6UYfTP+Ip2pA==", "name": "gdb-headless", "version": "10.2-10.el9", "kind": "binary", "source": { "id": "", "name": "gdb", "version": "10.2-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6HUC1/dPziZpbtWEymw0nQ==": { "id": "6HUC1/dPziZpbtWEymw0nQ==", "name": "gzip", "version": "1.12-1.el9", "kind": "binary", "source": { "id": "", "name": "gzip", "version": "1.12-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6LVRZKaAJH97OKCXsJMDDw==": { "id": "6LVRZKaAJH97OKCXsJMDDw==", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2022.2.54-90.2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "6MFxZDjn6ZxVQspQib4VSA==": { "id": "6MFxZDjn6ZxVQspQib4VSA==", "name": "libXau", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6RxnMs+9yIqzJpLgR7I3zA==": { "id": "6RxnMs+9yIqzJpLgR7I3zA==", "name": "audit-libs", "version": "3.0.7-103.el9", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.0.7-103.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6VAQWTpZhN9PW7YCmVhxsw==": { "id": "6VAQWTpZhN9PW7YCmVhxsw==", "name": "glibc-headers", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6camihNRcGvFSo3XinEWFg==": { "id": "6camihNRcGvFSo3XinEWFg==", "name": "libacl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "6f28+Af9kIn0OSp9f9j14Q==": { "id": "6f28+Af9kIn0OSp9f9j14Q==", "name": "ubi9/s2i-base", "version": "1-421", "kind": "binary", "source": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "74+EW3adzZwX9DbUU0vOdA==": { "id": "74+EW3adzZwX9DbUU0vOdA==", "name": "which", "version": "2.21-28.el9", "kind": "binary", "source": { "id": "", "name": "which", "version": "2.21-28.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7JHS+mBQfJeJoy73lvm4lw==": { "id": "7JHS+mBQfJeJoy73lvm4lw==", "name": "npm", "version": "1:8.19.2-1.16.18.1.3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7Lf3UXydabzw8g7HGZER+w==": { "id": "7Lf3UXydabzw8g7HGZER+w==", "name": "ubi9/s2i-core", "version": "1-394", "kind": "binary", "source": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "7ZWYFE98hi9HyU5Q68Jgsw==": { "id": "7ZWYFE98hi9HyU5Q68Jgsw==", "name": "libX11-devel", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7qAMBOvJ2FYxpK9n05pI7Q==": { "id": "7qAMBOvJ2FYxpK9n05pI7Q==", "name": "libpng", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7yB5oIQve4tWIMlUmHbdQQ==": { "id": "7yB5oIQve4tWIMlUmHbdQQ==", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "84WodsWNE9m9GIrBiKl02g==": { "id": "84WodsWNE9m9GIrBiKl02g==", "name": "python3-cloud-what", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "88jYB91M4ddvxo2XjMJKmQ==": { "id": "88jYB91M4ddvxo2XjMJKmQ==", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "binary", "source": { "id": "", "name": "libmpc", "version": "1.2.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Gh2hioTt5BFisg9eNKeEg==": { "id": "8Gh2hioTt5BFisg9eNKeEg==", "name": "python3-librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8I3zEJ4sFSgk47ZaRLgtDQ==": { "id": "8I3zEJ4sFSgk47ZaRLgtDQ==", "name": "annobin", "version": "10.73-3.el9", "kind": "binary", "source": { "id": "", "name": "annobin", "version": "10.73-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Ky53YwzOPM2pkEIVuuuBg==": { "id": "8Ky53YwzOPM2pkEIVuuuBg==", "name": "glibc-gconv-extra", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8Q+4qMpgUhvMDCe2QUBIuQ==": { "id": "8Q+4qMpgUhvMDCe2QUBIuQ==", "name": "dbus", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8gpmX0NZa9MMhcqi6FUGtg==": { "id": "8gpmX0NZa9MMhcqi6FUGtg==", "name": "python3-gobject-base", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "8tmJEWGia0UWhhPJb3EyAw==": { "id": "8tmJEWGia0UWhhPJb3EyAw==", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "9.1-1.9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9AmKs/wDQFsVMVHWnqbu+g==": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "9Fy0bRr3ZMu3q8UNrhlOSQ==": { "id": "9Fy0bRr3ZMu3q8UNrhlOSQ==", "name": "man-db", "version": "2.9.3-6.el9", "kind": "binary", "source": { "id": "", "name": "man-db", "version": "2.9.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9HjCH3SeUwgItfYZysNlOw==": { "id": "9HjCH3SeUwgItfYZysNlOw==", "name": "mariadb-connector-c-config", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9WzsXAqqRoLidXM4HaB8/w==": { "id": "9WzsXAqqRoLidXM4HaB8/w==", "name": "delve", "version": "1.8.3-1.el9", "kind": "binary", "source": { "id": "", "name": "delve", "version": "1.8.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9bMXqD09C2r4s8P+HNy2uw==": { "id": "9bMXqD09C2r4s8P+HNy2uw==", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Perldoc", "version": "3.28.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "9hWn3VgLVkzmMJln7S0UCQ==": { "id": "9hWn3VgLVkzmMJln7S0UCQ==", "name": "libcurl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9sAM/NqMLlsG3N88/yD1Vg==": { "id": "9sAM/NqMLlsG3N88/yD1Vg==", "name": "python3-libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ACNA1cjsRpihwLsZYxMiYQ==": { "id": "ACNA1cjsRpihwLsZYxMiYQ==", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "binary", "source": { "id": "", "name": "libXrender", "version": "0.9.10-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AOquy/6bQ9axg0KRp6hMjg==": { "id": "AOquy/6bQ9axg0KRp6hMjg==", "name": "libbrotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ARxZCHzD7KB2Pu4aHl7POw==": { "id": "ARxZCHzD7KB2Pu4aHl7POw==", "name": "python3-libs", "version": "3.9.14-1.el9_1.2", "kind": "binary", "source": { "id": "", "name": "python3.9", "version": "3.9.14-1.el9_1.2", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AZwLZmqkel2BzSMgQsIVGQ==": { "id": "AZwLZmqkel2BzSMgQsIVGQ==", "name": "libselinux", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AbW1lRpGUjSEKNnr/Toz6A==": { "id": "AbW1lRpGUjSEKNnr/Toz6A==", "name": "jbigkit-libs", "version": "2.1-23.el9", "kind": "binary", "source": { "id": "", "name": "jbigkit", "version": "2.1-23.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AdRs6lk9yzTM3HvjeEThKA==": { "id": "AdRs6lk9yzTM3HvjeEThKA==", "name": "systemd", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AnHvlYoTKSxzg0JMVMiJkg==": { "id": "AnHvlYoTKSxzg0JMVMiJkg==", "name": "openldap-compat", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AxTxyAHzdLVnUL9t8+ZYmg==": { "id": "AxTxyAHzdLVnUL9t8+ZYmg==", "name": "curl-minimal", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BQhiFmX4hLYteW4oRCLTSA==": { "id": "BQhiFmX4hLYteW4oRCLTSA==", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BX+oelClu2v6UOl6tluOEQ==": { "id": "BX+oelClu2v6UOl6tluOEQ==", "name": "crypto-policies-scripts", "version": "20220815-1.git0fbe86f.el9", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20220815-1.git0fbe86f.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "C3QbGupU53FFTX0pkfNLrA==": { "id": "C3QbGupU53FFTX0pkfNLrA==", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "C7VGVckK0YZj4RiVmStEsA==": { "id": "C7VGVckK0YZj4RiVmStEsA==", "name": "sqlite-libs", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CXRheoFIylTt2C0ZN4qu3w==": { "id": "CXRheoFIylTt2C0ZN4qu3w==", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "binary", "source": { "id": "", "name": "perl-Net-SSLeay", "version": "1.92-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CjFzfz4zBZj7fcwIrVHCRA==": { "id": "CjFzfz4zBZj7fcwIrVHCRA==", "name": "perl-IPC-Open3", "version": "1.21-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "CpC5etTxiNuDvBGQesJNDg==": { "id": "CpC5etTxiNuDvBGQesJNDg==", "name": "libmount", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ct/46Ed7Asmqt98kLc0FLw==": { "id": "Ct/46Ed7Asmqt98kLc0FLw==", "name": "perl-Symbol", "version": "1.08-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Cwut2mrMMUaIvKenvO1qWw==": { "id": "Cwut2mrMMUaIvKenvO1qWw==", "name": "perl-Socket", "version": "4:2.031-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Socket", "version": "2.031-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/XNnExpupd1bO9ZIJIE9w==": { "id": "D/XNnExpupd1bO9ZIJIE9w==", "name": "perl-AutoLoader", "version": "5.74-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D0GGDit/UxegO+/A5R03SA==": { "id": "D0GGDit/UxegO+/A5R03SA==", "name": "elfutils-default-yama-scope", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DGqCqs+yrHvXs9qsPgn58g==": { "id": "DGqCqs+yrHvXs9qsPgn58g==", "name": "github.com/devfile-samples/devfile-sample-go-basic", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "DK0d2bPQCX0xz6Lec7u1cg==": { "id": "DK0d2bPQCX0xz6Lec7u1cg==", "name": "info", "version": "6.7-15.el9", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.7-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DMchAI2VcGSa4n8bdw5YkA==": { "id": "DMchAI2VcGSa4n8bdw5YkA==", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "binary", "source": { "id": "", "name": "xorg-x11-proto-devel", "version": "2021.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "DSiKsVzdOYp1aJo/8T0A5A==": { "id": "DSiKsVzdOYp1aJo/8T0A5A==", "name": "pcre", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "DrLq8qfU1bfE8o8AfdvkrQ==": { "id": "DrLq8qfU1bfE8o8AfdvkrQ==", "name": "libverto", "version": "0.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E2+Fh4utKcr7Wyiwzh2bYw==": { "id": "E2+Fh4utKcr7Wyiwzh2bYw==", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.7.6-12.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "E7ikPxWehuEw+6yIZODYlQ==": { "id": "E7ikPxWehuEw+6yIZODYlQ==", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ED0/IlCpWWQwBBKR2YT9sw==": { "id": "ED0/IlCpWWQwBBKR2YT9sw==", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "binary", "source": { "id": "", "name": "libnl3", "version": "3.7.0-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EEcEMKhGMvXAfnMhboIpqw==": { "id": "EEcEMKhGMvXAfnMhboIpqw==", "name": "publicsuffix-list-dafsa", "version": "20210518-3.el9", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20210518-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "EgjLGZKjPtqIaFVLlFAAPg==": { "id": "EgjLGZKjPtqIaFVLlFAAPg==", "name": "openssh-clients", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EuqqL3yIFMd5VRAfuufJgg==": { "id": "EuqqL3yIFMd5VRAfuufJgg==", "name": "glibc-common", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Exv8+xTp+7Y4AfuM+ph47Q==": { "id": "Exv8+xTp+7Y4AfuM+ph47Q==", "name": "perl-parent", "version": "1:0.238-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-parent", "version": "0.238-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FEF27h+V5TzrUeQsFddapA==": { "id": "FEF27h+V5TzrUeQsFddapA==", "name": "libSM", "version": "1.2.3-10.el9", "kind": "binary", "source": { "id": "", "name": "libSM", "version": "1.2.3-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FFSNe661VBElA1asGZ7k3g==": { "id": "FFSNe661VBElA1asGZ7k3g==", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "binary", "source": { "id": "", "name": "rust-srpm-macros", "version": "17-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "FKD/ouYSWOOZHy4i43SaxA==": { "id": "FKD/ouYSWOOZHy4i43SaxA==", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "binary", "source": { "id": "", "name": "perl-TermReadKey", "version": "2.38-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FMrR4PbDeEhmMEh2juuVnw==": { "id": "FMrR4PbDeEhmMEh2juuVnw==", "name": "wget", "version": "1.21.1-7.el9", "kind": "binary", "source": { "id": "", "name": "wget", "version": "1.21.1-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FVL6ljas6Mq4jYoOr1b6Hw==": { "id": "FVL6ljas6Mq4jYoOr1b6Hw==", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "binary", "source": { "id": "", "name": "tpm2-tss", "version": "3.0.3-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FW8ByCOP6ljvNWDQolahwg==": { "id": "FW8ByCOP6ljvNWDQolahwg==", "name": "sysprof-capture-devel", "version": "3.40.1-3.el9", "kind": "binary", "source": { "id": "", "name": "sysprof", "version": "3.40.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FaNO6QWs1mWPp40PrBiBUQ==": { "id": "FaNO6QWs1mWPp40PrBiBUQ==", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "binary", "source": { "id": "", "name": "libseccomp", "version": "2.5.2-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Fy3bplraTnRnJlV5RewauA==": { "id": "Fy3bplraTnRnJlV5RewauA==", "name": "libxslt-devel", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G1YDEd7+V95Qa+PMxB8sJw==": { "id": "G1YDEd7+V95Qa+PMxB8sJw==", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "G61ZL2SOHR2qgvQfi118gw==": { "id": "G61ZL2SOHR2qgvQfi118gw==", "name": "dejavu-sans-fonts", "version": "2.37-18.el9", "kind": "binary", "source": { "id": "", "name": "dejavu-fonts", "version": "2.37-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GIScmMWQrnoFNoEgq3fg2w==": { "id": "GIScmMWQrnoFNoEgq3fg2w==", "name": "python3-dbus", "version": "1.2.18-2.el9", "kind": "binary", "source": { "id": "", "name": "dbus-python", "version": "1.2.18-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GSkR2SOuqWQN8NtOvU4cgw==": { "id": "GSkR2SOuqWQN8NtOvU4cgw==", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Thread-Queue", "version": "3.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GVmxmNcJqT3ovg+RwjJg1A==": { "id": "GVmxmNcJqT3ovg+RwjJg1A==", "name": "nodejs-docs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "GXm2fCeoaq1FqYmMTmMmhQ==": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "H+zLNGeS4JMpmfP42mEhnA==": { "id": "H+zLNGeS4JMpmfP42mEhnA==", "name": "scl-utils", "version": "1:2.0.3-2.el9", "kind": "binary", "source": { "id": "", "name": "scl-utils", "version": "2.0.3-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H3zfV58LzeEUiNQbZbZb2A==": { "id": "H3zfV58LzeEUiNQbZbZb2A==", "name": "perl-File-Temp", "version": "1:0.231.100-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-File-Temp", "version": "0.231.100-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HRtVOTg/Y7Pvd6wqcX24fA==": { "id": "HRtVOTg/Y7Pvd6wqcX24fA==", "name": "python3-requests", "version": "2.25.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-requests", "version": "2.25.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "HbglDdnV9yne0i8jQL30HA==": { "id": "HbglDdnV9yne0i8jQL30HA==", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.16.0-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "I16VSEydeiRYB1TSf5694A==": { "id": "I16VSEydeiRYB1TSf5694A==", "name": "libreport-filesystem", "version": "2.15.2-6.el9", "kind": "binary", "source": { "id": "", "name": "libreport", "version": "2.15.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IDaB7M+//88qbPppM+LpUw==": { "id": "IDaB7M+//88qbPppM+LpUw==", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "IN2DA8X4LYRmUb07gLqapg==": { "id": "IN2DA8X4LYRmUb07gLqapg==", "name": "dnf-data", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IOb5jo+s7DgjzeK/LoVNig==": { "id": "IOb5jo+s7DgjzeK/LoVNig==", "name": "libdb", "version": "5.3.28-53.el9", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-53.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J0HrVYoM3raELvTfJ82QMA==": { "id": "J0HrVYoM3raELvTfJ82QMA==", "name": "perl-vars", "version": "1.05-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JHQdC8JdSGipvO0sCig0cQ==": { "id": "JHQdC8JdSGipvO0sCig0cQ==", "name": "systemd-pam", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JI92axWONkD2XCTUAeCtuQ==": { "id": "JI92axWONkD2XCTUAeCtuQ==", "name": "autoconf", "version": "2.69-38.el9", "kind": "binary", "source": { "id": "", "name": "autoconf", "version": "2.69-38.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JKP7JzVg7UGaAz4VrH03lQ==": { "id": "JKP7JzVg7UGaAz4VrH03lQ==", "name": "langpacks-core-font-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "JaDqP2PIekJ4FuDfyPDUKA==": { "id": "JaDqP2PIekJ4FuDfyPDUKA==", "name": "dmidecode", "version": "1:3.3-7.el9", "kind": "binary", "source": { "id": "", "name": "dmidecode", "version": "3.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JrBk+FMgyv4RrG6esVBCIQ==": { "id": "JrBk+FMgyv4RrG6esVBCIQ==", "name": "cryptsetup-libs", "version": "2.4.3-5.el9_1.1", "kind": "binary", "source": { "id": "", "name": "cryptsetup", "version": "2.4.3-5.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Jt5/Qd9oxegZwQjsNbUyYA==": { "id": "Jt5/Qd9oxegZwQjsNbUyYA==", "name": "emacs-filesystem", "version": "1:27.2-6.el9", "kind": "binary", "source": { "id": "", "name": "emacs", "version": "27.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "K04omiWBsTnRCbFVZLmRKw==": { "id": "K04omiWBsTnRCbFVZLmRKw==", "name": "python3-ethtool", "version": "0.15-2.el9", "kind": "binary", "source": { "id": "", "name": "python-ethtool", "version": "0.15-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "K5U87AYLwYDq48YpniD72A==": { "id": "K5U87AYLwYDq48YpniD72A==", "name": "libffi", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KF5C+zKu/uFB7knCqOvDAQ==": { "id": "KF5C+zKu/uFB7knCqOvDAQ==", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.6.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KH0/KbRUi7KL6UvWa8i6Pg==": { "id": "KH0/KbRUi7KL6UvWa8i6Pg==", "name": "python3-inotify", "version": "0.9.6-25.el9", "kind": "binary", "source": { "id": "", "name": "python-inotify", "version": "0.9.6-25.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KSobT+LH4PXsCiP04HOhbQ==": { "id": "KSobT+LH4PXsCiP04HOhbQ==", "name": "gdbm-libs", "version": "1:1.19-4.el9", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.19-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KcftiMkhTw4x89HNJI8NNg==": { "id": "KcftiMkhTw4x89HNJI8NNg==", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-ParseWords", "version": "3.30-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "KlSRCTMecbL63Kg+FZjUdQ==": { "id": "KlSRCTMecbL63Kg+FZjUdQ==", "name": "libicu-devel", "version": "67.1-9.el9", "kind": "binary", "source": { "id": "", "name": "icu", "version": "67.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "KyRw1LumZrRo6AKKkHgP7w==": { "id": "KyRw1LumZrRo6AKKkHgP7w==", "name": "libXext", "version": "1.3.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libXext", "version": "1.3.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L1wl5gEz2lzyNJbirzPmpQ==": { "id": "L1wl5gEz2lzyNJbirzPmpQ==", "name": "pcre2-utf32", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L2RUW2Fm5EOgoqwyitY3bg==": { "id": "L2RUW2Fm5EOgoqwyitY3bg==", "name": "dbus-broker", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "dbus-broker", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "L4diUjusARli24fy/u9lAw==": { "id": "L4diUjusARli24fy/u9lAw==", "name": "perl-NDBM_File", "version": "1.15-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LD9yEwGtdZJl2S96EO58PQ==": { "id": "LD9yEwGtdZJl2S96EO58PQ==", "name": "file-libs", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LDIMlzOywHz1+CG5FwjKdQ==": { "id": "LDIMlzOywHz1+CG5FwjKdQ==", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "binary", "source": { "id": "", "name": "subscription-manager-rhsm-certificates", "version": "20220623-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "LEyuwSco7tb1WIyWy42H8g==": { "id": "LEyuwSco7tb1WIyWy42H8g==", "name": "perl-Storable", "version": "1:3.21-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Storable", "version": "3.21-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LR+S3JloJQ5YEViBpmcLkA==": { "id": "LR+S3JloJQ5YEViBpmcLkA==", "name": "pam", "version": "1.5.1-12.el9", "kind": "binary", "source": { "id": "", "name": "pam", "version": "1.5.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LZYaKh1MnXoGX4fHzghRTQ==": { "id": "LZYaKh1MnXoGX4fHzghRTQ==", "name": "usermode", "version": "1.114-4.el9", "kind": "binary", "source": { "id": "", "name": "usermode", "version": "1.114-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Leh3RdsGa1oyRcl5Dz4SdA==": { "id": "Leh3RdsGa1oyRcl5Dz4SdA==", "name": "gd-devel", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LjtOegR/S/Y0KwJeOuSl/w==": { "id": "LjtOegR/S/Y0KwJeOuSl/w==", "name": "perl-podlators", "version": "1:4.14-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-podlators", "version": "4.14-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "Lm5zHfIH4SjtxMBhECD0OQ==": { "id": "Lm5zHfIH4SjtxMBhECD0OQ==", "name": "s2i-core-container", "version": "1-394", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "Lwqn0aweLQLZmo12VvYcog==": { "id": "Lwqn0aweLQLZmo12VvYcog==", "name": "popt", "version": "1.18-8.el9", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "M2qdPAOOvb+CWXJwouP4Rw==": { "id": "M2qdPAOOvb+CWXJwouP4Rw==", "name": "mariadb-connector-c-devel", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MDH8Zt4oQWDiYk9qFV5Lbg==": { "id": "MDH8Zt4oQWDiYk9qFV5Lbg==", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MJmw8vClC4VAn/J4MfhK2Q==": { "id": "MJmw8vClC4VAn/J4MfhK2Q==", "name": "python3-setuptools-wheel", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "MORX6hW9ZLZCt/52w71zTg==": { "id": "MORX6hW9ZLZCt/52w71zTg==", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-PathTools", "version": "3.78-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MXR26wvfFq4/JiRamdOfsA==": { "id": "MXR26wvfFq4/JiRamdOfsA==", "name": "pixman", "version": "0.40.0-5.el9", "kind": "binary", "source": { "id": "", "name": "pixman", "version": "0.40.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ma5Vpx57SAZOCC5w2EPQYw==": { "id": "Ma5Vpx57SAZOCC5w2EPQYw==", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.5.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MdGkZ055CI+TZYqVm7FIPg==": { "id": "MdGkZ055CI+TZYqVm7FIPg==", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "binary", "source": { "id": "", "name": "libcbor", "version": "0.7.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Mp61fGpK3II0W8dIQgk3hA==": { "id": "Mp61fGpK3II0W8dIQgk3hA==", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "binary", "source": { "id": "", "name": "libpipeline", "version": "1.5.3-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MvJE7slPeyMPjzl+J8UH7w==": { "id": "MvJE7slPeyMPjzl+J8UH7w==", "name": "make", "version": "1:4.3-7.el9", "kind": "binary", "source": { "id": "", "name": "make", "version": "4.3-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MxYp6jmrNGPG4EUMxgtsIw==": { "id": "MxYp6jmrNGPG4EUMxgtsIw==", "name": "qt5-srpm-macros", "version": "5.15.3-1.el9", "kind": "binary", "source": { "id": "", "name": "qt5", "version": "5.15.3-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N4dB55YYjGYeXRj+vLBatg==": { "id": "N4dB55YYjGYeXRj+vLBatg==", "name": "perl-Class-Struct", "version": "0.66-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "N9SQ1VZ/1zaqG0gdsMW91g==": { "id": "N9SQ1VZ/1zaqG0gdsMW91g==", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-ANSIColor", "version": "5.01-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NQAINik1AG7Zn8OB8pLDpA==": { "id": "NQAINik1AG7Zn8OB8pLDpA==", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "binary", "source": { "id": "", "name": "libedit", "version": "3.1-37.20210216cvs.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Nak/NGhCYVubG4CsEbHhug==": { "id": "Nak/NGhCYVubG4CsEbHhug==", "name": "graphite2-devel", "version": "1.3.14-9.el9", "kind": "binary", "source": { "id": "", "name": "graphite2", "version": "1.3.14-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NdCY2/S+syamLH224R4hug==": { "id": "NdCY2/S+syamLH224R4hug==", "name": "langpacks-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "O2SZ5NZewmkamADtmBGMpw==": { "id": "O2SZ5NZewmkamADtmBGMpw==", "name": "setup", "version": "2.13.7-7.el9", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.13.7-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "OLwWa8SuQNJHUBFuTxkKKA==": { "id": "OLwWa8SuQNJHUBFuTxkKKA==", "name": "cyrus-sasl-lib", "version": "2.1.27-20.el9", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-20.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OgwdUybWl/HQYbnPTE4Psw==": { "id": "OgwdUybWl/HQYbnPTE4Psw==", "name": "npth", "version": "1.6-8.el9", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.6-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OkY4XBjh2jDTkYhGjNkrUA==": { "id": "OkY4XBjh2jDTkYhGjNkrUA==", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "binary", "source": { "id": "", "name": "mariadb-connector-c", "version": "3.2.6-1.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "On+NX4Yr+KIGVwagqPDWcQ==": { "id": "On+NX4Yr+KIGVwagqPDWcQ==", "name": "pcre2-utf16", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "OvOSK0YS4U6j2gyFBATNXg==": { "id": "OvOSK0YS4U6j2gyFBATNXg==", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PHkBez1UE90U9LJepncOKQ==": { "id": "PHkBez1UE90U9LJepncOKQ==", "name": "perl-mro", "version": "1.23-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Pstkjkz7Io1S30t7a9lp4w==": { "id": "Pstkjkz7Io1S30t7a9lp4w==", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "binary", "source": { "id": "", "name": "source-highlight", "version": "3.1.9-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q+exKQZH61PI/8YfpN472w==": { "id": "Q+exKQZH61PI/8YfpN472w==", "name": "glibc-devel", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QCZyKHG3XZk9MlIs9ZFBuA==": { "id": "QCZyKHG3XZk9MlIs9ZFBuA==", "name": "llvm-libs", "version": "14.0.6-1.el9", "kind": "binary", "source": { "id": "", "name": "llvm", "version": "14.0.6-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QcnepR4WKBdAhWdMUPrAWA==": { "id": "QcnepR4WKBdAhWdMUPrAWA==", "name": "python3-hawkey", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QwKK6TG/JtcCly9jntVf+w==": { "id": "QwKK6TG/JtcCly9jntVf+w==", "name": "vim-filesystem", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "R7K6A/Ve75xrYpD+6H0Z8w==": { "id": "R7K6A/Ve75xrYpD+6H0Z8w==", "name": "file", "version": "5.39-10.el9", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.39-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "R9sC7SuM6vJmJZYq/bMHWw==": { "id": "R9sC7SuM6vJmJZYq/bMHWw==", "name": "m4", "version": "1.4.19-1.el9", "kind": "binary", "source": { "id": "", "name": "m4", "version": "1.4.19-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RRIjgvJwJW9jZT+h6lhzrQ==": { "id": "RRIjgvJwJW9jZT+h6lhzrQ==", "name": "nodejs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RgUn0rRy/i742s4qQGGoNw==": { "id": "RgUn0rRy/i742s4qQGGoNw==", "name": "libcom_err", "version": "1.46.5-3.el9", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.46.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RhNJQyxUHoA1z70UtgAC4Q==": { "id": "RhNJQyxUHoA1z70UtgAC4Q==", "name": "perl-File-stat", "version": "1.09-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RjsHhFfoWvmQBIu8lxYZjw==": { "id": "RjsHhFfoWvmQBIu8lxYZjw==", "name": "perl-SelectSaver", "version": "1.02-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "RnnkgzrsHA8d297AfaWbPg==": { "id": "RnnkgzrsHA8d297AfaWbPg==", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "binary", "source": { "id": "", "name": "bash", "version": "5.1.8-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Rx4ZYvIz7JT5wbghBsjOTA==": { "id": "Rx4ZYvIz7JT5wbghBsjOTA==", "name": "libsemanage", "version": "3.4-2.el9", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "3.4-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SRyGVMCI95+oD0l3+3YStw==": { "id": "SRyGVMCI95+oD0l3+3YStw==", "name": "dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SSFXEK4vNCR4s9ImWtXtgA==": { "id": "SSFXEK4vNCR4s9ImWtXtgA==", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.3.3-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SSnnOPGZCl33DlmR57wC7w==": { "id": "SSnnOPGZCl33DlmR57wC7w==", "name": "python3-dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "SV9uo4F9Li9vAHBKYcAlZA==": { "id": "SV9uo4F9Li9vAHBKYcAlZA==", "name": "binutils", "version": "2.35.2-24.el9", "kind": "binary", "source": { "id": "", "name": "binutils", "version": "2.35.2-24.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SZllfeGD2yJm0VL0H7onLg==": { "id": "SZllfeGD2yJm0VL0H7onLg==", "name": "libxcb-devel", "version": "1.13.1-9.el9", "kind": "binary", "source": { "id": "", "name": "libxcb", "version": "1.13.1-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "SdI1Am/qHph5dG2ZoOeUIQ==": { "id": "SdI1Am/qHph5dG2ZoOeUIQ==", "name": "libevent", "version": "2.1.12-6.el9", "kind": "binary", "source": { "id": "", "name": "libevent", "version": "2.1.12-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TANtf1h6RhI5yVQQhHFTbg==": { "id": "TANtf1h6RhI5yVQQhHFTbg==", "name": "libstdc++-devel", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "THoW7icQ9Ts4hZAkh5A/WQ==": { "id": "THoW7icQ9Ts4hZAkh5A/WQ==", "name": "perl-if", "version": "0.60.800-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "TPIRq84Pr3a6ywzPeCr3Pw==": { "id": "TPIRq84Pr3a6ywzPeCr3Pw==", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.8.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tl6ebomp9GQLN9svWzKp+w==": { "id": "Tl6ebomp9GQLN9svWzKp+w==", "name": "libcap", "version": "2.48-8.el9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "To0NR+oyXDu1CYJfmVGurQ==": { "id": "To0NR+oyXDu1CYJfmVGurQ==", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.15.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Tob5YtKxleVTQzw2GCmwGg==": { "id": "Tob5YtKxleVTQzw2GCmwGg==", "name": "libpq-devel", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzNyp6yTJ3m0O8xeeDKC3A==": { "id": "TzNyp6yTJ3m0O8xeeDKC3A==", "name": "libpq", "version": "13.5-1.el9", "kind": "binary", "source": { "id": "", "name": "libpq", "version": "13.5-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TzT9ayOh2hZShfYtipxZEw==": { "id": "TzT9ayOh2hZShfYtipxZEw==", "name": "harfbuzz-icu", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "U0P0dNPn1iUcw6b33AAKUg==": { "id": "U0P0dNPn1iUcw6b33AAKUg==", "name": "sqlite-devel", "version": "3.34.1-6.el9_1", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.34.1-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Ud9PNLLJ6v7hTpAYdO825w==": { "id": "Ud9PNLLJ6v7hTpAYdO825w==", "name": "pcre-utf16", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Uui1iXuECCOB7NgLQMsJpg==": { "id": "Uui1iXuECCOB7NgLQMsJpg==", "name": "glibc-langpack-en", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UyCrdfN88WUEEECLCIw93w==": { "id": "UyCrdfN88WUEEECLCIw93w==", "name": "keyutils-libs", "version": "1.6.1-4.el9", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.6.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "V/3oHP6E5IRlfgZZHK72RA==": { "id": "V/3oHP6E5IRlfgZZHK72RA==", "name": "p11-kit-trust", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VDWxBVhhJMCCBIlvmorheA==": { "id": "VDWxBVhhJMCCBIlvmorheA==", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libfido2", "version": "1.6.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VFldiAD+rTFuce+kutFUuA==": { "id": "VFldiAD+rTFuce+kutFUuA==", "name": "openssl", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VKbklzwNVEem7m1iQRERDg==": { "id": "VKbklzwNVEem7m1iQRERDg==", "name": "stdlib", "version": "1.18.1", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.1.0.0.0.0.0.0", "cpe": "" }, "VLOqRGIR4aQvFfvVrpLyIg==": { "id": "VLOqRGIR4aQvFfvVrpLyIg==", "name": "pcre-cpp", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VV2Z1ngTs6sGvt5SrayPCg==": { "id": "VV2Z1ngTs6sGvt5SrayPCg==", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VhjrPOGZ9XGEFgLnQWc+KQ==": { "id": "VhjrPOGZ9XGEFgLnQWc+KQ==", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Text-Tabs+Wrap", "version": "2013.0523-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "W+js148eF9SSUbrTSIRvOQ==": { "id": "W+js148eF9SSUbrTSIRvOQ==", "name": "libcurl-devel", "version": "7.76.1-19.el9_1.1", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.76.1-19.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W4amAY83CsyR7zQ0GM7zsg==": { "id": "W4amAY83CsyR7zQ0GM7zsg==", "name": "pcre2-syntax", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WCNTEGU4JEqQUNwdkKkP0Q==": { "id": "WCNTEGU4JEqQUNwdkKkP0Q==", "name": "perl-interpreter", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WIBkwuKReD+vnev0WY88mA==": { "id": "WIBkwuKReD+vnev0WY88mA==", "name": "go-srpm-macros", "version": "3.0.9-9.el9", "kind": "binary", "source": { "id": "", "name": "go-rpm-macros", "version": "3.0.9-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WM43f6rBXkL3dY9fUi8CGw==": { "id": "WM43f6rBXkL3dY9fUi8CGw==", "name": "boost-regex", "version": "1.75.0-8.el9", "kind": "binary", "source": { "id": "", "name": "boost", "version": "1.75.0-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WN9YKonIBKVWuMNAg76vrA==": { "id": "WN9YKonIBKVWuMNAg76vrA==", "name": "libXpm-devel", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WXfnWfq5UvDl4B0hS+0enw==": { "id": "WXfnWfq5UvDl4B0hS+0enw==", "name": "elfutils-debuginfod-client", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "WgTBt6b85L1bF7WXV5bQRA==": { "id": "WgTBt6b85L1bF7WXV5bQRA==", "name": "perl-File-Compare", "version": "1.100.600-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WifWl02dLM2pp5urxOSuNg==": { "id": "WifWl02dLM2pp5urxOSuNg==", "name": "perl-URI", "version": "5.09-3.el9", "kind": "binary", "source": { "id": "", "name": "perl-URI", "version": "5.09-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "WuHt6bav9qTQn9+qCLLu3w==": { "id": "WuHt6bav9qTQn9+qCLLu3w==", "name": "python3-rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XD0JiZBKTweysL9d3sIzpw==": { "id": "XD0JiZBKTweysL9d3sIzpw==", "name": "perl-subs", "version": "1.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMI2bnJZdxdcHnKc3zgCUA==": { "id": "XMI2bnJZdxdcHnKc3zgCUA==", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "binary", "source": { "id": "", "name": "ghc-srpm-macros", "version": "1.5.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XMPq7+46c92RSax5sZ9PZw==": { "id": "XMPq7+46c92RSax5sZ9PZw==", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XPJI1FEhwhWF1vzFJI8S6g==": { "id": "XPJI1FEhwhWF1vzFJI8S6g==", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.22-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XVUHqTgxrtHVNbQOLA/oQA==": { "id": "XVUHqTgxrtHVNbQOLA/oQA==", "name": "librepo", "version": "1.14.2-3.el9", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XX1gx35T8rMzed7p4qESdA==": { "id": "XX1gx35T8rMzed7p4qESdA==", "name": "harfbuzz-devel", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XliA1VgMzM5VjjSZdnmlQw==": { "id": "XliA1VgMzM5VjjSZdnmlQw==", "name": "perl-Getopt-Long", "version": "1:2.52-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Getopt-Long", "version": "2.52-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "XmQjRyagIacphhV3vVNJUg==": { "id": "XmQjRyagIacphhV3vVNJUg==", "name": "libuser", "version": "0.63-11.el9", "kind": "binary", "source": { "id": "", "name": "libuser", "version": "0.63-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Xs0UZDLX+3bz2vT+iSJz7Q==": { "id": "Xs0UZDLX+3bz2vT+iSJz7Q==", "name": "glib2", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "XwbkaIGCYyq6BjBMVZ1wzw==": { "id": "XwbkaIGCYyq6BjBMVZ1wzw==", "name": "readline", "version": "8.1-4.el9", "kind": "binary", "source": { "id": "", "name": "readline", "version": "8.1-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y2WVn7YbALZNiKrMVF83bA==": { "id": "Y2WVn7YbALZNiKrMVF83bA==", "name": "bsdtar", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Y35yrxWjtTUkUbNtS9+p6g==": { "id": "Y35yrxWjtTUkUbNtS9+p6g==", "name": "python3-six", "version": "1.15.0-9.el9", "kind": "binary", "source": { "id": "", "name": "python-six", "version": "1.15.0-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "YRfO+WACNVQDTEO1DaRoPw==": { "id": "YRfO+WACNVQDTEO1DaRoPw==", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.5.3-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZEh/5caJmj5WMgoK5/jyfw==": { "id": "ZEh/5caJmj5WMgoK5/jyfw==", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ZX4vKkXsoMfQ2HH9oPb0TA==": { "id": "ZX4vKkXsoMfQ2HH9oPb0TA==", "name": "libXau-devel", "version": "1.0.9-8.el9", "kind": "binary", "source": { "id": "", "name": "libXau", "version": "1.0.9-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Znd6oNA8HDVHwd3abR/PEg==": { "id": "Znd6oNA8HDVHwd3abR/PEg==", "name": "libblkid-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "a0GQ0ecdg5PXNSF9I+cGHw==": { "id": "a0GQ0ecdg5PXNSF9I+cGHw==", "name": "libX11", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "aW0vfCmvp3ku6dMkvaoZGw==": { "id": "aW0vfCmvp3ku6dMkvaoZGw==", "name": "perl-base", "version": "2.27-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ao0mLJHwgqEhua26lzg6gQ==": { "id": "ao0mLJHwgqEhua26lzg6gQ==", "name": "glibc-minimal-langpack", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "arzS3GnLPLKzM8xRPFnUzw==": { "id": "arzS3GnLPLKzM8xRPFnUzw==", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ax5YZqtoTsGSLh5YAOUDAA==": { "id": "ax5YZqtoTsGSLh5YAOUDAA==", "name": "dbus-libs", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "b/fX+2E3Kw/VrXP3Viej5w==": { "id": "b/fX+2E3Kw/VrXP3Viej5w==", "name": "acl", "version": "2.3.1-3.el9", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.3.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bEsPytE/ZdCMbfuAgQc9AA==": { "id": "bEsPytE/ZdCMbfuAgQc9AA==", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "binary", "source": { "id": "", "name": "perl-srpm-macros", "version": "1-41.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "bFvWffGqJWr7FWnI7K9NVw==": { "id": "bFvWffGqJWr7FWnI7K9NVw==", "name": "grep", "version": "3.6-5.el9", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.6-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bQK0gSM91Pq8oi5kJ9072Q==": { "id": "bQK0gSM91Pq8oi5kJ9072Q==", "name": "gettext-libs", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bbOmNWQZu2GtbHRNTT5LbA==": { "id": "bbOmNWQZu2GtbHRNTT5LbA==", "name": "pcre2", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bp0rUgZ5FkIYAX2aEVd/VA==": { "id": "bp0rUgZ5FkIYAX2aEVd/VA==", "name": "vim-minimal", "version": "2:8.2.2637-20.el9_1", "kind": "binary", "source": { "id": "", "name": "vim", "version": "8.2.2637-20.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "byfHs8LLvbAc+YzK8+QmXA==": { "id": "byfHs8LLvbAc+YzK8+QmXA==", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.34-40.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c+W6x4Mcea6sasJQFpayfg==": { "id": "c+W6x4Mcea6sasJQFpayfg==", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libwebp", "version": "1.2.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c4cAHnbL6QvzxTWvSxwSUQ==": { "id": "c4cAHnbL6QvzxTWvSxwSUQ==", "name": "golang-bin", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "c6MW06Rtj8J56gSpVtmC/w==": { "id": "c6MW06Rtj8J56gSpVtmC/w==", "name": "libselinux-devel", "version": "3.4-3.el9", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "3.4-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cGWkJkC9Qm+QCP4f8vmD+Q==": { "id": "cGWkJkC9Qm+QCP4f8vmD+Q==", "name": "libX11-xcb", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cPPALpm8EZ1p7Fe1on0nPQ==": { "id": "cPPALpm8EZ1p7Fe1on0nPQ==", "name": "diffutils", "version": "3.7-12.el9", "kind": "binary", "source": { "id": "", "name": "diffutils", "version": "3.7-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "caF9WsICRhpk2jJBTv5OsQ==": { "id": "caF9WsICRhpk2jJBTv5OsQ==", "name": "perl-File-Basename", "version": "2.85-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "cj0M8yBzJA8j5tTGHOqDIw==": { "id": "cj0M8yBzJA8j5tTGHOqDIw==", "name": "perl-Fcntl", "version": "1.13-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ckYokpjDEx3hfGxpdtbM6A==": { "id": "ckYokpjDEx3hfGxpdtbM6A==", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "binary", "source": { "id": "", "name": "dnf-plugins-core", "version": "4.1.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "clGQ5Kq/RKZZziBln/4BLA==": { "id": "clGQ5Kq/RKZZziBln/4BLA==", "name": "perl-DynaLoader", "version": "1.47-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ct/ndQfSB+G17YP34ufDBA==": { "id": "ct/ndQfSB+G17YP34ufDBA==", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Digest-MD5", "version": "2.58-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dC9CoYt17eaqinGSVCfCxw==": { "id": "dC9CoYt17eaqinGSVCfCxw==", "name": "libattr", "version": "2.5.1-3.el9", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.5.1-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dMY7Qly4vcBOdARECvhzxQ==": { "id": "dMY7Qly4vcBOdARECvhzxQ==", "name": "ncurses-libs", "version": "6.2-8.20210508.el9", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.2-8.20210508.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dStYvdO33sly7EacpHOqeA==": { "id": "dStYvdO33sly7EacpHOqeA==", "name": "rootfiles", "version": "8.1-31.el9", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-31.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dYr9tK7XM6aISNKJAtl5ZQ==": { "id": "dYr9tK7XM6aISNKJAtl5ZQ==", "name": "pcre-utf32", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dnA+092RxSVxmYLtbm4n5w==": { "id": "dnA+092RxSVxmYLtbm4n5w==", "name": "libmount-devel", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dpQG/pUwAqVv1OdQqnvylQ==": { "id": "dpQG/pUwAqVv1OdQqnvylQ==", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dt/eA+h8BqXPeZvbQ4xjlQ==": { "id": "dt/eA+h8BqXPeZvbQ4xjlQ==", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "openssh", "version": "8.7p1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "e7W78NrdwYaVEcBcXhDv5Q==": { "id": "e7W78NrdwYaVEcBcXhDv5Q==", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eEjpOxWkwvzzJN5kkeVUcg==": { "id": "eEjpOxWkwvzzJN5kkeVUcg==", "name": "perl-Encode", "version": "4:3.08-462.el9", "kind": "binary", "source": { "id": "", "name": "perl-Encode", "version": "3.08-462.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eJ5VkZHE2z3KyF5sFEKj8g==": { "id": "eJ5VkZHE2z3KyF5sFEKj8g==", "name": "cmake-filesystem", "version": "3.20.2-7.el9", "kind": "binary", "source": { "id": "", "name": "cmake", "version": "3.20.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eMk3cpR3xfyfnR/IUeON3Q==": { "id": "eMk3cpR3xfyfnR/IUeON3Q==", "name": "command-line-arguments", "version": "(devel)", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "eUjbBBk9e6ukjdxq7Ysc5Q==": { "id": "eUjbBBk9e6ukjdxq7Ysc5Q==", "name": "krb5-libs", "version": "1.19.1-24.el9_1", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.19.1-24.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eckWZv7IBjaLZNS/vZ1gWg==": { "id": "eckWZv7IBjaLZNS/vZ1gWg==", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "binary", "source": { "id": "", "name": "procps-ng", "version": "3.3.17-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ey7Cn3NmMZ6qorZvUccGqA==": { "id": "ey7Cn3NmMZ6qorZvUccGqA==", "name": "nodejs-libs", "version": "1:16.18.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "nodejs", "version": "16.18.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "f2GhXCi0MGW6C5vh1ih8XQ==": { "id": "f2GhXCi0MGW6C5vh1ih8XQ==", "name": "perl-threads", "version": "1:2.25-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads", "version": "2.25-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "fTz/BbdjDg+PD+HvcMlQ3A==": { "id": "fTz/BbdjDg+PD+HvcMlQ3A==", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "go-toolset", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ffBZQco1wXO0fddcwHstSQ==": { "id": "ffBZQco1wXO0fddcwHstSQ==", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "binary", "source": { "id": "", "name": "redhat-rpm-config", "version": "196-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gBWlSWdEA8U1+Ep4A/+M2g==": { "id": "gBWlSWdEA8U1+Ep4A/+M2g==", "name": "perl-Error", "version": "1:0.17029-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Error", "version": "0.17029-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "gJHwCqer7Rl9ijGK6wpg4A==": { "id": "gJHwCqer7Rl9ijGK6wpg4A==", "name": "libICE", "version": "1.0.10-8.el9", "kind": "binary", "source": { "id": "", "name": "libICE", "version": "1.0.10-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gngAZQYf0zy4+w3GwgpLmw==": { "id": "gngAZQYf0zy4+w3GwgpLmw==", "name": "python3-libcomps", "version": "0.1.18-1.el9", "kind": "binary", "source": { "id": "", "name": "libcomps", "version": "0.1.18-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gsdYiUdG+fMtG/M0X1EkAg==": { "id": "gsdYiUdG+fMtG/M0X1EkAg==", "name": "filesystem", "version": "3.16-2.el9", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.16-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hGxLNL3q3tYYzz2uKfKB4A==": { "id": "hGxLNL3q3tYYzz2uKfKB4A==", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.4.9-1.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hHL/OokyETnopazrev0shg==": { "id": "hHL/OokyETnopazrev0shg==", "name": "lua-libs", "version": "5.4.4-2.el9_1", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.4.4-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hKJ3xmpaes4B2vxd2C5M1Q==": { "id": "hKJ3xmpaes4B2vxd2C5M1Q==", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "binary", "source": { "id": "", "name": "ocaml-srpm-macros", "version": "6-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hNv7ol5w6PGaZXktwlRWPg==": { "id": "hNv7ol5w6PGaZXktwlRWPg==", "name": "libblkid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hYEisV19Dxn4PvCvxJFm5A==": { "id": "hYEisV19Dxn4PvCvxJFm5A==", "name": "lz4-libs", "version": "1.9.3-5.el9", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.9.3-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hasHd85qN7fkJeIIqjjDow==": { "id": "hasHd85qN7fkJeIIqjjDow==", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "heXcDkpDDTJ/ac/FHrXYvg==": { "id": "heXcDkpDDTJ/ac/FHrXYvg==", "name": "efi-srpm-macros", "version": "6-2.el9_0", "kind": "binary", "source": { "id": "", "name": "efi-rpm-macros", "version": "6-2.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hgr5TOXgV4U9LXyKt2w6gA==": { "id": "hgr5TOXgV4U9LXyKt2w6gA==", "name": "libffi-devel", "version": "3.4.2-7.el9", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.4.2-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hjikQWtnmVPaWts63wYw4Q==": { "id": "hjikQWtnmVPaWts63wYw4Q==", "name": "passwd", "version": "0.80-12.el9", "kind": "binary", "source": { "id": "", "name": "passwd", "version": "0.80-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hrY/5TRUmBt6d/EoQ9M7aw==": { "id": "hrY/5TRUmBt6d/EoQ9M7aw==", "name": "python3-dateutil", "version": "1:2.8.1-6.el9", "kind": "binary", "source": { "id": "", "name": "python-dateutil", "version": "2.8.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "hvKbzRSMjrg1f3y/PRzGwg==": { "id": "hvKbzRSMjrg1f3y/PRzGwg==", "name": "openssl-devel", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hyds1mrD8GWUXo+lv53Rag==": { "id": "hyds1mrD8GWUXo+lv53Rag==", "name": "findutils", "version": "1:4.8.0-5.el9", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.8.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1yNGcAdCbK2SnebCgMUqQ==": { "id": "i1yNGcAdCbK2SnebCgMUqQ==", "name": "systemd-libs", "version": "250-12.el9_1.3", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "250-12.el9_1.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iBA/JBMmSIEGbBZDQlcuUQ==": { "id": "iBA/JBMmSIEGbBZDQlcuUQ==", "name": "bzip2-devel", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iG10xBRfLLoRP3qlluI7NQ==": { "id": "iG10xBRfLLoRP3qlluI7NQ==", "name": "automake", "version": "1.16.2-6.el9", "kind": "binary", "source": { "id": "", "name": "automake", "version": "1.16.2-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "iMLMqCcRXnm6QslpJnCS7w==": { "id": "iMLMqCcRXnm6QslpJnCS7w==", "name": "cairo", "version": "1.17.4-7.el9", "kind": "binary", "source": { "id": "", "name": "cairo", "version": "1.17.4-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQByZpdRXgW/fl3SoDuoAA==": { "id": "iQByZpdRXgW/fl3SoDuoAA==", "name": "libipt", "version": "2.0.4-5.el9", "kind": "binary", "source": { "id": "", "name": "libipt", "version": "2.0.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iQnKl0+RxymKc9bhVdyuyQ==": { "id": "iQnKl0+RxymKc9bhVdyuyQ==", "name": "perl-B", "version": "1.80-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iTjyL8AL9avw3YnaeFgLEg==": { "id": "iTjyL8AL9avw3YnaeFgLEg==", "name": "gettext", "version": "0.21-7.el9", "kind": "binary", "source": { "id": "", "name": "gettext", "version": "0.21-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "iswhVSntR4QnIsTAyM6ydQ==": { "id": "iswhVSntR4QnIsTAyM6ydQ==", "name": "perl-Pod-Escapes", "version": "1:1.07-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Escapes", "version": "1.07-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ix3lD4/Nn7qLbcpDm0AIhg==": { "id": "ix3lD4/Nn7qLbcpDm0AIhg==", "name": "perl-constant", "version": "1.33-461.el9", "kind": "binary", "source": { "id": "", "name": "perl-constant", "version": "1.33-461.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "j3oHbOmfE09xNAzoTXpcSg==": { "id": "j3oHbOmfE09xNAzoTXpcSg==", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jADxtb7PiatU9dihVhjp/Q==": { "id": "jADxtb7PiatU9dihVhjp/Q==", "name": "elfutils-libelf", "version": "0.187-5.el9", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.187-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jDIVpAdvhjPN/gmOBNQuag==": { "id": "jDIVpAdvhjPN/gmOBNQuag==", "name": "perl-Time-Local", "version": "2:1.300-7.el9", "kind": "binary", "source": { "id": "", "name": "perl-Time-Local", "version": "1.300-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jH43ZEoPP2TpNiUJXUizMw==": { "id": "jH43ZEoPP2TpNiUJXUizMw==", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "binary", "source": { "id": "", "name": "libutempter", "version": "1.2.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jSOT/FBECA7xUY+Zv/Ps+Q==": { "id": "jSOT/FBECA7xUY+Zv/Ps+Q==", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jXo3rXdhdYGkiXYZpQxZ3Q==": { "id": "jXo3rXdhdYGkiXYZpQxZ3Q==", "name": "python3-chardet", "version": "4.0.0-5.el9", "kind": "binary", "source": { "id": "", "name": "python-chardet", "version": "4.0.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kAc8BYCjeCgQR9YdLeGx9w==": { "id": "kAc8BYCjeCgQR9YdLeGx9w==", "name": "python3-urllib3", "version": "1.26.5-3.el9", "kind": "binary", "source": { "id": "", "name": "python-urllib3", "version": "1.26.5-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kDzRHkg3txncDWuyd5771g==": { "id": "kDzRHkg3txncDWuyd5771g==", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kMrprdB/TspYL2Dyt9hBfw==": { "id": "kMrprdB/TspYL2Dyt9hBfw==", "name": "libgomp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kdml4TiffKDDUHJjP7R1Tg==": { "id": "kdml4TiffKDDUHJjP7R1Tg==", "name": "openldap", "version": "2.6.2-3.el9", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.6.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ki6pd/LsWsx2BY6b+Np6dQ==": { "id": "ki6pd/LsWsx2BY6b+Np6dQ==", "name": "cpp", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kigiD4fuysu8/DeCr+ONKQ==": { "id": "kigiD4fuysu8/DeCr+ONKQ==", "name": "basesystem", "version": "11-13.el9", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-13.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ktHjHCegyaFGFLaqVjqkVA==": { "id": "ktHjHCegyaFGFLaqVjqkVA==", "name": "libX11-common", "version": "1.7.0-7.el9", "kind": "binary", "source": { "id": "", "name": "libX11", "version": "1.7.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "kzHnWWgcRX/Do32aQ8TMBQ==": { "id": "kzHnWWgcRX/Do32aQ8TMBQ==", "name": "perl-Git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lITnNJqHTfcVQiCGHjWozA==": { "id": "lITnNJqHTfcVQiCGHjWozA==", "name": "python3-pip-wheel", "version": "21.2.3-6.el9", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "21.2.3-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lwkb5oxxrG7ZgPYzSyvcZQ==": { "id": "lwkb5oxxrG7ZgPYzSyvcZQ==", "name": "libxml2-devel", "version": "2.9.13-3.el9_1", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.13-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lxyER9sFQyH/cLua8fAlfw==": { "id": "lxyER9sFQyH/cLua8fAlfw==", "name": "perl-File-Find", "version": "1.37-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ly9SmBBH7WsYXh1oG69XaQ==": { "id": "ly9SmBBH7WsYXh1oG69XaQ==", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-HTTP-Tiny", "version": "0.076-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "m7hOFCjo7x6PMvux7htFOg==": { "id": "m7hOFCjo7x6PMvux7htFOg==", "name": "cracklib-dicts", "version": "2.9.6-27.el9", "kind": "binary", "source": { "id": "", "name": "cracklib", "version": "2.9.6-27.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mK/FUfODp3MR7WS2xegPsw==": { "id": "mK/FUfODp3MR7WS2xegPsw==", "name": "langpacks-core-en", "version": "3.0-16.el9", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "3.0-16.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mLZQEF4KLS62c+8BB/jz0Q==": { "id": "mLZQEF4KLS62c+8BB/jz0Q==", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "binary", "source": { "id": "", "name": "libxslt", "version": "1.1.34-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLtyJkgiain09bfdUDF0tA==": { "id": "mLtyJkgiain09bfdUDF0tA==", "name": "python3-idna", "version": "2.10-7.el9", "kind": "binary", "source": { "id": "", "name": "python-idna", "version": "2.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "mPqGnMbiXN6jP61aGbHvOA==": { "id": "mPqGnMbiXN6jP61aGbHvOA==", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.2.5-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mRRefE/Wm2s5CZDmwUJ8jg==": { "id": "mRRefE/Wm2s5CZDmwUJ8jg==", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-35.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mS/mU0XqXurt5b2cC0G2wA==": { "id": "mS/mU0XqXurt5b2cC0G2wA==", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "binary", "source": { "id": "", "name": "libXpm", "version": "3.5.13-8.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "me8N6gnEhOLccvD/431aCw==": { "id": "me8N6gnEhOLccvD/431aCw==", "name": "libgcc", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mqd6XOc7hJ7OKe7FI62YlA==": { "id": "mqd6XOc7hJ7OKe7FI62YlA==", "name": "python3-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "53.0.0-10.el9_1.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ms1/Dytf/YQgRgubY3EyyQ==": { "id": "ms1/Dytf/YQgRgubY3EyyQ==", "name": "libsepol-devel", "version": "3.4-1.1.el9", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "3.4-1.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "n2BikwI3Mg2dIr4kYK8New==": { "id": "n2BikwI3Mg2dIr4kYK8New==", "name": "pkgconf-m4", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nC22unSxVi1R4g6taYLM9Q==": { "id": "nC22unSxVi1R4g6taYLM9Q==", "name": "brotli-devel", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nRx5HCyZ2M4L1LvJSclibw==": { "id": "nRx5HCyZ2M4L1LvJSclibw==", "name": "rsync", "version": "3.2.3-18.el9", "kind": "binary", "source": { "id": "", "name": "rsync", "version": "3.2.3-18.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nUBBsXgA+QSl6Tx9eXi6Mw==": { "id": "nUBBsXgA+QSl6Tx9eXi6Mw==", "name": "dbus-common", "version": "1:1.12.20-7.el9_1", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.20-7.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "na4ojyfFHL07xf5Yr8wxsg==": { "id": "na4ojyfFHL07xf5Yr8wxsg==", "name": "libgpg-error-devel", "version": "1.42-5.el9", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.42-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "noZz3cbDBX3Q1ohSWIKe1g==": { "id": "noZz3cbDBX3Q1ohSWIKe1g==", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "binary", "source": { "id": "", "name": "libtiff", "version": "4.4.0-5.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nqniqNEVhrfub8cS+os87A==": { "id": "nqniqNEVhrfub8cS+os87A==", "name": "fonts-srpm-macros", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "nwgNWiqPWTP9jQpHdB8CFA==": { "id": "nwgNWiqPWTP9jQpHdB8CFA==", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o0sNxhdrQvn3LtgSlydcdw==": { "id": "o0sNxhdrQvn3LtgSlydcdw==", "name": "pcre2-devel", "version": "10.40-2.el9", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.40-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o3loazzxvm2hQ5N1QRaYvg==": { "id": "o3loazzxvm2hQ5N1QRaYvg==", "name": "glib2-devel", "version": "2.68.4-5.el9", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.68.4-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oCbJhi6fmGrlKcF1SlNuYw==": { "id": "oCbJhi6fmGrlKcF1SlNuYw==", "name": "git-core", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oGWSEEsLb6ToIwJ1tUBkwg==": { "id": "oGWSEEsLb6ToIwJ1tUBkwg==", "name": "perl-File-Copy", "version": "2.34-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "oK41W21MyjS/j+5BoCQjuA==": { "id": "oK41W21MyjS/j+5BoCQjuA==", "name": "tcl", "version": "1:8.6.10-7.el9", "kind": "binary", "source": { "id": "", "name": "tcl", "version": "8.6.10-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oWKtpTsx1ck3WozLlUNKbw==": { "id": "oWKtpTsx1ck3WozLlUNKbw==", "name": "yum", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "obNuQXzAwE3TzjUoRN1yEw==": { "id": "obNuQXzAwE3TzjUoRN1yEw==", "name": "libbabeltrace", "version": "1.5.8-10.el9", "kind": "binary", "source": { "id": "", "name": "babeltrace", "version": "1.5.8-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "og/hyn7iqbsNsfIv/8VHFg==": { "id": "og/hyn7iqbsNsfIv/8VHFg==", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "binary", "source": { "id": "", "name": "harfbuzz", "version": "2.7.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "om/hnbn42itSjLCSeL6+2A==": { "id": "om/hnbn42itSjLCSeL6+2A==", "name": "freetype", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9BcHmUiqsfiDX2HpNFM5g==": { "id": "p9BcHmUiqsfiDX2HpNFM5g==", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.10.0-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pNbpZqWYymW5Cm1QYLE4uQ==": { "id": "pNbpZqWYymW5Cm1QYLE4uQ==", "name": "device-mapper", "version": "9:1.02.185-3.el9", "kind": "binary", "source": { "id": "", "name": "lvm2", "version": "2.03.16-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pc8TmjOHnExT3yvCQuGR7Q==": { "id": "pc8TmjOHnExT3yvCQuGR7Q==", "name": "tar", "version": "2:1.34-6.el9_1", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.34-6.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pdyD4GFauXtML8NxA7nURQ==": { "id": "pdyD4GFauXtML8NxA7nURQ==", "name": "python3-dnf", "version": "4.12.0-4.el9", "kind": "binary", "source": { "id": "", "name": "dnf", "version": "4.12.0-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "peDze6790+ubKa/8hacS+w==": { "id": "peDze6790+ubKa/8hacS+w==", "name": "stdlib", "version": "1.18.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "semver:0.1.18.9.0.0.0.0.0.0", "cpe": "" }, "pff1wMeg2U6ebqlGIkRlMg==": { "id": "pff1wMeg2U6ebqlGIkRlMg==", "name": "git", "version": "2.31.1-3.el9_1", "kind": "binary", "source": { "id": "", "name": "git", "version": "2.31.1-3.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ptT0YL/h24MTjTTVlPAZVg==": { "id": "ptT0YL/h24MTjTTVlPAZVg==", "name": "freetype-devel", "version": "2.10.4-9.el9", "kind": "binary", "source": { "id": "", "name": "freetype", "version": "2.10.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qIHoKDOcFEbVk0+xQvglbQ==": { "id": "qIHoKDOcFEbVk0+xQvglbQ==", "name": "openssl-libs", "version": "1:3.0.1-47.el9_1", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "3.0.1-47.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qTTyL80F/2JUAy85WSpobg==": { "id": "qTTyL80F/2JUAy85WSpobg==", "name": "coreutils-single", "version": "8.32-32.el9", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.32-32.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qYSZ6aKFWol313IOGRXaug==": { "id": "qYSZ6aKFWol313IOGRXaug==", "name": "json-c", "version": "0.14-11.el9", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.14-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qcLLXOiskeOh3Yk1oA8Pwg==": { "id": "qcLLXOiskeOh3Yk1oA8Pwg==", "name": "kmod-libs", "version": "28-7.el9", "kind": "binary", "source": { "id": "", "name": "kmod", "version": "28-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "qijykJ/WFTcI/fd8/RsFmg==": { "id": "qijykJ/WFTcI/fd8/RsFmg==", "name": "ubi9", "version": "9.1.0-1782", "kind": "binary", "source": { "id": "9AmKs/wDQFsVMVHWnqbu+g==", "name": "ubi9-container", "version": "9.1.0-1782", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:9.1.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rEU0uZUpz06y9hg0ORc49A==": { "id": "rEU0uZUpz06y9hg0ORc49A==", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "binary", "source": { "id": "", "name": "libpwquality", "version": "1.4.4-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rTAf2eiAGJSR1vI+tk12zg==": { "id": "rTAf2eiAGJSR1vI+tk12zg==", "name": "libuuid", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rUUieTQ6JPdOKUOFRfhvNw==": { "id": "rUUieTQ6JPdOKUOFRfhvNw==", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-MIME-Base64", "version": "3.16-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rY/kE/V4JnxYoqV+lmc9mg==": { "id": "rY/kE/V4JnxYoqV+lmc9mg==", "name": "gawk", "version": "5.1.0-6.el9", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "5.1.0-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rYCgRZF9UtO2MybO6TcW0g==": { "id": "rYCgRZF9UtO2MybO6TcW0g==", "name": "nettle", "version": "3.8-3.el9_0", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.8-3.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rZckolqfVnE7xInGZn5Zzw==": { "id": "rZckolqfVnE7xInGZn5Zzw==", "name": "python3-pysocks", "version": "1.7.1-12.el9", "kind": "binary", "source": { "id": "", "name": "python-pysocks", "version": "1.7.1-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rj2k4My0f4W7sR9R0rDeJg==": { "id": "rj2k4My0f4W7sR9R0rDeJg==", "name": "perl-Pod-Usage", "version": "4:2.01-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Usage", "version": "2.01-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "rkUaC636uKZYge61PN1dew==": { "id": "rkUaC636uKZYge61PN1dew==", "name": "perl-POSIX", "version": "1.94-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rlHYqOr0lkUB/Gs6b1kD2g==": { "id": "rlHYqOr0lkUB/Gs6b1kD2g==", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "4.1.0-7.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ryPyL0/oZK1jJ8umBZkZBA==": { "id": "ryPyL0/oZK1jJ8umBZkZBA==", "name": "libjpeg-turbo-devel", "version": "2.0.90-5.el9", "kind": "binary", "source": { "id": "", "name": "libjpeg-turbo", "version": "2.0.90-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "s9qYH9lv+nqFfUwtnSIxEw==": { "id": "s9qYH9lv+nqFfUwtnSIxEw==", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "binary", "source": { "id": "", "name": "ima-evm-utils", "version": "1.4-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sE1EmQ5Nhv4P4rilE6lODw==": { "id": "sE1EmQ5Nhv4P4rilE6lODw==", "name": "lsof", "version": "4.94.0-3.el9", "kind": "binary", "source": { "id": "", "name": "lsof", "version": "4.94.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ssPaV1VLDu6d5ZJ6Rrmh3A==": { "id": "ssPaV1VLDu6d5ZJ6Rrmh3A==", "name": "sed", "version": "4.8-9.el9", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.8-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sukNATkcLkohYgGrhDtrZA==": { "id": "sukNATkcLkohYgGrhDtrZA==", "name": "libxcrypt-devel", "version": "4.4.18-3.el9", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.4.18-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sx0C6L5COHIkv6yQQyPlbw==": { "id": "sx0C6L5COHIkv6yQQyPlbw==", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.10-15.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sy1cTR7VjlyD3WavviV1+g==": { "id": "sy1cTR7VjlyD3WavviV1+g==", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.24.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "szNvvFbgC3+nu7+FkWHQxA==": { "id": "szNvvFbgC3+nu7+FkWHQxA==", "name": "perl-overload", "version": "1.31-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "t51FYLdtFZpGFe/8JMUaTQ==": { "id": "t51FYLdtFZpGFe/8JMUaTQ==", "name": "rhel9/go-toolset", "version": "1.18.9-14", "kind": "binary", "source": { "id": "GXm2fCeoaq1FqYmMTmMmhQ==", "name": "go-toolset-container", "version": "1.18.9-14", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.18.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "tOoZIHzytN01BRAw3es1Yg==": { "id": "tOoZIHzytN01BRAw3es1Yg==", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.8-8.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "tWWw65aFr0Her+B1hlgbqA==": { "id": "tWWw65aFr0Her+B1hlgbqA==", "name": "perl-Pod-Simple", "version": "1:3.42-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-Pod-Simple", "version": "3.42-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "tsX00aIcJlVDdnN8EABj3g==": { "id": "tsX00aIcJlVDdnN8EABj3g==", "name": "perl-Getopt-Std", "version": "1.12-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u+N5u943P15onszlgf+ujA==": { "id": "u+N5u943P15onszlgf+ujA==", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.67.0-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u5TyEoU5GA6Z2czzwhMLiA==": { "id": "u5TyEoU5GA6Z2czzwhMLiA==", "name": "fonts-filesystem", "version": "1:2.0.5-7.el9.1", "kind": "binary", "source": { "id": "", "name": "fonts-rpm-macros", "version": "2.0.5-7.el9.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "u95OKK2MhRQlEYI4tmvSVQ==": { "id": "u95OKK2MhRQlEYI4tmvSVQ==", "name": "util-linux-core", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uCyCeArpCxiSoV6DjC80ng==": { "id": "uCyCeArpCxiSoV6DjC80ng==", "name": "pcre-devel", "version": "8.44-3.el9.3", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.44-3.el9.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uOrv4V08LjQ381I5J7cGpw==": { "id": "uOrv4V08LjQ381I5J7cGpw==", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.68.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uSt8DkzxoDcE1tRbyYPDOg==": { "id": "uSt8DkzxoDcE1tRbyYPDOg==", "name": "alternatives", "version": "1.20-2.el9", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.20-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uWyEe6UPxO05NNzNabxBgA==": { "id": "uWyEe6UPxO05NNzNabxBgA==", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2022g-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "uXpj8krYkomg5XDZ83F2kg==": { "id": "uXpj8krYkomg5XDZ83F2kg==", "name": "perl-libs", "version": "4:5.32.1-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uwkXfq5VvKEldZwWOwGq4w==": { "id": "uwkXfq5VvKEldZwWOwGq4w==", "name": "gmp", "version": "1:6.2.0-10.el9", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.2.0-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v5fMEqf0GRz+BrBqAji9dQ==": { "id": "v5fMEqf0GRz+BrBqAji9dQ==", "name": "libzstd", "version": "1.5.1-2.el9", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.5.1-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v6X9Dt1wPw8fK6VaHz1Ffw==": { "id": "v6X9Dt1wPw8fK6VaHz1Ffw==", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-threads-shared", "version": "1.61-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vSRLH3asu5knZtxqOxtnwQ==": { "id": "vSRLH3asu5knZtxqOxtnwQ==", "name": "brotli", "version": "1.0.9-6.el9", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.9-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vVZXXrZNgHNmTJM7knKqAQ==": { "id": "vVZXXrZNgHNmTJM7knKqAQ==", "name": "libfdisk", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vaBZgtoGX6VZtIwrD9w+EQ==": { "id": "vaBZgtoGX6VZtIwrD9w+EQ==", "name": "libdnf-plugin-subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "binary", "source": { "id": "", "name": "subscription-manager", "version": "1.29.30.1-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "vcbNsnPegQ9DMvL/4z83AA==": { "id": "vcbNsnPegQ9DMvL/4z83AA==", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "binary", "source": { "id": "", "name": "perl-IO-Socket-SSL", "version": "2.073-1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "vtNcuXyRth8r8K/W3sfqrQ==": { "id": "vtNcuXyRth8r8K/W3sfqrQ==", "name": "libpng-devel", "version": "2:1.6.37-12.el9", "kind": "binary", "source": { "id": "", "name": "libpng", "version": "1.6.37-12.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "w2DoavvB02S/+BS01jQqJw==": { "id": "w2DoavvB02S/+BS01jQqJw==", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "binary", "source": { "id": "", "name": "openblas-srpm-macros", "version": "2-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wVOHUaFC3qlk+Ft1W2VH7A==": { "id": "wVOHUaFC3qlk+Ft1W2VH7A==", "name": "python3-gobject-base-noarch", "version": "3.40.1-6.el9", "kind": "binary", "source": { "id": "", "name": "pygobject3", "version": "3.40.1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wXu3MDegq/TfLSbBy6aoBQ==": { "id": "wXu3MDegq/TfLSbBy6aoBQ==", "name": "gcc-c++", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wdMozBSF06uhI4HOI003SQ==": { "id": "wdMozBSF06uhI4HOI003SQ==", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Term-Cap", "version": "1.17-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wsc0mBnyNwrXYdpo0V+0aw==": { "id": "wsc0mBnyNwrXYdpo0V+0aw==", "name": "perl-FileHandle", "version": "2.03-479.el9", "kind": "binary", "source": { "id": "", "name": "perl", "version": "5.32.1-479.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wusWpHXirQF8KfxliQcLkQ==": { "id": "wusWpHXirQF8KfxliQcLkQ==", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "binary", "source": { "id": "", "name": "kernel-srpm-macros", "version": "1.0-11.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wvtx3JsOUmPyorardjeYSQ==": { "id": "wvtx3JsOUmPyorardjeYSQ==", "name": "fontconfig-devel", "version": "2.14.0-2.el9_1", "kind": "binary", "source": { "id": "", "name": "fontconfig", "version": "2.14.0-2.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "x4oijVhQU8BUwJwoFvk4QA==": { "id": "x4oijVhQU8BUwJwoFvk4QA==", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-2.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xC2PhiBOHiQbniVjaMltjw==": { "id": "xC2PhiBOHiQbniVjaMltjw==", "name": "libpkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xGsFnJNA7f9q/+8cz1QFqg==": { "id": "xGsFnJNA7f9q/+8cz1QFqg==", "name": "lua-srpm-macros", "version": "1-6.el9", "kind": "binary", "source": { "id": "", "name": "lua-rpm-macros", "version": "1-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xSR/sMJIXbuFPYhZS2ZN2Q==": { "id": "xSR/sMJIXbuFPYhZS2ZN2Q==", "name": "gcc-plugin-annobin", "version": "11.3.1-2.1.el9", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "11.3.1-2.1.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xVpXFb43dZh4HfBX53yyew==": { "id": "xVpXFb43dZh4HfBX53yyew==", "name": "python3-iniparse", "version": "0.4-45.el9", "kind": "binary", "source": { "id": "", "name": "python-iniparse", "version": "0.4-45.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xdunfqVk+0spTcWoJA7wPw==": { "id": "xdunfqVk+0spTcWoJA7wPw==", "name": "libnghttp2", "version": "1.43.0-5.el9", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.43.0-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xfiNHrth0bRlTgQnR3IgUw==": { "id": "xfiNHrth0bRlTgQnR3IgUw==", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.21.1-5.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xgCGPQ7CZbjJqBTw2Nmu9w==": { "id": "xgCGPQ7CZbjJqBTw2Nmu9w==", "name": "groff-base", "version": "1.22.4-10.el9", "kind": "binary", "source": { "id": "", "name": "groff", "version": "1.22.4-10.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xnmn6fk+/THLJg3emXYMww==": { "id": "xnmn6fk+/THLJg3emXYMww==", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "binary", "source": { "id": "", "name": "perl-libnet", "version": "3.13-4.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "y9sflCLWTaHWSSC+w8u7bQ==": { "id": "y9sflCLWTaHWSSC+w8u7bQ==", "name": "xz-devel", "version": "5.2.5-8.el9_0", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.5-8.el9_0", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yLdg/zIMr1LMvkW9tAZlGw==": { "id": "yLdg/zIMr1LMvkW9tAZlGw==", "name": "rpm-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yRjjypPMZa7QJg+DLoMumw==": { "id": "yRjjypPMZa7QJg+DLoMumw==", "name": "s2i-base-container", "version": "1-421", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.0.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "yXx0rhfj7kyXaTrxOLQSfA==": { "id": "yXx0rhfj7kyXaTrxOLQSfA==", "name": "libsmartcols", "version": "2.37.4-9.el9", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.37.4-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yY469KfvqdHWbJwmOcIU1Q==": { "id": "yY469KfvqdHWbJwmOcIU1Q==", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "binary", "source": { "id": "", "name": "perl-Carp", "version": "1.50-460.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "ycSS8xsUDu5nMwsql04xfQ==": { "id": "ycSS8xsUDu5nMwsql04xfQ==", "name": "gd", "version": "2.3.2-3.el9", "kind": "binary", "source": { "id": "", "name": "gd", "version": "2.3.2-3.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "z/d/zUXK6aF2L4H7dfeSZw==": { "id": "z/d/zUXK6aF2L4H7dfeSZw==", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "binary", "source": { "id": "", "name": "pkgconf", "version": "1.7.3-9.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zLbmCpiDy68qsFvtKNzmgQ==": { "id": "zLbmCpiDy68qsFvtKNzmgQ==", "name": "xml-common", "version": "0.6.3-58.el9", "kind": "binary", "source": { "id": "", "name": "sgml-common", "version": "0.6.3-58.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zPYyryKVwACz98/WbfSW6w==": { "id": "zPYyryKVwACz98/WbfSW6w==", "name": "rpm-sign-libs", "version": "4.16.1.3-19.el9_1", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.16.1.3-19.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zpqzIc9TY4hiXJG024jdBQ==": { "id": "zpqzIc9TY4hiXJG024jdBQ==", "name": "golang-src", "version": "1.18.9-1.el9_1", "kind": "binary", "source": { "id": "", "name": "golang", "version": "1.18.9-1.el9_1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "zxuLMmxubC84XoLpkfxZ3w==": { "id": "zxuLMmxubC84XoLpkfxZ3w==", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "binary", "source": { "id": "", "name": "perl-Mozilla-CA", "version": "20200520-6.el9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" } }, "distributions": { "8fc41c58-ca99-44e8-aaa9-d109e69a3947": { "id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "9", "version_code_name": "", "version_id": "9", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 9" } }, "repository": { "07c6d587-db01-4d19-be02-418729be5c28": { "id": "07c6d587-db01-4d19-be02-418729be5c28", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "0fde6250-ea54-42c3-b274-3048eef68be6": { "id": "0fde6250-ea54-42c3-b274-3048eef68be6", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "1d931aee-6c61-4c5f-91e2-953875606e17": { "id": "1d931aee-6c61-4c5f-91e2-953875606e17", "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "298154c8-d2ff-45e3-a866-bb704a567c6c": { "id": "298154c8-d2ff-45e3-a866-bb704a567c6c", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "4c17d9c6-a2f9-4605-a2c4-004edd8c2157": { "id": "4c17d9c6-a2f9-4605-a2c4-004edd8c2157", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "a84507cf-d767-4aac-8348-67a0b1572854": { "id": "a84507cf-d767-4aac-8348-67a0b1572854", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "a907f616-75e6-48b9-a430-28a9226f4f5f": { "id": "a907f616-75e6-48b9-a430-28a9226f4f5f", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "daeb1305-fb8b-45e6-9438-1fd3cd207364": { "id": "daeb1305-fb8b-45e6-9438-1fd3cd207364", "name": "cpe:/a:redhat:enterprise_linux:9::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "e7b64797-1e71-4d2b-aaa4-b134707fecc6": { "id": "e7b64797-1e71-4d2b-aaa4-b134707fecc6", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4": { "id": "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "name": "cpe:/o:redhat:enterprise_linux:9::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" } }, "environments": { "++K+RsmgWfVk2mj1+hzWKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+8O7w8gnK983LoZMdgIWhQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+A7/nzEXX3Q/xJZ50VMnlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+B22ALb6YCnXu+3s6afaLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+LQ46YAn9giMKDZRMCUpfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+jCn1wujuDa5B1uNvCdVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "+yIdH2Pb8SGFuXnry3uK/A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/FMjm+UzO0PTaS3Td0lhkw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/L1kFEoHZTukrNTCQLypFQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "/dbWc/LExxt1O7duWFf9og==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "/t0e+LuglIbDcO/k67Hr2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "/th8aUKrkgR3Sw9KSBM+CA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "09fH92fqoWDOaYEpwQ9p2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "0N0D43vK8KV4kQOq2LQn7g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "0QIby1L00NbGeIw8oxRQWQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "0Yvc2+M8FAry625wuL4S5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "0wIoN0pFyBSc9eVtRdIOWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "13/XvLtRK2RDQlcsZc1BtQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "13i0QoQ6Q4yBI5RUf20lXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1T7WJ83NrIa0U7DlD1BR4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1XXuvf69/0I2dNHaU2UndQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1dO83wB64hDLki3A4eA/Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1h9uHE0QiXBO/zpJrT0VjA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "1iUaGpv40BOJQUks5I0iYg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "1m9sKqHTfU4F/K4fidg9cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "2REYKadw7TKFiuC+OnoHmA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "2fg1ZRYCSPKKOgCxCcA36w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "2w8qE/d9mqIY/9+1qBBrPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3688bXyK/nwHthXLLVH24g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3DTA/XNFCCDFf6sfX96bGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "3RQKCmep11B4hkfn96QJTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "3iIPR0bjuCPQ2+48pSdeHg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4Aph2Qer6+KdCecFsU0TXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "4DM2GB9KLL7/xWypPdz7vA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4ImdKzJ7uZoaviIayzuoUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "4Kw/w2gH7CYCOCv19cdYYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "582nBqlxZXz0sTRmkFvU4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5EpVrCQ4OYKiPYYEOuUcmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5JeNH+bHiuiK9wwBZqH10A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "5NZNFErDrBiBoorV+igTjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5mmSudfrCeEmVSPweWmcVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "5oq4jjwqdEJHokHmXZ7fFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "5uy1J7qi/MafOdYJgaQeGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "60b1mOIk+ncF/benyKWfug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "68hxwX7t9VVTsdLs/0iJBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "695zXUDPsaaAbh1PGloHag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "6AYt+NWt55432RGa/HxiQg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6COiLlB/V7UlOwfuFJy77w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "6G1ytjIPgX0NNsVwuPQKkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6G4wapu2zP6UYfTP+Ip2pA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6HUC1/dPziZpbtWEymw0nQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6LVRZKaAJH97OKCXsJMDDw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6MFxZDjn6ZxVQspQib4VSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6RxnMs+9yIqzJpLgR7I3zA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6VAQWTpZhN9PW7YCmVhxsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "6camihNRcGvFSo3XinEWFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "6f28+Af9kIn0OSp9f9j14Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "74+EW3adzZwX9DbUU0vOdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "7JHS+mBQfJeJoy73lvm4lw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7Lf3UXydabzw8g7HGZER+w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "7yB5oIQve4tWIMlUmHbdQQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "84WodsWNE9m9GIrBiKl02g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "88jYB91M4ddvxo2XjMJKmQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Gh2hioTt5BFisg9eNKeEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8I3zEJ4sFSgk47ZaRLgtDQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Ky53YwzOPM2pkEIVuuuBg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8gpmX0NZa9MMhcqi6FUGtg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "8tmJEWGia0UWhhPJb3EyAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "9AmKs/wDQFsVMVHWnqbu+g==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "9Fy0bRr3ZMu3q8UNrhlOSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "9HjCH3SeUwgItfYZysNlOw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "9WzsXAqqRoLidXM4HaB8/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "9bMXqD09C2r4s8P+HNy2uw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "9hWn3VgLVkzmMJln7S0UCQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "9sAM/NqMLlsG3N88/yD1Vg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ACNA1cjsRpihwLsZYxMiYQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "AOquy/6bQ9axg0KRp6hMjg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ARxZCHzD7KB2Pu4aHl7POw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AZwLZmqkel2BzSMgQsIVGQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AbW1lRpGUjSEKNnr/Toz6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "AdRs6lk9yzTM3HvjeEThKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AnHvlYoTKSxzg0JMVMiJkg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "BQhiFmX4hLYteW4oRCLTSA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "BX+oelClu2v6UOl6tluOEQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "C3QbGupU53FFTX0pkfNLrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "C7VGVckK0YZj4RiVmStEsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "CXRheoFIylTt2C0ZN4qu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "CjFzfz4zBZj7fcwIrVHCRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "CpC5etTxiNuDvBGQesJNDg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Ct/46Ed7Asmqt98kLc0FLw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Cwut2mrMMUaIvKenvO1qWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "D/XNnExpupd1bO9ZIJIE9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "D0GGDit/UxegO+/A5R03SA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "DGqCqs+yrHvXs9qsPgn58g==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:3161d5266a57069ab3c35244925c1e1f9a01a91427008eb5de6bae1f091900a4", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "DK0d2bPQCX0xz6Lec7u1cg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "DMchAI2VcGSa4n8bdw5YkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "DSiKsVzdOYp1aJo/8T0A5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "DrLq8qfU1bfE8o8AfdvkrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "E7ikPxWehuEw+6yIZODYlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "ED0/IlCpWWQwBBKR2YT9sw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "EEcEMKhGMvXAfnMhboIpqw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "EgjLGZKjPtqIaFVLlFAAPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "EuqqL3yIFMd5VRAfuufJgg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Exv8+xTp+7Y4AfuM+ph47Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FEF27h+V5TzrUeQsFddapA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FFSNe661VBElA1asGZ7k3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FKD/ouYSWOOZHy4i43SaxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FMrR4PbDeEhmMEh2juuVnw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "FW8ByCOP6ljvNWDQolahwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "FaNO6QWs1mWPp40PrBiBUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Fy3bplraTnRnJlV5RewauA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "G1YDEd7+V95Qa+PMxB8sJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "G61ZL2SOHR2qgvQfi118gw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "GIScmMWQrnoFNoEgq3fg2w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "GSkR2SOuqWQN8NtOvU4cgw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "GVmxmNcJqT3ovg+RwjJg1A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "GXm2fCeoaq1FqYmMTmMmhQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "H+zLNGeS4JMpmfP42mEhnA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "H3zfV58LzeEUiNQbZbZb2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "HbglDdnV9yne0i8jQL30HA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "I16VSEydeiRYB1TSf5694A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IDaB7M+//88qbPppM+LpUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IN2DA8X4LYRmUb07gLqapg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "IOb5jo+s7DgjzeK/LoVNig==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "J0HrVYoM3raELvTfJ82QMA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "JHQdC8JdSGipvO0sCig0cQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JI92axWONkD2XCTUAeCtuQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "JKP7JzVg7UGaAz4VrH03lQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JaDqP2PIekJ4FuDfyPDUKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "JrBk+FMgyv4RrG6esVBCIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "K04omiWBsTnRCbFVZLmRKw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "K5U87AYLwYDq48YpniD72A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KF5C+zKu/uFB7knCqOvDAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KH0/KbRUi7KL6UvWa8i6Pg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KSobT+LH4PXsCiP04HOhbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "KcftiMkhTw4x89HNJI8NNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "KlSRCTMecbL63Kg+FZjUdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "KyRw1LumZrRo6AKKkHgP7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "L1wl5gEz2lzyNJbirzPmpQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "L2RUW2Fm5EOgoqwyitY3bg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "L4diUjusARli24fy/u9lAw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LD9yEwGtdZJl2S96EO58PQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LDIMlzOywHz1+CG5FwjKdQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LEyuwSco7tb1WIyWy42H8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LR+S3JloJQ5YEViBpmcLkA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "LZYaKh1MnXoGX4fHzghRTQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Leh3RdsGa1oyRcl5Dz4SdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "LjtOegR/S/Y0KwJeOuSl/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Lm5zHfIH4SjtxMBhECD0OQ==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-core-1-394", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "Lwqn0aweLQLZmo12VvYcog==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "M2qdPAOOvb+CWXJwouP4Rw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MDH8Zt4oQWDiYk9qFV5Lbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MJmw8vClC4VAn/J4MfhK2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MORX6hW9ZLZCt/52w71zTg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MXR26wvfFq4/JiRamdOfsA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Ma5Vpx57SAZOCC5w2EPQYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "MdGkZ055CI+TZYqVm7FIPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Mp61fGpK3II0W8dIQgk3hA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "MvJE7slPeyMPjzl+J8UH7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "MxYp6jmrNGPG4EUMxgtsIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "N4dB55YYjGYeXRj+vLBatg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "N9SQ1VZ/1zaqG0gdsMW91g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "NQAINik1AG7Zn8OB8pLDpA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Nak/NGhCYVubG4CsEbHhug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "NdCY2/S+syamLH224R4hug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "O2SZ5NZewmkamADtmBGMpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OLwWa8SuQNJHUBFuTxkKKA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OgwdUybWl/HQYbnPTE4Psw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "OkY4XBjh2jDTkYhGjNkrUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "On+NX4Yr+KIGVwagqPDWcQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "OvOSK0YS4U6j2gyFBATNXg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "PHkBez1UE90U9LJepncOKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Pstkjkz7Io1S30t7a9lp4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Q+exKQZH61PI/8YfpN472w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "QCZyKHG3XZk9MlIs9ZFBuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "QcnepR4WKBdAhWdMUPrAWA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "QwKK6TG/JtcCly9jntVf+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "R9sC7SuM6vJmJZYq/bMHWw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RgUn0rRy/i742s4qQGGoNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "RhNJQyxUHoA1z70UtgAC4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RjsHhFfoWvmQBIu8lxYZjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "RnnkgzrsHA8d297AfaWbPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Rx4ZYvIz7JT5wbghBsjOTA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SRyGVMCI95+oD0l3+3YStw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SSFXEK4vNCR4s9ImWtXtgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SSnnOPGZCl33DlmR57wC7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "SV9uo4F9Li9vAHBKYcAlZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "SZllfeGD2yJm0VL0H7onLg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "SdI1Am/qHph5dG2ZoOeUIQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "TANtf1h6RhI5yVQQhHFTbg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TPIRq84Pr3a6ywzPeCr3Pw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Tl6ebomp9GQLN9svWzKp+w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "To0NR+oyXDu1CYJfmVGurQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Tob5YtKxleVTQzw2GCmwGg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "TzT9ayOh2hZShfYtipxZEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "U0P0dNPn1iUcw6b33AAKUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Ud9PNLLJ6v7hTpAYdO825w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Uui1iXuECCOB7NgLQMsJpg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "UyCrdfN88WUEEECLCIw93w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "V/3oHP6E5IRlfgZZHK72RA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VDWxBVhhJMCCBIlvmorheA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "VFldiAD+rTFuce+kutFUuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VKbklzwNVEem7m1iQRERDg==": [ { "package_db": "go:usr/bin/dlv", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "VLOqRGIR4aQvFfvVrpLyIg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "VV2Z1ngTs6sGvt5SrayPCg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "VhjrPOGZ9XGEFgLnQWc+KQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "W+js148eF9SSUbrTSIRvOQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "W4amAY83CsyR7zQ0GM7zsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WIBkwuKReD+vnev0WY88mA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WM43f6rBXkL3dY9fUi8CGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WN9YKonIBKVWuMNAg76vrA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WXfnWfq5UvDl4B0hS+0enw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WgTBt6b85L1bF7WXV5bQRA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WifWl02dLM2pp5urxOSuNg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "WuHt6bav9qTQn9+qCLLu3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XD0JiZBKTweysL9d3sIzpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XMI2bnJZdxdcHnKc3zgCUA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XMPq7+46c92RSax5sZ9PZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XPJI1FEhwhWF1vzFJI8S6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XVUHqTgxrtHVNbQOLA/oQA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XX1gx35T8rMzed7p4qESdA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XliA1VgMzM5VjjSZdnmlQw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "XmQjRyagIacphhV3vVNJUg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "XwbkaIGCYyq6BjBMVZ1wzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "Y2WVn7YbALZNiKrMVF83bA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "Y35yrxWjtTUkUbNtS9+p6g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "YRfO+WACNVQDTEO1DaRoPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ZEh/5caJmj5WMgoK5/jyfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ZX4vKkXsoMfQ2HH9oPb0TA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "Znd6oNA8HDVHwd3abR/PEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "aW0vfCmvp3ku6dMkvaoZGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ao0mLJHwgqEhua26lzg6gQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "arzS3GnLPLKzM8xRPFnUzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ax5YZqtoTsGSLh5YAOUDAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "b/fX+2E3Kw/VrXP3Viej5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bEsPytE/ZdCMbfuAgQc9AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "bFvWffGqJWr7FWnI7K9NVw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bQK0gSM91Pq8oi5kJ9072Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "bbOmNWQZu2GtbHRNTT5LbA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "byfHs8LLvbAc+YzK8+QmXA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "c+W6x4Mcea6sasJQFpayfg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "c6MW06Rtj8J56gSpVtmC/w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cPPALpm8EZ1p7Fe1on0nPQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "caF9WsICRhpk2jJBTv5OsQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "cj0M8yBzJA8j5tTGHOqDIw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ckYokpjDEx3hfGxpdtbM6A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "clGQ5Kq/RKZZziBln/4BLA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ct/ndQfSB+G17YP34ufDBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dC9CoYt17eaqinGSVCfCxw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dMY7Qly4vcBOdARECvhzxQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dStYvdO33sly7EacpHOqeA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dYr9tK7XM6aISNKJAtl5ZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dnA+092RxSVxmYLtbm4n5w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "dpQG/pUwAqVv1OdQqnvylQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "e7W78NrdwYaVEcBcXhDv5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "eEjpOxWkwvzzJN5kkeVUcg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "eMk3cpR3xfyfnR/IUeON3Q==": [ { "package_db": "go:usr/lib/golang/pkg/tool/linux_amd64/vet", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "eckWZv7IBjaLZNS/vZ1gWg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "ey7Cn3NmMZ6qorZvUccGqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "f2GhXCi0MGW6C5vh1ih8XQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "ffBZQco1wXO0fddcwHstSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gBWlSWdEA8U1+Ep4A/+M2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gJHwCqer7Rl9ijGK6wpg4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "gngAZQYf0zy4+w3GwgpLmw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "gsdYiUdG+fMtG/M0X1EkAg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hGxLNL3q3tYYzz2uKfKB4A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hHL/OokyETnopazrev0shg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hKJ3xmpaes4B2vxd2C5M1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hNv7ol5w6PGaZXktwlRWPg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hYEisV19Dxn4PvCvxJFm5A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hasHd85qN7fkJeIIqjjDow==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "heXcDkpDDTJ/ac/FHrXYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hgr5TOXgV4U9LXyKt2w6gA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hjikQWtnmVPaWts63wYw4Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hrY/5TRUmBt6d/EoQ9M7aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "hvKbzRSMjrg1f3y/PRzGwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "hyds1mrD8GWUXo+lv53Rag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "i1yNGcAdCbK2SnebCgMUqQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iG10xBRfLLoRP3qlluI7NQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iMLMqCcRXnm6QslpJnCS7w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iQByZpdRXgW/fl3SoDuoAA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iQnKl0+RxymKc9bhVdyuyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "iTjyL8AL9avw3YnaeFgLEg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "iswhVSntR4QnIsTAyM6ydQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ix3lD4/Nn7qLbcpDm0AIhg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "j3oHbOmfE09xNAzoTXpcSg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jADxtb7PiatU9dihVhjp/Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jDIVpAdvhjPN/gmOBNQuag==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "jH43ZEoPP2TpNiUJXUizMw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "jXo3rXdhdYGkiXYZpQxZ3Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kAc8BYCjeCgQR9YdLeGx9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kDzRHkg3txncDWuyd5771g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kMrprdB/TspYL2Dyt9hBfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "kdml4TiffKDDUHJjP7R1Tg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kigiD4fuysu8/DeCr+ONKQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ktHjHCegyaFGFLaqVjqkVA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "lITnNJqHTfcVQiCGHjWozA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "lxyER9sFQyH/cLua8fAlfw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ly9SmBBH7WsYXh1oG69XaQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "m7hOFCjo7x6PMvux7htFOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mK/FUfODp3MR7WS2xegPsw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mLZQEF4KLS62c+8BB/jz0Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "mLtyJkgiain09bfdUDF0tA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mPqGnMbiXN6jP61aGbHvOA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mRRefE/Wm2s5CZDmwUJ8jg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mS/mU0XqXurt5b2cC0G2wA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "me8N6gnEhOLccvD/431aCw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "mqd6XOc7hJ7OKe7FI62YlA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ms1/Dytf/YQgRgubY3EyyQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "n2BikwI3Mg2dIr4kYK8New==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nC22unSxVi1R4g6taYLM9Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nRx5HCyZ2M4L1LvJSclibw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "na4ojyfFHL07xf5Yr8wxsg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "noZz3cbDBX3Q1ohSWIKe1g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nqniqNEVhrfub8cS+os87A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "nwgNWiqPWTP9jQpHdB8CFA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "o0sNxhdrQvn3LtgSlydcdw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "o3loazzxvm2hQ5N1QRaYvg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oCbJhi6fmGrlKcF1SlNuYw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "oK41W21MyjS/j+5BoCQjuA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "oWKtpTsx1ck3WozLlUNKbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "obNuQXzAwE3TzjUoRN1yEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "og/hyn7iqbsNsfIv/8VHFg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "om/hnbn42itSjLCSeL6+2A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "p9BcHmUiqsfiDX2HpNFM5g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pNbpZqWYymW5Cm1QYLE4uQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pc8TmjOHnExT3yvCQuGR7Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "pdyD4GFauXtML8NxA7nURQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "peDze6790+ubKa/8hacS+w==": [ { "package_db": "go:opt/app-root/src/main", "introduced_in": "sha256:3161d5266a57069ab3c35244925c1e1f9a01a91427008eb5de6bae1f091900a4", "distribution_id": "", "repository_ids": [ "1d931aee-6c61-4c5f-91e2-953875606e17" ] } ], "pff1wMeg2U6ebqlGIkRlMg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ptT0YL/h24MTjTTVlPAZVg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "qIHoKDOcFEbVk0+xQvglbQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qTTyL80F/2JUAy85WSpobg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qYSZ6aKFWol313IOGRXaug==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qcLLXOiskeOh3Yk1oA8Pwg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "qijykJ/WFTcI/fd8/RsFmg==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-9.1.0-1782", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "rEU0uZUpz06y9hg0ORc49A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rTAf2eiAGJSR1vI+tk12zg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rUUieTQ6JPdOKUOFRfhvNw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rY/kE/V4JnxYoqV+lmc9mg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rYCgRZF9UtO2MybO6TcW0g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rZckolqfVnE7xInGZn5Zzw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "rj2k4My0f4W7sR9R0rDeJg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rkUaC636uKZYge61PN1dew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "rlHYqOr0lkUB/Gs6b1kD2g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "ryPyL0/oZK1jJ8umBZkZBA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "s9qYH9lv+nqFfUwtnSIxEw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sE1EmQ5Nhv4P4rilE6lODw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ssPaV1VLDu6d5ZJ6Rrmh3A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sukNATkcLkohYgGrhDtrZA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "sx0C6L5COHIkv6yQQyPlbw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "sy1cTR7VjlyD3WavviV1+g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "szNvvFbgC3+nu7+FkWHQxA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "t51FYLdtFZpGFe/8JMUaTQ==": [ { "package_db": "root/buildinfo/Dockerfile-rhel9-go-toolset-1.18.9-14", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "tOoZIHzytN01BRAw3es1Yg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "tWWw65aFr0Her+B1hlgbqA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "tsX00aIcJlVDdnN8EABj3g==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "u+N5u943P15onszlgf+ujA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "u5TyEoU5GA6Z2czzwhMLiA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "u95OKK2MhRQlEYI4tmvSVQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uCyCeArpCxiSoV6DjC80ng==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "uOrv4V08LjQ381I5J7cGpw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uSt8DkzxoDcE1tRbyYPDOg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uWyEe6UPxO05NNzNabxBgA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "uXpj8krYkomg5XDZ83F2kg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "uwkXfq5VvKEldZwWOwGq4w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "v5fMEqf0GRz+BrBqAji9dQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "v6X9Dt1wPw8fK6VaHz1Ffw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vSRLH3asu5knZtxqOxtnwQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vVZXXrZNgHNmTJM7knKqAQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "vcbNsnPegQ9DMvL/4z83AA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "vtNcuXyRth8r8K/W3sfqrQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "w2DoavvB02S/+BS01jQqJw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wVOHUaFC3qlk+Ft1W2VH7A==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "wXu3MDegq/TfLSbBy6aoBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wdMozBSF06uhI4HOI003SQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wsc0mBnyNwrXYdpo0V+0aw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wusWpHXirQF8KfxliQcLkQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "wvtx3JsOUmPyorardjeYSQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "x4oijVhQU8BUwJwoFvk4QA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xC2PhiBOHiQbniVjaMltjw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xGsFnJNA7f9q/+8cz1QFqg==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xVpXFb43dZh4HfBX53yyew==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xdunfqVk+0spTcWoJA7wPw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "xfiNHrth0bRlTgQnR3IgUw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "xgCGPQ7CZbjJqBTw2Nmu9w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:43f725c0c0584b7187ac624f5d464f94585c82f5765ee35dd40fb83301eb6975", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "0fde6250-ea54-42c3-b274-3048eef68be6", "4c17d9c6-a2f9-4605-a2c4-004edd8c2157" ] } ], "xnmn6fk+/THLJg3emXYMww==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "y9sflCLWTaHWSSC+w8u7bQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "yLdg/zIMr1LMvkW9tAZlGw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "yRjjypPMZa7QJg+DLoMumw==": [ { "package_db": "root/buildinfo/Dockerfile-ubi9-s2i-base-1-421", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": [ "07c6d587-db01-4d19-be02-418729be5c28", "07c6d587-db01-4d19-be02-418729be5c28" ] } ], "yXx0rhfj7kyXaTrxOLQSfA==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "yY469KfvqdHWbJwmOcIU1Q==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "ycSS8xsUDu5nMwsql04xfQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "z/d/zUXK6aF2L4H7dfeSZw==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "zLbmCpiDy68qsFvtKNzmgQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ], "zPYyryKVwACz98/WbfSW6w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1d5eadfc16157a6fe1c21b525fd2b7ab40e4f15e2ee26fe0e9f709462eef0991", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "298154c8-d2ff-45e3-a866-bb704a567c6c", "a84507cf-d767-4aac-8348-67a0b1572854" ] } ], "zpqzIc9TY4hiXJG024jdBQ==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:5b119ac89323ec097c7215e35382ea1fd0022c840f7d2cd961b7f82297a4e670", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "a907f616-75e6-48b9-a430-28a9226f4f5f", "e7b64797-1e71-4d2b-aaa4-b134707fecc6" ] } ], "zxuLMmxubC84XoLpkfxZ3w==": [ { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "", "repository_ids": null }, { "package_db": "sqlite:var/lib/rpm", "introduced_in": "sha256:1754837f59411a4a3799161f6ba5c0122f70e25f84abc295e1c46637c602b581", "distribution_id": "8fc41c58-ca99-44e8-aaa9-d109e69a3947", "repository_ids": [ "ff9ff7c8-d46d-4aa4-93a6-25c9cf55a2b4", "daeb1305-fb8b-45e6-9438-1fd3cd207364" ] } ] }, "vulnerabilities": { "++J1c+9mFiyHFShlJEQFeA==": { "id": "++J1c+9mFiyHFShlJEQFeA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "+0Id+AHw3V8pYW+ywWnP+g==": { "id": "+0Id+AHw3V8pYW+ywWnP+g==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "+0pi5+jw8FdwHp5pZIVTBg==": { "id": "+0pi5+jw8FdwHp5pZIVTBg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:6746", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_3.1", "arch_op": "pattern match" }, "+1zjTJXhgIQ5uwrI0Po3UA==": { "id": "+1zjTJXhgIQ5uwrI0Po3UA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "+63s7h05SP1xmH1EyLoL/Q==": { "id": "+63s7h05SP1xmH1EyLoL/Q==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "+DDOZxWQYsdNCtZZs4LB2w==": { "id": "+DDOZxWQYsdNCtZZs4LB2w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "+Hel9A1WiSK+ZclItesXnQ==": { "id": "+Hel9A1WiSK+ZclItesXnQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "+PjI2yN4wCMPyf1oygeT5Q==": { "id": "+PjI2yN4wCMPyf1oygeT5Q==", "updater": "rhel-vex", "name": "CVE-2023-48237", "description": "A flaw was found in Vim, an open source command line text editor. In affected versions, when shifting lines in operator pending mode and using a large value, it may be possible to overflow the size of the integer. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48237 https://bugzilla.redhat.com/show_bug.cgi?id=2250274 https://www.cve.org/CVERecord?id=CVE-2023-48237 https://nvd.nist.gov/vuln/detail/CVE-2023-48237 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/6bf131888a3d1de62bbfa8a7ea03c0ddccfd496e https://github.com/vim/vim/security/advisories/GHSA-f2m2-v387-gv87 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48237.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+Q1v3N9+IP1xQOJnmQWDyQ==": { "id": "+Q1v3N9+IP1xQOJnmQWDyQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "+Q9jA+OXah1xDhJvsj+1OQ==": { "id": "+Q9jA+OXah1xDhJvsj+1OQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+SOMbfLFiy8gAeP6YTZQLA==": { "id": "+SOMbfLFiy8gAeP6YTZQLA==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "+WB02bbxvRVZgJj5gYjJ7w==": { "id": "+WB02bbxvRVZgJj5gYjJ7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.el9", "arch_op": "pattern match" }, "+YVz742I3o3v3ix+O1wb3g==": { "id": "+YVz742I3o3v3ix+O1wb3g==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "+YsItiFwLsY/quEIP17M6A==": { "id": "+YsItiFwLsY/quEIP17M6A==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "+do0gu6vrF3ZT5my5V6+CQ==": { "id": "+do0gu6vrF3ZT5my5V6+CQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "+dqw6lT9TwTTzMp6O2vf1w==": { "id": "+dqw6lT9TwTTzMp6O2vf1w==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "+hBhqk1qKnkU+nqn6a96qg==": { "id": "+hBhqk1qKnkU+nqn6a96qg==", "updater": "rhel-vex", "name": "CVE-2023-48233", "description": "A flaw was found in Vim, an open source command line text editor. If the count after the :s command is larger than what fits into a signed long variable, abort with e_value_too_large. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48233 https://bugzilla.redhat.com/show_bug.cgi?id=2250270 https://www.cve.org/CVERecord?id=CVE-2023-48233 https://nvd.nist.gov/vuln/detail/CVE-2023-48233 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/ac63787734fda2e294e477af52b3bd601517fa78 https://github.com/vim/vim/security/advisories/GHSA-3xx4-hcq6-r2vj https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48233.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+hNDIOxLd94c7zDMEtwHAQ==": { "id": "+hNDIOxLd94c7zDMEtwHAQ==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "+ieGB56AL1fLbXEZaHIRig==": { "id": "+ieGB56AL1fLbXEZaHIRig==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "+nrMi8U389zlK2TEsOUGbw==": { "id": "+nrMi8U389zlK2TEsOUGbw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.el9", "arch_op": "pattern match" }, "+o9j0Llb6+ISl2S6vmkRkQ==": { "id": "+o9j0Llb6+ISl2S6vmkRkQ==", "updater": "rhel-vex", "name": "CVE-2023-25434", "description": "A heap-based buffer overflow vulnerability was found in LibTIFF's tiffcrop utility in the extractContigSamplesBytes() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds read access resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25434 https://bugzilla.redhat.com/show_bug.cgi?id=2215209 https://www.cve.org/CVERecord?id=CVE-2023-25434 https://nvd.nist.gov/vuln/detail/CVE-2023-25434 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25434.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+pLPiYWkQ9M+8Zi7lKlOZA==": { "id": "+pLPiYWkQ9M+8Zi7lKlOZA==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "+pWnGgJUL0jrC1yhwq+kNw==": { "id": "+pWnGgJUL0jrC1yhwq+kNw==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "+rCn8yfwQj/rMH9c7+J0ww==": { "id": "+rCn8yfwQj/rMH9c7+J0ww==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "+uMSPU5jbqI0+jsP/eX6PA==": { "id": "+uMSPU5jbqI0+jsP/eX6PA==", "updater": "rhel-vex", "name": "CVE-2022-3037", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the qf_buf_add_line() function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3037 https://bugzilla.redhat.com/show_bug.cgi?id=2122907 https://www.cve.org/CVERecord?id=CVE-2022-3037 https://nvd.nist.gov/vuln/detail/CVE-2022-3037 https://huntr.dev/bounties/af4c2f2d-d754-4607-b565-9e92f3f717b5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3037.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+wnQC0tYj+uyZzMNgN2bcw==": { "id": "+wnQC0tYj+uyZzMNgN2bcw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "+xzMjgQ/BhN1jTBlVwQfIA==": { "id": "+xzMjgQ/BhN1jTBlVwQfIA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+0dqY3HS0Vwp8Izm3R04Q==": { "id": "/+0dqY3HS0Vwp8Izm3R04Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "/+enDTB16pRyR8XOMcf3ug==": { "id": "/+enDTB16pRyR8XOMcf3ug==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "/+t6edjy50ibBAIw8q+CWg==": { "id": "/+t6edjy50ibBAIw8q+CWg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "//2gjbgNV4aF0qefir+7Ng==": { "id": "//2gjbgNV4aF0qefir+7Ng==", "updater": "osv/go", "name": "GO-2024-2963", "description": "Denial of service due to improper 100-continue handling in net/http", "issued": "2024-07-02T20:11:00Z", "links": "https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.12" }, "//NR3gdAYSoDJ/e4qJeTJg==": { "id": "//NR3gdAYSoDJ/e4qJeTJg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:22005", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.6.0-12.el9_7", "arch_op": "pattern match" }, "/0WOR5Jn6BKoC/9+5dlz1Q==": { "id": "/0WOR5Jn6BKoC/9+5dlz1Q==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "/E8Khm0ZXy1gRiDom4c+aw==": { "id": "/E8Khm0ZXy1gRiDom4c+aw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/EvgSih2YVXl7ohENLMJIQ==": { "id": "/EvgSih2YVXl7ohENLMJIQ==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "/F62/Gd7cIE4aLRbxVnfCA==": { "id": "/F62/Gd7cIE4aLRbxVnfCA==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "/G3xQo8kmNMyu7hycZYF/A==": { "id": "/G3xQo8kmNMyu7hycZYF/A==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/HT2WOXIuvVNrzT1Wp3ntw==": { "id": "/HT2WOXIuvVNrzT1Wp3ntw==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "/KRhrFyFO2WBBj1/Wnbnrg==": { "id": "/KRhrFyFO2WBBj1/Wnbnrg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "/MWzwBJlhhNbF+zp0zgq+A==": { "id": "/MWzwBJlhhNbF+zp0zgq+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.el9", "arch_op": "pattern match" }, "/MgFHW097IAGIZkNc/Fltw==": { "id": "/MgFHW097IAGIZkNc/Fltw==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/SEhubz8W4ZKbKg2+yh86Q==": { "id": "/SEhubz8W4ZKbKg2+yh86Q==", "updater": "rhel-vex", "name": "CVE-2022-30635", "description": "A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30635 https://bugzilla.redhat.com/show_bug.cgi?id=2107388 https://www.cve.org/CVERecord?id=CVE-2022-30635 https://nvd.nist.gov/vuln/detail/CVE-2022-30635 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30635.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/U86DUGeHRSAL0GvmlifyA==": { "id": "/U86DUGeHRSAL0GvmlifyA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "/U8Jx7SKI9t4H3q4Xm/KEQ==": { "id": "/U8Jx7SKI9t4H3q4Xm/KEQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "/WghVlKV6eiRYf2iGmk9sQ==": { "id": "/WghVlKV6eiRYf2iGmk9sQ==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/YIHlhDwc0XvwYDDbGEIMg==": { "id": "/YIHlhDwc0XvwYDDbGEIMg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "/YcdipQjiqJUDpddwhDiIw==": { "id": "/YcdipQjiqJUDpddwhDiIw==", "updater": "rhel-vex", "name": "CVE-2022-2345", "description": "A use-after-free vulnerability was found in Vim in the skipwhite function in the charset.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, and cause the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2345 https://bugzilla.redhat.com/show_bug.cgi?id=2106775 https://www.cve.org/CVERecord?id=CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2345.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/bIhvJWw2AYMGyJtBaoH6A==": { "id": "/bIhvJWw2AYMGyJtBaoH6A==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "/eIvRWSFFmU3q3Ki3j/gKA==": { "id": "/eIvRWSFFmU3q3Ki3j/gKA==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "/kFHc0+JKhJmQT3bM6TpTQ==": { "id": "/kFHc0+JKhJmQT3bM6TpTQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "/l+w9tCELORzNXZA4/qNsw==": { "id": "/l+w9tCELORzNXZA4/qNsw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "/m4KubgMsY+Uf3GqqbY5Og==": { "id": "/m4KubgMsY+Uf3GqqbY5Og==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "/pWkiqt8QgDCUksSSa24UQ==": { "id": "/pWkiqt8QgDCUksSSa24UQ==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "/rGrv6ID1FHztWkSNUU0Yw==": { "id": "/rGrv6ID1FHztWkSNUU0Yw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "/rVEaWl0l9u8biVEKbZTFg==": { "id": "/rVEaWl0l9u8biVEKbZTFg==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/wfob5jHHezdiyugtfPWjg==": { "id": "/wfob5jHHezdiyugtfPWjg==", "updater": "rhel-vex", "name": "CVE-2021-45261", "description": "A flaw was found in patch. A possible memory corruption vulnerability could allow an attacker to input a specially crafted patch file leading to a crash or code execution.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45261 https://bugzilla.redhat.com/show_bug.cgi?id=2035081 https://www.cve.org/CVERecord?id=CVE-2021-45261 https://nvd.nist.gov/vuln/detail/CVE-2021-45261 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45261.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "patch", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "00MQS+g+VNjKvRbuFWsWbQ==": { "id": "00MQS+g+VNjKvRbuFWsWbQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "00cDk2w3qfvdzMbO27c/+w==": { "id": "00cDk2w3qfvdzMbO27c/+w==", "updater": "rhel-vex", "name": "CVE-2022-2982", "description": "A heap use-after-free vulnerability was found in vim's qf_fill_buffer() function of the src/quickfix.c file. The issue occurs because vim uses freed memory when recursively using 'quickfixtextfunc.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2982 https://bugzilla.redhat.com/show_bug.cgi?id=2123714 https://www.cve.org/CVERecord?id=CVE-2022-2982 https://nvd.nist.gov/vuln/detail/CVE-2022-2982 https://huntr.dev/bounties/53f53d9a-ba8a-4985-b7ba-23efbe6833be/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2982.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "03F5BM6+dlM9pg6rJMb2UA==": { "id": "03F5BM6+dlM9pg6rJMb2UA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "03WJApqdfWbzHtZHpqBt1Q==": { "id": "03WJApqdfWbzHtZHpqBt1Q==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "06GjiUkv66Ek9Iq8u3SFSA==": { "id": "06GjiUkv66Ek9Iq8u3SFSA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "081ZZUa7+goThe2JzRBcxw==": { "id": "081ZZUa7+goThe2JzRBcxw==", "updater": "osv/go", "name": "GO-2023-1621", "description": "Incorrect calculation on P256 curves in crypto/internal/nistec", "issued": "2023-03-08T19:30:53Z", "links": "https://go.dev/issue/58647 https://go.dev/cl/471255 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.7" }, "09S7nCU8PMWz5tWquOFCaQ==": { "id": "09S7nCU8PMWz5tWquOFCaQ==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0DSgRHOq1OLwMX3biKMcbA==": { "id": "0DSgRHOq1OLwMX3biKMcbA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "0DVnsi7oVeiCakd5LIvqig==": { "id": "0DVnsi7oVeiCakd5LIvqig==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "0E3jDwz9OiQ7ty2SI9zDYQ==": { "id": "0E3jDwz9OiQ7ty2SI9zDYQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "0EBjG0eDRuUxNmTKolYVYQ==": { "id": "0EBjG0eDRuUxNmTKolYVYQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "0EZfEnxlowgJ1Et69rh7Fg==": { "id": "0EZfEnxlowgJ1Et69rh7Fg==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "0Gq5wAUiCXaH50wxZYx9MQ==": { "id": "0Gq5wAUiCXaH50wxZYx9MQ==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "0ISEnYRRDkbJFXBP9XvdpA==": { "id": "0ISEnYRRDkbJFXBP9XvdpA==", "updater": "rhel-vex", "name": "CVE-2025-11731", "description": "A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT \u003cfunc:result\u003e elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regular XML element node, resulting in a type confusion. This can cause unexpected memory reads and potential crashes. While difficult to exploit, the flaw could lead to application instability or denial of service.", "issued": "2025-10-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11731 https://bugzilla.redhat.com/show_bug.cgi?id=2403688 https://www.cve.org/CVERecord?id=CVE-2025-11731 https://nvd.nist.gov/vuln/detail/CVE-2025-11731 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/78 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11731.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0KjhdYYIURWUfsbpzAdnPQ==": { "id": "0KjhdYYIURWUfsbpzAdnPQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "0LMSjLLjEqlpe4LAE1rWJA==": { "id": "0LMSjLLjEqlpe4LAE1rWJA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "0LvlxzvH25js4ffWzvLRTQ==": { "id": "0LvlxzvH25js4ffWzvLRTQ==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0MBdby0uigxg//rv2xd7SQ==": { "id": "0MBdby0uigxg//rv2xd7SQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "0MVVcjDKfdLbs80csEfrOw==": { "id": "0MVVcjDKfdLbs80csEfrOw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "0O2I0zrYDyiCiU68WyBLvw==": { "id": "0O2I0zrYDyiCiU68WyBLvw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "0P/5eKFuPPXM3bHgeAHWxw==": { "id": "0P/5eKFuPPXM3bHgeAHWxw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0PMktbRk+B4fdwvvP1VWUg==": { "id": "0PMktbRk+B4fdwvvP1VWUg==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "0QqnWQey4QRkB1tBadW1jg==": { "id": "0QqnWQey4QRkB1tBadW1jg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0RLigWktH24pjgFtIwRH2A==": { "id": "0RLigWktH24pjgFtIwRH2A==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0TUqdQNGOvjHNFjkDen1Sg==": { "id": "0TUqdQNGOvjHNFjkDen1Sg==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "0Tr3QMpqaFB6S//rbJ/Onw==": { "id": "0Tr3QMpqaFB6S//rbJ/Onw==", "updater": "rhel-vex", "name": "CVE-2025-3576", "description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "issued": "2025-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2359465 https://www.cve.org/CVERecord?id=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3576.json https://access.redhat.com/errata/RHSA-2025:9430", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_6", "arch_op": "pattern match" }, "0U0p6zwok5l6rbIxjBRN7w==": { "id": "0U0p6zwok5l6rbIxjBRN7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "0UWL07sxLog3CGNaaYYQxQ==": { "id": "0UWL07sxLog3CGNaaYYQxQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "0UxirvKJMj5gY8fbrSf6sA==": { "id": "0UxirvKJMj5gY8fbrSf6sA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.1.el9_6", "arch_op": "pattern match" }, "0W0/E/g2cPvxNF42LmIwRg==": { "id": "0W0/E/g2cPvxNF42LmIwRg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.el9", "arch_op": "pattern match" }, "0YVxD0vSH+0MhijemP/Jmg==": { "id": "0YVxD0vSH+0MhijemP/Jmg==", "updater": "rhel-vex", "name": "CVE-2022-3705", "description": "A use-after-free flaw was found in the qf_update_buffer function in vim. This issue allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3705 https://bugzilla.redhat.com/show_bug.cgi?id=2139086 https://www.cve.org/CVERecord?id=CVE-2022-3705 https://nvd.nist.gov/vuln/detail/CVE-2022-3705 https://vuldb.com/?id.212324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3705.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0ZGrJGNNqDLH/sZXsRkfvA==": { "id": "0ZGrJGNNqDLH/sZXsRkfvA==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "0ZQtBpkFjRCvM3RNGGREDQ==": { "id": "0ZQtBpkFjRCvM3RNGGREDQ==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "0ZniYEExf5hn6bWx9CxbmA==": { "id": "0ZniYEExf5hn6bWx9CxbmA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "0ahYjiLWT0VE+MRcEm8yAQ==": { "id": "0ahYjiLWT0VE+MRcEm8yAQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0bK7Vo3x9SXQYvDvMmgzXA==": { "id": "0bK7Vo3x9SXQYvDvMmgzXA==", "updater": "rhel-vex", "name": "CVE-2022-2208", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2208 https://bugzilla.redhat.com/show_bug.cgi?id=2102183 https://www.cve.org/CVERecord?id=CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2208.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0bsVwLbC3DjqoPdFlpHGrA==": { "id": "0bsVwLbC3DjqoPdFlpHGrA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "0gEzVf04N4WWI36MnLXr1w==": { "id": "0gEzVf04N4WWI36MnLXr1w==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "0hxAfeI84l0pzeedcqmGpQ==": { "id": "0hxAfeI84l0pzeedcqmGpQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.1.el9_6", "arch_op": "pattern match" }, "0kDaqIpbO93XpnbaK6KFUg==": { "id": "0kDaqIpbO93XpnbaK6KFUg==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "0nQVynV3NMmwash6dBc+8Q==": { "id": "0nQVynV3NMmwash6dBc+8Q==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "0tfYnYhAiMREOXyqf/1Urw==": { "id": "0tfYnYhAiMREOXyqf/1Urw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "0u2Zo3eZYFAXhVSIZh+vXQ==": { "id": "0u2Zo3eZYFAXhVSIZh+vXQ==", "updater": "rhel-vex", "name": "CVE-2017-16232", "description": "LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow attackers to cause a denial of service (memory consumption), as demonstrated by tif_open.c, tif_lzw.c, and tif_aux.c. NOTE: Third parties were unable to reproduce the issue", "issued": "2017-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-16232 https://bugzilla.redhat.com/show_bug.cgi?id=1516189 https://www.cve.org/CVERecord?id=CVE-2017-16232 https://nvd.nist.gov/vuln/detail/CVE-2017-16232 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-16232.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0u9BhQlRGnXqmFj5VxmVgw==": { "id": "0u9BhQlRGnXqmFj5VxmVgw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "0v5F4x1W0RxkklLvRs6NKQ==": { "id": "0v5F4x1W0RxkklLvRs6NKQ==", "updater": "rhel-vex", "name": "CVE-2023-0433", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0433 https://bugzilla.redhat.com/show_bug.cgi?id=2163612 https://www.cve.org/CVERecord?id=CVE-2023-0433 https://nvd.nist.gov/vuln/detail/CVE-2023-0433 https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "0w7yDxNwDisUMkIdlkUTZw==": { "id": "0w7yDxNwDisUMkIdlkUTZw==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "0wSMVHwI5T4EgYqkub8RhA==": { "id": "0wSMVHwI5T4EgYqkub8RhA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "0wh4c9Z6sNxM5NAXtzaMNg==": { "id": "0wh4c9Z6sNxM5NAXtzaMNg==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "1/PWApRfYh/rLEOR0JZLsw==": { "id": "1/PWApRfYh/rLEOR0JZLsw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1/xm1gDhSpcAv1vbsLnNhA==": { "id": "1/xm1gDhSpcAv1vbsLnNhA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "10T7L0U8GuP9Qhz3unCqvw==": { "id": "10T7L0U8GuP9Qhz3unCqvw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "12PmpsYpKqbguwokcjBXqw==": { "id": "12PmpsYpKqbguwokcjBXqw==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "1378JmiuKDjVj7PZAMUvLg==": { "id": "1378JmiuKDjVj7PZAMUvLg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "13Dkon5caDMIMuKn79Qskg==": { "id": "13Dkon5caDMIMuKn79Qskg==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "13fIhbDHRYF0KXmxmJIfiA==": { "id": "13fIhbDHRYF0KXmxmJIfiA==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "14EBaSYBL4fLL4zgayhBkg==": { "id": "14EBaSYBL4fLL4zgayhBkg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.el9", "arch_op": "pattern match" }, "14Etv/7765FAI8QbzsokBQ==": { "id": "14Etv/7765FAI8QbzsokBQ==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "15uVNLTcXPHEO0XVoOOwZw==": { "id": "15uVNLTcXPHEO0XVoOOwZw==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "19Kvl4LS7MCiBo2cRD5fxQ==": { "id": "19Kvl4LS7MCiBo2cRD5fxQ==", "updater": "rhel-vex", "name": "CVE-2021-3974", "description": "A flaw was found in vim. A possible use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3974 https://bugzilla.redhat.com/show_bug.cgi?id=2025061 https://www.cve.org/CVERecord?id=CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3974.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1BGBx+ICmx9ndSR1J6c9Rw==": { "id": "1BGBx+ICmx9ndSR1J6c9Rw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1CDGyH/KaS7DctjOTuk4Gg==": { "id": "1CDGyH/KaS7DctjOTuk4Gg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "1I7VtxkB33ashDX0kB4Teg==": { "id": "1I7VtxkB33ashDX0kB4Teg==", "updater": "rhel-vex", "name": "CVE-2025-5889", "description": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.", "issued": "2025-06-09T18:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5889 https://bugzilla.redhat.com/show_bug.cgi?id=2371270 https://www.cve.org/CVERecord?id=CVE-2025-5889 https://nvd.nist.gov/vuln/detail/CVE-2025-5889 https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466 https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 https://vuldb.com/?ctiid.311660 https://vuldb.com/?id.311660 https://vuldb.com/?submit.585717 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5889.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ICypZP/7UrDVdoDevopUA==": { "id": "1ICypZP/7UrDVdoDevopUA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "1Iwd54Uz+8MDWoeCI9f7Iw==": { "id": "1Iwd54Uz+8MDWoeCI9f7Iw==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "1KxLqY5vPHnDfUxdviejiw==": { "id": "1KxLqY5vPHnDfUxdviejiw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1LTKa378StuY8O3o3G26jw==": { "id": "1LTKa378StuY8O3o3G26jw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1NnjgULlQBpIVsNocYb9uw==": { "id": "1NnjgULlQBpIVsNocYb9uw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "1PYvw1fdwe6hM2UBdw4Itw==": { "id": "1PYvw1fdwe6hM2UBdw4Itw==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "1QQmDcMkRqvOte/bR8QEuQ==": { "id": "1QQmDcMkRqvOte/bR8QEuQ==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "1SDdOQM609JpOnF4Vx/qwQ==": { "id": "1SDdOQM609JpOnF4Vx/qwQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "1VKGbptJGVhPmMaic8aidg==": { "id": "1VKGbptJGVhPmMaic8aidg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1WQ/LJu/kefEuHRv58l0Lw==": { "id": "1WQ/LJu/kefEuHRv58l0Lw==", "updater": "rhel-vex", "name": "CVE-2023-4734", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4734 https://bugzilla.redhat.com/show_bug.cgi?id=2237161 https://www.cve.org/CVERecord?id=CVE-2023-4734 https://nvd.nist.gov/vuln/detail/CVE-2023-4734 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4734.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1XBQq3flp6UCNWfTuRjE6g==": { "id": "1XBQq3flp6UCNWfTuRjE6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "1XwPa50Si6EKs+Oms8SLUA==": { "id": "1XwPa50Si6EKs+Oms8SLUA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "1aPjlkabj3eUY8WGb+gz+g==": { "id": "1aPjlkabj3eUY8WGb+gz+g==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "1eXmoeT5Qd9M0GiSJ3z2mg==": { "id": "1eXmoeT5Qd9M0GiSJ3z2mg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "1lRtJofWFCTkQi0dreTmvg==": { "id": "1lRtJofWFCTkQi0dreTmvg==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "1nX4t0Z3G1H45fqJox3f4Q==": { "id": "1nX4t0Z3G1H45fqJox3f4Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "1oKL9ZSv1M4CmxUhNFjpmg==": { "id": "1oKL9ZSv1M4CmxUhNFjpmg==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "1q7YjyB3mR25zvqxJ6Zk3w==": { "id": "1q7YjyB3mR25zvqxJ6Zk3w==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "1qsA4RvCYZB2uDwgIo8TuQ==": { "id": "1qsA4RvCYZB2uDwgIo8TuQ==", "updater": "osv/go", "name": "GO-2024-3106", "description": "Stack exhaustion in Decoder.Decode in encoding/gob", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "1sD6TJmtoMKm89Mo2ka5lA==": { "id": "1sD6TJmtoMKm89Mo2ka5lA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "1xdBxKyIRMGUr99Qk2jvHw==": { "id": "1xdBxKyIRMGUr99Qk2jvHw==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "1ylYMOLaPUA6xIkqwKBb9w==": { "id": "1ylYMOLaPUA6xIkqwKBb9w==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "2/I3PyWTnfJdMedKAemp8Q==": { "id": "2/I3PyWTnfJdMedKAemp8Q==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2432H9ZBrMWDJ7HhyQT63A==": { "id": "2432H9ZBrMWDJ7HhyQT63A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "24Paca4PaySz9eM+VJu4ew==": { "id": "24Paca4PaySz9eM+VJu4ew==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "24Ysg4Ma/AJz8Z93D2PzNQ==": { "id": "24Ysg4Ma/AJz8Z93D2PzNQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "26JRymquUeoxtDSKcKSDSg==": { "id": "26JRymquUeoxtDSKcKSDSg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "29Fo/GOP7MILPepOrnMgjA==": { "id": "29Fo/GOP7MILPepOrnMgjA==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "29JfppZedoclZHW2coehcQ==": { "id": "29JfppZedoclZHW2coehcQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "2A2BjgErU1GldRQi2g+XQg==": { "id": "2A2BjgErU1GldRQi2g+XQg==", "updater": "rhel-vex", "name": "CVE-2022-45939", "description": "A flaw was found in Etags, the Ctags implementation of Emacs. A file with a crafted filename may result in arbitrary command execution when processed by Etags.", "issued": "2022-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-45939 https://bugzilla.redhat.com/show_bug.cgi?id=2149380 https://www.cve.org/CVERecord?id=CVE-2022-45939 https://nvd.nist.gov/vuln/detail/CVE-2022-45939 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-45939.json https://access.redhat.com/errata/RHSA-2023:2366", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9", "arch_op": "pattern match" }, "2DPl1NLEsHotw7kYOPR/8A==": { "id": "2DPl1NLEsHotw7kYOPR/8A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2GOqqUt4mwKng/FA0FV67w==": { "id": "2GOqqUt4mwKng/FA0FV67w==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "2I/0B+uXhxpPJWXGwNGlLw==": { "id": "2I/0B+uXhxpPJWXGwNGlLw==", "updater": "rhel-vex", "name": "CVE-2023-5344", "description": "A heap-based buffer overflow vulnerability was found in Vim's trunc_string() function of the src/message.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, leading to a denial of service.", "issued": "2023-10-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5344 https://bugzilla.redhat.com/show_bug.cgi?id=2242141 https://www.cve.org/CVERecord?id=CVE-2023-5344 https://nvd.nist.gov/vuln/detail/CVE-2023-5344 https://huntr.dev/bounties/530cb762-899e-48d7-b50e-dad09eb775bf/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2IUiS8eDJ2evZHzBkLGqPw==": { "id": "2IUiS8eDJ2evZHzBkLGqPw==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "2M5CwoqtCrF9ix+6ghISOg==": { "id": "2M5CwoqtCrF9ix+6ghISOg==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "2QjZksAOTEJVwk59l2QYOQ==": { "id": "2QjZksAOTEJVwk59l2QYOQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "2RZ3u6UmceVG9iB/xb73SA==": { "id": "2RZ3u6UmceVG9iB/xb73SA==", "updater": "rhel-vex", "name": "CVE-2022-2206", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2206 https://bugzilla.redhat.com/show_bug.cgi?id=2102188 https://www.cve.org/CVERecord?id=CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2206.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2SApI7oHpcm9Z48+2Hj11w==": { "id": "2SApI7oHpcm9Z48+2Hj11w==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2TDjlt2gAEWsLyBBPigFYw==": { "id": "2TDjlt2gAEWsLyBBPigFYw==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UHqEqfMIIn53NkDlDEppQ==": { "id": "2UHqEqfMIIn53NkDlDEppQ==", "updater": "rhel-vex", "name": "CVE-2022-2923", "description": "A flaw was found in vim, where it is vulnerable to a NULL pointer dereference in the sug_filltree function. This flaw allows a specially crafted file to crash the software.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2923 https://bugzilla.redhat.com/show_bug.cgi?id=2120989 https://www.cve.org/CVERecord?id=CVE-2022-2923 https://nvd.nist.gov/vuln/detail/CVE-2022-2923 https://huntr.dev/bounties/fd3a3ab8-ab0f-452f-afea-8c613e283fd2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2923.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2UhjmcPUkGmILpYJPZEiNQ==": { "id": "2UhjmcPUkGmILpYJPZEiNQ==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "2VowcBblBj36IfwmFRwcwg==": { "id": "2VowcBblBj36IfwmFRwcwg==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "2Z/NA7sGgadio/qisfiC3Q==": { "id": "2Z/NA7sGgadio/qisfiC3Q==", "updater": "rhel-vex", "name": "CVE-2022-48339", "description": "A flaw was found in the Emacs package. If a file name or directory name contains shell metacharacters, arbitrary code may be executed.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48339 https://bugzilla.redhat.com/show_bug.cgi?id=2171989 https://www.cve.org/CVERecord?id=CVE-2022-48339 https://nvd.nist.gov/vuln/detail/CVE-2022-48339 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48339.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "2bOVXniSdlE0fZB1iot4yQ==": { "id": "2bOVXniSdlE0fZB1iot4yQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "2eKcZq74WOmYmPDTZ8L+Jg==": { "id": "2eKcZq74WOmYmPDTZ8L+Jg==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "2j4vw/Ef1McLxa/C6FEQvA==": { "id": "2j4vw/Ef1McLxa/C6FEQvA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "2k/PqFfUaKNy33VkAbVD6g==": { "id": "2k/PqFfUaKNy33VkAbVD6g==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2luu38jiVQvy6qOXHFgpAg==": { "id": "2luu38jiVQvy6qOXHFgpAg==", "updater": "rhel-vex", "name": "CVE-2022-2042", "description": "A heap use-after-free vulnerability was found in Vim's skipwhite() function of the src/charset.c file. This flaw occurs because of an uninitialized attribute value and freed memory in the spell command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash and corrupt memory.", "issued": "2022-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2042 https://bugzilla.redhat.com/show_bug.cgi?id=2097768 https://www.cve.org/CVERecord?id=CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2042.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2n2n++65Q4X6kZeNZUZXMw==": { "id": "2n2n++65Q4X6kZeNZUZXMw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "2oTX17kDUCTK4lHB98r0SQ==": { "id": "2oTX17kDUCTK4lHB98r0SQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.1.el9_6", "arch_op": "pattern match" }, "2pofu/QdlV4xoXosgfKRNw==": { "id": "2pofu/QdlV4xoXosgfKRNw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "2sm08sXcjWtT2Gtu3CdSug==": { "id": "2sm08sXcjWtT2Gtu3CdSug==", "updater": "rhel-vex", "name": "CVE-2022-1725", "description": "A NULL pointer dereference vulnerability was found in Vim's vim_regexec_string() function of the src/regexp.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1725 https://bugzilla.redhat.com/show_bug.cgi?id=2132561 https://www.cve.org/CVERecord?id=CVE-2022-1725 https://nvd.nist.gov/vuln/detail/CVE-2022-1725 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1725.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "2t1KBK7sA8rKgVHavF6SZA==": { "id": "2t1KBK7sA8rKgVHavF6SZA==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "2tFr9TQJkcgsTrNAQX0kdw==": { "id": "2tFr9TQJkcgsTrNAQX0kdw==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "2vdCDySzHer9qKv7EOUGqQ==": { "id": "2vdCDySzHer9qKv7EOUGqQ==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "2vidY7qxU0KDMpAzTaXQCw==": { "id": "2vidY7qxU0KDMpAzTaXQCw==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "2vr/twKdnITJOKu9ARCAXQ==": { "id": "2vr/twKdnITJOKu9ARCAXQ==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "2wnmmIxGcmTTQ7kdV4Q55Q==": { "id": "2wnmmIxGcmTTQ7kdV4Q55Q==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "2y2LXrQ+Jdr+fioSazFF4w==": { "id": "2y2LXrQ+Jdr+fioSazFF4w==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "31zk833ZdfHhkO9sg82MSw==": { "id": "31zk833ZdfHhkO9sg82MSw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "32PT0J5usgv3laBJ37g1fA==": { "id": "32PT0J5usgv3laBJ37g1fA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "34lrKmSrRttv8Ef8QZo+Cw==": { "id": "34lrKmSrRttv8Ef8QZo+Cw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "39KBEdrZX0FwGoQxYgkupQ==": { "id": "39KBEdrZX0FwGoQxYgkupQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "3A+d+ITPUBtAGX1jTlLhKg==": { "id": "3A+d+ITPUBtAGX1jTlLhKg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "3BY1OD4rYtX6LEFO6X+/Yw==": { "id": "3BY1OD4rYtX6LEFO6X+/Yw==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "3CUrg7YVjtx0L5aX+iMRxA==": { "id": "3CUrg7YVjtx0L5aX+iMRxA==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "3D/COcmVFbxgINNliqKHgw==": { "id": "3D/COcmVFbxgINNliqKHgw==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "3E/EPC1OcoKQToPb+efdaQ==": { "id": "3E/EPC1OcoKQToPb+efdaQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "3E5wmOETiTx03Y24iDJEUg==": { "id": "3E5wmOETiTx03Y24iDJEUg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3FdyvSRS+ECfT74KYiCcLA==": { "id": "3FdyvSRS+ECfT74KYiCcLA==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "3Lvdmj//2sze9S8I3n8yrw==": { "id": "3Lvdmj//2sze9S8I3n8yrw==", "updater": "rhel-vex", "name": "CVE-2023-0288", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.", "issued": "2023-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0288 https://bugzilla.redhat.com/show_bug.cgi?id=2163130 https://www.cve.org/CVERecord?id=CVE-2023-0288 https://nvd.nist.gov/vuln/detail/CVE-2023-0288 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0288.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3O4R28kD2w0Acw7XQvAZ3Q==": { "id": "3O4R28kD2w0Acw7XQvAZ3Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "3S91ZYwiienVlUnFeIzkRw==": { "id": "3S91ZYwiienVlUnFeIzkRw==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "3SaNoRivMP21uU5flMCqrg==": { "id": "3SaNoRivMP21uU5flMCqrg==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "3WRC4Vl08/leTJ1MFHuCEg==": { "id": "3WRC4Vl08/leTJ1MFHuCEg==", "updater": "rhel-vex", "name": "CVE-2022-3297", "description": "A heap use-after-free vulnerability was found in Vim's process_next_cpt_value() function of the src/insexpand.c file. This flaw occurs due to the usage of freed memory when 'tagfunc' wipes out the buffer that holds 'complete.' This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3297 https://bugzilla.redhat.com/show_bug.cgi?id=2129838 https://www.cve.org/CVERecord?id=CVE-2022-3297 https://nvd.nist.gov/vuln/detail/CVE-2022-3297 https://huntr.dev/bounties/1aa9ec92-0355-4710-bf85-5bce9effa01c https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3297.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3a2lYBlaR2GDen/lmTlCyg==": { "id": "3a2lYBlaR2GDen/lmTlCyg==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "3cVM/UH6o+8G2FMQ1Gl/Ww==": { "id": "3cVM/UH6o+8G2FMQ1Gl/Ww==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "3f5N5l71YgnMV/U9whrIuA==": { "id": "3f5N5l71YgnMV/U9whrIuA==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "3hB+Mhm9+7AXsO3nGoz+Pg==": { "id": "3hB+Mhm9+7AXsO3nGoz+Pg==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3k2lNJd2kR3VB6gGhj547g==": { "id": "3k2lNJd2kR3VB6gGhj547g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "3skSbDjTQ02+eNiFJz716g==": { "id": "3skSbDjTQ02+eNiFJz716g==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3wP/Eggf7Bu35MpzNr1Fog==": { "id": "3wP/Eggf7Bu35MpzNr1Fog==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "3wYf+EaP3IAW5wHFWATuaw==": { "id": "3wYf+EaP3IAW5wHFWATuaw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "3wnJ6TxCGJITikNK4m6q+g==": { "id": "3wnJ6TxCGJITikNK4m6q+g==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "43uaBOp3I4s6BbwM75Dtcg==": { "id": "43uaBOp3I4s6BbwM75Dtcg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "49jEi4xCgfg8T8qzhNobIA==": { "id": "49jEi4xCgfg8T8qzhNobIA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4CRDu/yV+Tfg3mSUobPIUg==": { "id": "4CRDu/yV+Tfg3mSUobPIUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4Gs7xCHPPMrNepkQNCPnkg==": { "id": "4Gs7xCHPPMrNepkQNCPnkg==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "4IznDha57aCNWoI0Hc828Q==": { "id": "4IznDha57aCNWoI0Hc828Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "4JIGhO7+fAz+LPTFEuBHUg==": { "id": "4JIGhO7+fAz+LPTFEuBHUg==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "4JsZIRvQ+13IMgBIUPH0jA==": { "id": "4JsZIRvQ+13IMgBIUPH0jA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "4K1RYkumn7qw6Pk7lwpfbA==": { "id": "4K1RYkumn7qw6Pk7lwpfbA==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "4K4SQ2PlDqXihbvwEXiB/w==": { "id": "4K4SQ2PlDqXihbvwEXiB/w==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "4K7cGcsZltSw5Ayu8+A5rA==": { "id": "4K7cGcsZltSw5Ayu8+A5rA==", "updater": "rhel-vex", "name": "CVE-2023-2731", "description": "A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.", "issued": "2023-04-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2731 https://bugzilla.redhat.com/show_bug.cgi?id=2207635 https://www.cve.org/CVERecord?id=CVE-2023-2731 https://nvd.nist.gov/vuln/detail/CVE-2023-2731 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2731.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "4L3dk768qs7Sg3jWyr+5Ug==": { "id": "4L3dk768qs7Sg3jWyr+5Ug==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "4LZWGm07jnOHHBGX2FzAwg==": { "id": "4LZWGm07jnOHHBGX2FzAwg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4MoaZecth+9t4X3jdykhZg==": { "id": "4MoaZecth+9t4X3jdykhZg==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "4N3POA/rTFsL9RdGINkq1A==": { "id": "4N3POA/rTFsL9RdGINkq1A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "4Oz54fEBFyAJBdTJ/p2wxA==": { "id": "4Oz54fEBFyAJBdTJ/p2wxA==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "4PW1pGs0HJlG6XNR1xk0ZA==": { "id": "4PW1pGs0HJlG6XNR1xk0ZA==", "updater": "osv/go", "name": "GO-2025-3447", "description": "Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "issued": "2025-02-06T16:38:14Z", "links": "https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.12" }, "4PXcy6CSX2EaPwYEdLkfbw==": { "id": "4PXcy6CSX2EaPwYEdLkfbw==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "4QiWtYafAt/cFOvYpyJONw==": { "id": "4QiWtYafAt/cFOvYpyJONw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "4RaJ63cwUpp+QWj0IKysEw==": { "id": "4RaJ63cwUpp+QWj0IKysEw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "4Uca8szOo7gGoVgv+DjeUA==": { "id": "4Uca8szOo7gGoVgv+DjeUA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "4Ue6KfIGD2Yqlg6OG87Bzw==": { "id": "4Ue6KfIGD2Yqlg6OG87Bzw==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "4Utc/6C5f6+A3gsr9KU/IA==": { "id": "4Utc/6C5f6+A3gsr9KU/IA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "4YMcCEsfWO5KpctoAqwrFQ==": { "id": "4YMcCEsfWO5KpctoAqwrFQ==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4aR9t5J6YwMk5D9wZ0BV7w==": { "id": "4aR9t5J6YwMk5D9wZ0BV7w==", "updater": "rhel-vex", "name": "CVE-2024-3651", "description": "A flaw was found in the python-idna library. A malicious argument was sent to the idna.encode() function can trigger an uncontrolled resource consumption, resulting in a denial of service.", "issued": "2024-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3651 https://bugzilla.redhat.com/show_bug.cgi?id=2274779 https://www.cve.org/CVERecord?id=CVE-2024-3651 https://nvd.nist.gov/vuln/detail/CVE-2024-3651 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3651.json https://access.redhat.com/errata/RHSA-2024:3846", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-idna", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10-7.el9_4.1", "arch_op": "pattern match" }, "4cQAenzXciR7rLlEmdwZsQ==": { "id": "4cQAenzXciR7rLlEmdwZsQ==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4comqU/5SRuDKC1qqBMlGQ==": { "id": "4comqU/5SRuDKC1qqBMlGQ==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "4eh40PtMaL3JhPlCzb+8jA==": { "id": "4eh40PtMaL3JhPlCzb+8jA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "4evfzAbeD7HXRBHHbDpAwA==": { "id": "4evfzAbeD7HXRBHHbDpAwA==", "updater": "osv/go", "name": "GO-2023-1878", "description": "Insufficient sanitization of Host header in net/http", "issued": "2023-07-11T19:19:08Z", "links": "https://go.dev/issue/60374 https://go.dev/cl/506996 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.11" }, "4gO4ls/gy0nmsC3NeXvyVQ==": { "id": "4gO4ls/gy0nmsC3NeXvyVQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IO", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.43-481.1.el9_6", "arch_op": "pattern match" }, "4hX2FW/Yj9HDbKRBqrhgdg==": { "id": "4hX2FW/Yj9HDbKRBqrhgdg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4iFNln+X4k0SeUiw/ueLUA==": { "id": "4iFNln+X4k0SeUiw/ueLUA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "4jKXN+o/0vyACgd6hmLCbw==": { "id": "4jKXN+o/0vyACgd6hmLCbw==", "updater": "osv/go", "name": "GO-2025-4009", "description": "Quadratic complexity when parsing some invalid inputs in encoding/pem", "issued": "2025-10-29T21:49:55Z", "links": "https://go.dev/issue/75676 https://go.dev/cl/709858 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "4rkDoNFFNCrcnkPj+GN2vA==": { "id": "4rkDoNFFNCrcnkPj+GN2vA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "4vHE1o0sxmJSfgr6AiAtqA==": { "id": "4vHE1o0sxmJSfgr6AiAtqA==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4vS3iu8lvGukFpBFqYCdVg==": { "id": "4vS3iu8lvGukFpBFqYCdVg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "4xxaXkxeYvxr8HgxLSDyHw==": { "id": "4xxaXkxeYvxr8HgxLSDyHw==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "4zvDuRN18ZTgEdA+auow3w==": { "id": "4zvDuRN18ZTgEdA+auow3w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "5/L+eT1BzZSWVW4ZLUXszw==": { "id": "5/L+eT1BzZSWVW4ZLUXszw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "5073UNZPtR+lsy1kIMhUEA==": { "id": "5073UNZPtR+lsy1kIMhUEA==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "51jf2IrfzMdepCjAvXkPMw==": { "id": "51jf2IrfzMdepCjAvXkPMw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "55nFlly0ydgYROdIHNoLjg==": { "id": "55nFlly0ydgYROdIHNoLjg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "562erF6ddCIyzi5oV/IzHQ==": { "id": "562erF6ddCIyzi5oV/IzHQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "5AQXXWGtKGeqoPkMqmVzTg==": { "id": "5AQXXWGtKGeqoPkMqmVzTg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.el9", "arch_op": "pattern match" }, "5BXX9+pRVay9wrZAORfhhQ==": { "id": "5BXX9+pRVay9wrZAORfhhQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "5D5WFK01Su4Lrj4hhwDYGQ==": { "id": "5D5WFK01Su4Lrj4hhwDYGQ==", "updater": "rhel-vex", "name": "CVE-2024-43374", "description": "A heap use-after-free vulnerability was found in Vim's alist_add() function. Adding a new file to the argument list triggers Buf* autocommands. In an autocommand, if the buffer that was just opened is closed, including the window where it is shown, it causes the window structure to be freed, containing a reference to the argument list that is being modified. Once the autocommands are completed, references to the window and argument list are no longer valid, causing a use-after-free issue. To trigger this issue, a local attacker or user must add unusual autocommands that wipe a buffer during creation, either manually or by sourcing a malicious plugin, which will cause Vim to crash.", "issued": "2024-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43374 https://bugzilla.redhat.com/show_bug.cgi?id=2305259 https://www.cve.org/CVERecord?id=CVE-2024-43374 https://nvd.nist.gov/vuln/detail/CVE-2024-43374 https://github.com/vim/vim/commit/0a6e57b09bc8c76691b367a5babfb79b31b770e8 https://github.com/vim/vim/security/advisories/GHSA-2w8m-443v-cgvw https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43374.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5Dh9IlEeZc9EPevqDNDlAQ==": { "id": "5Dh9IlEeZc9EPevqDNDlAQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "5EJ0MC7TgiGIlilbbiOvfQ==": { "id": "5EJ0MC7TgiGIlilbbiOvfQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "5EPGtk7Hqn2hqOaxgmNiSQ==": { "id": "5EPGtk7Hqn2hqOaxgmNiSQ==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "5IIoRCBMIgus62mGlE3F9A==": { "id": "5IIoRCBMIgus62mGlE3F9A==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5MGCN705vR5eWycZyFuYJQ==": { "id": "5MGCN705vR5eWycZyFuYJQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "5MqCycBYSRDsdNOzvOandQ==": { "id": "5MqCycBYSRDsdNOzvOandQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "5N/eQ/DLmsm7yS6+3apC5A==": { "id": "5N/eQ/DLmsm7yS6+3apC5A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "5RT9+X+8xx3rC02gOnVsjQ==": { "id": "5RT9+X+8xx3rC02gOnVsjQ==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "5TfU8//dfsOlT82byi0lug==": { "id": "5TfU8//dfsOlT82byi0lug==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "5XT+5ghtfmJFJSJCERGwhQ==": { "id": "5XT+5ghtfmJFJSJCERGwhQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5ZJ6PuXfgRMCarpNow00ew==": { "id": "5ZJ6PuXfgRMCarpNow00ew==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ejk3bhFpvIIABy9EwjwqQ==": { "id": "5ejk3bhFpvIIABy9EwjwqQ==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "5fSQkV1bu4GJUiaWjO+PNQ==": { "id": "5fSQkV1bu4GJUiaWjO+PNQ==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "5gK/V8vtqDYoHf1LFdtSbA==": { "id": "5gK/V8vtqDYoHf1LFdtSbA==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "5hOM1HtOhjQV1yizNCgxBg==": { "id": "5hOM1HtOhjQV1yizNCgxBg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "5j7D/WXFLHsZYUeUrskpMA==": { "id": "5j7D/WXFLHsZYUeUrskpMA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "5lHEu4ueMJgetLv/GfKHtg==": { "id": "5lHEu4ueMJgetLv/GfKHtg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "5pFK2pddNfoGuwrNwC3BlQ==": { "id": "5pFK2pddNfoGuwrNwC3BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "5pINgBOJXOluBJi9rQyioQ==": { "id": "5pINgBOJXOluBJi9rQyioQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "5ro53BoC7BlAtEu1loQCSw==": { "id": "5ro53BoC7BlAtEu1loQCSw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5sY/WncZRmQ7FUzZZ4kBfQ==": { "id": "5sY/WncZRmQ7FUzZZ4kBfQ==", "updater": "rhel-vex", "name": "CVE-2023-24534", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24534 https://bugzilla.redhat.com/show_bug.cgi?id=2184483 https://www.cve.org/CVERecord?id=CVE-2023-24534 https://nvd.nist.gov/vuln/detail/CVE-2023-24534 https://go.dev/issue/58975 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24534.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "5ua6yduRd8slR+XckPuEJw==": { "id": "5ua6yduRd8slR+XckPuEJw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "5vR/2ZAfb0swnLBKDl3Bzg==": { "id": "5vR/2ZAfb0swnLBKDl3Bzg==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "5xW5MMwESxiksXgaLrFCnQ==": { "id": "5xW5MMwESxiksXgaLrFCnQ==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "5xY3IHUogqpqvbFwiQURyA==": { "id": "5xY3IHUogqpqvbFwiQURyA==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "5z9ZOzxJREYn5oM+HAm6dA==": { "id": "5z9ZOzxJREYn5oM+HAm6dA==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "5zg9huqgOp8E89z3dxtcHg==": { "id": "5zg9huqgOp8E89z3dxtcHg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6/Rn1WFxVO6aopyr8psGfQ==": { "id": "6/Rn1WFxVO6aopyr8psGfQ==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "63po8QED6nDungBQEqHIyA==": { "id": "63po8QED6nDungBQEqHIyA==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "67Q/SCDsFWutXyKWQ9JQdQ==": { "id": "67Q/SCDsFWutXyKWQ9JQdQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "69HZBPjw2QR8kIdKeSUwQg==": { "id": "69HZBPjw2QR8kIdKeSUwQg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6E1YTgmxENPqo7FirtVNvw==": { "id": "6E1YTgmxENPqo7FirtVNvw==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "6GILJqctNxTbZFPR6fLtoA==": { "id": "6GILJqctNxTbZFPR6fLtoA==", "updater": "rhel-vex", "name": "CVE-2024-12086", "description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12086 https://bugzilla.redhat.com/show_bug.cgi?id=2330577 https://www.cve.org/CVERecord?id=CVE-2024-12086 https://nvd.nist.gov/vuln/detail/CVE-2024-12086 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12086.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6GzxFtf19XU1Y6ySz6SgYQ==": { "id": "6GzxFtf19XU1Y6ySz6SgYQ==", "updater": "osv/go", "name": "GO-2024-3107", "description": "Stack exhaustion in Parse in go/build/constraint", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "6J86dffyd+kQEKbjTTbD2Q==": { "id": "6J86dffyd+kQEKbjTTbD2Q==", "updater": "rhel-vex", "name": "CVE-2023-1916", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1916 https://bugzilla.redhat.com/show_bug.cgi?id=2185074 https://www.cve.org/CVERecord?id=CVE-2023-1916 https://nvd.nist.gov/vuln/detail/CVE-2023-1916 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6JXvoql3pzMfkGQb7H+Jqg==": { "id": "6JXvoql3pzMfkGQb7H+Jqg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "6K5O0xmJnJtZcGmUaZ+P/w==": { "id": "6K5O0xmJnJtZcGmUaZ+P/w==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "6MW1lRUdNNc4s+6uD2JNvw==": { "id": "6MW1lRUdNNc4s+6uD2JNvw==", "updater": "rhel-vex", "name": "CVE-2022-2286", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2286 https://bugzilla.redhat.com/show_bug.cgi?id=2103875 https://www.cve.org/CVERecord?id=CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2286.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6PfMuZGMOADiSo4Ifx0/Qw==": { "id": "6PfMuZGMOADiSo4Ifx0/Qw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "6Q0Sg/Y1lskU2n7rbcxAIw==": { "id": "6Q0Sg/Y1lskU2n7rbcxAIw==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6Qa2KBduT2HgJC4kctpUnw==": { "id": "6Qa2KBduT2HgJC4kctpUnw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "6VA82zmenvpHf3qd7c6BQg==": { "id": "6VA82zmenvpHf3qd7c6BQg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "6W4lt5SjUgXnbxNap1O0Cg==": { "id": "6W4lt5SjUgXnbxNap1O0Cg==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "6WQjHZdyTC+aVOSwNc3+BQ==": { "id": "6WQjHZdyTC+aVOSwNc3+BQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "6XzckJlhvkdWwkN1ERVdzg==": { "id": "6XzckJlhvkdWwkN1ERVdzg==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "6Za/T764+Wnq0wfxFjEvGw==": { "id": "6Za/T764+Wnq0wfxFjEvGw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "6asSIEJz7ggo9QEXpbSOYg==": { "id": "6asSIEJz7ggo9QEXpbSOYg==", "updater": "rhel-vex", "name": "CVE-2023-48236", "description": "A flaw was found in Vim, an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48236 https://bugzilla.redhat.com/show_bug.cgi?id=2250273 https://www.cve.org/CVERecord?id=CVE-2023-48236 https://nvd.nist.gov/vuln/detail/CVE-2023-48236 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/73b2d3790cad5694fc0ed0db2926e4220c48d968 https://github.com/vim/vim/security/advisories/GHSA-pr4c-932v-8hx5 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48236.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6bZ4UNaa9jRLVZoZHQgYtQ==": { "id": "6bZ4UNaa9jRLVZoZHQgYtQ==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6dwQWrojfQ/1hgTT2PQckg==": { "id": "6dwQWrojfQ/1hgTT2PQckg==", "updater": "rhel-vex", "name": "CVE-2022-2129", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2129 https://bugzilla.redhat.com/show_bug.cgi?id=2099586 https://www.cve.org/CVERecord?id=CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2129.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6fJcYsi1gPQNv5g1ujEPdA==": { "id": "6fJcYsi1gPQNv5g1ujEPdA==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "6hAQW3vY9ZA/8datv1rY4g==": { "id": "6hAQW3vY9ZA/8datv1rY4g==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6miUB07ljV2HaYX/rZ1yjg==": { "id": "6miUB07ljV2HaYX/rZ1yjg==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "6o8ui0RxMttDzkyqTDO5tg==": { "id": "6o8ui0RxMttDzkyqTDO5tg==", "updater": "rhel-vex", "name": "CVE-2022-1616", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in append_command of the src/ex_docmd.c function. This flaw allows a specially crafted file to crash software, modify memory, or execute code when opened in vim.", "issued": "2022-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1616 https://bugzilla.redhat.com/show_bug.cgi?id=2083017 https://www.cve.org/CVERecord?id=CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1616.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6otwEH3RP+2A14zXLvGXpg==": { "id": "6otwEH3RP+2A14zXLvGXpg==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "6pBzw2YiS9JmVvplQUxl2Q==": { "id": "6pBzw2YiS9JmVvplQUxl2Q==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "6pPl5aD/FZ2M/6Yaa588Aw==": { "id": "6pPl5aD/FZ2M/6Yaa588Aw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "6q1zANz+NJU+U0TPL1Xa2g==": { "id": "6q1zANz+NJU+U0TPL1Xa2g==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "6qJXB6OTmGgjS8WJVVTxvQ==": { "id": "6qJXB6OTmGgjS8WJVVTxvQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "6rBlrHxkkFbqVRbyfq+scg==": { "id": "6rBlrHxkkFbqVRbyfq+scg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "6tML+4g9GkMhdrrSDsX4Zw==": { "id": "6tML+4g9GkMhdrrSDsX4Zw==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "6thTxik/0CDWjirwYbVkYw==": { "id": "6thTxik/0CDWjirwYbVkYw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "6ysC6D7BSkYQ7y8vZ1O7HA==": { "id": "6ysC6D7BSkYQ7y8vZ1O7HA==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "7+mdkcJcBwtv88RB9AcmHQ==": { "id": "7+mdkcJcBwtv88RB9AcmHQ==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "7+zZLUPhCOA3BFrcusoKFg==": { "id": "7+zZLUPhCOA3BFrcusoKFg==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "70+Z8jFk8NJbHxPCoxDRng==": { "id": "70+Z8jFk8NJbHxPCoxDRng==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "70Ajh2QFCXmrQTWVljWbIg==": { "id": "70Ajh2QFCXmrQTWVljWbIg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "70HU3efHkL/3G4Y44qZmGA==": { "id": "70HU3efHkL/3G4Y44qZmGA==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "70rtBro0k4gOrF1v9b0LPQ==": { "id": "70rtBro0k4gOrF1v9b0LPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "71rWwrWl22424P8D9sWBZg==": { "id": "71rWwrWl22424P8D9sWBZg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "72/cPQH5mNLd1/e3j2Vn+Q==": { "id": "72/cPQH5mNLd1/e3j2Vn+Q==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "748UmdVwB73z0xvCImrQmA==": { "id": "748UmdVwB73z0xvCImrQmA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "74B4VkBJHkNvj2AsRU4uTw==": { "id": "74B4VkBJHkNvj2AsRU4uTw==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "75kzXqx/LGJU9hkFlgdGGA==": { "id": "75kzXqx/LGJU9hkFlgdGGA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "76ytKtBeQe8L2T7nxeVp/g==": { "id": "76ytKtBeQe8L2T7nxeVp/g==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "78Ya60ppwS4OL6ZK9P90Qw==": { "id": "78Ya60ppwS4OL6ZK9P90Qw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7AoZZiCMmvqX9d9WD62FnQ==": { "id": "7AoZZiCMmvqX9d9WD62FnQ==", "updater": "rhel-vex", "name": "CVE-2023-4781", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.", "issued": "2023-09-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4781 https://bugzilla.redhat.com/show_bug.cgi?id=2237575 https://www.cve.org/CVERecord?id=CVE-2023-4781 https://nvd.nist.gov/vuln/detail/CVE-2023-4781 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4781.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7B4LUCjMkCM+NcHtyQXyFA==": { "id": "7B4LUCjMkCM+NcHtyQXyFA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "7BER6omsA92tkjpEqGZJLA==": { "id": "7BER6omsA92tkjpEqGZJLA==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "7CqLd0zk1hiFU3yrvTTdyg==": { "id": "7CqLd0zk1hiFU3yrvTTdyg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "7FDf95fwOcyZ1YXNVDIx0A==": { "id": "7FDf95fwOcyZ1YXNVDIx0A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "7HuMMq7XSYKaQG/oWdxnyg==": { "id": "7HuMMq7XSYKaQG/oWdxnyg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "7MUqmqmB2hEWys43ktPpcQ==": { "id": "7MUqmqmB2hEWys43ktPpcQ==", "updater": "rhel-vex", "name": "CVE-2022-28131", "description": "A flaw was found in golang encoding/xml. When calling Decoder, Skip while parsing a deeply nested XML document, a panic can occur due to stack exhaustion and allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28131 https://bugzilla.redhat.com/show_bug.cgi?id=2107390 https://www.cve.org/CVERecord?id=CVE-2022-28131 https://nvd.nist.gov/vuln/detail/CVE-2022-28131 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28131.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7NIMWPjl58dCiuwwIe4bGg==": { "id": "7NIMWPjl58dCiuwwIe4bGg==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "7Q0Bus9RTfFy/UrxkfH2sQ==": { "id": "7Q0Bus9RTfFy/UrxkfH2sQ==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.7.0-1.18.20.4.1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "7Q4dYBj4wFa2768mWculSQ==": { "id": "7Q4dYBj4wFa2768mWculSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "7QBYsSaCu8T87GZR3WHxyw==": { "id": "7QBYsSaCu8T87GZR3WHxyw==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "7S6xxC9g1Ybp0dqQ63V8tg==": { "id": "7S6xxC9g1Ybp0dqQ63V8tg==", "updater": "rhel-vex", "name": "CVE-2023-40403", "description": "A flaw was found in libxslt package. Processing web content may disclose sensitive information. This issue was addressed with improved memory handling.", "issued": "2023-09-26T20:14:54Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40403 https://bugzilla.redhat.com/show_bug.cgi?id=2349766 https://www.cve.org/CVERecord?id=CVE-2023-40403 https://nvd.nist.gov/vuln/detail/CVE-2023-40403 http://seclists.org/fulldisclosure/2023/Oct/10 http://seclists.org/fulldisclosure/2023/Oct/3 http://seclists.org/fulldisclosure/2023/Oct/4 http://seclists.org/fulldisclosure/2023/Oct/5 http://seclists.org/fulldisclosure/2023/Oct/6 http://seclists.org/fulldisclosure/2023/Oct/8 http://seclists.org/fulldisclosure/2023/Oct/9 https://bugs.chromium.org/p/chromium/issues/detail?id=1356211 https://bugzilla.gnome.org/show_bug.cgi?id=751621 https://gitlab.gnome.org/GNOME/libxslt/-/issues/94 https://support.apple.com/en-us/HT213927 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40403.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7SutUCP3yRd4o5ryN/dDZA==": { "id": "7SutUCP3yRd4o5ryN/dDZA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "7SyD51cUTMP7ddBSGNw3Iw==": { "id": "7SyD51cUTMP7ddBSGNw3Iw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "7T9qiwKBE1swIXuW9Zvewg==": { "id": "7T9qiwKBE1swIXuW9Zvewg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "7TWJhc3cfFgph89dsQ0nBA==": { "id": "7TWJhc3cfFgph89dsQ0nBA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "7U+8ffRP7ahu1ot4Zj5Zlw==": { "id": "7U+8ffRP7ahu1ot4Zj5Zlw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "7XM4eB5q+q78IrA8abl57g==": { "id": "7XM4eB5q+q78IrA8abl57g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "7ZyXE8z7uZKjHitrjhSWQQ==": { "id": "7ZyXE8z7uZKjHitrjhSWQQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "7aOJwf1br9gIaC1RH6UwDQ==": { "id": "7aOJwf1br9gIaC1RH6UwDQ==", "updater": "osv/go", "name": "GO-2022-0537", "description": "Panic when decoding Float and Rat types in math/big", "issued": "2022-08-01T22:21:06Z", "links": "https://go.dev/cl/417774 https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66 https://go.dev/issue/53871 https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.5" }, "7bYXVEfvDWEIL53s8ARxGg==": { "id": "7bYXVEfvDWEIL53s8ARxGg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "7cHovEEcBoQ92zXTfFigow==": { "id": "7cHovEEcBoQ92zXTfFigow==", "updater": "rhel-vex", "name": "CVE-2025-9232", "description": "Issue summary: An application using the OpenSSL HTTP client API functions may\ntrigger an out-of-bounds read if the 'no_proxy' environment variable is set and\nthe host portion of the authority component of the HTTP URL is an IPv6 address.\n\nImpact summary: An out-of-bounds read can trigger a crash which leads to\nDenial of Service for an application.\n\nThe OpenSSL HTTP client API functions can be used directly by applications\nbut they are also used by the OCSP client functions and CMP (Certificate\nManagement Protocol) client implementation in OpenSSL. However the URLs used\nby these implementations are unlikely to be controlled by an attacker.\n\nIn this vulnerable code the out of bounds read can only trigger a crash.\nFurthermore the vulnerability requires an attacker-controlled URL to be\npassed from an application to the OpenSSL function and the user has to have\na 'no_proxy' environment variable set. For the aforementioned reasons the\nissue was assessed as Low severity.\n\nThe vulnerable code was introduced in the following patch releases:\n3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the HTTP client implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9232 https://bugzilla.redhat.com/show_bug.cgi?id=2396056 https://www.cve.org/CVERecord?id=CVE-2025-9232 https://nvd.nist.gov/vuln/detail/CVE-2025-9232 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9232.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7cqLG7sQEqqh9WoHfpekpw==": { "id": "7cqLG7sQEqqh9WoHfpekpw==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7czTMSwqOjLz2LigIYHAeg==": { "id": "7czTMSwqOjLz2LigIYHAeg==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "7df4FOgRU0BSF6P5QJkjaQ==": { "id": "7df4FOgRU0BSF6P5QJkjaQ==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "7jE4UN8ZNzWXfNDZ8BZq3Q==": { "id": "7jE4UN8ZNzWXfNDZ8BZq3Q==", "updater": "rhel-vex", "name": "CVE-2025-47279", "description": "A memory leak vulnerability has been discovered in the Undici HTTP/1.1 client library. This flaw can be triggered by repeatedly calling a webhook endpoint that presents an invalid TLS certificate. Continuous interaction with such an endpoint can cause the Undici library to allocate memory without properly releasing it, potentially leading to excessive memory consumption. Over time, this could result in resource exhaustion, impacting the availability and stability of applications relying on Undici for webhook communication.", "issued": "2025-05-15T17:16:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47279 https://bugzilla.redhat.com/show_bug.cgi?id=2366632 https://www.cve.org/CVERecord?id=CVE-2025-47279 https://nvd.nist.gov/vuln/detail/CVE-2025-47279 https://github.com/nodejs/undici/issues/3895 https://github.com/nodejs/undici/pull/4088 https://github.com/nodejs/undici/security/advisories/GHSA-cxrh-j4jr-qwg3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47279.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "7oEe6HdmVrscCmplGQsEeQ==": { "id": "7oEe6HdmVrscCmplGQsEeQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "7tWeNpgpS6TZ4aQUo8g9NQ==": { "id": "7tWeNpgpS6TZ4aQUo8g9NQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "7uj4PEKyThSRh2msjDtceg==": { "id": "7uj4PEKyThSRh2msjDtceg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "7v+kCrIi/mMmyn+o9Uh+oA==": { "id": "7v+kCrIi/mMmyn+o9Uh+oA==", "updater": "rhel-vex", "name": "CVE-2022-48337", "description": "A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzilla.redhat.com/show_bug.cgi?id=2171987 https://www.cve.org/CVERecord?id=CVE-2022-48337 https://nvd.nist.gov/vuln/detail/CVE-2022-48337 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48337.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "7y5jXLyua18Srex9lNrfkQ==": { "id": "7y5jXLyua18Srex9lNrfkQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "8/mZoUg5ZlBapu2isiHzqg==": { "id": "8/mZoUg5ZlBapu2isiHzqg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "81Pd3WxGavo8vEw0GcfWBQ==": { "id": "81Pd3WxGavo8vEw0GcfWBQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "82S4cf8ecOlHYb8LNQQn+w==": { "id": "82S4cf8ecOlHYb8LNQQn+w==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "830L36AKCoBHnXPHE6R6uQ==": { "id": "830L36AKCoBHnXPHE6R6uQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "842T09LMtibo6aQ7X6A47A==": { "id": "842T09LMtibo6aQ7X6A47A==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.1.el9_6", "arch_op": "pattern match" }, "84g+WJ21VVZ5YgyE9krInA==": { "id": "84g+WJ21VVZ5YgyE9krInA==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "87p97+dH2sU2JVQ8vQ+Xuw==": { "id": "87p97+dH2sU2JVQ8vQ+Xuw==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "89XrIFUuuXy08LkDR6XMOw==": { "id": "89XrIFUuuXy08LkDR6XMOw==", "updater": "rhel-vex", "name": "CVE-2021-31879", "description": "A flaw was found in wget. If wget sends an Authorization header as part of a query and receives an HTTP REDIRECT to a third party in return, the Authorization header will be forwarded as part of the redirected request. This issue creates a password leak, as the second server receives the password. The highest threat from this vulnerability is confidentiality.", "issued": "2019-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31879 https://bugzilla.redhat.com/show_bug.cgi?id=1955316 https://www.cve.org/CVERecord?id=CVE-2021-31879 https://nvd.nist.gov/vuln/detail/CVE-2021-31879 https://savannah.gnu.org/bugs/?56909 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31879.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8BMA6LbX8vjrr4aUcmHB5w==": { "id": "8BMA6LbX8vjrr4aUcmHB5w==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "8BsUEMjLB96UtpRd1ludrg==": { "id": "8BsUEMjLB96UtpRd1ludrg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "8Efa1m3XsyOFY5vSd2fHNQ==": { "id": "8Efa1m3XsyOFY5vSd2fHNQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "8ImlkqI0B9hvKdKXJLla/w==": { "id": "8ImlkqI0B9hvKdKXJLla/w==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "8Ldq46rf2Z9JTBjkrtfV0g==": { "id": "8Ldq46rf2Z9JTBjkrtfV0g==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "8ML0IVFlCjXlypnsSOqB1Q==": { "id": "8ML0IVFlCjXlypnsSOqB1Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8OhIIjb+vwm01NjtGgcnDw==": { "id": "8OhIIjb+vwm01NjtGgcnDw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "8QRmG/+fMsQQzP2maaxOag==": { "id": "8QRmG/+fMsQQzP2maaxOag==", "updater": "rhel-vex", "name": "CVE-2025-48386", "description": "A credential handling flaw has been discovered in git. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), which can lead to buffer overflows.", "issued": "2025-07-08T18:23:41Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48386 https://bugzilla.redhat.com/show_bug.cgi?id=2378807 https://www.cve.org/CVERecord?id=CVE-2025-48386 https://nvd.nist.gov/vuln/detail/CVE-2025-48386 https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48386.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Ug8/LJbCT7/mzHPjLi21A==": { "id": "8Ug8/LJbCT7/mzHPjLi21A==", "updater": "osv/go", "name": "GO-2023-1987", "description": "Large RSA keys can cause high CPU usage in crypto/tls", "issued": "2023-08-02T17:25:58Z", "links": "https://go.dev/issue/61460 https://go.dev/cl/515257 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.12" }, "8ZrkaQ6B1f36PC2cIg9i6A==": { "id": "8ZrkaQ6B1f36PC2cIg9i6A==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "8Zz8gP9QPTYBttUQXDeNpg==": { "id": "8Zz8gP9QPTYBttUQXDeNpg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "8bMBj5vTG1tOpQ1wuVD1bQ==": { "id": "8bMBj5vTG1tOpQ1wuVD1bQ==", "updater": "osv/go", "name": "GO-2022-0532", "description": "Empty Cmd.Path can trigger unintended binary in os/exec on Windows", "issued": "2022-07-26T21:41:20Z", "links": "https://go.dev/cl/403759 https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e https://go.dev/issue/52574 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "8dARvXsFfslEQUJNpOVqyQ==": { "id": "8dARvXsFfslEQUJNpOVqyQ==", "updater": "osv/go", "name": "GO-2025-4007", "description": "Quadratic complexity when checking name constraints in crypto/x509", "issued": "2025-10-29T21:49:50Z", "links": "https://go.dev/issue/75681 https://go.dev/cl/709854 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.9" }, "8dqpgv7n5GVlIYVt/hP0Gg==": { "id": "8dqpgv7n5GVlIYVt/hP0Gg==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "8eY8PV83CN3R/MV2hK7XHA==": { "id": "8eY8PV83CN3R/MV2hK7XHA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "8efBqSZ3OYqd+nT8a21FNA==": { "id": "8efBqSZ3OYqd+nT8a21FNA==", "updater": "rhel-vex", "name": "CVE-2022-2287", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2287 https://bugzilla.redhat.com/show_bug.cgi?id=2103876 https://www.cve.org/CVERecord?id=CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2287.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ez1JQpqUyVUQaplF/dpog==": { "id": "8ez1JQpqUyVUQaplF/dpog==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "8gQtKtb/Xr3aGfsLtKyetA==": { "id": "8gQtKtb/Xr3aGfsLtKyetA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "8ge47rqVvHaefMV4OlZnlQ==": { "id": "8ge47rqVvHaefMV4OlZnlQ==", "updater": "rhel-vex", "name": "CVE-2022-2845", "description": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\n\n", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2845 https://bugzilla.redhat.com/show_bug.cgi?id=2119844 https://www.cve.org/CVERecord?id=CVE-2022-2845 https://nvd.nist.gov/vuln/detail/CVE-2022-2845 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2845.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8kPW6EH9br7BQBK1DHvQsA==": { "id": "8kPW6EH9br7BQBK1DHvQsA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "8kndQj/aRn+NNJdGVP9v4g==": { "id": "8kndQj/aRn+NNJdGVP9v4g==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8lLGaMUZk8kOHbicsIjPjw==": { "id": "8lLGaMUZk8kOHbicsIjPjw==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "8m+MeF1Vk+YvSROjY2pN5Q==": { "id": "8m+MeF1Vk+YvSROjY2pN5Q==", "updater": "osv/go", "name": "GO-2022-0969", "description": "Denial of service in net/http and golang.org/x/net/http2", "issued": "2022-09-12T20:23:06Z", "links": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s https://go.dev/issue/54658 https://go.dev/cl/428735", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.6" }, "8oKavHMm8C7p1QC+rNA0zA==": { "id": "8oKavHMm8C7p1QC+rNA0zA==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "8qeM99NPNtS3R0CIVDnqTw==": { "id": "8qeM99NPNtS3R0CIVDnqTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "8utuZQ/Ix8fDNAmmSZivvQ==": { "id": "8utuZQ/Ix8fDNAmmSZivvQ==", "updater": "rhel-vex", "name": "CVE-2022-48624", "description": "A flaw was found in less. The close_altfile() function in filename.c omits shell_quote calls for LESSCLOSE, a command line to invoke the optional input postprocessor. This issue could lead to an OS command injection vulnerability and arbitrary command execution on the host operating system.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48624 https://bugzilla.redhat.com/show_bug.cgi?id=2265081 https://www.cve.org/CVERecord?id=CVE-2022-48624 https://nvd.nist.gov/vuln/detail/CVE-2022-48624 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48624.json https://access.redhat.com/errata/RHSA-2024:1692", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-3.el9_3", "arch_op": "pattern match" }, "8vc1CEh/sS08VpWYipw3xA==": { "id": "8vc1CEh/sS08VpWYipw3xA==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "9/6RhDAFXPVo7L6QeEsy9w==": { "id": "9/6RhDAFXPVo7L6QeEsy9w==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "92O2+eS3W5hGvsWPMPwTRQ==": { "id": "92O2+eS3W5hGvsWPMPwTRQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "936XDvlfcwVB/34fQscf7w==": { "id": "936XDvlfcwVB/34fQscf7w==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.el9", "arch_op": "pattern match" }, "93O9BjbBwz1jYmTNCzgkUw==": { "id": "93O9BjbBwz1jYmTNCzgkUw==", "updater": "rhel-vex", "name": "CVE-2022-2849", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2849 https://bugzilla.redhat.com/show_bug.cgi?id=2122137 https://www.cve.org/CVERecord?id=CVE-2022-2849 https://nvd.nist.gov/vuln/detail/CVE-2022-2849 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2849.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "95p6rGNUFNsCWfXMBirOLg==": { "id": "95p6rGNUFNsCWfXMBirOLg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "96QbNqFHhG4RmHyIqvnk+w==": { "id": "96QbNqFHhG4RmHyIqvnk+w==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "98vR1ByhE/Y9cvB+lRN3LA==": { "id": "98vR1ByhE/Y9cvB+lRN3LA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "99Q540ZW70Bq59gE8MRNHA==": { "id": "99Q540ZW70Bq59gE8MRNHA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9Ad5Q6DJD1JusuIjCNfUvQ==": { "id": "9Ad5Q6DJD1JusuIjCNfUvQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9Bnr48B1Gkm5b1u7nixqng==": { "id": "9Bnr48B1Gkm5b1u7nixqng==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "9C6WGntg4UmJkjiylWVxnw==": { "id": "9C6WGntg4UmJkjiylWVxnw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "9Ck8qx7KCeVOhknvjhQwsA==": { "id": "9Ck8qx7KCeVOhknvjhQwsA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "9CmH5Y/MDHXGbta8UBA5HQ==": { "id": "9CmH5Y/MDHXGbta8UBA5HQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "9HkrQyk+mvh4YcyBYw6eQg==": { "id": "9HkrQyk+mvh4YcyBYw6eQg==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "9M1meEoYiMYlmYR7kKfweg==": { "id": "9M1meEoYiMYlmYR7kKfweg==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "9NxQaPp619Bd0qky1dvzZg==": { "id": "9NxQaPp619Bd0qky1dvzZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9PE6ZiUdIaAWtCsUgesEZA==": { "id": "9PE6ZiUdIaAWtCsUgesEZA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "9QNdmlIziBB9zOcB4elT6A==": { "id": "9QNdmlIziBB9zOcB4elT6A==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9RLVzTylr5Ocdbql97n+1Q==": { "id": "9RLVzTylr5Ocdbql97n+1Q==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "9SrODyBGF+py5BfKYxVllg==": { "id": "9SrODyBGF+py5BfKYxVllg==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "9U8BTRqVPM+WCls5RolwuQ==": { "id": "9U8BTRqVPM+WCls5RolwuQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "9UTiJlsfYxfa60iynbYgLg==": { "id": "9UTiJlsfYxfa60iynbYgLg==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "9XbremjCd0rS6zu/GB+mjA==": { "id": "9XbremjCd0rS6zu/GB+mjA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "9Yjf3Ev3R8wbqlhNdfwPQQ==": { "id": "9Yjf3Ev3R8wbqlhNdfwPQQ==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:9448", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-14.el9_6.2", "arch_op": "pattern match" }, "9avTgsTrB6zaN8UjZ37Wow==": { "id": "9avTgsTrB6zaN8UjZ37Wow==", "updater": "rhel-vex", "name": "CVE-2022-3153", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.", "issued": "2022-09-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3153 https://bugzilla.redhat.com/show_bug.cgi?id=2126401 https://www.cve.org/CVERecord?id=CVE-2022-3153 https://nvd.nist.gov/vuln/detail/CVE-2022-3153 https://huntr.dev/bounties/68331124-620d-48bc-a8fa-cd947b26270a/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3153.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9b3CWaJsQwdqnuBJDBMt8g==": { "id": "9b3CWaJsQwdqnuBJDBMt8g==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "9b3hAQW/ubh4v6zyl2M5Ig==": { "id": "9b3hAQW/ubh4v6zyl2M5Ig==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "9ca/WR2Db6VUKD0h31yyGw==": { "id": "9ca/WR2Db6VUKD0h31yyGw==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9feM+1JJIYgC5OZCglyV3w==": { "id": "9feM+1JJIYgC5OZCglyV3w==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "9fvqDo3ARbJLIgwR1oX6QQ==": { "id": "9fvqDo3ARbJLIgwR1oX6QQ==", "updater": "rhel-vex", "name": "CVE-2023-24329", "description": "A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.", "issued": "2023-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24329 https://bugzilla.redhat.com/show_bug.cgi?id=2173917 https://www.cve.org/CVERecord?id=CVE-2023-24329 https://nvd.nist.gov/vuln/detail/CVE-2023-24329 https://pointernull.com/security/python-url-parse-problem.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24329.json https://access.redhat.com/errata/RHSA-2023:3595", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.1", "arch_op": "pattern match" }, "9gB7mQN0y1Zy9EiaXIHFew==": { "id": "9gB7mQN0y1Zy9EiaXIHFew==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "9ia70lNV6NYvmzB7WlbYQw==": { "id": "9ia70lNV6NYvmzB7WlbYQw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "9kpPzhUEkQr6h/4fDNnSuA==": { "id": "9kpPzhUEkQr6h/4fDNnSuA==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "9lAt/24IrVKtsskC+grSQQ==": { "id": "9lAt/24IrVKtsskC+grSQQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "9lOT/bRPy9mu1knhwrLw8Q==": { "id": "9lOT/bRPy9mu1knhwrLw8Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "9lOiMN/e99o1oI1dhS9S2Q==": { "id": "9lOiMN/e99o1oI1dhS9S2Q==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "9lqG2xu+85HJHcn8UQyZ2A==": { "id": "9lqG2xu+85HJHcn8UQyZ2A==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "9lxLFgIezXSh1WnSsRhwNQ==": { "id": "9lxLFgIezXSh1WnSsRhwNQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "9oQBIjmHHZP7ZEjuqVHO7Q==": { "id": "9oQBIjmHHZP7ZEjuqVHO7Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "9rfGlkZ9WMAUo942FMnq5A==": { "id": "9rfGlkZ9WMAUo942FMnq5A==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "9uaveyIiSEcdU4MrDHbJ2Q==": { "id": "9uaveyIiSEcdU4MrDHbJ2Q==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "9uo4qIbgVv97/yzslhE6/g==": { "id": "9uo4qIbgVv97/yzslhE6/g==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "9vaAmbFDwko+7w/wBDHWvg==": { "id": "9vaAmbFDwko+7w/wBDHWvg==", "updater": "rhel-vex", "name": "CVE-2023-28617", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the function org-babel-execute:latex in ob-latex.el can result in arbitrary command execution.", "issued": "2023-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28617 https://bugzilla.redhat.com/show_bug.cgi?id=2180544 https://www.cve.org/CVERecord?id=CVE-2023-28617 https://nvd.nist.gov/vuln/detail/CVE-2023-28617 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28617.json https://access.redhat.com/errata/RHSA-2023:2074", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-6.el9_1.1", "arch_op": "pattern match" }, "9z2MVdoreqGVJcUFUz72OA==": { "id": "9z2MVdoreqGVJcUFUz72OA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "A/za5QfQmT4HYcIQ4RyCzA==": { "id": "A/za5QfQmT4HYcIQ4RyCzA==", "updater": "osv/go", "name": "GO-2024-2887", "description": "Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/590316 https://go.dev/issue/67680 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "A2YTvJXiGwe7aOSqWlEZhQ==": { "id": "A2YTvJXiGwe7aOSqWlEZhQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "A3ZYVQ8Z63tDAx8FSltQHw==": { "id": "A3ZYVQ8Z63tDAx8FSltQHw==", "updater": "rhel-vex", "name": "CVE-2025-7458", "description": "An integer overflow flaw has been discovered in SQLite. This flaw allows an attacker who has the ability to execute raw SQL statements to induce a denial of service or leak process memory.", "issued": "2025-07-29T12:43:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7458 https://bugzilla.redhat.com/show_bug.cgi?id=2384237 https://www.cve.org/CVERecord?id=CVE-2025-7458 https://nvd.nist.gov/vuln/detail/CVE-2025-7458 https://sqlite.org/forum/forumpost/16ce2bb7a639e29b https://sqlite.org/src/info/12ad822d9b827777 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7458.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A98JJ8FAQWnMhx8Nb3TYXA==": { "id": "A98JJ8FAQWnMhx8Nb3TYXA==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "ABh4yTmrbQSCnnP4F8iX5A==": { "id": "ABh4yTmrbQSCnnP4F8iX5A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "AD3UsMwxeXvBzVWIm5l5yw==": { "id": "AD3UsMwxeXvBzVWIm5l5yw==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AEXyQvL2wFfW+v4I9XmTaQ==": { "id": "AEXyQvL2wFfW+v4I9XmTaQ==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "AI5OCFigX+y57buhAMK1UA==": { "id": "AI5OCFigX+y57buhAMK1UA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "AIlN8RmMOvhBveVuVAyHQQ==": { "id": "AIlN8RmMOvhBveVuVAyHQQ==", "updater": "rhel-vex", "name": "CVE-2022-2874", "description": "A NULL pointer dereference vulnerability was found in Vim in the generate_loadvar function in the vim9compile.c file. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2874 https://bugzilla.redhat.com/show_bug.cgi?id=2193207 https://www.cve.org/CVERecord?id=CVE-2022-2874 https://nvd.nist.gov/vuln/detail/CVE-2022-2874 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2874.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AJcMDco3zISLrE/7+42hGA==": { "id": "AJcMDco3zISLrE/7+42hGA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "AJgpOdbNJblqS+xC52p8RA==": { "id": "AJgpOdbNJblqS+xC52p8RA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ANawluW+m7SrGs8Q9Odgow==": { "id": "ANawluW+m7SrGs8Q9Odgow==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "ANxFBq/yNQoElX4dsXb0wA==": { "id": "ANxFBq/yNQoElX4dsXb0wA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "AOVkipVLZLxGjwVCB/7mwg==": { "id": "AOVkipVLZLxGjwVCB/7mwg==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "AQa/gDZ0IemFxWbJIsU4yQ==": { "id": "AQa/gDZ0IemFxWbJIsU4yQ==", "updater": "rhel-vex", "name": "CVE-2023-52355", "description": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52355 https://bugzilla.redhat.com/show_bug.cgi?id=2251326 https://www.cve.org/CVERecord?id=CVE-2023-52355 https://nvd.nist.gov/vuln/detail/CVE-2023-52355 https://gitlab.com/libtiff/libtiff/-/issues/621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52355.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "AR31u5jCzWyawCxRWBepmw==": { "id": "AR31u5jCzWyawCxRWBepmw==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "AUiFITCnRjRxctzqqbDeeA==": { "id": "AUiFITCnRjRxctzqqbDeeA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AYOaUiAITXfmzrid+CR2Og==": { "id": "AYOaUiAITXfmzrid+CR2Og==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "AYXw2VaylssI+NkH09HL4Q==": { "id": "AYXw2VaylssI+NkH09HL4Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "AcbVYbhZ/tTIOm89OCy5kQ==": { "id": "AcbVYbhZ/tTIOm89OCy5kQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "AdhtRMEnBdpFFyeSlUP6fA==": { "id": "AdhtRMEnBdpFFyeSlUP6fA==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Aet749oXCwhRnnY9gEGYGw==": { "id": "Aet749oXCwhRnnY9gEGYGw==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AfEBBMV7R48kk4frVmVcAg==": { "id": "AfEBBMV7R48kk4frVmVcAg==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Ah03jmj/7fQOqUbg05PtZg==": { "id": "Ah03jmj/7fQOqUbg05PtZg==", "updater": "rhel-vex", "name": "CVE-2023-0049", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the build_stl_str_hl function. This flaw allows a specially crafted file to cause information disclosure, data integrity corruption, or crash the software.", "issued": "2023-01-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0049 https://bugzilla.redhat.com/show_bug.cgi?id=2158269 https://www.cve.org/CVERecord?id=CVE-2023-0049 https://nvd.nist.gov/vuln/detail/CVE-2023-0049 https://huntr.dev/bounties/5e6f325c-ba54-4bf0-b050-dca048fd3fd9/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0049.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ApGWymi9r75ZlVZNkjnd4w==": { "id": "ApGWymi9r75ZlVZNkjnd4w==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "Ar1hBHxUcHiCnqL+avGJRg==": { "id": "Ar1hBHxUcHiCnqL+avGJRg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AsiuN/8gu7sZ0PJCLihjmw==": { "id": "AsiuN/8gu7sZ0PJCLihjmw==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Aspz79uO5bKpApwSqMsL8A==": { "id": "Aspz79uO5bKpApwSqMsL8A==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "AuT5DLBrUT23i8Fkzi5nrA==": { "id": "AuT5DLBrUT23i8Fkzi5nrA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Av6IvPz8z+8JAyypXmkbTA==": { "id": "Av6IvPz8z+8JAyypXmkbTA==", "updater": "rhel-vex", "name": "CVE-2025-23050", "description": "QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This is fixed in 5.15.19, 6.5.9, and 6.8.2.", "issued": "2025-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23050 https://bugzilla.redhat.com/show_bug.cgi?id=2408769 https://www.cve.org/CVERecord?id=CVE-2025-23050 https://nvd.nist.gov/vuln/detail/CVE-2025-23050 https://codereview.qt-project.org/c/qt/qtconnectivity/+/614538 https://codereview.qt-project.org/q/QLowEnergyController https://www.qt.io/blog/security-advisory-qlowenergycontroller-on-linux https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23050.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AwYRRq6SmgfJLn2NZxQUdw==": { "id": "AwYRRq6SmgfJLn2NZxQUdw==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AyHFH4N7lNUZlwVfgigcMA==": { "id": "AyHFH4N7lNUZlwVfgigcMA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ayn8XyGcXwYPR+J1PSWdHQ==": { "id": "Ayn8XyGcXwYPR+J1PSWdHQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "B+xaJOiguNTw6xGmTB+mZw==": { "id": "B+xaJOiguNTw6xGmTB+mZw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "B/+SfhbeumQponnHheNEVg==": { "id": "B/+SfhbeumQponnHheNEVg==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "B0ZJnlI3io/AXTPjqyoADA==": { "id": "B0ZJnlI3io/AXTPjqyoADA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "B1FsL93s2G1YxIvrdDvTfg==": { "id": "B1FsL93s2G1YxIvrdDvTfg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "B1THb18jP+rSUaY77CvPng==": { "id": "B1THb18jP+rSUaY77CvPng==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "B1gQIzGtgKR02WiRgVPUgQ==": { "id": "B1gQIzGtgKR02WiRgVPUgQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "B3tKTgCVG9JSLHIgfbUFmw==": { "id": "B3tKTgCVG9JSLHIgfbUFmw==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "B6kRennXxnam4nW6s2O9mQ==": { "id": "B6kRennXxnam4nW6s2O9mQ==", "updater": "rhel-vex", "name": "CVE-2022-30633", "description": "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30633 https://bugzilla.redhat.com/show_bug.cgi?id=2107392 https://www.cve.org/CVERecord?id=CVE-2022-30633 https://nvd.nist.gov/vuln/detail/CVE-2022-30633 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30633.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "B7rM39vvdeIIjmDnRAuTIQ==": { "id": "B7rM39vvdeIIjmDnRAuTIQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "BBNgt41sCJ+dkDLhh8RM2Q==": { "id": "BBNgt41sCJ+dkDLhh8RM2Q==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "BCUOacmvjky6+oK/3U158Q==": { "id": "BCUOacmvjky6+oK/3U158Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "BCe3MuKRzryFB5SraMhsPw==": { "id": "BCe3MuKRzryFB5SraMhsPw==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "BEXy4ijrTQIkl+xEVZQ61w==": { "id": "BEXy4ijrTQIkl+xEVZQ61w==", "updater": "rhel-vex", "name": "CVE-2025-61984", "description": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61984 https://bugzilla.redhat.com/show_bug.cgi?id=2401960 https://www.cve.org/CVERecord?id=CVE-2025-61984 https://nvd.nist.gov/vuln/detail/CVE-2025-61984 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61984.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BLPjiJKh0zrGI5mH+bPIGw==": { "id": "BLPjiJKh0zrGI5mH+bPIGw==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BQivQt20Anl3mLgiJoMKAA==": { "id": "BQivQt20Anl3mLgiJoMKAA==", "updater": "rhel-vex", "name": "CVE-2024-30205", "description": "A flaw was found in Emacs. Org mode considers the content of remote files, such as files opened with TRAMP on remote systems, to be trusted, resulting in arbitrary code execution.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30205 https://bugzilla.redhat.com/show_bug.cgi?id=2280298 https://www.cve.org/CVERecord?id=CVE-2024-30205 https://nvd.nist.gov/vuln/detail/CVE-2024-30205 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30205.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "BS5Qx6nN3HmM64VVoKmayw==": { "id": "BS5Qx6nN3HmM64VVoKmayw==", "updater": "rhel-vex", "name": "CVE-2022-3134", "description": "A heap use-after-free vulnerability was found in vim's do_tag() function of the src/tag.c file. The issue triggers when the 'tagfunc' closes the window. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3134 https://bugzilla.redhat.com/show_bug.cgi?id=2126085 https://www.cve.org/CVERecord?id=CVE-2022-3134 https://nvd.nist.gov/vuln/detail/CVE-2022-3134 https://huntr.dev/bounties/6ec79e49-c7ab-4cd6-a517-e7934c2eb9dc https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3134.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BXlYoXrAW947O+Adruh7Zw==": { "id": "BXlYoXrAW947O+Adruh7Zw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "BbM0NZsMsZnNUi1ybIzssw==": { "id": "BbM0NZsMsZnNUi1ybIzssw==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BceQQXlChHEbiy2YYN7FvA==": { "id": "BceQQXlChHEbiy2YYN7FvA==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "Bd+yU6xHUdyyaw65uiacIw==": { "id": "Bd+yU6xHUdyyaw65uiacIw==", "updater": "osv/go", "name": "GO-2023-1752", "description": "Improper handling of JavaScript whitespace in html/template", "issued": "2023-05-05T21:10:22Z", "links": "https://go.dev/issue/59721 https://go.dev/cl/491616 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "BfDjqoaYrd0NKCGGxtokTg==": { "id": "BfDjqoaYrd0NKCGGxtokTg==", "updater": "rhel-vex", "name": "CVE-2023-48231", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48231 https://bugzilla.redhat.com/show_bug.cgi?id=2250268 https://www.cve.org/CVERecord?id=CVE-2023-48231 https://nvd.nist.gov/vuln/detail/CVE-2023-48231 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/25aabc2b8ee1e19ced6f4da9d866cf9378fc4c5a https://github.com/vim/vim/security/advisories/GHSA-8g46-v9ff-c765 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48231.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BfJzk+M/zKnbrBHcCrvIlA==": { "id": "BfJzk+M/zKnbrBHcCrvIlA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "BgLn2RypgHsjIVj0SLunZg==": { "id": "BgLn2RypgHsjIVj0SLunZg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "BofAiVtqC38hX5ZAkBLTpA==": { "id": "BofAiVtqC38hX5ZAkBLTpA==", "updater": "osv/go", "name": "GO-2024-2599", "description": "Memory exhaustion in multipart form parsing in net/textproto and net/http", "issued": "2024-03-05T22:15:00Z", "links": "https://go.dev/issue/65383 https://go.dev/cl/569341 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "Bp0jmZLVDqekxjq/Mq7PPA==": { "id": "Bp0jmZLVDqekxjq/Mq7PPA==", "updater": "rhel-vex", "name": "CVE-2022-1962", "description": "A flaw was found in the golang standard library, go/parser. When calling any Parse functions on the Go source code, which contains deeply nested types or declarations, a panic can occur due to stack exhaustion. This issue allows an attacker to impact system availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1962 https://bugzilla.redhat.com/show_bug.cgi?id=2107376 https://www.cve.org/CVERecord?id=CVE-2022-1962 https://nvd.nist.gov/vuln/detail/CVE-2022-1962 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1962.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bp4O+K+hM5aEmCc59xUWdA==": { "id": "Bp4O+K+hM5aEmCc59xUWdA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "BsGuSaqfP6qrCK8KTTY4qw==": { "id": "BsGuSaqfP6qrCK8KTTY4qw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Bu9dxnhmsLXDd3x0oRPHfA==": { "id": "Bu9dxnhmsLXDd3x0oRPHfA==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Bua36N02B8W4H7+P8yixkw==": { "id": "Bua36N02B8W4H7+P8yixkw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "BwQexIGmUvV9ONa+9gpe2w==": { "id": "BwQexIGmUvV9ONa+9gpe2w==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "ByykkIf8cqMarBUwgOjK0g==": { "id": "ByykkIf8cqMarBUwgOjK0g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "BzOgc4nzX2HHoodQY6X6vQ==": { "id": "BzOgc4nzX2HHoodQY6X6vQ==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Bzc4r1UXMoCf7blNLHkQGw==": { "id": "Bzc4r1UXMoCf7blNLHkQGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "C+2GxqMTQEZYKlJYDQE1Pg==": { "id": "C+2GxqMTQEZYKlJYDQE1Pg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "C0udSo+foVK8TphEaJ9u7g==": { "id": "C0udSo+foVK8TphEaJ9u7g==", "updater": "rhel-vex", "name": "CVE-2017-1000383", "description": "It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.", "issued": "2017-10-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-1000383 https://bugzilla.redhat.com/show_bug.cgi?id=1508788 https://www.cve.org/CVERecord?id=CVE-2017-1000383 https://nvd.nist.gov/vuln/detail/CVE-2017-1000383 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-1000383.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "emacs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "C2ejCCBwa9n29Fq9gpW/sw==": { "id": "C2ejCCBwa9n29Fq9gpW/sw==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "C7v5oMuGS9CuS5bfckNF/w==": { "id": "C7v5oMuGS9CuS5bfckNF/w==", "updater": "osv/go", "name": "GO-2022-0477", "description": "Indefinite hang with large buffers on Windows in crypto/rand", "issued": "2022-06-09T01:43:37Z", "links": "https://go.dev/cl/402257 https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863 https://go.dev/issue/52561 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "C9NKmmH/EbcYxVOEg1uY9g==": { "id": "C9NKmmH/EbcYxVOEg1uY9g==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "CAcAzU3FmPfcBEK+BF1wiQ==": { "id": "CAcAzU3FmPfcBEK+BF1wiQ==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "CBxUpiwpFiagAj3ihqf+vQ==": { "id": "CBxUpiwpFiagAj3ihqf+vQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CCQ15lzJdM5OqfQf0dLnJQ==": { "id": "CCQ15lzJdM5OqfQf0dLnJQ==", "updater": "rhel-vex", "name": "CVE-2023-0802", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0802 https://bugzilla.redhat.com/show_bug.cgi?id=2170178 https://www.cve.org/CVERecord?id=CVE-2023-0802 https://nvd.nist.gov/vuln/detail/CVE-2023-0802 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0802.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "CD0KTiCn+kQ9+lGQdzy4Lw==": { "id": "CD0KTiCn+kQ9+lGQdzy4Lw==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "CFRtSPlXDJlgi28bdADXZg==": { "id": "CFRtSPlXDJlgi28bdADXZg==", "updater": "osv/go", "name": "GO-2024-3105", "description": "Stack exhaustion in all Parse functions in go/parser", "issued": "2024-09-06T19:15:23Z", "links": "https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.7" }, "CH/8kg0DShdiNjzv6+DZnA==": { "id": "CH/8kg0DShdiNjzv6+DZnA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CMGu0bZesU9cyPAc2vK34g==": { "id": "CMGu0bZesU9cyPAc2vK34g==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "CQPV/OxtJ+DwYc6C4gniNQ==": { "id": "CQPV/OxtJ+DwYc6C4gniNQ==", "updater": "rhel-vex", "name": "CVE-2022-47008", "description": "A memory leak was found in binutils in the make_tempdir and make_tempname functions. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47008 https://bugzilla.redhat.com/show_bug.cgi?id=2233984 https://www.cve.org/CVERecord?id=CVE-2022-47008 https://nvd.nist.gov/vuln/detail/CVE-2022-47008 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47008.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "CQXGvG5qF0LSGK3lgLUXJg==": { "id": "CQXGvG5qF0LSGK3lgLUXJg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CQY3y5mGXL6FhNg/bhr8Rw==": { "id": "CQY3y5mGXL6FhNg/bhr8Rw==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.el9", "arch_op": "pattern match" }, "CSv4lPWUxMcEgRRI/WkPaA==": { "id": "CSv4lPWUxMcEgRRI/WkPaA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "CVNFdSU8eHIr3mZk7+SX/Q==": { "id": "CVNFdSU8eHIr3mZk7+SX/Q==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "CW81Lp11K0nBc+3dYegY/g==": { "id": "CW81Lp11K0nBc+3dYegY/g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "CXlZx/1BY/yqrUCuQlON2w==": { "id": "CXlZx/1BY/yqrUCuQlON2w==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "CYbzKTdqzfhVDluEF23Dxg==": { "id": "CYbzKTdqzfhVDluEF23Dxg==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "CYkHBvLQQf6RYY/2Qkr5gw==": { "id": "CYkHBvLQQf6RYY/2Qkr5gw==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "CaVsGPkqzxcrIauiEFdPpw==": { "id": "CaVsGPkqzxcrIauiEFdPpw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "CacO7saUr+KLTbynVQRYzg==": { "id": "CacO7saUr+KLTbynVQRYzg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Cbqd4MLPHY6FcToWh7U3IA==": { "id": "Cbqd4MLPHY6FcToWh7U3IA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "CebQRpRZjOcKyG6X/Hyb9g==": { "id": "CebQRpRZjOcKyG6X/Hyb9g==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "CoMZiX0VsWNhKSQo1NCYkg==": { "id": "CoMZiX0VsWNhKSQo1NCYkg==", "updater": "rhel-vex", "name": "CVE-2025-1244", "description": "A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect.", "issued": "2025-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1244 https://bugzilla.redhat.com/show_bug.cgi?id=2345150 https://www.cve.org/CVERecord?id=CVE-2025-1244 https://nvd.nist.gov/vuln/detail/CVE-2025-1244 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1244.json https://access.redhat.com/errata/RHSA-2025:1915", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.1", "arch_op": "pattern match" }, "Cr4I2Hcgcf8xO3Bc2/KIfA==": { "id": "Cr4I2Hcgcf8xO3Bc2/KIfA==", "updater": "osv/go", "name": "GO-2023-1840", "description": "Unsafe behavior in setuid/setgid binaries in runtime", "issued": "2023-06-08T20:16:06Z", "links": "https://go.dev/issue/60272 https://go.dev/cl/501223 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.10" }, "CrxvMdhOPgYpnOjfUKfH3Q==": { "id": "CrxvMdhOPgYpnOjfUKfH3Q==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "CuWE9qOLaSI+JhOsCiY03Q==": { "id": "CuWE9qOLaSI+JhOsCiY03Q==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "Cxqp3OmZ1TuIow2bpolrUA==": { "id": "Cxqp3OmZ1TuIow2bpolrUA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "D0qSEDt7Rns05A3ywUZLtw==": { "id": "D0qSEDt7Rns05A3ywUZLtw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "D1jz5P28B8rwvnVaChXHiw==": { "id": "D1jz5P28B8rwvnVaChXHiw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "D2PoAhXlfTjf0jSkt9i3qA==": { "id": "D2PoAhXlfTjf0jSkt9i3qA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "D4iEHIlb8qk7qBBIBLV2WA==": { "id": "D4iEHIlb8qk7qBBIBLV2WA==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "D5TjVz7ghGYgdoVa5+N8bw==": { "id": "D5TjVz7ghGYgdoVa5+N8bw==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "DAwq8wwWp0GN/p0AvtHE9Q==": { "id": "DAwq8wwWp0GN/p0AvtHE9Q==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "DCflC/lDsmgt9IFXJM3PyA==": { "id": "DCflC/lDsmgt9IFXJM3PyA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "DDPdyyhkyoDS2Vq0O3We0w==": { "id": "DDPdyyhkyoDS2Vq0O3We0w==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DDxCHnX+kCqcRQj9b90/cg==": { "id": "DDxCHnX+kCqcRQj9b90/cg==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DE3GDsNl2faTwlhxzYBbYw==": { "id": "DE3GDsNl2faTwlhxzYBbYw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "DFOoWHynQeFD6fZDvPyKMg==": { "id": "DFOoWHynQeFD6fZDvPyKMg==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "DG5z7r6LqnKlVNwHAxeXgA==": { "id": "DG5z7r6LqnKlVNwHAxeXgA==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "DGtUYJS9TDm0sI7Gw7jCuA==": { "id": "DGtUYJS9TDm0sI7Gw7jCuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "DI5ofU0JT+/wsYx2AeXNiA==": { "id": "DI5ofU0JT+/wsYx2AeXNiA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "DI7HeHo8A/itZHGTOHOQIg==": { "id": "DI7HeHo8A/itZHGTOHOQIg==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "DIXgPb+QqAbL75dH7f2Zww==": { "id": "DIXgPb+QqAbL75dH7f2Zww==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "DJqdVbXk9Oqvq0nS8VYv5Q==": { "id": "DJqdVbXk9Oqvq0nS8VYv5Q==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DK1x7B/vzgaKlXynN3g1KA==": { "id": "DK1x7B/vzgaKlXynN3g1KA==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "DKQ/Jfye0O77T1m4bCFM9A==": { "id": "DKQ/Jfye0O77T1m4bCFM9A==", "updater": "rhel-vex", "name": "CVE-2023-52425", "description": "A flaw was found in Expat (libexpat). When parsing a large token that requires multiple buffer fills to complete, Expat has to re-parse the token from start numerous times. This process may trigger excessive resource consumption, leading to a denial of service.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52425 https://bugzilla.redhat.com/show_bug.cgi?id=2262877 https://www.cve.org/CVERecord?id=CVE-2023-52425 https://nvd.nist.gov/vuln/detail/CVE-2023-52425 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52425.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "DNd0sdbW83acQbIl3FDaPw==": { "id": "DNd0sdbW83acQbIl3FDaPw==", "updater": "rhel-vex", "name": "CVE-2023-0054", "description": "An out-of-bounds write flaw was found in Vim, in the do_string_sub function in the eval.c file. The issue occurs because of an invalid memory access due to a missing check of the return value of the vim_regsub function when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file to trigger the out-of-bounds write, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0054 https://bugzilla.redhat.com/show_bug.cgi?id=2161349 https://www.cve.org/CVERecord?id=CVE-2023-0054 https://nvd.nist.gov/vuln/detail/CVE-2023-0054 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0054.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DPcSz1MBKzyaMMMhJWVyEA==": { "id": "DPcSz1MBKzyaMMMhJWVyEA==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "DQIgoLb/8+6+HRbr8B6wHw==": { "id": "DQIgoLb/8+6+HRbr8B6wHw==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "DWl94vpEWRXsnNv1XWboVA==": { "id": "DWl94vpEWRXsnNv1XWboVA==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools-wheel", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "DZWopkvTJiWmVsAADTNOUw==": { "id": "DZWopkvTJiWmVsAADTNOUw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "Daj39cn0p5rpBblQYRpPNw==": { "id": "Daj39cn0p5rpBblQYRpPNw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "DhiTSAV5nEGdAk1xkbjRsw==": { "id": "DhiTSAV5nEGdAk1xkbjRsw==", "updater": "osv/go", "name": "GO-2023-1569", "description": "Excessive resource consumption in mime/multipart", "issued": "2023-02-21T20:44:30Z", "links": "https://go.dev/issue/58006 https://go.dev/cl/468124 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "DjTY6HUnX+COP0+KJxD8lg==": { "id": "DjTY6HUnX+COP0+KJxD8lg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "DjpSix06K6wkPOmaLpbGWg==": { "id": "DjpSix06K6wkPOmaLpbGWg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DlS6uDYchj9S2LQucQuZxw==": { "id": "DlS6uDYchj9S2LQucQuZxw==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "Dlv776lHnCBm01HWpf1zZQ==": { "id": "Dlv776lHnCBm01HWpf1zZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "DlzGGXSItv6fZobEGaNWCA==": { "id": "DlzGGXSItv6fZobEGaNWCA==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "Dp0x43cNy9IQTCa5Vb7Uyw==": { "id": "Dp0x43cNy9IQTCa5Vb7Uyw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "DqGYMV65C5QRFD63WuUcpg==": { "id": "DqGYMV65C5QRFD63WuUcpg==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "DqajPgSmNnfF5+bVSuLXZQ==": { "id": "DqajPgSmNnfF5+bVSuLXZQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "DrIpfcclD2b0iXSNtu+I6Q==": { "id": "DrIpfcclD2b0iXSNtu+I6Q==", "updater": "rhel-vex", "name": "CVE-2023-39325", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39325 https://bugzilla.redhat.com/show_bug.cgi?id=2243296 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-39325 https://nvd.nist.gov/vuln/detail/CVE-2023-39325 https://access.redhat.com/security/cve/CVE-2023-44487 https://go.dev/issue/63417 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39325.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "DrL6S4TbqHyLJh/Go9vALA==": { "id": "DrL6S4TbqHyLJh/Go9vALA==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "DtCtyEFA0WRhx44S/aRChA==": { "id": "DtCtyEFA0WRhx44S/aRChA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "DtWvIa+898xLj3Yf8kKjtA==": { "id": "DtWvIa+898xLj3Yf8kKjtA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DtYmtBkxVMK6KVHn4U+2Yw==": { "id": "DtYmtBkxVMK6KVHn4U+2Yw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "DtkRUkQTzcJrj8ZsC36kqQ==": { "id": "DtkRUkQTzcJrj8ZsC36kqQ==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DyteGYzEcNMaIwU0U8gq/w==": { "id": "DyteGYzEcNMaIwU0U8gq/w==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "DzB2GvXN7uyOKTXPPshLvg==": { "id": "DzB2GvXN7uyOKTXPPshLvg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "E6F4Bsc58fK+0x+N9LY6gA==": { "id": "E6F4Bsc58fK+0x+N9LY6gA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "E7v1LWpr+8KCE/5szHqf2Q==": { "id": "E7v1LWpr+8KCE/5szHqf2Q==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "E90jB6HCh1KjzQXtmHMUUg==": { "id": "E90jB6HCh1KjzQXtmHMUUg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "EB6fg0YbdpF3FjycPEVN/Q==": { "id": "EB6fg0YbdpF3FjycPEVN/Q==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EBopL1hbi9GBQGXZUVNCAA==": { "id": "EBopL1hbi9GBQGXZUVNCAA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ECzeIHiPGDDmiEUQjBzFxg==": { "id": "ECzeIHiPGDDmiEUQjBzFxg==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "EE23Ay78OLUGxmoM3vXPbA==": { "id": "EE23Ay78OLUGxmoM3vXPbA==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "EEMnwT7ARQJ+dbVETnKljw==": { "id": "EEMnwT7ARQJ+dbVETnKljw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.1.el9_6", "arch_op": "pattern match" }, "EEsEsfQRh24NPMdhg4HPHw==": { "id": "EEsEsfQRh24NPMdhg4HPHw==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EFfUhTiwNATI8s7BT2T3xA==": { "id": "EFfUhTiwNATI8s7BT2T3xA==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EGDBCdh3xodxfhx6SFGa1w==": { "id": "EGDBCdh3xodxfhx6SFGa1w==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "EHdSTtZdfwUmOpf3vIeLWQ==": { "id": "EHdSTtZdfwUmOpf3vIeLWQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "ENoYJ+9TEzYG+jTQB5meaw==": { "id": "ENoYJ+9TEzYG+jTQB5meaw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ERpg5QsiyVdbxyySZngvaA==": { "id": "ERpg5QsiyVdbxyySZngvaA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "ETcQXJZrA6IUPRr4MXFUIw==": { "id": "ETcQXJZrA6IUPRr4MXFUIw==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "ETjF+btf4DIblmTTbHaZSA==": { "id": "ETjF+btf4DIblmTTbHaZSA==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "EUzfiOQu+qZDEDuD1AbDtA==": { "id": "EUzfiOQu+qZDEDuD1AbDtA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "EVXEAewBnzdtEIOYHBpZfA==": { "id": "EVXEAewBnzdtEIOYHBpZfA==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "EX/jsJKUxl+Y92LbkHwIVg==": { "id": "EX/jsJKUxl+Y92LbkHwIVg==", "updater": "osv/go", "name": "GO-2023-2186", "description": "Incorrect detection of reserved device names on Windows in path/filepath", "issued": "2023-11-08T22:42:19Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "EXWaDNivW550gBh9Dm6gCQ==": { "id": "EXWaDNivW550gBh9Dm6gCQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "EXi8j2JWeu5xYuWml6Ellg==": { "id": "EXi8j2JWeu5xYuWml6Ellg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "EYkM0DDu8tbFKzGysEiO0Q==": { "id": "EYkM0DDu8tbFKzGysEiO0Q==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "EZo12eG9Obl1kmhRKBmcvA==": { "id": "EZo12eG9Obl1kmhRKBmcvA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EahYBNc6RsapXfHOvUMG/A==": { "id": "EahYBNc6RsapXfHOvUMG/A==", "updater": "osv/go", "name": "GO-2025-4008", "description": "ALPN negotiation error contains attacker controlled information in crypto/tls", "issued": "2025-10-29T21:49:53Z", "links": "https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Ec/FYvTTz4riEqnQe1G+Fw==": { "id": "Ec/FYvTTz4riEqnQe1G+Fw==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "EcsVvJ09ys7NpdNzv0A9zA==": { "id": "EcsVvJ09ys7NpdNzv0A9zA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "Ee2apAGC0PFcPNtPjyeqbg==": { "id": "Ee2apAGC0PFcPNtPjyeqbg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "EfJCfNem+1eUwnsxx2dNOg==": { "id": "EfJCfNem+1eUwnsxx2dNOg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "EhVqWSecC9djAkoW+k/+hQ==": { "id": "EhVqWSecC9djAkoW+k/+hQ==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "EhcxS6FJz0RDq0+uuwuiEA==": { "id": "EhcxS6FJz0RDq0+uuwuiEA==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "EhgsZTFIUAr2YMmtGzoFMQ==": { "id": "EhgsZTFIUAr2YMmtGzoFMQ==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "EjPl60c/5Xt+2Awh7Lu5jw==": { "id": "EjPl60c/5Xt+2Awh7Lu5jw==", "updater": "rhel-vex", "name": "CVE-2025-7546", "description": "A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.", "issued": "2025-07-13T22:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7546 https://bugzilla.redhat.com/show_bug.cgi?id=2379793 https://www.cve.org/CVERecord?id=CVE-2025-7546 https://nvd.nist.gov/vuln/detail/CVE-2025-7546 https://sourceware.org/bugzilla/attachment.cgi?id=16118 https://sourceware.org/bugzilla/show_bug.cgi?id=33050 https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b https://vuldb.com/?ctiid.316244 https://vuldb.com/?id.316244 https://vuldb.com/?submit.614375 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7546.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EpmDyksRTsldGi5rxDcMlA==": { "id": "EpmDyksRTsldGi5rxDcMlA==", "updater": "rhel-vex", "name": "CVE-2022-3598", "description": "An out-of-bounds write flaw was found in the extractContigSamplesShifted24bits function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-06-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3598 https://bugzilla.redhat.com/show_bug.cgi?id=2142738 https://www.cve.org/CVERecord?id=CVE-2022-3598 https://nvd.nist.gov/vuln/detail/CVE-2022-3598 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3598.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Eptc9iAtWcHP72eK8tBCkA==": { "id": "Eptc9iAtWcHP72eK8tBCkA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "Ewdn+P1XzA/h+WRvejvm/Q==": { "id": "Ewdn+P1XzA/h+WRvejvm/Q==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "EzveB8rJWscHHRZtJKOdRA==": { "id": "EzveB8rJWscHHRZtJKOdRA==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "F/boCR7kXAGa4+GAELD7Tg==": { "id": "F/boCR7kXAGa4+GAELD7Tg==", "updater": "rhel-vex", "name": "CVE-2025-11413", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds write in the bfd_putl64 function in the bfd/libbfd.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11413 https://bugzilla.redhat.com/show_bug.cgi?id=2402423 https://www.cve.org/CVERecord?id=CVE-2025-11413 https://nvd.nist.gov/vuln/detail/CVE-2025-11413 https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://vuldb.com/?id.327349 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11413.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "F0PQEZy2PTlCGjp9J75Btw==": { "id": "F0PQEZy2PTlCGjp9J75Btw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "F1KNP85q9V8sONVWKuOzrw==": { "id": "F1KNP85q9V8sONVWKuOzrw==", "updater": "osv/go", "name": "GO-2023-2041", "description": "Improper handling of HTML-like comments in script contexts in html/template", "issued": "2023-09-07T16:11:17Z", "links": "https://go.dev/issue/62196 https://go.dev/cl/526156 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "F2QVfam7Idr3v4Y7g3wf/Q==": { "id": "F2QVfam7Idr3v4Y7g3wf/Q==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "F4g8Bboy9/sMyy+EusFlpA==": { "id": "F4g8Bboy9/sMyy+EusFlpA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "F54ap+bUe0qceQi67ZX30w==": { "id": "F54ap+bUe0qceQi67ZX30w==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "F6i42vx+GvZ/9LpnToKHcw==": { "id": "F6i42vx+GvZ/9LpnToKHcw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FAES1XlWFCETbKQytoq57Q==": { "id": "FAES1XlWFCETbKQytoq57Q==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.27-481.el9", "arch_op": "pattern match" }, "FAgeMhGaGcH9QOhQHw5rhQ==": { "id": "FAgeMhGaGcH9QOhQHw5rhQ==", "updater": "rhel-vex", "name": "CVE-2024-13978", "description": "A flaw was found in libtiff. The `t2p_read_tiff_init` function in the fax2ps component incorrectly handles TIFF files, leading to a null pointer dereference. A local attacker can trigger this condition by providing a specially crafted TIFF file. This can result in an application level denial of service.", "issued": "2025-08-01T21:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13978 https://bugzilla.redhat.com/show_bug.cgi?id=2386059 https://www.cve.org/CVERecord?id=CVE-2024-13978 https://nvd.nist.gov/vuln/detail/CVE-2024-13978 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/2ebfffb0e8836bfb1cd7d85c059cd285c59761a4 https://gitlab.com/libtiff/libtiff/-/issues/649 https://gitlab.com/libtiff/libtiff/-/merge_requests/667 https://vuldb.com/?ctiid.318355 https://vuldb.com/?id.318355 https://vuldb.com/?submit.624562 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13978.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FAoi5hf12Vg9h7NFehHyBg==": { "id": "FAoi5hf12Vg9h7NFehHyBg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Fcntl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.13-481.1.el9_6", "arch_op": "pattern match" }, "FE/mnRiATGHgivPxG+13dw==": { "id": "FE/mnRiATGHgivPxG+13dw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FKu6EFoCfpksmq+M7pL02Q==": { "id": "FKu6EFoCfpksmq+M7pL02Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "FKuvvzZuxFLoDaTeoDMGIQ==": { "id": "FKuvvzZuxFLoDaTeoDMGIQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FM2lHn17qlO5uIZtM+Ehmg==": { "id": "FM2lHn17qlO5uIZtM+Ehmg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.el9", "arch_op": "pattern match" }, "FMzc9QFitxthf16XR1P0QA==": { "id": "FMzc9QFitxthf16XR1P0QA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.4.el9_3", "arch_op": "pattern match" }, "FOhuL+ZLaAMigc1crKc/uA==": { "id": "FOhuL+ZLaAMigc1crKc/uA==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "FPJOQAbsBSaId8RmD/1j8g==": { "id": "FPJOQAbsBSaId8RmD/1j8g==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "FTUrLe1XMNYvUzaxMdsWeQ==": { "id": "FTUrLe1XMNYvUzaxMdsWeQ==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "FUR7T9AnekkZ5hPUz2WP6Q==": { "id": "FUR7T9AnekkZ5hPUz2WP6Q==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "FUeASYCa2REKwmC0CFlz2g==": { "id": "FUeASYCa2REKwmC0CFlz2g==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "FV18DPtJsW6qZZIHDbkGJA==": { "id": "FV18DPtJsW6qZZIHDbkGJA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "FcmkgsiNKCrDAJ6OFK/Y8g==": { "id": "FcmkgsiNKCrDAJ6OFK/Y8g==", "updater": "osv/go", "name": "GO-2023-2102", "description": "HTTP/2 rapid reset can cause excessive work in net/http", "issued": "2023-10-11T16:49:53Z", "links": "https://go.dev/issue/63417 https://go.dev/cl/534215 https://go.dev/cl/534235 https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.10" }, "FdtzK6tyT53moDNlzBGPBQ==": { "id": "FdtzK6tyT53moDNlzBGPBQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "FecDYUjbiWlU3PuXl5vs5w==": { "id": "FecDYUjbiWlU3PuXl5vs5w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Fg8qijPO2mYzPczZJG7NiQ==": { "id": "Fg8qijPO2mYzPczZJG7NiQ==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "FgTFx5g45j7WzA+bfAHPzQ==": { "id": "FgTFx5g45j7WzA+bfAHPzQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "Fi7GXCkkqJvYQw6Co8Nk7A==": { "id": "Fi7GXCkkqJvYQw6Co8Nk7A==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "FjB9AnugxBHu7Kwf86C67w==": { "id": "FjB9AnugxBHu7Kwf86C67w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.1.el9_6", "arch_op": "pattern match" }, "FjluGqmW83eEOEvyKIkrSA==": { "id": "FjluGqmW83eEOEvyKIkrSA==", "updater": "osv/go", "name": "GO-2025-4012", "description": "Lack of limit when parsing cookies can cause memory exhaustion in net/http", "issued": "2025-10-29T21:50:05Z", "links": "https://go.dev/issue/75672 https://go.dev/cl/709855 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "FkUafBj1ekysZyPIbZi5fg==": { "id": "FkUafBj1ekysZyPIbZi5fg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.el9", "arch_op": "pattern match" }, "FkxoK2aSVfPglVllnxzplw==": { "id": "FkxoK2aSVfPglVllnxzplw==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "FlgtpglQEkjGT66EnFUHMg==": { "id": "FlgtpglQEkjGT66EnFUHMg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "FnsKxnhjNS+E4Y6hrazjUQ==": { "id": "FnsKxnhjNS+E4Y6hrazjUQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "FpA1FaTnKUwdPkl0KHAbaw==": { "id": "FpA1FaTnKUwdPkl0KHAbaw==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FrIXKuepXZdWVsQ8gu1YHA==": { "id": "FrIXKuepXZdWVsQ8gu1YHA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "FsYbwBEvKH6FW81JU3KSvw==": { "id": "FsYbwBEvKH6FW81JU3KSvw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Ft+9wGiX7gFQHYNS5do1oA==": { "id": "Ft+9wGiX7gFQHYNS5do1oA==", "updater": "rhel-vex", "name": "CVE-2024-12088", "description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12088 https://bugzilla.redhat.com/show_bug.cgi?id=2330676 https://www.cve.org/CVERecord?id=CVE-2024-12088 https://nvd.nist.gov/vuln/detail/CVE-2024-12088 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12088.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "FtF7hWwlQYu4clVsrpBd0Q==": { "id": "FtF7hWwlQYu4clVsrpBd0Q==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "FwvyPIBVlE1fAIgwJ1H6Sw==": { "id": "FwvyPIBVlE1fAIgwJ1H6Sw==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "FyNQxVBbour86huhtgTOzA==": { "id": "FyNQxVBbour86huhtgTOzA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "Fys7cTDgnkqkKy/A1tAWPQ==": { "id": "Fys7cTDgnkqkKy/A1tAWPQ==", "updater": "rhel-vex", "name": "CVE-2023-29403", "description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state or assuming the status of standard I/O file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29403 https://bugzilla.redhat.com/show_bug.cgi?id=2216965 https://www.cve.org/CVERecord?id=CVE-2023-29403 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 https://go.dev/cl/501223 https://go.dev/issue/60272 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1840 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29403.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "G/EKAYKB/V29JLdsy1wFCA==": { "id": "G/EKAYKB/V29JLdsy1wFCA==", "updater": "rhel-vex", "name": "CVE-2023-31486", "description": "A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=\u003e1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MITM) attacks, where an attacker might intercept and manipulate data transmitted between the client and server.", "issued": "2023-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31486 https://bugzilla.redhat.com/show_bug.cgi?id=2228392 https://www.cve.org/CVERecord?id=CVE-2023-31486 https://nvd.nist.gov/vuln/detail/CVE-2023-31486 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31486.json https://access.redhat.com/errata/RHSA-2023:6542", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-HTTP-Tiny", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.076-461.el9", "arch_op": "pattern match" }, "G/dmoDOpwh0GrsMovfySVw==": { "id": "G/dmoDOpwh0GrsMovfySVw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "G1biuc7MPjr1XA/l1R5EPQ==": { "id": "G1biuc7MPjr1XA/l1R5EPQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G1ju8KSMzz6zOg31bF5lRw==": { "id": "G1ju8KSMzz6zOg31bF5lRw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "G33a+jVnMZNg6liymp9Lyg==": { "id": "G33a+jVnMZNg6liymp9Lyg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.2-1.el9_7", "arch_op": "pattern match" }, "G77a8vVkDX/8Yt/v29MOhA==": { "id": "G77a8vVkDX/8Yt/v29MOhA==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "GAn7gWUe2pFr7PbwechqxA==": { "id": "GAn7gWUe2pFr7PbwechqxA==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GDAkupnsjiTl71rwzH5RJg==": { "id": "GDAkupnsjiTl71rwzH5RJg==", "updater": "rhel-vex", "name": "CVE-2024-21538", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.", "issued": "2024-11-08T05:00:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21538 https://bugzilla.redhat.com/show_bug.cgi?id=2324550 https://www.cve.org/CVERecord?id=CVE-2024-21538 https://nvd.nist.gov/vuln/detail/CVE-2024-21538 https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f https://github.com/moxystudio/node-cross-spawn/pull/160 https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21538.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GEDO3j20WMwIj0JMNMq5Iw==": { "id": "GEDO3j20WMwIj0JMNMq5Iw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "GJ6//hGiIsio2zBFuudd/Q==": { "id": "GJ6//hGiIsio2zBFuudd/Q==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GJy8g/4zoy4CPDvWLZr9kQ==": { "id": "GJy8g/4zoy4CPDvWLZr9kQ==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "GKtgrnguQJIeMtP51nnNZQ==": { "id": "GKtgrnguQJIeMtP51nnNZQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "GR80zW702W+xho6dTSNlyw==": { "id": "GR80zW702W+xho6dTSNlyw==", "updater": "rhel-vex", "name": "CVE-2024-24806", "description": "A server-side request forgery (SSRF) flaw was found in the libuv package due to how the `hostname_ascii` variable is handled in `uv_getaddrinfo` and `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access internal APIs or for websites that allow users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks.", "issued": "2024-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24806 https://bugzilla.redhat.com/show_bug.cgi?id=2263292 https://www.cve.org/CVERecord?id=CVE-2024-24806 https://nvd.nist.gov/vuln/detail/CVE-2024-24806 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://www.chainguard.dev/unchained/unpacking-libuvs-cve-2024-24806-software-dark-matter-will-go-under-the-radar-not-in-chainguard-images-tho https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24806.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GVOb0whjVXBMMGVZhZjH0g==": { "id": "GVOb0whjVXBMMGVZhZjH0g==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GVXQ1XPPQkuhZ4SIFGoF+w==": { "id": "GVXQ1XPPQkuhZ4SIFGoF+w==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "GW37uYQxwwgJBIDtA/dT2g==": { "id": "GW37uYQxwwgJBIDtA/dT2g==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXMpRf2go/wGEbwpp9BPPQ==": { "id": "GXMpRf2go/wGEbwpp9BPPQ==", "updater": "rhel-vex", "name": "CVE-2023-1175", "description": "A flaw was found in Vim. There is an incorrect calculation of buffer size issue found in Vim's yank_copy_line() function of the register.c file. This flaw allows illegal memory access when using virtual editing as \"startspaces\" goes negative. An attacker can trick a user into opening a specially crafted file, triggering an issue that causes an application to crash leading to a denial of service, corrupting memory, and possibly executing code.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1175 https://bugzilla.redhat.com/show_bug.cgi?id=2176457 https://www.cve.org/CVERecord?id=CVE-2023-1175 https://nvd.nist.gov/vuln/detail/CVE-2023-1175 https://huntr.dev/bounties/7e93fc17-92eb-4ae7-b01a-93bb460b643e https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GXObP88ZOLkWQuVeVgHh/g==": { "id": "GXObP88ZOLkWQuVeVgHh/g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "GXVxiDj3UnyxgXg2cz7u0Q==": { "id": "GXVxiDj3UnyxgXg2cz7u0Q==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "Ga3lVfExNl500JGwW345sQ==": { "id": "Ga3lVfExNl500JGwW345sQ==", "updater": "osv/go", "name": "GO-2025-3956", "description": "Unexpected paths returned from LookPath in os/exec", "issued": "2025-09-18T18:21:44Z", "links": "https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "GaZVgTbcdJiJMvdUeofqTA==": { "id": "GaZVgTbcdJiJMvdUeofqTA==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "GbZa+XIQtfFHtHWs5gm0wg==": { "id": "GbZa+XIQtfFHtHWs5gm0wg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "GeI10LHPuNgyyt295MOmIQ==": { "id": "GeI10LHPuNgyyt295MOmIQ==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "Geg0mw2hzdsfDbJ9adcmWg==": { "id": "Geg0mw2hzdsfDbJ9adcmWg==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GfPY5zBbHJQI4ZGaDcJj2A==": { "id": "GfPY5zBbHJQI4ZGaDcJj2A==", "updater": "rhel-vex", "name": "CVE-2022-3278", "description": "A NULL pointer dereference vulnerability was found in Vim's eval_next_non_blank() function of the src/eval.c file. The flaw occurs when using NUL in buffer uses :source. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes a denial of service.", "issued": "2022-09-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3278 https://bugzilla.redhat.com/show_bug.cgi?id=2129831 https://www.cve.org/CVERecord?id=CVE-2022-3278 https://nvd.nist.gov/vuln/detail/CVE-2022-3278 https://huntr.dev/bounties/a9fad77e-f245-4ce9-ba15-c7d4c86c4612 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GjK0gO1QmNQJ/ZsCakqCdA==": { "id": "GjK0gO1QmNQJ/ZsCakqCdA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "Gn9qNy1ITVhOKz+nUviaSg==": { "id": "Gn9qNy1ITVhOKz+nUviaSg==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "GnBCRP9H+R6do428z3nOkQ==": { "id": "GnBCRP9H+R6do428z3nOkQ==", "updater": "rhel-vex", "name": "CVE-2021-4173", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4173 https://bugzilla.redhat.com/show_bug.cgi?id=2035930 https://www.cve.org/CVERecord?id=CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4173.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GoHez0BYftW2Wj3h0K6Zxw==": { "id": "GoHez0BYftW2Wj3h0K6Zxw==", "updater": "rhel-vex", "name": "CVE-2025-32990", "description": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.", "issued": "2025-07-09T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32990 https://bugzilla.redhat.com/show_bug.cgi?id=2359620 https://www.cve.org/CVERecord?id=CVE-2025-32990 https://nvd.nist.gov/vuln/detail/CVE-2025-32990 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32990.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "GoHsuuxRgbGb3lm852rQmg==": { "id": "GoHsuuxRgbGb3lm852rQmg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "GolUr/klMsQNQ9QFMdcAmw==": { "id": "GolUr/klMsQNQ9QFMdcAmw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "GpJjElMhBMa2ZIh0g/0hAQ==": { "id": "GpJjElMhBMa2ZIh0g/0hAQ==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "GtECMHzRoeZKh1TLvpCt+A==": { "id": "GtECMHzRoeZKh1TLvpCt+A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-IPC-Open3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21-481.el9", "arch_op": "pattern match" }, "GuM8+Ku1VtBzfPk3/FCgzw==": { "id": "GuM8+Ku1VtBzfPk3/FCgzw==", "updater": "rhel-vex", "name": "CVE-2022-1056", "description": "Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1056 https://bugzilla.redhat.com/show_bug.cgi?id=2233599 https://www.cve.org/CVERecord?id=CVE-2022-1056 https://nvd.nist.gov/vuln/detail/CVE-2022-1056 https://security.gentoo.org/glsa/202210-10 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GwJvkFMzYrKrZEvvNMbc6A==": { "id": "GwJvkFMzYrKrZEvvNMbc6A==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "GwdBWjTMLLj14UbkCrmh/A==": { "id": "GwdBWjTMLLj14UbkCrmh/A==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "Gzt3Aov08YmfW0b/CN7tHw==": { "id": "Gzt3Aov08YmfW0b/CN7tHw==", "updater": "rhel-vex", "name": "CVE-2022-41862", "description": "A flaw was found In PostgreSQL. A modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions, a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.", "issued": "2023-02-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41862 https://bugzilla.redhat.com/show_bug.cgi?id=2165722 https://www.cve.org/CVERecord?id=CVE-2022-41862 https://nvd.nist.gov/vuln/detail/CVE-2022-41862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41862.json https://access.redhat.com/errata/RHSA-2023:6429", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.11-1.el9", "arch_op": "pattern match" }, "H+x0VPepDcitQiESaSwIwQ==": { "id": "H+x0VPepDcitQiESaSwIwQ==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "H003kvHQyN0gsWRXOrXzxA==": { "id": "H003kvHQyN0gsWRXOrXzxA==", "updater": "rhel-vex", "name": "CVE-2023-2603", "description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2603 https://bugzilla.redhat.com/show_bug.cgi?id=2209113 https://www.cve.org/CVERecord?id=CVE-2023-2603 https://nvd.nist.gov/vuln/detail/CVE-2023-2603 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2603.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "H04yzALMJAjmclexKFeS2w==": { "id": "H04yzALMJAjmclexKFeS2w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "H4boG/V+MB7stA7jG8O6Tw==": { "id": "H4boG/V+MB7stA7jG8O6Tw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "H4hIo8QsJ8tJeirBCqwHFQ==": { "id": "H4hIo8QsJ8tJeirBCqwHFQ==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "H5HU/YMXz+3wwSlUv2hOEg==": { "id": "H5HU/YMXz+3wwSlUv2hOEg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "H5vm/YCKZciOb4TXZmGZlg==": { "id": "H5vm/YCKZciOb4TXZmGZlg==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "H7H9wMobv6DOqzUUAdOqGA==": { "id": "H7H9wMobv6DOqzUUAdOqGA==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "H8XwHNDIkW12mW+y74dsdQ==": { "id": "H8XwHNDIkW12mW+y74dsdQ==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "HBDLPf0FBMppxrTwW+gqlA==": { "id": "HBDLPf0FBMppxrTwW+gqlA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "HFchxDnUHv0YgEfYisGA6A==": { "id": "HFchxDnUHv0YgEfYisGA6A==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HHBOKYlzeD2Busv7btyBAA==": { "id": "HHBOKYlzeD2Busv7btyBAA==", "updater": "rhel-vex", "name": "CVE-2023-48232", "description": "A flaw was found in Vim, an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines when smooth scrolling is enabled and the cpo-settings include the 'n' flag. This issue may occur when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the 'cpo' setting includes the 'n' flag. Only users with non-default settings are affected and the exception should only result in a crash.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48232 https://bugzilla.redhat.com/show_bug.cgi?id=2250269 https://www.cve.org/CVERecord?id=CVE-2023-48232 https://nvd.nist.gov/vuln/detail/CVE-2023-48232 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/cb0b99f0672d8446585d26e998343dceca17d1ce https://github.com/vim/vim/security/advisories/GHSA-f6cx-x634-hqpw https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48232.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HHpOVRDbzmY2UhydU+uwcg==": { "id": "HHpOVRDbzmY2UhydU+uwcg==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "HMF5qYGPMt4Fb5i6RtdwRA==": { "id": "HMF5qYGPMt4Fb5i6RtdwRA==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "HMytRAMTGJlQRfqVbIzzVg==": { "id": "HMytRAMTGJlQRfqVbIzzVg==", "updater": "osv/go", "name": "GO-2022-0525", "description": "Improper sanitization of Transfer-Encoding headers in net/http", "issued": "2022-07-25T17:34:18Z", "links": "https://go.dev/cl/409874 https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f https://go.dev/issue/53188 https://go.dev/cl/410714 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "HNWibMRA8AF0jyyBYQthdA==": { "id": "HNWibMRA8AF0jyyBYQthdA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "HOYwG5Rw5KtCLqSTp9IaXQ==": { "id": "HOYwG5Rw5KtCLqSTp9IaXQ==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "HS96brYtpBiaYpW7OxT5Wg==": { "id": "HS96brYtpBiaYpW7OxT5Wg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "HT2SNCYX7dkF36jwcJ6tBg==": { "id": "HT2SNCYX7dkF36jwcJ6tBg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "HT4k6+0VwtXXrNi4IFV2ug==": { "id": "HT4k6+0VwtXXrNi4IFV2ug==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-rpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "HW1HxtJFrKBktMKHARGGeQ==": { "id": "HW1HxtJFrKBktMKHARGGeQ==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "HeemEcWe2JVMYkjGWbuiFA==": { "id": "HeemEcWe2JVMYkjGWbuiFA==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "HfjDJmml2JYJ9YjdaPe+zQ==": { "id": "HfjDJmml2JYJ9YjdaPe+zQ==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "HiF486OoQCfE4Hwc8DTxrQ==": { "id": "HiF486OoQCfE4Hwc8DTxrQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "HjJnWaqrr4SaFPjzu8hVkg==": { "id": "HjJnWaqrr4SaFPjzu8hVkg==", "updater": "rhel-vex", "name": "CVE-2022-46663", "description": "A vulnerability was found in less. This flaw allows crafted data to result in \"less -R\" not filtering ANSI escape sequences sent to the terminal.", "issued": "2023-02-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-46663 https://bugzilla.redhat.com/show_bug.cgi?id=2169621 https://www.cve.org/CVERecord?id=CVE-2022-46663 https://nvd.nist.gov/vuln/detail/CVE-2022-46663 https://www.openwall.com/lists/oss-security/2023/02/07/7 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-46663.json https://access.redhat.com/errata/RHSA-2023:3725", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-2.el9_2", "arch_op": "pattern match" }, "Hk/EnuFgs+4rtDh2D0OPZg==": { "id": "Hk/EnuFgs+4rtDh2D0OPZg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "HlOu0EmTxHkjzmJeJEuJmw==": { "id": "HlOu0EmTxHkjzmJeJEuJmw==", "updater": "rhel-vex", "name": "CVE-2023-4735", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4735 https://bugzilla.redhat.com/show_bug.cgi?id=2237165 https://www.cve.org/CVERecord?id=CVE-2023-4735 https://nvd.nist.gov/vuln/detail/CVE-2023-4735 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4735.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HlmfsCkhcIqBoptvS1F7pQ==": { "id": "HlmfsCkhcIqBoptvS1F7pQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "HmZXdUV/ycFcRK+m71pC+w==": { "id": "HmZXdUV/ycFcRK+m71pC+w==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "HnNhAdInEg3yPEHYo7Hl+Q==": { "id": "HnNhAdInEg3yPEHYo7Hl+Q==", "updater": "rhel-vex", "name": "CVE-2024-0567", "description": "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0567 https://bugzilla.redhat.com/show_bug.cgi?id=2258544 https://www.cve.org/CVERecord?id=CVE-2024-0567 https://nvd.nist.gov/vuln/detail/CVE-2024-0567 https://gitlab.com/gnutls/gnutls/-/issues/1521 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0567.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "HqbYURF/7TaXoQPMqtdsIA==": { "id": "HqbYURF/7TaXoQPMqtdsIA==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "HrQTGWot7zXPyYbisnzShg==": { "id": "HrQTGWot7zXPyYbisnzShg==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "Ht/FCT7E55SLIJNr/AHy9A==": { "id": "Ht/FCT7E55SLIJNr/AHy9A==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "HuVZNoL6F1XG6bLXPdhmWQ==": { "id": "HuVZNoL6F1XG6bLXPdhmWQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "HxI42iSjURjRki+uV6q/9w==": { "id": "HxI42iSjURjRki+uV6q/9w==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HxiMqPnG14UzA9oHqqI6Ng==": { "id": "HxiMqPnG14UzA9oHqqI6Ng==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "I1n6/nf1BmKoqYe/GXCV3A==": { "id": "I1n6/nf1BmKoqYe/GXCV3A==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "I2w7mAdeccRvDV/HeaBOoA==": { "id": "I2w7mAdeccRvDV/HeaBOoA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "I3+uP7bb+nPtzRYHH2UUgw==": { "id": "I3+uP7bb+nPtzRYHH2UUgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I362Vwh1x92yigOP2ZDpKA==": { "id": "I362Vwh1x92yigOP2ZDpKA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "I3Zso12Z+9mUcVEvUKWJ8w==": { "id": "I3Zso12Z+9mUcVEvUKWJ8w==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "cpp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "I3vwwgMxzxWo15otCOgvAw==": { "id": "I3vwwgMxzxWo15otCOgvAw==", "updater": "rhel-vex", "name": "CVE-2021-3928", "description": "A flaw was found in vim. A possible stack-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3928 https://bugzilla.redhat.com/show_bug.cgi?id=2021292 https://www.cve.org/CVERecord?id=CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3928.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "I44fXMfux3yPYaBHaNxgsg==": { "id": "I44fXMfux3yPYaBHaNxgsg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "I5CKvoKqBhFd1vY7fxFKtQ==": { "id": "I5CKvoKqBhFd1vY7fxFKtQ==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "I9Xc2JiRiPWfOFS5AHY1Ww==": { "id": "I9Xc2JiRiPWfOFS5AHY1Ww==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "IDAwc/hZzIcM4IBkaUT9YA==": { "id": "IDAwc/hZzIcM4IBkaUT9YA==", "updater": "osv/go", "name": "GO-2025-3563", "description": "Request smuggling due to acceptance of invalid chunked data in net/http", "issued": "2025-04-08T19:46:23Z", "links": "https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.8" }, "IDDFCE+x3YM7koS2SvW5fA==": { "id": "IDDFCE+x3YM7koS2SvW5fA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "IENtFrOwfEqYX/lp+0u2Gw==": { "id": "IENtFrOwfEqYX/lp+0u2Gw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "IERk9xwccKWSGr20Hb5U6g==": { "id": "IERk9xwccKWSGr20Hb5U6g==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "IGsR1pj6qXRBH+0hYVXsew==": { "id": "IGsR1pj6qXRBH+0hYVXsew==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IH0yoiWyuDmG+HH8h9dKLw==": { "id": "IH0yoiWyuDmG+HH8h9dKLw==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IIfJmT1yzMqBOVKMy3nlyQ==": { "id": "IIfJmT1yzMqBOVKMy3nlyQ==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "IL9yoqEJiA7P9oRxQrj7SQ==": { "id": "IL9yoqEJiA7P9oRxQrj7SQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "IRgMJoQA4x1xizY2hEw96w==": { "id": "IRgMJoQA4x1xizY2hEw96w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ISgjA2mi+Q9vbdNEhDKXOA==": { "id": "ISgjA2mi+Q9vbdNEhDKXOA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ITIiuf1dzb05+JHj8h65fg==": { "id": "ITIiuf1dzb05+JHj8h65fg==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "IUI8ka2AYA1twZAQi4gL5Q==": { "id": "IUI8ka2AYA1twZAQi4gL5Q==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "IV554NtP1F9KO4IyBit26g==": { "id": "IV554NtP1F9KO4IyBit26g==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IWplUWF011EXddGnkU5Png==": { "id": "IWplUWF011EXddGnkU5Png==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.1.el9_6", "arch_op": "pattern match" }, "IaNq7BGSUI5KW7kcB5RXdQ==": { "id": "IaNq7BGSUI5KW7kcB5RXdQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "IbhdAqkTe4EMzAhoNvBoZw==": { "id": "IbhdAqkTe4EMzAhoNvBoZw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "IeTK1HBLKpS1+gfVSPrpvg==": { "id": "IeTK1HBLKpS1+gfVSPrpvg==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfJyKZ52fwKruf/mbOKmYg==": { "id": "IfJyKZ52fwKruf/mbOKmYg==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IfZDrkeHpfXHfjHzETuKbw==": { "id": "IfZDrkeHpfXHfjHzETuKbw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ih4ScPgmvAttJN/czzciaQ==": { "id": "Ih4ScPgmvAttJN/czzciaQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ihq7mkhGM9sf/8QM05o7gw==": { "id": "Ihq7mkhGM9sf/8QM05o7gw==", "updater": "rhel-vex", "name": "CVE-2023-6277", "description": "An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB.", "issued": "2023-11-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6277 https://bugzilla.redhat.com/show_bug.cgi?id=2251311 https://www.cve.org/CVERecord?id=CVE-2023-6277 https://nvd.nist.gov/vuln/detail/CVE-2023-6277 https://gitlab.com/libtiff/libtiff/-/issues/614 https://gitlab.com/libtiff/libtiff/-/merge_requests/545 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6277.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IkLJJWoz7DjiEwkwHd9+Bw==": { "id": "IkLJJWoz7DjiEwkwHd9+Bw==", "updater": "osv/go", "name": "GO-2024-2610", "description": "Errors returned from JSON marshaling may break template escaping in html/template", "issued": "2024-03-05T22:15:40Z", "links": "https://go.dev/issue/65697 https://go.dev/cl/564196 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "IoeuDKI/vu/XCDGoDKzX3g==": { "id": "IoeuDKI/vu/XCDGoDKzX3g==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "IqAfwTRGJO3I/HkfDNLMoQ==": { "id": "IqAfwTRGJO3I/HkfDNLMoQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "Ira5htRPGofy9veGMRD7Vg==": { "id": "Ira5htRPGofy9veGMRD7Vg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "IsqBfnAxrh9UbW8oQaSR7w==": { "id": "IsqBfnAxrh9UbW8oQaSR7w==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "ItuvzyMGym4CNyVuxWwH3w==": { "id": "ItuvzyMGym4CNyVuxWwH3w==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "IvL651FnAzrxSYOiOuXMlw==": { "id": "IvL651FnAzrxSYOiOuXMlw==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "IxsDQKwy6X02Ak7TSjZKpA==": { "id": "IxsDQKwy6X02Ak7TSjZKpA==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "IzDqrZ8Ru35rI4iCSSk/pw==": { "id": "IzDqrZ8Ru35rI4iCSSk/pw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "J+a2wc6cR5fLyNj39ghgVg==": { "id": "J+a2wc6cR5fLyNj39ghgVg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "J/vqYu1qTz7dsS8oVaCTTw==": { "id": "J/vqYu1qTz7dsS8oVaCTTw==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "J1MkSCEBivWCQoYUEvHXOw==": { "id": "J1MkSCEBivWCQoYUEvHXOw==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "J1SK5zSFZI94azX3jybBbw==": { "id": "J1SK5zSFZI94azX3jybBbw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "J1cvee8xy6oZDEdA21dqEg==": { "id": "J1cvee8xy6oZDEdA21dqEg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "J3RGaCFhZHnCvtta/VAJIw==": { "id": "J3RGaCFhZHnCvtta/VAJIw==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "J4ecrOEw69avIhhOznG+2w==": { "id": "J4ecrOEw69avIhhOznG+2w==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "J5i8I5ZRQGDUXQI4WkC0FQ==": { "id": "J5i8I5ZRQGDUXQI4WkC0FQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "J6GavUf0zh8+C0zHHTDYfw==": { "id": "J6GavUf0zh8+C0zHHTDYfw==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "J9wD9ZF9kAJd1nu03TllBQ==": { "id": "J9wD9ZF9kAJd1nu03TllBQ==", "updater": "osv/go", "name": "GO-2024-2600", "description": "Incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http", "issued": "2024-03-05T22:15:02Z", "links": "https://go.dev/issue/65065 https://go.dev/cl/569340 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "JBIWl7TA4AzjcNVfFPjHaw==": { "id": "JBIWl7TA4AzjcNVfFPjHaw==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "JD0llI0bGUOG/VBz+9LeVQ==": { "id": "JD0llI0bGUOG/VBz+9LeVQ==", "updater": "rhel-vex", "name": "CVE-2023-48235", "description": "A flaw as found in Vim, an open source command line text editor. When parsing relative ex addresses, one may unintentionally cause an overflow. Ironically, this happens in the existing overflow check because the line number becomes negative and LONG_MAX - lnum will cause the overflow. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48235 https://bugzilla.redhat.com/show_bug.cgi?id=2250272 https://www.cve.org/CVERecord?id=CVE-2023-48235 https://nvd.nist.gov/vuln/detail/CVE-2023-48235 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/060623e4a3bc72b011e7cd92bedb3bfb64e06200 https://github.com/vim/vim/security/advisories/GHSA-6g74-hr6q-pr8g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48235.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JLZyRakMGnyMKNtD6nnqpQ==": { "id": "JLZyRakMGnyMKNtD6nnqpQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "JLdsQ9mzV76+v5Ttq5j2hA==": { "id": "JLdsQ9mzV76+v5Ttq5j2hA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "JMtxzN1jgVs2Gwo2QsOKnQ==": { "id": "JMtxzN1jgVs2Gwo2QsOKnQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "JMuZ2WXBBx9rW6/jTPLu0A==": { "id": "JMuZ2WXBBx9rW6/jTPLu0A==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "JQe3P/odATa/OKbzn309dw==": { "id": "JQe3P/odATa/OKbzn309dw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:9371", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9", "arch_op": "pattern match" }, "JS6LnmY1PZfE5YxJsCWPPQ==": { "id": "JS6LnmY1PZfE5YxJsCWPPQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "JS9NNql9cJTDkzzfXyJzDQ==": { "id": "JS9NNql9cJTDkzzfXyJzDQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JSxIEGIOCwboUDoJZgS9fA==": { "id": "JSxIEGIOCwboUDoJZgS9fA==", "updater": "rhel-vex", "name": "CVE-2023-37920", "description": "A flaw was found in the python-certifi package. This issue occurs when the e-Tugra root certificate in Certifi is removed, resulting in an unspecified error that has an unknown impact and attack vector.", "issued": "2023-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-37920 https://bugzilla.redhat.com/show_bug.cgi?id=2226586 https://www.cve.org/CVERecord?id=CVE-2023-37920 https://nvd.nist.gov/vuln/detail/CVE-2023-37920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-37920.json https://access.redhat.com/errata/RHBA-2024:5691", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "ca-certificates", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch|src", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2024.2.69_v8.0.303-91.4.el9_4", "arch_op": "pattern match" }, "JTwzSHX5xKxgTtyprecVew==": { "id": "JTwzSHX5xKxgTtyprecVew==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "JVp8gcuEEeRLeKprUvrBUg==": { "id": "JVp8gcuEEeRLeKprUvrBUg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "JVuTqfPwohmj6ucokgM2sQ==": { "id": "JVuTqfPwohmj6ucokgM2sQ==", "updater": "rhel-vex", "name": "CVE-2021-27290", "description": "A flaw was found in ssri package. A malicious string provided by an attacker may lead to Regular Expression Denial of Service (ReDoS). This issue only affects consumers\r\nusing the strict option. The highest threat from this vulnerability is to availability.", "issued": "2021-03-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-27290 https://bugzilla.redhat.com/show_bug.cgi?id=1941471 https://www.cve.org/CVERecord?id=CVE-2021-27290 https://nvd.nist.gov/vuln/detail/CVE-2021-27290 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-27290.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JWrwO52d5SNbcmJ2KpFaJQ==": { "id": "JWrwO52d5SNbcmJ2KpFaJQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "JXQAkdur2asBQ4qeq789Ew==": { "id": "JXQAkdur2asBQ4qeq789Ew==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "JZIEpU7UdEXuAMj6emkt5A==": { "id": "JZIEpU7UdEXuAMj6emkt5A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "JZVeRC2oy93Tv6vLZpVqJQ==": { "id": "JZVeRC2oy93Tv6vLZpVqJQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "JZouihQMnG3T6XSUXqYbkA==": { "id": "JZouihQMnG3T6XSUXqYbkA==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "JegoLVJD+r1CNqau++1Vlw==": { "id": "JegoLVJD+r1CNqau++1Vlw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Jek37tQeVdKEwtu+6a9/CA==": { "id": "Jek37tQeVdKEwtu+6a9/CA==", "updater": "rhel-vex", "name": "CVE-2024-53920", "description": "A flaw was found in Emacs. Viewing or editing an untrusted Emacs Lisp source code file can cause arbitrary code execution due to unsafe macro expansion when a user has configured elisp-completion-at-point for code completion or has enabled automatic error checking, such as Flymake or Flycheck.", "issued": "2024-11-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-53920 https://bugzilla.redhat.com/show_bug.cgi?id=2329161 https://www.cve.org/CVERecord?id=CVE-2024-53920 https://nvd.nist.gov/vuln/detail/CVE-2024-53920 https://eshelyaron.com/posts/2024-11-27-emacs-aritrary-code-execution-and-how-to-avoid-it.html https://yhetil.org/emacs/CAFXAjY5f4YfHAtZur1RAqH34UbYU56_t6t2Er0YEh1Sb7-W=hg%40mail.gmail.com/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-53920.json https://access.redhat.com/errata/RHSA-2025:4787", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-11.el9_5.2", "arch_op": "pattern match" }, "JeqcZQqZ6re77qRb9vpAHQ==": { "id": "JeqcZQqZ6re77qRb9vpAHQ==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "JfmoxvDj+qKmecssvuGVyA==": { "id": "JfmoxvDj+qKmecssvuGVyA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Ji6OY1u39nJByKzCNwfpIw==": { "id": "Ji6OY1u39nJByKzCNwfpIw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JiPLnE3IM4/yPxZ8earXLg==": { "id": "JiPLnE3IM4/yPxZ8earXLg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "JmAt+4wqaQRWn+7jyy1oCQ==": { "id": "JmAt+4wqaQRWn+7jyy1oCQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "JmKf//IQj2eMVJFTB1Feyw==": { "id": "JmKf//IQj2eMVJFTB1Feyw==", "updater": "rhel-vex", "name": "CVE-2023-48234", "description": "A flaw was found in Vim, an open source command line text editor. When getting the count for a normal mode z command, it may overflow if large counts are given. The impact is low because user interaction is required and a crash may not happen in all situations.", "issued": "2023-11-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48234 https://bugzilla.redhat.com/show_bug.cgi?id=2250271 https://www.cve.org/CVERecord?id=CVE-2023-48234 https://nvd.nist.gov/vuln/detail/CVE-2023-48234 http://www.openwall.com/lists/oss-security/2023/11/16/1 https://github.com/vim/vim/commit/58f9befca1fa172068effad7f2ea5a9d6a7b0cca https://github.com/vim/vim/security/advisories/GHSA-59gw-c949-6phq https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48234.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jo0GiPh7MZcVuLsVDbp7qg==": { "id": "Jo0GiPh7MZcVuLsVDbp7qg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "Jq9s0m8iiaLnslijc1N/kw==": { "id": "Jq9s0m8iiaLnslijc1N/kw==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "JrT9jqBaZlLgPCS0RLnpPQ==": { "id": "JrT9jqBaZlLgPCS0RLnpPQ==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "JsF5ac8+OAOWxsV80iUiIw==": { "id": "JsF5ac8+OAOWxsV80iUiIw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-AutoLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.74-481.1.el9_6", "arch_op": "pattern match" }, "JtCpNcg8egZjbdozD9CAJQ==": { "id": "JtCpNcg8egZjbdozD9CAJQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "JtGggrfMckWn0xvfWBMJJQ==": { "id": "JtGggrfMckWn0xvfWBMJJQ==", "updater": "rhel-vex", "name": "CVE-2022-2210", "description": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2210 https://bugzilla.redhat.com/show_bug.cgi?id=2102177 https://www.cve.org/CVERecord?id=CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2210.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JvC/rVWSiuNeMXzeTDRZHQ==": { "id": "JvC/rVWSiuNeMXzeTDRZHQ==", "updater": "rhel-vex", "name": "CVE-2025-29087", "description": "A flaw was found in SQLite. This vulnerability allows an attacker to cause an integer overflow via the concat_ws function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29087 https://bugzilla.redhat.com/show_bug.cgi?id=2358028 https://www.cve.org/CVERecord?id=CVE-2025-29087 https://nvd.nist.gov/vuln/detail/CVE-2025-29087 https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29087.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JwRn6LaXs4DLH+aotGHcIQ==": { "id": "JwRn6LaXs4DLH+aotGHcIQ==", "updater": "osv/go", "name": "GO-2022-0522", "description": "Stack exhaustion on crafted paths in path/filepath", "issued": "2022-07-20T17:02:29Z", "links": "https://go.dev/cl/417066 https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "Jx8Savf4pVqPTLt8HsgoXA==": { "id": "Jx8Savf4pVqPTLt8HsgoXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-mro", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23-481.el9", "arch_op": "pattern match" }, "K/Jzpgc6xwHh47HFu+S8BQ==": { "id": "K/Jzpgc6xwHh47HFu+S8BQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "K0/KdAmlvzyf53kjXgfoRA==": { "id": "K0/KdAmlvzyf53kjXgfoRA==", "updater": "rhel-vex", "name": "CVE-2023-3316", "description": "A flaw was found in LibTiff. A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3316 https://bugzilla.redhat.com/show_bug.cgi?id=2216080 https://www.cve.org/CVERecord?id=CVE-2023-3316 https://nvd.nist.gov/vuln/detail/CVE-2023-3316 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3316.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "K12v1aAHn6bz+NiEB1W7GA==": { "id": "K12v1aAHn6bz+NiEB1W7GA==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "K5fLrkou5COixf2q2qhQ5Q==": { "id": "K5fLrkou5COixf2q2qhQ5Q==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "KBpYoBBh5AFRsvma/sImeA==": { "id": "KBpYoBBh5AFRsvma/sImeA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "KC4H6WRPkYrWvXb9OC+odg==": { "id": "KC4H6WRPkYrWvXb9OC+odg==", "updater": "rhel-vex", "name": "CVE-2023-3164", "description": "A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. This flaw allows attackers to cause a denial of service via a crafted tiff file.", "issued": "2023-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3164 https://bugzilla.redhat.com/show_bug.cgi?id=2213531 https://www.cve.org/CVERecord?id=CVE-2023-3164 https://nvd.nist.gov/vuln/detail/CVE-2023-3164 https://gitlab.com/libtiff/libtiff/-/issues/542 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3164.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KEWGfOVGYNjr6kNjpQx0qg==": { "id": "KEWGfOVGYNjr6kNjpQx0qg==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "KJGsgMArislsisVXSZHY4A==": { "id": "KJGsgMArislsisVXSZHY4A==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "KM/iKSazFyPeIBezQXviSQ==": { "id": "KM/iKSazFyPeIBezQXviSQ==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "KM3euWq+O2CS0VP936TjVg==": { "id": "KM3euWq+O2CS0VP936TjVg==", "updater": "osv/go", "name": "GO-2023-2382", "description": "Denial of service via chunk extensions in net/http", "issued": "2023-12-06T16:22:36Z", "links": "https://go.dev/issue/64433 https://go.dev/cl/547335 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.12" }, "KTLyj41W+cHfjH/HBrA7BQ==": { "id": "KTLyj41W+cHfjH/HBrA7BQ==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "KWqotAAFzFGFp1GIUjXi0g==": { "id": "KWqotAAFzFGFp1GIUjXi0g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "KXAIwMyIqS4MKyyyosxjhw==": { "id": "KXAIwMyIqS4MKyyyosxjhw==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "KXzUsn7IGL3ZRMjBL3QOng==": { "id": "KXzUsn7IGL3ZRMjBL3QOng==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "KYv6PwzjV6/5I33cZ9LUmQ==": { "id": "KYv6PwzjV6/5I33cZ9LUmQ==", "updater": "rhel-vex", "name": "CVE-2022-2817", "description": "A use-after-free vulnerability was found in Vim in the string_quote function in the strings.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2817 https://bugzilla.redhat.com/show_bug.cgi?id=2119043 https://www.cve.org/CVERecord?id=CVE-2022-2817 https://nvd.nist.gov/vuln/detail/CVE-2022-2817 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2817.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Kcd+UQxBw37KfFkRbn1QXw==": { "id": "Kcd+UQxBw37KfFkRbn1QXw==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "KewD59oo2UdDLsWiOrUjzQ==": { "id": "KewD59oo2UdDLsWiOrUjzQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "KhBWOViCuCZdWqrkDlYvOA==": { "id": "KhBWOViCuCZdWqrkDlYvOA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KhtP1/ZJ9jcZ6Whijt7vkw==": { "id": "KhtP1/ZJ9jcZ6Whijt7vkw==", "updater": "osv/go", "name": "GO-2023-1571", "description": "Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net", "issued": "2023-02-16T22:31:36Z", "links": "https://go.dev/issue/57855 https://go.dev/cl/468135 https://go.dev/cl/468295 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "KlFwXzVoVlebAInsnw41Qw==": { "id": "KlFwXzVoVlebAInsnw41Qw==", "updater": "osv/go", "name": "GO-2025-4010", "description": "Insufficient validation of bracketed IPv6 hostnames in net/url", "issued": "2025-10-29T21:49:58Z", "links": "https://go.dev/issue/75678 https://go.dev/cl/709857 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "Km0Kj8/PT21DcOVckLYRyA==": { "id": "Km0Kj8/PT21DcOVckLYRyA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "Kp6vEAyTjVJyCperHJ2MsQ==": { "id": "Kp6vEAyTjVJyCperHJ2MsQ==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "Kqi7XT4SGpqJzglrXFbYsQ==": { "id": "Kqi7XT4SGpqJzglrXFbYsQ==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-c++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "Kqq2xlybjD/tOLmQWu2xPw==": { "id": "Kqq2xlybjD/tOLmQWu2xPw==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KsboTEAsiwsdLEKIDivkyA==": { "id": "KsboTEAsiwsdLEKIDivkyA==", "updater": "rhel-vex", "name": "CVE-2022-2175", "description": "A heap buffer over-read vulnerability was found in Vim's put_on_cmdline() function of the src/ex_getln.c file. This issue occurs due to invalid memory access when using an expression on the command line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer overflow that causes an application to crash and corrupt memory.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2175 https://bugzilla.redhat.com/show_bug.cgi?id=2101293 https://www.cve.org/CVERecord?id=CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2175.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KtIlAO0V0/KiMbIbmHHMGw==": { "id": "KtIlAO0V0/KiMbIbmHHMGw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "KwXuJ1mZuqgv14dKI+DdIw==": { "id": "KwXuJ1mZuqgv14dKI+DdIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "KxS2ZtWgZx0lQavGmel4Wg==": { "id": "KxS2ZtWgZx0lQavGmel4Wg==", "updater": "osv/go", "name": "GO-2025-4013", "description": "Panic when validating certificates with DSA public keys in crypto/x509", "issued": "2025-10-29T21:50:08Z", "links": "https://go.dev/cl/709853 https://go.dev/issue/75675 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "L+KHKrPvSxZVeDMiWq92vw==": { "id": "L+KHKrPvSxZVeDMiWq92vw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "L/8naYULbNo7VCB5WzvpDw==": { "id": "L/8naYULbNo7VCB5WzvpDw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "L04cc8NCPjDZYnxYDnO5+A==": { "id": "L04cc8NCPjDZYnxYDnO5+A==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "L0O+Qmwnpkk+Rg/VqN7QWA==": { "id": "L0O+Qmwnpkk+Rg/VqN7QWA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "L2l/2cM7p8mbRx8/RerNPg==": { "id": "L2l/2cM7p8mbRx8/RerNPg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "L309n8CXvBj9wPx3UR7JGQ==": { "id": "L309n8CXvBj9wPx3UR7JGQ==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L3Sq7FQbQmRq1R8Dn0eFww==": { "id": "L3Sq7FQbQmRq1R8Dn0eFww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "L5u3G3ilU8/0RtMpJ7kdKQ==": { "id": "L5u3G3ilU8/0RtMpJ7kdKQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "L7bRdQbudZhoHiefk8z45A==": { "id": "L7bRdQbudZhoHiefk8z45A==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "L9hbhq3wsZ5QkKEIo/fhYQ==": { "id": "L9hbhq3wsZ5QkKEIo/fhYQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "LAdEFhGjw+B+5uRqObeXiQ==": { "id": "LAdEFhGjw+B+5uRqObeXiQ==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "LBK9PqJKfCEUpttQCyryqw==": { "id": "LBK9PqJKfCEUpttQCyryqw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "LBzBPjCNeeSOWXyc2o2hnQ==": { "id": "LBzBPjCNeeSOWXyc2o2hnQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "LCRgl8qKc2VcXP1ILfaS6A==": { "id": "LCRgl8qKc2VcXP1ILfaS6A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "LDhDJjeJTHD14xx6vYgQUQ==": { "id": "LDhDJjeJTHD14xx6vYgQUQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "LFiejdPb02ZvCk9/k6M2OA==": { "id": "LFiejdPb02ZvCk9/k6M2OA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "LKHvKuMU+ZaZN+c9jQoc8A==": { "id": "LKHvKuMU+ZaZN+c9jQoc8A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "LMcwA00QGnxriAXkZQIhHw==": { "id": "LMcwA00QGnxriAXkZQIhHw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "LMrJ8zW3vxlqJrvFMbbCGA==": { "id": "LMrJ8zW3vxlqJrvFMbbCGA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.el9", "arch_op": "pattern match" }, "LULa++Og4kM4JJrQxnZj0w==": { "id": "LULa++Og4kM4JJrQxnZj0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.1.el9_6", "arch_op": "pattern match" }, "LUlesLbzv1yf48cLqYDxTg==": { "id": "LUlesLbzv1yf48cLqYDxTg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "LXj+7NB7elh/3U/gcE77cw==": { "id": "LXj+7NB7elh/3U/gcE77cw==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Lc7NiV76Y8Ubl6+6Vgd+sw==": { "id": "Lc7NiV76Y8Ubl6+6Vgd+sw==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "LcEYljn+QTWUC36NwQCf7w==": { "id": "LcEYljn+QTWUC36NwQCf7w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Lcg+9plLPEAo58BHKBlIGw==": { "id": "Lcg+9plLPEAo58BHKBlIGw==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "LczpEojKeJQxs4tAiPNubw==": { "id": "LczpEojKeJQxs4tAiPNubw==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "Lex02lwAwiaMkFn9DV9FuA==": { "id": "Lex02lwAwiaMkFn9DV9FuA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "LiT2UIJJCX7RQxuKZd5BaQ==": { "id": "LiT2UIJJCX7RQxuKZd5BaQ==", "updater": "rhel-vex", "name": "CVE-2023-43804", "description": "A flaw was found in urllib3, a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, which is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43804 https://bugzilla.redhat.com/show_bug.cgi?id=2242493 https://www.cve.org/CVERecord?id=CVE-2023-43804 https://nvd.nist.gov/vuln/detail/CVE-2023-43804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43804.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "LkG+n79mbPHrPl1sC2ee1w==": { "id": "LkG+n79mbPHrPl1sC2ee1w==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "LkJjju2s50oKpBRyBT8s0A==": { "id": "LkJjju2s50oKpBRyBT8s0A==", "updater": "rhel-vex", "name": "CVE-2024-41965", "description": "A vulnerability was found in Vim versions before 9.1.0648 that can cause the program to crash. This issue happens when a user abandons a modified file, and Vim tries to save it as an Untitled file. Due to a mistake in handling this process, Vim accidentally tries to free up memory twice, which can lead to problems, causing the program to crash. This issue can be exploited by someone with local access to the system.", "issued": "2024-08-01T22:21:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41965 https://bugzilla.redhat.com/show_bug.cgi?id=2302419 https://www.cve.org/CVERecord?id=CVE-2024-41965 https://nvd.nist.gov/vuln/detail/CVE-2024-41965 https://github.com/vim/vim/commit/b29f4abcd4b3382fa746edd1d0562b7b48c https://github.com/vim/vim/security/advisories/GHSA-46pw-v7qw-xc2f https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41965.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LlIx9R1y9EWEYmMjr1l1rw==": { "id": "LlIx9R1y9EWEYmMjr1l1rw==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "Lsd0oY+cRz3Y5y3+G6CYMA==": { "id": "Lsd0oY+cRz3Y5y3+G6CYMA==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "Lw4KgrwWujzRmDjtibR3+Q==": { "id": "Lw4KgrwWujzRmDjtibR3+Q==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "LyEH4RIrJnMwmS9bxL322w==": { "id": "LyEH4RIrJnMwmS9bxL322w==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "LyQcB6aDtcDf3FmzBVHSKQ==": { "id": "LyQcB6aDtcDf3FmzBVHSKQ==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "LzfcsSJMzHmJVjI8xrynCA==": { "id": "LzfcsSJMzHmJVjI8xrynCA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "M0WxNlBrWr1WR0ACcsFS3w==": { "id": "M0WxNlBrWr1WR0ACcsFS3w==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "M1Z06nydk707qbRpFiKmaA==": { "id": "M1Z06nydk707qbRpFiKmaA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M3xoPIiF+fvDRyYkizrMWQ==": { "id": "M3xoPIiF+fvDRyYkizrMWQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "M4/opsM/3qe/3m0zjGkItQ==": { "id": "M4/opsM/3qe/3m0zjGkItQ==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "M5aJiMv2/MaWINKfor0BrQ==": { "id": "M5aJiMv2/MaWINKfor0BrQ==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "M6ssHrt9pKPpEPr7O0Tc/A==": { "id": "M6ssHrt9pKPpEPr7O0Tc/A==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "M9nh4Ryt6GwPUlLoItHqnA==": { "id": "M9nh4Ryt6GwPUlLoItHqnA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MAL36hvDgZ40KRvk279OJA==": { "id": "MAL36hvDgZ40KRvk279OJA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:3531", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.3", "arch_op": "pattern match" }, "MGoFQMcsriBEPanvv9LYcQ==": { "id": "MGoFQMcsriBEPanvv9LYcQ==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "MJ6xN5o4V2wpv4hjMTwHAA==": { "id": "MJ6xN5o4V2wpv4hjMTwHAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "MJtIM09Jw6pIepBEcf4LwQ==": { "id": "MJtIM09Jw6pIepBEcf4LwQ==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "MLyBE3p9/9+LMOMl2JBi6w==": { "id": "MLyBE3p9/9+LMOMl2JBi6w==", "updater": "rhel-vex", "name": "CVE-2022-2343", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2343 https://bugzilla.redhat.com/show_bug.cgi?id=2106779 https://www.cve.org/CVERecord?id=CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2343.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MMLwOzBcCET4jaa3dPuTwQ==": { "id": "MMLwOzBcCET4jaa3dPuTwQ==", "updater": "rhel-vex", "name": "CVE-2022-38533", "description": "A vulnerability was found in the strip utility of binutils. An attacker able to convince a victim to process a specially crafted COFF file by the strip utility can lead to a heap-based buffer overflow, causing the utility to crash.", "issued": "2022-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-38533 https://bugzilla.redhat.com/show_bug.cgi?id=2124569 https://www.cve.org/CVERecord?id=CVE-2022-38533 https://nvd.nist.gov/vuln/detail/CVE-2022-38533 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-38533.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MOUExK9O9qzIs9ukHaS2ew==": { "id": "MOUExK9O9qzIs9ukHaS2ew==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "MVGmB/UrNlB0PqdbI1X5iA==": { "id": "MVGmB/UrNlB0PqdbI1X5iA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "MYhgpNDg22nk0/HCSwm/gw==": { "id": "MYhgpNDg22nk0/HCSwm/gw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "McBbvTJIAPyP1aOW8M+hzw==": { "id": "McBbvTJIAPyP1aOW8M+hzw==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "Mds6YkAImABVZfFVPdan5w==": { "id": "Mds6YkAImABVZfFVPdan5w==", "updater": "osv/go", "name": "GO-2022-0493", "description": "Incorrect privilege reporting in syscall and golang.org/x/sys/unix", "issued": "2022-07-15T23:30:12Z", "links": "https://go.dev/cl/399539 https://go.dev/issue/52313 https://go.dev/cl/400074 https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.2" }, "Mgu68G03r/7Tj/zMomkJZw==": { "id": "Mgu68G03r/7Tj/zMomkJZw==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "Mhh/p16eoRFTSGC5EJRZEw==": { "id": "Mhh/p16eoRFTSGC5EJRZEw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "Mo/R2a7u4vWlPy8O1jH7HQ==": { "id": "Mo/R2a7u4vWlPy8O1jH7HQ==", "updater": "rhel-vex", "name": "CVE-2024-8244", "description": "The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress.", "issued": "2025-08-06T15:32:27Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8244 https://bugzilla.redhat.com/show_bug.cgi?id=2386885 https://www.cve.org/CVERecord?id=CVE-2024-8244 https://nvd.nist.gov/vuln/detail/CVE-2024-8244 https://go.dev/issue/70007 https://pkg.go.dev/vuln/GO-2025-9999 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8244.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-rpm-macros", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Mo4ARlLui4P8nHgMUyYhSw==": { "id": "Mo4ARlLui4P8nHgMUyYhSw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Mqs34KD77Q9uZxNX/8mz0Q==": { "id": "Mqs34KD77Q9uZxNX/8mz0Q==", "updater": "rhel-vex", "name": "CVE-2025-11494", "description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "issued": "2025-10-08T19:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11494 https://bugzilla.redhat.com/show_bug.cgi?id=2402559 https://www.cve.org/CVERecord?id=CVE-2025-11494 https://nvd.nist.gov/vuln/detail/CVE-2025-11494 https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11494.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MrRavbeiISRcJtBRJ3ZRsA==": { "id": "MrRavbeiISRcJtBRJ3ZRsA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "MrpKafmPiKoIdSrqC/r3Sg==": { "id": "MrpKafmPiKoIdSrqC/r3Sg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "Mrux1XY1LZVvkWuUp2MCHQ==": { "id": "Mrux1XY1LZVvkWuUp2MCHQ==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "MtExg9vrmkuo/+/XELnvpA==": { "id": "MtExg9vrmkuo/+/XELnvpA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Mukn5ixgUb/zb+mcMFd16Q==": { "id": "Mukn5ixgUb/zb+mcMFd16Q==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libdnf-plugin-subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "Mv7iQu0SgLhcoLH3nS/HZw==": { "id": "Mv7iQu0SgLhcoLH3nS/HZw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "MvPzfqdptyOBxzxR1iCL3g==": { "id": "MvPzfqdptyOBxzxR1iCL3g==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "MwRbFLckfwf7ZXLrr6KBUQ==": { "id": "MwRbFLckfwf7ZXLrr6KBUQ==", "updater": "rhel-vex", "name": "CVE-2024-26458", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/rpc/pmap_rmt.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26458 https://bugzilla.redhat.com/show_bug.cgi?id=2266731 https://www.cve.org/CVERecord?id=CVE-2024-26458 https://nvd.nist.gov/vuln/detail/CVE-2024-26458 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26458.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "Mx7K+5VJ9q5MSCq5wzzrvA==": { "id": "Mx7K+5VJ9q5MSCq5wzzrvA==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "N6/VXIOitxRZPgnZMgm+4A==": { "id": "N6/VXIOitxRZPgnZMgm+4A==", "updater": "rhel-vex", "name": "CVE-2024-9287", "description": "A vulnerability has been found in the Python `venv` module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment \"activation\" scripts, for example, \"source venv/bin/activate\". This flaw allows attacker-controlled virtual environments to run commands when the virtual environment is activated.", "issued": "2024-10-22T16:34:39Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9287 https://bugzilla.redhat.com/show_bug.cgi?id=2321440 https://www.cve.org/CVERecord?id=CVE-2024-9287 https://nvd.nist.gov/vuln/detail/CVE-2024-9287 https://github.com/python/cpython/issues/124651 https://github.com/python/cpython/pull/124712 https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9287.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "N6xCmSIsupN7OsJaYpsl6Q==": { "id": "N6xCmSIsupN7OsJaYpsl6Q==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "N6yyVyHeduwThpSSvA2dVQ==": { "id": "N6yyVyHeduwThpSSvA2dVQ==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "NAN7p79skZ+eBA0xQMnnqw==": { "id": "NAN7p79skZ+eBA0xQMnnqw==", "updater": "rhel-vex", "name": "CVE-2023-0804", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0804 https://bugzilla.redhat.com/show_bug.cgi?id=2170192 https://www.cve.org/CVERecord?id=CVE-2023-0804 https://nvd.nist.gov/vuln/detail/CVE-2023-0804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0804.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "ND8tA1FahvMc/ZIGpyoj3g==": { "id": "ND8tA1FahvMc/ZIGpyoj3g==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NDTeUbmjAj/XEHx68pTD9A==": { "id": "NDTeUbmjAj/XEHx68pTD9A==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "NFJR7P8KL9HNF/dsA5opTw==": { "id": "NFJR7P8KL9HNF/dsA5opTw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "NGHtfO55iqBhbAmqujAqHA==": { "id": "NGHtfO55iqBhbAmqujAqHA==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "NJhwMDbt0IMvlSLLB4cUVA==": { "id": "NJhwMDbt0IMvlSLLB4cUVA==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "NLs2bAzfO2YzrBTddmvvkQ==": { "id": "NLs2bAzfO2YzrBTddmvvkQ==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "NNyvMdW5UTPp1jGH161XDQ==": { "id": "NNyvMdW5UTPp1jGH161XDQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "NObEgWpn6tAdrn33X3GoKw==": { "id": "NObEgWpn6tAdrn33X3GoKw==", "updater": "rhel-vex", "name": "CVE-2022-32148", "description": "A flaw was found in net/http/httputil golang package. When httputil.ReverseProxy.ServeHTTP is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy could set the client IP incorrectly. This issue may affect confidentiality.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-32148 https://bugzilla.redhat.com/show_bug.cgi?id=2107383 https://www.cve.org/CVERecord?id=CVE-2022-32148 https://nvd.nist.gov/vuln/detail/CVE-2022-32148 https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-32148.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NPJh6PwkJYtfpkFMxFCfIA==": { "id": "NPJh6PwkJYtfpkFMxFCfIA==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "NQ+dtAZLrUPoMA29mi1Odg==": { "id": "NQ+dtAZLrUPoMA29mi1Odg==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "NUj8ykIgUTA27ShVMCBysA==": { "id": "NUj8ykIgUTA27ShVMCBysA==", "updater": "rhel-vex", "name": "CVE-2024-37370", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37370 https://bugzilla.redhat.com/show_bug.cgi?id=2294677 https://www.cve.org/CVERecord?id=CVE-2024-37370 https://nvd.nist.gov/vuln/detail/CVE-2024-37370 https://web.mit.edu/kerberos/www/krb5-1.21/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37370.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "NVw9L7wf5CkACfCMTn/ArA==": { "id": "NVw9L7wf5CkACfCMTn/ArA==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "NW78+g0sKpejEre7I2lCOA==": { "id": "NW78+g0sKpejEre7I2lCOA==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "NWqPMtB06drZmdGhOgqvEA==": { "id": "NWqPMtB06drZmdGhOgqvEA==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NXkuwjwxMseOUUaLQCgnuQ==": { "id": "NXkuwjwxMseOUUaLQCgnuQ==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "NdlKBrj70+HY4gSgv+wTmA==": { "id": "NdlKBrj70+HY4gSgv+wTmA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "NeZAaBfGrzLvaMKrJL7WlA==": { "id": "NeZAaBfGrzLvaMKrJL7WlA==", "updater": "rhel-vex", "name": "CVE-2024-45306", "description": "A heap-buffer overflow was found in Vim. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line and does not become invalid by pointing beyond the end of a line. It was assumed that this loop was unnecessary. However, this change made it possible for the cursor position to stay invalid and point beyond the end of a line, which would eventually cause a heap-buffer-overflow when trying to access the line pointer at the specified cursor position.", "issued": "2024-09-02T18:15:36Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45306 https://bugzilla.redhat.com/show_bug.cgi?id=2309275 https://www.cve.org/CVERecord?id=CVE-2024-45306 https://nvd.nist.gov/vuln/detail/CVE-2024-45306 https://github.com/vim/vim/commit/396fd1ec2956307755392a1 https://github.com/vim/vim/releases/tag/v9.1.0038 https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45306.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "NeoXfJYSR9hqSpA4BJOyWQ==": { "id": "NeoXfJYSR9hqSpA4BJOyWQ==", "updater": "rhel-vex", "name": "CVE-2023-24540", "description": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24540 https://bugzilla.redhat.com/show_bug.cgi?id=2196027 https://www.cve.org/CVERecord?id=CVE-2023-24540 https://nvd.nist.gov/vuln/detail/CVE-2023-24540 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24540.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfM08djkMgc3ukqHI37OMg==": { "id": "NfM08djkMgc3ukqHI37OMg==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "NfOajNNzWnotxhFpYD5Nfg==": { "id": "NfOajNNzWnotxhFpYD5Nfg==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "NkAsviHzXhNrys9cILlYeQ==": { "id": "NkAsviHzXhNrys9cILlYeQ==", "updater": "osv/go", "name": "GO-2023-2185", "description": "Insecure parsing of Windows paths with a \\??\\ prefix in path/filepath", "issued": "2023-11-08T22:42:14Z", "links": "https://go.dev/issue/63713 https://go.dev/cl/540277 https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY https://go.dev/issue/64028 https://go.dev/cl/541175 https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.11" }, "Nl5OfrnQ/SPbLIWCvdxEHw==": { "id": "Nl5OfrnQ/SPbLIWCvdxEHw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "NoEVAwQMgkCr1UvAm6iQBQ==": { "id": "NoEVAwQMgkCr1UvAm6iQBQ==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "NpKL2jmktUTvYJUFA1mjww==": { "id": "NpKL2jmktUTvYJUFA1mjww==", "updater": "rhel-vex", "name": "CVE-2023-39321", "description": "A flaw was found in Golang. Processing an incomplete post-handshake message for a QUIC connection caused a panic.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39321 https://bugzilla.redhat.com/show_bug.cgi?id=2237777 https://www.cve.org/CVERecord?id=CVE-2023-39321 https://nvd.nist.gov/vuln/detail/CVE-2023-39321 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2044.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39321.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "NplyvjxiuekBB/5QKoOJbw==": { "id": "NplyvjxiuekBB/5QKoOJbw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "Nsd5wG+dBhUvVktxuz/adg==": { "id": "Nsd5wG+dBhUvVktxuz/adg==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "O+NG96g+kK1DtaJEFTfwuA==": { "id": "O+NG96g+kK1DtaJEFTfwuA==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "O+a4984RTSUBIVVJsZTw1A==": { "id": "O+a4984RTSUBIVVJsZTw1A==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "O0QnjS+0zUH+vff5xaIpCw==": { "id": "O0QnjS+0zUH+vff5xaIpCw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "O0ZHj1wCkn8EgvHd15dYqA==": { "id": "O0ZHj1wCkn8EgvHd15dYqA==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "O24do/xbIwz1BfQU4lBl5A==": { "id": "O24do/xbIwz1BfQU4lBl5A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "O41Bejc6em2i0QjOrjliKQ==": { "id": "O41Bejc6em2i0QjOrjliKQ==", "updater": "rhel-vex", "name": "CVE-2023-0803", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0803 https://bugzilla.redhat.com/show_bug.cgi?id=2170187 https://www.cve.org/CVERecord?id=CVE-2023-0803 https://nvd.nist.gov/vuln/detail/CVE-2023-0803 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0803.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "O4VudlVyChnCKHP9qhS59g==": { "id": "O4VudlVyChnCKHP9qhS59g==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "O7l2OQQ3NRM4VNrd4YvEaA==": { "id": "O7l2OQQ3NRM4VNrd4YvEaA==", "updater": "rhel-vex", "name": "CVE-2023-24539", "description": "A flaw was found in golang where angle brackets (\u003c\u003e) were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if executed with untrusted input.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24539 https://bugzilla.redhat.com/show_bug.cgi?id=2196026 https://www.cve.org/CVERecord?id=CVE-2023-24539 https://nvd.nist.gov/vuln/detail/CVE-2023-24539 https://github.com/golang/go/issues/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24539.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "O8btQzgzPf/pU7XfP3wqPw==": { "id": "O8btQzgzPf/pU7XfP3wqPw==", "updater": "rhel-vex", "name": "CVE-2025-5914", "description": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5914 https://bugzilla.redhat.com/show_bug.cgi?id=2370861 https://www.cve.org/CVERecord?id=CVE-2025-5914 https://nvd.nist.gov/vuln/detail/CVE-2025-5914 https://github.com/libarchive/libarchive/pull/2598 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5914.json https://access.redhat.com/errata/RHSA-2025:14130", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-6.el9_6", "arch_op": "pattern match" }, "OIcx4C9IsgtrAE0nDs9GdA==": { "id": "OIcx4C9IsgtrAE0nDs9GdA==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "OJ5Ok6CMeJ8/3txCizz4cg==": { "id": "OJ5Ok6CMeJ8/3txCizz4cg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "OOCO13z2+atrfqEfCsJ3/w==": { "id": "OOCO13z2+atrfqEfCsJ3/w==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "OUOPFj6v5qm/F5KSXf7dVw==": { "id": "OUOPFj6v5qm/F5KSXf7dVw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "OXr+UvfSDAQbLGP4xOBSMw==": { "id": "OXr+UvfSDAQbLGP4xOBSMw==", "updater": "rhel-vex", "name": "CVE-2023-1127", "description": "A flaw was found in Vim. A division by zero in the scrolldown function may lead to a denial of service, modified memory, and possibly remote execution.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1127 https://bugzilla.redhat.com/show_bug.cgi?id=2174662 https://www.cve.org/CVERecord?id=CVE-2023-1127 https://nvd.nist.gov/vuln/detail/CVE-2023-1127 https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1127.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Oaw7/z6QEDwwzKvMQmdriQ==": { "id": "Oaw7/z6QEDwwzKvMQmdriQ==", "updater": "rhel-vex", "name": "CVE-2022-48281", "description": "A vulnerability was found in libtiff. This vulnerability occurs due to an issue in processCropSelections in the tools/tiffcrop.c function in LibTIFF that has a heap-based buffer overflow (for example, \"WRITE of size 307203\") via a crafted TIFF image.", "issued": "2023-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48281 https://bugzilla.redhat.com/show_bug.cgi?id=2163606 https://www.cve.org/CVERecord?id=CVE-2022-48281 https://nvd.nist.gov/vuln/detail/CVE-2022-48281 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48281.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "Ob+LJ5zYHnbjt14Yf8W7UA==": { "id": "Ob+LJ5zYHnbjt14Yf8W7UA==", "updater": "rhel-vex", "name": "CVE-2022-3016", "description": "A heap use-after-free vulnerability was found in vim's get_next_valid_entry() function of the src/quickfix.c file. The issue occurs because vim is using freed memory when the location list is changed in autocmd. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3016 https://bugzilla.redhat.com/show_bug.cgi?id=2124208 https://www.cve.org/CVERecord?id=CVE-2022-3016 https://nvd.nist.gov/vuln/detail/CVE-2022-3016 https://huntr.dev/bounties/260516c2-5c4a-4b7f-a01c-04b1aeeea371 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3016.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OhQ6agVzWuY02NakmnlJmw==": { "id": "OhQ6agVzWuY02NakmnlJmw==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "Oi+2EF5+FNNGg+4WyowonQ==": { "id": "Oi+2EF5+FNNGg+4WyowonQ==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "Ojd6gfhf5HOGBRFGRWmKOg==": { "id": "Ojd6gfhf5HOGBRFGRWmKOg==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ok4YXGXw7Ua7qgtxqZcqhg==": { "id": "Ok4YXGXw7Ua7qgtxqZcqhg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "OleRcJ5uCI7wOsxOqMjRlg==": { "id": "OleRcJ5uCI7wOsxOqMjRlg==", "updater": "rhel-vex", "name": "CVE-2025-32988", "description": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.", "issued": "2025-07-10T07:55:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32988 https://bugzilla.redhat.com/show_bug.cgi?id=2359622 https://www.cve.org/CVERecord?id=CVE-2025-32988 https://nvd.nist.gov/vuln/detail/CVE-2025-32988 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32988.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "OlhZuHzjnGJlFRoEEZLvZw==": { "id": "OlhZuHzjnGJlFRoEEZLvZw==", "updater": "rhel-vex", "name": "CVE-2022-1705", "description": "A flaw was found in golang. The HTTP/1 client accepted invalid Transfer-Encoding headers indicating \"chunked\" encoding. This issue could allow request smuggling, but only if combined with an intermediate server that also improperly accepts the header as invalid.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1705 https://bugzilla.redhat.com/show_bug.cgi?id=2107374 https://www.cve.org/CVERecord?id=CVE-2022-1705 https://nvd.nist.gov/vuln/detail/CVE-2022-1705 https://go.dev/issue/53188 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1705.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "OlzUZywb212kcLte3jiS3g==": { "id": "OlzUZywb212kcLte3jiS3g==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json https://access.redhat.com/errata/RHSA-2024:9404", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.10.0-11.el9", "arch_op": "pattern match" }, "OoUkTYhn9kcAyWK8OpWEvg==": { "id": "OoUkTYhn9kcAyWK8OpWEvg==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "OqWPbZZgGqlPCMzbmClfHA==": { "id": "OqWPbZZgGqlPCMzbmClfHA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "OtUtUn02ewCzaijseyEVUA==": { "id": "OtUtUn02ewCzaijseyEVUA==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "OuZBWnWNFHYdTgntdOB15Q==": { "id": "OuZBWnWNFHYdTgntdOB15Q==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "OvvtykNCZtfooZWGyghXfg==": { "id": "OvvtykNCZtfooZWGyghXfg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Ox1tNe9huq3q2onFJsX0QA==": { "id": "Ox1tNe9huq3q2onFJsX0QA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "OxOc7/P4x7mjEZNhGnABDA==": { "id": "OxOc7/P4x7mjEZNhGnABDA==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:2570", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-4.el9_4", "arch_op": "pattern match" }, "Oz/6eC07LwyvcoelwlI47w==": { "id": "Oz/6eC07LwyvcoelwlI47w==", "updater": "rhel-vex", "name": "CVE-2024-32002", "description": "A vulnerability was found in Git. This vulnerability allows the malicious manipulation of repositories containing submodules, exploiting a bug that enables the writing of files into the .git/ directory instead of the submodule's intended worktree. This manipulation facilitates the execution of arbitrary code during the cloning process, bypassing user inspection and control.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2280421 https://www.cve.org/CVERecord?id=CVE-2024-32002 https://nvd.nist.gov/vuln/detail/CVE-2024-32002 https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32002.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "P0aqIEFHW71uwsNt2kNw4A==": { "id": "P0aqIEFHW71uwsNt2kNw4A==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "P1K1eUbqwgam0P6f7iB/IA==": { "id": "P1K1eUbqwgam0P6f7iB/IA==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "P2LAyAbSFxWVwlNB9c/A2g==": { "id": "P2LAyAbSFxWVwlNB9c/A2g==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "P8ATyyToJgziJaUXIjyPvA==": { "id": "P8ATyyToJgziJaUXIjyPvA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "PAVfrfQyg9ezKUDPbI/Nmw==": { "id": "PAVfrfQyg9ezKUDPbI/Nmw==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "PB44uTo7NGwmA/fjSEQPBA==": { "id": "PB44uTo7NGwmA/fjSEQPBA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "PDkkYuYRnbObAyDWKDapig==": { "id": "PDkkYuYRnbObAyDWKDapig==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "PEaU9hApxjdZ1D4R2OUZpw==": { "id": "PEaU9hApxjdZ1D4R2OUZpw==", "updater": "rhel-vex", "name": "CVE-2024-21890", "description": "A flaw was found in the Node.js Permission Model, where it is not clarified in the documentation that wildcards should only be used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/*.pub will ignore pub and give access to everything after .ssh/.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21890 https://bugzilla.redhat.com/show_bug.cgi?id=2265722 https://www.cve.org/CVERecord?id=CVE-2024-21890 https://nvd.nist.gov/vuln/detail/CVE-2024-21890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21890.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "PHRlWl/iCYco+xAVn6SmKQ==": { "id": "PHRlWl/iCYco+xAVn6SmKQ==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "PJ/Blkuxb9rGhjSw0f3NrA==": { "id": "PJ/Blkuxb9rGhjSw0f3NrA==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "PLT6ItGnGibNqyU7ikhmRA==": { "id": "PLT6ItGnGibNqyU7ikhmRA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PMaPI3hRDt0vFaerryvY/g==": { "id": "PMaPI3hRDt0vFaerryvY/g==", "updater": "rhel-vex", "name": "CVE-2023-0361", "description": "A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0361 https://bugzilla.redhat.com/show_bug.cgi?id=2162596 https://www.cve.org/CVERecord?id=CVE-2023-0361 https://nvd.nist.gov/vuln/detail/CVE-2023-0361 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0361.json https://access.redhat.com/errata/RHSA-2023:1141", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-18.el9_1", "arch_op": "pattern match" }, "POO0JR6PIxa5cAikhYHhiQ==": { "id": "POO0JR6PIxa5cAikhYHhiQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "POSFLQ5mtdC9jMcn5UF8FA==": { "id": "POSFLQ5mtdC9jMcn5UF8FA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "PRErogcN/aXkh7DLlBPLlw==": { "id": "PRErogcN/aXkh7DLlBPLlw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "PTaioV6jy0S7VQV20A7R+A==": { "id": "PTaioV6jy0S7VQV20A7R+A==", "updater": "rhel-vex", "name": "CVE-2024-12243", "description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12243 https://bugzilla.redhat.com/show_bug.cgi?id=2344615 https://www.cve.org/CVERecord?id=CVE-2024-12243 https://nvd.nist.gov/vuln/detail/CVE-2024-12243 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12243.json https://access.redhat.com/errata/RHSA-2025:7076", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9", "arch_op": "pattern match" }, "PYQ8GtvInfQ411U5gwbErQ==": { "id": "PYQ8GtvInfQ411U5gwbErQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "Pd5fn59ga3nlH8XsDKvDWA==": { "id": "Pd5fn59ga3nlH8XsDKvDWA==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "PdGhfwK5tePs8ngzFuopoA==": { "id": "PdGhfwK5tePs8ngzFuopoA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "PdNX5RN9keIsqOloxy7mkg==": { "id": "PdNX5RN9keIsqOloxy7mkg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "Pdc4LabMMVIl3+kSdEepMw==": { "id": "Pdc4LabMMVIl3+kSdEepMw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "PgPRtFXcN+6zuIY77w+muQ==": { "id": "PgPRtFXcN+6zuIY77w+muQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "PhzQEpAkCFfaNfVzGQzMgg==": { "id": "PhzQEpAkCFfaNfVzGQzMgg==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "PnyZkAM4ZwDECggE7QV89A==": { "id": "PnyZkAM4ZwDECggE7QV89A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "Po+GLdyrucAyVatfOmZxGg==": { "id": "Po+GLdyrucAyVatfOmZxGg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "PwX0RLPO5W1w6VDjSgcV8A==": { "id": "PwX0RLPO5W1w6VDjSgcV8A==", "updater": "rhel-vex", "name": "CVE-2022-3626", "description": "An out-of-bounds write flaw was found in the _TIFFmemset function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3626 https://bugzilla.redhat.com/show_bug.cgi?id=2142741 https://www.cve.org/CVERecord?id=CVE-2022-3626 https://nvd.nist.gov/vuln/detail/CVE-2022-3626 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3626.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Pza9Y2xtH9MChVMkZwgw2A==": { "id": "Pza9Y2xtH9MChVMkZwgw2A==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q0D37bmhhLGtYILIAMgFXg==": { "id": "Q0D37bmhhLGtYILIAMgFXg==", "updater": "rhel-vex", "name": "CVE-2022-2207", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2207 https://bugzilla.redhat.com/show_bug.cgi?id=2102185 https://www.cve.org/CVERecord?id=CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2207.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q1F3DVZZ3gpMNQT3yhbiSg==": { "id": "Q1F3DVZZ3gpMNQT3yhbiSg==", "updater": "rhel-vex", "name": "CVE-2025-10911", "description": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.", "issued": "2025-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10911 https://bugzilla.redhat.com/show_bug.cgi?id=2397838 https://www.cve.org/CVERecord?id=CVE-2025-10911 https://nvd.nist.gov/vuln/detail/CVE-2025-10911 https://gitlab.gnome.org/GNOME/libxslt/-/issues/144 https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10911.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxslt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q2+f0ITzWPp+YCesnwp1Ng==": { "id": "Q2+f0ITzWPp+YCesnwp1Ng==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "Q2EySKz2roj2mYOhGJQA3A==": { "id": "Q2EySKz2roj2mYOhGJQA3A==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "Q9syyD8a/4l/mc50UAvBnQ==": { "id": "Q9syyD8a/4l/mc50UAvBnQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "QBD2bakyMRLlWNUWb7c8Ng==": { "id": "QBD2bakyMRLlWNUWb7c8Ng==", "updater": "rhel-vex", "name": "CVE-2023-29402", "description": "A flaw was found in golang. The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program that uses cgo. This can occur when running an untrusted module that contains directories with newline characters in their names. Modules that are retrieved using the go command, for example, via \"go get\", are not affected. Modules retrieved using GOPATH-mode, for example, GO111MODULE=off may be affected.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29402 https://bugzilla.redhat.com/show_bug.cgi?id=2217562 https://www.cve.org/CVERecord?id=CVE-2023-29402 https://nvd.nist.gov/vuln/detail/CVE-2023-29402 https://go.dev/cl/501226 https://go.dev/issue/60167 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1839 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29402.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "QBNxNqNCcUL/GHKqOh7Fyw==": { "id": "QBNxNqNCcUL/GHKqOh7Fyw==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "QDYJ95dZNazClKtqoRJQeQ==": { "id": "QDYJ95dZNazClKtqoRJQeQ==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "QHS4gwmQURKolJEnj/ZMHw==": { "id": "QHS4gwmQURKolJEnj/ZMHw==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "QL7KLbo+Ri9Q4aoq0+/c2w==": { "id": "QL7KLbo+Ri9Q4aoq0+/c2w==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "QNVm3dpa9lFJUb6FBjjc1g==": { "id": "QNVm3dpa9lFJUb6FBjjc1g==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "QNeXj0/uAU3vww6deBbkrw==": { "id": "QNeXj0/uAU3vww6deBbkrw==", "updater": "rhel-vex", "name": "CVE-2023-4641", "description": "A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.", "issued": "2023-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4641 https://bugzilla.redhat.com/show_bug.cgi?id=2215945 https://www.cve.org/CVERecord?id=CVE-2023-4641 https://nvd.nist.gov/vuln/detail/CVE-2023-4641 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4641.json https://access.redhat.com/errata/RHSA-2023:6632", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-8.el9", "arch_op": "pattern match" }, "QQ1upjXEDW7OiB4aR8O/8A==": { "id": "QQ1upjXEDW7OiB4aR8O/8A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.el9", "arch_op": "pattern match" }, "QSEpEyTM9A7rsX/qx644wQ==": { "id": "QSEpEyTM9A7rsX/qx644wQ==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "QTcHwvmTXpVKkHS0xdfb9g==": { "id": "QTcHwvmTXpVKkHS0xdfb9g==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "QX1bQ/CZA5mRbcqjpTc9aA==": { "id": "QX1bQ/CZA5mRbcqjpTc9aA==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "QX9gQ7esz1e73iQHmwojXA==": { "id": "QX9gQ7esz1e73iQHmwojXA==", "updater": "rhel-vex", "name": "CVE-2021-3973", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3973 https://bugzilla.redhat.com/show_bug.cgi?id=2025059 https://www.cve.org/CVERecord?id=CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3973.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QXekSyzWiuaI8YTxDgngHw==": { "id": "QXekSyzWiuaI8YTxDgngHw==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "QY4aLgQQjP1oPPp38ArMrQ==": { "id": "QY4aLgQQjP1oPPp38ArMrQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QZ7uKIt3KkZJfzRLCLWsIg==": { "id": "QZ7uKIt3KkZJfzRLCLWsIg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "QZQvSq0tzcJY8GfiU/aXpg==": { "id": "QZQvSq0tzcJY8GfiU/aXpg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "QbgvVzhz2dr5BDvAUM6wFQ==": { "id": "QbgvVzhz2dr5BDvAUM6wFQ==", "updater": "rhel-vex", "name": "CVE-2022-2304", "description": "A stack-based buffer overflow vulnerability was found in Vim's spell_dump_compl() function of the src/spell.c file. This issue occurs because the spell dump goes beyond the end of an array when crafted input is processed. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2304 https://bugzilla.redhat.com/show_bug.cgi?id=2104416 https://www.cve.org/CVERecord?id=CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2304.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Qe1reyLPtQVZ5wKqKa9jQA==": { "id": "Qe1reyLPtQVZ5wKqKa9jQA==", "updater": "rhel-vex", "name": "CVE-2022-0213", "description": "A flaw was found in vim. The vulnerability occurs due to not checking the length for the NameBuff function, which can lead to a heap buffer overflow. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0213 https://bugzilla.redhat.com/show_bug.cgi?id=2043779 https://www.cve.org/CVERecord?id=CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0213.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgRg8usqYLpC2SzTmhUKsQ==": { "id": "QgRg8usqYLpC2SzTmhUKsQ==", "updater": "rhel-vex", "name": "CVE-2025-22134", "description": "A flaw was found in Vim. Due to Vim not properly terminating visual mode, a heap buffer overflow condition may be triggered when a user switches buffers using the `:all` command. This issue may lead to unexpected behavior, such as an application crash or memory corruption.", "issued": "2025-01-13T20:41:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22134 https://bugzilla.redhat.com/show_bug.cgi?id=2337437 https://www.cve.org/CVERecord?id=CVE-2025-22134 https://nvd.nist.gov/vuln/detail/CVE-2025-22134 https://github.com/vim/vim/commit/c9a1e257f1630a0866447e53a564f7ff96a80ead https://github.com/vim/vim/security/advisories/GHSA-5rgf-26wj-48v8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22134.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QgyYiUqrv2nc1+RqO1bM4A==": { "id": "QgyYiUqrv2nc1+RqO1bM4A==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "QhESIu1eoXqoSNW7jNhlZg==": { "id": "QhESIu1eoXqoSNW7jNhlZg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overload", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.31-481.1.el9_6", "arch_op": "pattern match" }, "Qimhraux3dZtFrPRbNJqyw==": { "id": "Qimhraux3dZtFrPRbNJqyw==", "updater": "osv/go", "name": "GO-2023-2043", "description": "Improper handling of special tags within script contexts in html/template", "issued": "2023-09-07T16:11:59Z", "links": "https://go.dev/issue/62197 https://go.dev/cl/526157 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.8" }, "QireWdVPs8MzNOJ1scQvdA==": { "id": "QireWdVPs8MzNOJ1scQvdA==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "QjS6b4li9vRMvS2l49iyfw==": { "id": "QjS6b4li9vRMvS2l49iyfw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "Qp7j7oFs4UbVUHVGblDM1w==": { "id": "Qp7j7oFs4UbVUHVGblDM1w==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "QqK1O3FCNB9QbClJ7bZ6YA==": { "id": "QqK1O3FCNB9QbClJ7bZ6YA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "QqNagWxBuciWgmqsaHDwZw==": { "id": "QqNagWxBuciWgmqsaHDwZw==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "Qr2/3ufYTxjXiJuEKM7I7w==": { "id": "Qr2/3ufYTxjXiJuEKM7I7w==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "QsR+n6O0ULfYayvahAaltg==": { "id": "QsR+n6O0ULfYayvahAaltg==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "QwkBpizF3mo2JpevPMDeaw==": { "id": "QwkBpizF3mo2JpevPMDeaw==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "QxQ47SEMl+UFCOv8XVwx9A==": { "id": "QxQ47SEMl+UFCOv8XVwx9A==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "QznSXY89jmEtP62PhxgH1g==": { "id": "QznSXY89jmEtP62PhxgH1g==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "R1Akf7BYKFH+Usf+3IS0Cg==": { "id": "R1Akf7BYKFH+Usf+3IS0Cg==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "R1x4adkbkgVhxc9hzgUZcA==": { "id": "R1x4adkbkgVhxc9hzgUZcA==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "R6drGbgnzqKGDiX/RNUdqw==": { "id": "R6drGbgnzqKGDiX/RNUdqw==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "R7XEe59RfqPZwHJmDbOyww==": { "id": "R7XEe59RfqPZwHJmDbOyww==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "R9lgi90skf6A+gEQ2Lu8dg==": { "id": "R9lgi90skf6A+gEQ2Lu8dg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.el9", "arch_op": "pattern match" }, "RA9ILX3H27ou2ro1GzHq8Q==": { "id": "RA9ILX3H27ou2ro1GzHq8Q==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "RATpPhLUqjEbe+XxyYxOOw==": { "id": "RATpPhLUqjEbe+XxyYxOOw==", "updater": "rhel-vex", "name": "CVE-2022-2257", "description": "A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msg_outtrans_special function. This flaw allows a specially crafted file to crash software or execute code when opened in vim.", "issued": "2022-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2257 https://bugzilla.redhat.com/show_bug.cgi?id=2103133 https://www.cve.org/CVERecord?id=CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 https://huntr.dev/bounties/ca581f80-03ba-472a-b820-78f7fd05fe89/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2257.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RDlpzaleAPnYWwZyjvoRug==": { "id": "RDlpzaleAPnYWwZyjvoRug==", "updater": "rhel-vex", "name": "CVE-2024-3596", "description": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-3596 https://bugzilla.redhat.com/show_bug.cgi?id=2263240 https://www.cve.org/CVERecord?id=CVE-2024-3596 https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/ https://datatracker.ietf.org/doc/html/rfc2865 https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt https://www.blastradius.fail/ https://www.kb.cert.org/vuls/id/456537 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-3596.json https://access.redhat.com/errata/RHSA-2024:9474", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-4.el9_5", "arch_op": "pattern match" }, "RFeq5rwe+sxgyWgUXeEitA==": { "id": "RFeq5rwe+sxgyWgUXeEitA==", "updater": "osv/go", "name": "GO-2022-0523", "description": "Stack exhaustion when unmarshaling certain documents in encoding/xml", "issued": "2022-07-20T20:52:06Z", "links": "https://go.dev/cl/417061 https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08 https://go.dev/issue/53611 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "RJziShukaon2ShF1sKdneQ==": { "id": "RJziShukaon2ShF1sKdneQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHSA-2024:1530", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-1.el9_3.1", "arch_op": "pattern match" }, "RKG7TR5VLN5EK2rg7nfjuQ==": { "id": "RKG7TR5VLN5EK2rg7nfjuQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "RLGDcCcECNxfaKqTkhDvew==": { "id": "RLGDcCcECNxfaKqTkhDvew==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "RLfmH4oizoEHB59VpAV6Kg==": { "id": "RLfmH4oizoEHB59VpAV6Kg==", "updater": "rhel-vex", "name": "CVE-2024-30203", "description": "A flaw was found in Emacs. When Emacs is used as an email client, inline MIME attachments are considered to be trusted by default, allowing a crafted LaTeX document to exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30203 https://bugzilla.redhat.com/show_bug.cgi?id=2280296 https://www.cve.org/CVERecord?id=CVE-2024-30203 https://nvd.nist.gov/vuln/detail/CVE-2024-30203 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30203.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "RPWIFXazUxYQ5Q1rBYTqdg==": { "id": "RPWIFXazUxYQ5Q1rBYTqdg==", "updater": "rhel-vex", "name": "CVE-2025-61985", "description": "ssh in OpenSSH before 10.1 allows the '\\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.", "issued": "2025-10-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61985 https://bugzilla.redhat.com/show_bug.cgi?id=2401962 https://www.cve.org/CVERecord?id=CVE-2025-61985 https://nvd.nist.gov/vuln/detail/CVE-2025-61985 https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2 https://www.openssh.com/releasenotes.html#10.1p1 https://www.openwall.com/lists/oss-security/2025/10/06/1 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61985.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RPlldG/r8WWd2UCSZ1vzsg==": { "id": "RPlldG/r8WWd2UCSZ1vzsg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "RReWBnQmCp2XJDUh6xioRQ==": { "id": "RReWBnQmCp2XJDUh6xioRQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "RU6xHn/9SV8lotyX3JW1ZQ==": { "id": "RU6xHn/9SV8lotyX3JW1ZQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "RUDcnDBVSmf+/LWMe4Tqgw==": { "id": "RUDcnDBVSmf+/LWMe4Tqgw==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-headless", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "RXSYUreBGXQz5Vll3C130A==": { "id": "RXSYUreBGXQz5Vll3C130A==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "Rd2hVVbUws+mcvoC7DaoiQ==": { "id": "Rd2hVVbUws+mcvoC7DaoiQ==", "updater": "rhel-vex", "name": "CVE-2022-4292", "description": "A heap use-after-free flaw was found in Vim's did_set_spelllang() function of the spell.c file. This issue occurs because vim uses freed memory after SpellFileMissing autocmd uses bwipe. This could allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free issue that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4292 https://bugzilla.redhat.com/show_bug.cgi?id=2151558 https://www.cve.org/CVERecord?id=CVE-2022-4292 https://nvd.nist.gov/vuln/detail/CVE-2022-4292 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4292.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RdY/UQx2FGTtVn1x7G1KkA==": { "id": "RdY/UQx2FGTtVn1x7G1KkA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rf7m+dbWxZxBNm1A9nfdqg==": { "id": "Rf7m+dbWxZxBNm1A9nfdqg==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "RfXeDDRCykmZZMDXVfaGtg==": { "id": "RfXeDDRCykmZZMDXVfaGtg==", "updater": "rhel-vex", "name": "CVE-2025-32415", "description": "A flaw was found in the libxml2 library. A heap-based underflow can be triggered when a crafted XML document is validated against an XML schema with certain identity constraints or when a crafted XML schema is used, causing a crash to the application linked to the library and resulting in a denial of service.", "issued": "2025-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32415 https://bugzilla.redhat.com/show_bug.cgi?id=2360768 https://www.cve.org/CVERecord?id=CVE-2025-32415 https://nvd.nist.gov/vuln/detail/CVE-2025-32415 https://gitlab.gnome.org/GNOME/libxml2/-/issues/890 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32415.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "RgBI11FezD5/LF6u61IQtw==": { "id": "RgBI11FezD5/LF6u61IQtw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "Rm7aeXEOy4+PSaaC/AfGyw==": { "id": "Rm7aeXEOy4+PSaaC/AfGyw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json https://access.redhat.com/errata/RHSA-2025:9431", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-5.el9_6", "arch_op": "pattern match" }, "RnzVpoLf3gQvIDiBFFXm6w==": { "id": "RnzVpoLf3gQvIDiBFFXm6w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "RoQvxPrgcpXyTej834bT2Q==": { "id": "RoQvxPrgcpXyTej834bT2Q==", "updater": "rhel-vex", "name": "CVE-2024-57360", "description": "A flaw was found in the nm utility of binutils. A local user who specifies the `--without-symbol-versions` option on a specially crafted ELF file can trigger a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57360 https://bugzilla.redhat.com/show_bug.cgi?id=2339263 https://www.cve.org/CVERecord?id=CVE-2024-57360 https://nvd.nist.gov/vuln/detail/CVE-2024-57360 https://sourceware.org/bugzilla/show_bug.cgi?id=32467 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57360.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Rs2w9Uui+dW2Lg48Ml6jpw==": { "id": "Rs2w9Uui+dW2Lg48Ml6jpw==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxiYxX3H5lL8cc7k0ac/mQ==": { "id": "RxiYxX3H5lL8cc7k0ac/mQ==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RxmnlWamNxvphCIuarducQ==": { "id": "RxmnlWamNxvphCIuarducQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "RxwFiIUPJYMo6r5lfv+sdQ==": { "id": "RxwFiIUPJYMo6r5lfv+sdQ==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Ry6vRm+cs1w4rnhTcw+4ww==": { "id": "Ry6vRm+cs1w4rnhTcw+4ww==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "Rz0KcMyzx8GC2p+YUZpHPQ==": { "id": "Rz0KcMyzx8GC2p+YUZpHPQ==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "S01BJ2Ht59Iq71LsHWKLzg==": { "id": "S01BJ2Ht59Iq71LsHWKLzg==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "S2g7delheJOLf2DxVbw0Hg==": { "id": "S2g7delheJOLf2DxVbw0Hg==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "S2kC/8+NtHD0EdQuoPqXlg==": { "id": "S2kC/8+NtHD0EdQuoPqXlg==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:1462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-2.el9_3", "arch_op": "pattern match" }, "S3c04CkV3MUFBzUssTpBSg==": { "id": "S3c04CkV3MUFBzUssTpBSg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "S5Dzz9cigoJDCj8s5UcT0g==": { "id": "S5Dzz9cigoJDCj8s5UcT0g==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S9GgHs7lpMPNDjvswObhPg==": { "id": "S9GgHs7lpMPNDjvswObhPg==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "SBAWrxfXaQ2Ka48xajW62A==": { "id": "SBAWrxfXaQ2Ka48xajW62A==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "SFiwTqc+C9HkxslIGbfU0g==": { "id": "SFiwTqc+C9HkxslIGbfU0g==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "SFoELvc6okNKWKi7mExikA==": { "id": "SFoELvc6okNKWKi7mExikA==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "SIPkCsjtWsrsJnfVRjxnKA==": { "id": "SIPkCsjtWsrsJnfVRjxnKA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "SKOD3G/MxX5t9s/HjT+ehg==": { "id": "SKOD3G/MxX5t9s/HjT+ehg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "SKyAPnATFclliIE0mjtq+w==": { "id": "SKyAPnATFclliIE0mjtq+w==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SPxMxLW2DZ8IvP04UR/H6g==": { "id": "SPxMxLW2DZ8IvP04UR/H6g==", "updater": "rhel-vex", "name": "CVE-2025-5683", "description": "A flaw was found in qt. Loading a specially crafted ICNS image file within QImage results in a crash. This flaw allows a local attacker to provide a malicious image. The vulnerability is exploited via the image loading process, leading to application termination.", "issued": "2025-06-05T05:31:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5683 https://bugzilla.redhat.com/show_bug.cgi?id=2370384 https://www.cve.org/CVERecord?id=CVE-2025-5683 https://nvd.nist.gov/vuln/detail/CVE-2025-5683 https://codereview.qt-project.org/c/qt/qtimageformats/+/644548 https://issues.oss-fuzz.com/issues/415350704 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5683.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SRL0fsSEDtOf7vYyf/BewQ==": { "id": "SRL0fsSEDtOf7vYyf/BewQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "SRtj8i4HsQkjCyC1YPMDYw==": { "id": "SRtj8i4HsQkjCyC1YPMDYw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "SS38Q6SbT7pMry4emWgqdg==": { "id": "SS38Q6SbT7pMry4emWgqdg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "SSAJUNd+iNG0Dh0JEHjSXA==": { "id": "SSAJUNd+iNG0Dh0JEHjSXA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Getopt-Std", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.12-481.el9", "arch_op": "pattern match" }, "SU1MGh9+Zg3Zuy+khiN0Og==": { "id": "SU1MGh9+Zg3Zuy+khiN0Og==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "SWMi5UoagLshKWAW26MJTw==": { "id": "SWMi5UoagLshKWAW26MJTw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "SXF95Q57bdA0qf3iy/XSPw==": { "id": "SXF95Q57bdA0qf3iy/XSPw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "SaWdJL5a+HL0ZieRiKpgNA==": { "id": "SaWdJL5a+HL0ZieRiKpgNA==", "updater": "rhel-vex", "name": "CVE-2024-38428", "description": "A flaw was found in wget. Incorrect handling of semicolons in the userinfo subcomponent of a URI allows it to be misinterpreted as part of the host subcomponent, potentially exposing user credentials.", "issued": "2024-06-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-38428 https://bugzilla.redhat.com/show_bug.cgi?id=2292836 https://www.cve.org/CVERecord?id=CVE-2024-38428 https://nvd.nist.gov/vuln/detail/CVE-2024-38428 https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-38428.json https://access.redhat.com/errata/RHSA-2024:6192", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-8.el9_4", "arch_op": "pattern match" }, "Sal0GJMIh5Nqb3U4N6ro0g==": { "id": "Sal0GJMIh5Nqb3U4N6ro0g==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "SbrfelK/hRkg8QJAv7881A==": { "id": "SbrfelK/hRkg8QJAv7881A==", "updater": "osv/go", "name": "GO-2023-1570", "description": "Panic on large handshake records in crypto/tls", "issued": "2023-02-16T22:24:51Z", "links": "https://go.dev/issue/58001 https://go.dev/cl/468125 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "SduSwzmffGiGJfqQDrSyEA==": { "id": "SduSwzmffGiGJfqQDrSyEA==", "updater": "rhel-vex", "name": "CVE-2022-3570", "description": "A heap-based buffer overflow flaw was found in Libtiff's tiffcrop utility. This issue occurs during the conversion of a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes an out-of-bound access resulting an application crash, eventually leading to a denial of service.", "issued": "2022-02-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3570 https://bugzilla.redhat.com/show_bug.cgi?id=2142734 https://www.cve.org/CVERecord?id=CVE-2022-3570 https://nvd.nist.gov/vuln/detail/CVE-2022-3570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3570.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Sfn7NNniMfKKkrbS2KIlnA==": { "id": "Sfn7NNniMfKKkrbS2KIlnA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "SjbW0rogoRJo0my37ozMDg==": { "id": "SjbW0rogoRJo0my37ozMDg==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "SmczXqxeZRCcJykxG3Abrg==": { "id": "SmczXqxeZRCcJykxG3Abrg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Sn+Wd5xIJ9cLZDfoyJlgkw==": { "id": "Sn+Wd5xIJ9cLZDfoyJlgkw==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SnI5fUbXuT/Xt+VkGvddww==": { "id": "SnI5fUbXuT/Xt+VkGvddww==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.2-1.18.12.1.1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "SnYLkLUk0dFIFA/itR5yrA==": { "id": "SnYLkLUk0dFIFA/itR5yrA==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "SqKI5VB6698Nen4zsScUuw==": { "id": "SqKI5VB6698Nen4zsScUuw==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "SsFE9yHqow9BNx1O4nMcCg==": { "id": "SsFE9yHqow9BNx1O4nMcCg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "SsNZleqCp7tmOqFZQ6ZaBA==": { "id": "SsNZleqCp7tmOqFZQ6ZaBA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Stfm7ne4Ofst02xkZn9K1w==": { "id": "Stfm7ne4Ofst02xkZn9K1w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "SvhQ7tNvl6ANrVnaJ4cBNw==": { "id": "SvhQ7tNvl6ANrVnaJ4cBNw==", "updater": "rhel-vex", "name": "CVE-2022-3099", "description": "A use-after-free vulnerability was found in vim's do_cmdline() function of the src/ex_docmd.c file. The issue triggers when an invalid line number on :for is ignored. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3099 https://bugzilla.redhat.com/show_bug.cgi?id=2124157 https://www.cve.org/CVERecord?id=CVE-2022-3099 https://nvd.nist.gov/vuln/detail/CVE-2022-3099 https://huntr.dev/bounties/403210c7-6cc7-4874-8934-b57f88bd4f5e https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3099.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Sw8bDdvvxQW2LmbjS6B1hg==": { "id": "Sw8bDdvvxQW2LmbjS6B1hg==", "updater": "rhel-vex", "name": "CVE-2022-30630", "description": "A flaw was found in the golang standard library, io/fs. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This could allow an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2107371 https://www.cve.org/CVERecord?id=CVE-2022-30630 https://nvd.nist.gov/vuln/detail/CVE-2022-30630 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30630.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T1160/hke2bN2YNtHQGAVQ==": { "id": "T1160/hke2bN2YNtHQGAVQ==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "T2rcJ7DPtdiGNP7r4L5R2g==": { "id": "T2rcJ7DPtdiGNP7r4L5R2g==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "T38zlL6BTag6EVZfMAMcaw==": { "id": "T38zlL6BTag6EVZfMAMcaw==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "T4bxk7MHk24P39KEeRKoig==": { "id": "T4bxk7MHk24P39KEeRKoig==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "T5/Q0DOZypWV6o3x9ziKqw==": { "id": "T5/Q0DOZypWV6o3x9ziKqw==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "T507T5wFbtPlOW9lG7LxIA==": { "id": "T507T5wFbtPlOW9lG7LxIA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "T5Nghm4crNWWnUrYvZZItg==": { "id": "T5Nghm4crNWWnUrYvZZItg==", "updater": "rhel-vex", "name": "CVE-2022-2124", "description": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2124 https://bugzilla.redhat.com/show_bug.cgi?id=2099558 https://www.cve.org/CVERecord?id=CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2124.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "T9nCb/lA5TdipGMhtb6HJA==": { "id": "T9nCb/lA5TdipGMhtb6HJA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "TAntNn3gBlGhX3mRHNXfWw==": { "id": "TAntNn3gBlGhX3mRHNXfWw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "TCtup4kp9cBGgmnLMbI+rw==": { "id": "TCtup4kp9cBGgmnLMbI+rw==", "updater": "rhel-vex", "name": "CVE-2023-40745", "description": "LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40745 https://bugzilla.redhat.com/show_bug.cgi?id=2235265 https://www.cve.org/CVERecord?id=CVE-2023-40745 https://nvd.nist.gov/vuln/detail/CVE-2023-40745 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40745.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "TEg+H5IUFEuL8/4VudXtEg==": { "id": "TEg+H5IUFEuL8/4VudXtEg==", "updater": "rhel-vex", "name": "CVE-2022-3554", "description": "A flaw was found in LibX11. There is a possible memory leak in the _XimRegisterIMInstantiateCallback() of modules/im/ximcp/imsClbk.c. This issue may lead to limited availability.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3554 https://bugzilla.redhat.com/show_bug.cgi?id=2136411 https://www.cve.org/CVERecord?id=CVE-2022-3554 https://nvd.nist.gov/vuln/detail/CVE-2022-3554 https://ubuntu.com/security/CVE-2022-3554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3554.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TFku8MBahkkWbmKYS7dbIQ==": { "id": "TFku8MBahkkWbmKYS7dbIQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "TGe682MVp+b3S1lDl9HTLw==": { "id": "TGe682MVp+b3S1lDl9HTLw==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "TGjVfFW0jWP1/Slr8hCo8Q==": { "id": "TGjVfFW0jWP1/Slr8hCo8Q==", "updater": "osv/go", "name": "GO-2025-3751", "description": "Sensitive headers not cleared on cross-origin redirect in net/http", "issued": "2025-06-11T16:23:58Z", "links": "https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "TI1OyePXauC23iR42z7HKg==": { "id": "TI1OyePXauC23iR42z7HKg==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "TIcWaTRsDD52irGN4xUQyA==": { "id": "TIcWaTRsDD52irGN4xUQyA==", "updater": "rhel-vex", "name": "CVE-2022-2125", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2125 https://bugzilla.redhat.com/show_bug.cgi?id=2099590 https://www.cve.org/CVERecord?id=CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2125.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TK/tQUH9MhuStrQUTQS1ZQ==": { "id": "TK/tQUH9MhuStrQUTQS1ZQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "TN9ZqAQo2vEW/Tx62EpRcg==": { "id": "TN9ZqAQo2vEW/Tx62EpRcg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "TNb7OrRxFn2Bis7zp2oi8A==": { "id": "TNb7OrRxFn2Bis7zp2oi8A==", "updater": "rhel-vex", "name": "CVE-2025-9165", "description": "A memory leak flaw was found in LibTIFF. This vulnerability affects the _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 function in the file tools/tiffcmp.c of the tiffcmp component. Executing manipulation can lead to a memory leak. The attack is restricted to local execution.", "issued": "2025-08-19T20:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9165 https://bugzilla.redhat.com/show_bug.cgi?id=2389574 https://www.cve.org/CVERecord?id=CVE-2025-9165 https://nvd.nist.gov/vuln/detail/CVE-2025-9165 http://www.libtiff.org/ https://drive.google.com/file/d/1FWhmkzksH8-qU0ZM6seBzGNB3aPnX3G8/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/commit/ed141286a37f6e5ddafb5069347ff5d587e7a4e0 https://gitlab.com/libtiff/libtiff/-/issues/728 https://gitlab.com/libtiff/libtiff/-/merge_requests/747 https://vuldb.com/?ctiid.320543 https://vuldb.com/?id.320543 https://vuldb.com/?submit.630506 https://vuldb.com/?submit.630507 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9165.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TPp/bXEhRpApQLMY2Ppr9g==": { "id": "TPp/bXEhRpApQLMY2Ppr9g==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "TQEoFglRNgkSreqoAySz5A==": { "id": "TQEoFglRNgkSreqoAySz5A==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1438", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-4.el9_3", "arch_op": "pattern match" }, "TRd8qEGSmZkjG+mmOfTmTg==": { "id": "TRd8qEGSmZkjG+mmOfTmTg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "TTh9HGJJgt1I4lhDqtPBIA==": { "id": "TTh9HGJJgt1I4lhDqtPBIA==", "updater": "osv/go", "name": "GO-2022-1095", "description": "Unsanitized NUL in environment variables on Windows in syscall and os/exec", "issued": "2022-11-01T23:55:57Z", "links": "https://go.dev/issue/56284 https://go.dev/cl/446916 https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.8" }, "TU6sUeJdvbpf1Uxt7QBVXQ==": { "id": "TU6sUeJdvbpf1Uxt7QBVXQ==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "TUvm6koxiDQRc/8CJ4TCOA==": { "id": "TUvm6koxiDQRc/8CJ4TCOA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ThUekCEizKQbaM9qGtWShw==": { "id": "ThUekCEizKQbaM9qGtWShw==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ThjoilITJToSra2xx7nmXA==": { "id": "ThjoilITJToSra2xx7nmXA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "TiGGrcjH9zkR+9PywLxD8Q==": { "id": "TiGGrcjH9zkR+9PywLxD8Q==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ToyZiPOtBFPiNJOZ8QaYng==": { "id": "ToyZiPOtBFPiNJOZ8QaYng==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "TrfUjn7Hi6JPe4l/9tuyAQ==": { "id": "TrfUjn7Hi6JPe4l/9tuyAQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json https://access.redhat.com/errata/RHBA-2024:2518", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4", "arch_op": "pattern match" }, "TsVNXuAeF3PhiRZhIOjjtQ==": { "id": "TsVNXuAeF3PhiRZhIOjjtQ==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TszqopCoskBv4coMA3/peg==": { "id": "TszqopCoskBv4coMA3/peg==", "updater": "rhel-vex", "name": "CVE-2025-1153", "description": "A flaw was found in GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T19:00:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1153 https://bugzilla.redhat.com/show_bug.cgi?id=2344743 https://www.cve.org/CVERecord?id=CVE-2025-1153 https://nvd.nist.gov/vuln/detail/CVE-2025-1153 https://sourceware.org/bugzilla/show_bug.cgi?id=32603 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150 https://vuldb.com/?ctiid.295057 https://vuldb.com/?id.295057 https://vuldb.com/?submit.489991 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1153.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TteHTvD/qC9z9/bg4D+o8w==": { "id": "TteHTvD/qC9z9/bg4D+o8w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.1.el9_6", "arch_op": "pattern match" }, "U/ITon4/vjzN/EsZEGI38Q==": { "id": "U/ITon4/vjzN/EsZEGI38Q==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "U06t0kkLaLeKpn0QxtZUSg==": { "id": "U06t0kkLaLeKpn0QxtZUSg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "U2e7dgKDqk0OlJ2oJw2iuw==": { "id": "U2e7dgKDqk0OlJ2oJw2iuw==", "updater": "osv/go", "name": "GO-2022-1038", "description": "Incorrect sanitization of forwarded query parameters in net/http/httputil", "issued": "2022-10-06T16:42:43Z", "links": "https://go.dev/issue/54663 https://go.dev/cl/432976 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "U2w6LmoqKmaGSd6IxLZGKg==": { "id": "U2w6LmoqKmaGSd6IxLZGKg==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "U31VkPC5v6K7XIsRFDo19w==": { "id": "U31VkPC5v6K7XIsRFDo19w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "U47k8+SGMpP7nHNJFxv5oA==": { "id": "U47k8+SGMpP7nHNJFxv5oA==", "updater": "rhel-vex", "name": "CVE-2025-4373", "description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "issued": "2025-05-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4373 https://bugzilla.redhat.com/show_bug.cgi?id=2364265 https://www.cve.org/CVERecord?id=CVE-2025-4373 https://nvd.nist.gov/vuln/detail/CVE-2025-4373 https://gitlab.gnome.org/GNOME/glib/-/issues/3677 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4373.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "U61IeOaU1v6bOHJxSPbCCw==": { "id": "U61IeOaU1v6bOHJxSPbCCw==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "U7q9649W3+OXGS9kMwowkw==": { "id": "U7q9649W3+OXGS9kMwowkw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "U86hsRMcoSpvWp72aUJNFQ==": { "id": "U86hsRMcoSpvWp72aUJNFQ==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "U86r1ELAOJanBnxwrapY0g==": { "id": "U86r1ELAOJanBnxwrapY0g==", "updater": "osv/go", "name": "GO-2025-4015", "description": "Excessive CPU consumption in Reader.ReadResponse in net/textproto", "issued": "2025-10-29T21:51:07Z", "links": "https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "UApauQbQz6UZdsAuW9miOQ==": { "id": "UApauQbQz6UZdsAuW9miOQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "UBV+Z4vQ/HB9/cVGq/+u3w==": { "id": "UBV+Z4vQ/HB9/cVGq/+u3w==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "UBzPfwycyyJOBETwdSTG/w==": { "id": "UBzPfwycyyJOBETwdSTG/w==", "updater": "rhel-vex", "name": "CVE-2024-47814", "description": "A flaw was found in Vim. When closing a buffer visible in a window, a `BufWinLeave` auto command can trigger a use-after-free if this auto command happens to reopen the same buffer in a new split window. This issue can potentially cause Vim to crash, leading to a denial of service.", "issued": "2024-10-07T21:16:01Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47814 https://bugzilla.redhat.com/show_bug.cgi?id=2317096 https://www.cve.org/CVERecord?id=CVE-2024-47814 https://nvd.nist.gov/vuln/detail/CVE-2024-47814 https://github.com/vim/vim/commit/51b62387be93c65fa56bbabe1c3 https://github.com/vim/vim/security/advisories/GHSA-rj48-v4mq-j4vg https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47814.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UC0U9/zd+klwBmGR1YYVPg==": { "id": "UC0U9/zd+klwBmGR1YYVPg==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "UEW14H6J4RBSZEjpG6p4bw==": { "id": "UEW14H6J4RBSZEjpG6p4bw==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "UEgRngB2KVq3bhFU/6+13Q==": { "id": "UEgRngB2KVq3bhFU/6+13Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "UH1xPpnVOud+f1gKl26ATQ==": { "id": "UH1xPpnVOud+f1gKl26ATQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "UPjX59r3QHIaBVa54cqtzA==": { "id": "UPjX59r3QHIaBVa54cqtzA==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "USroe8+XCxLDwAOkjWfs+Q==": { "id": "USroe8+XCxLDwAOkjWfs+Q==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "UTm7DZVRUmqWWBx0Js7vCA==": { "id": "UTm7DZVRUmqWWBx0Js7vCA==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "UV2MuUVVyu0L6wfdUc0Qpg==": { "id": "UV2MuUVVyu0L6wfdUc0Qpg==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "UVRy+pWnw+7xa7f2U2B15Q==": { "id": "UVRy+pWnw+7xa7f2U2B15Q==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "UWR5dcXlfiNMz/BIfTGvfQ==": { "id": "UWR5dcXlfiNMz/BIfTGvfQ==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Ub9JoNToSyT09hD5MOIlGA==": { "id": "Ub9JoNToSyT09hD5MOIlGA==", "updater": "rhel-vex", "name": "CVE-2025-8961", "description": "A memory corruption flaw was found in libTIFF. This issue affects the May function of the tiffcrop.c file in the tiffcrop component. This attack needs to be approached locally.", "issued": "2025-08-14T12:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8961 https://bugzilla.redhat.com/show_bug.cgi?id=2388541 https://www.cve.org/CVERecord?id=CVE-2025-8961 https://nvd.nist.gov/vuln/detail/CVE-2025-8961 http://www.libtiff.org/ https://drive.google.com/file/d/15L4q2eD8GX3Aj3z6SWC3_FbqaM1ChUx2/view?usp=sharing https://gitlab.com/libtiff/libtiff/-/issues/721 https://gitlab.com/libtiff/libtiff/-/issues/721#note_2670686960 https://vuldb.com/?ctiid.319955 https://vuldb.com/?id.319955 https://vuldb.com/?submit.627957 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8961.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbJne6U4WRZmmyYLeEtt4w==": { "id": "UbJne6U4WRZmmyYLeEtt4w==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "UcI2WjL14mHQYOfXIkpuzA==": { "id": "UcI2WjL14mHQYOfXIkpuzA==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "UcSRaJxHOHBFxbLpeEwTSA==": { "id": "UcSRaJxHOHBFxbLpeEwTSA==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "UeuwcxsDMDrcMU7c13lXsQ==": { "id": "UeuwcxsDMDrcMU7c13lXsQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "Uh6QIejNBmYSJ+kLmnZWzw==": { "id": "Uh6QIejNBmYSJ+kLmnZWzw==", "updater": "rhel-vex", "name": "CVE-2023-22652", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.", "issued": "2023-03-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22652 https://bugzilla.redhat.com/show_bug.cgi?id=2212463 https://www.cve.org/CVERecord?id=CVE-2023-22652 https://nvd.nist.gov/vuln/detail/CVE-2023-22652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22652.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "UhBP4F/rEtGjZG3U8Wvp2Q==": { "id": "UhBP4F/rEtGjZG3U8Wvp2Q==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "UiO8eKIdcPJIKIj94tK4ug==": { "id": "UiO8eKIdcPJIKIj94tK4ug==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "UjXmsuFAyS2A1LN7d6S/5w==": { "id": "UjXmsuFAyS2A1LN7d6S/5w==", "updater": "rhel-vex", "name": "CVE-2025-4674", "description": "A flaw was found in cmd/go. The `go` command can execute arbitrary commands when processing untrusted version control system (VCS) repositories containing malicious configuration. This issue occurs because the command interprets VCS metadata, potentially leading to unintended command execution. This vulnerability allows a malicious actor to trigger this by providing a repository with a crafted VCS configuration, resulting in arbitrary code execution within the context of the `go` process.", "issued": "2025-07-29T21:19:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4674 https://bugzilla.redhat.com/show_bug.cgi?id=2384329 https://www.cve.org/CVERecord?id=CVE-2025-4674 https://nvd.nist.gov/vuln/detail/CVE-2025-4674 https://go.dev/cl/686515 https://go.dev/issue/74380 https://groups.google.com/g/golang-announce/c/gTNJnDXmn34 https://pkg.go.dev/vuln/GO-2025-3828 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4674.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "UoBD3GwEne6Zwl54oZgCCg==": { "id": "UoBD3GwEne6Zwl54oZgCCg==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "Us6zMNu9gwaRC0UH2SSoQw==": { "id": "Us6zMNu9gwaRC0UH2SSoQw==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "UsE9/aKvx7HhPwZe6KY1zw==": { "id": "UsE9/aKvx7HhPwZe6KY1zw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "UsTHWG7fBbgk8T9K0i79Ww==": { "id": "UsTHWG7fBbgk8T9K0i79Ww==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "UuV6vmv/pMSyQBUW2Wn3bA==": { "id": "UuV6vmv/pMSyQBUW2Wn3bA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Uy8P+1ImBLgh4EjZYlMO1Q==": { "id": "Uy8P+1ImBLgh4EjZYlMO1Q==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "UykJtPxmRiaRteAhKYbbOQ==": { "id": "UykJtPxmRiaRteAhKYbbOQ==", "updater": "rhel-vex", "name": "CVE-2021-42574", "description": "A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behaviour from the reviewer.", "issued": "2021-11-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-42574 https://bugzilla.redhat.com/show_bug.cgi?id=2005819 https://access.redhat.com/security/vulnerabilities/RHSB-2021-007 https://www.cve.org/CVERecord?id=CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 https://trojansource.codes/ https://www.lightbluetouchpaper.org/2021/11/01/trojan-source-invisible-vulnerabilities/ https://www.unicode.org/reports/tr36/#Bidirectional_Text_Spoofing https://www.unicode.org/reports/tr39/ https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-42574.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V+7K8Rg1uux3xnVmyH12/A==": { "id": "V+7K8Rg1uux3xnVmyH12/A==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "V0awGVhndNVps/Yhh/P2GQ==": { "id": "V0awGVhndNVps/Yhh/P2GQ==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "V2C0OnbFKs9wiV3IrUOPew==": { "id": "V2C0OnbFKs9wiV3IrUOPew==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "V8n5VKFkjNZwkLq+W6E59g==": { "id": "V8n5VKFkjNZwkLq+W6E59g==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "V9f8Tc0z/tWsm1egJDudPA==": { "id": "V9f8Tc0z/tWsm1egJDudPA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "V9lyeZvue30g1R6RiITjAw==": { "id": "V9lyeZvue30g1R6RiITjAw==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "VDQb6roo+zwBamxPu+hGeQ==": { "id": "VDQb6roo+zwBamxPu+hGeQ==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "VDdxJUjxgL4zXvGWC/1xnw==": { "id": "VDdxJUjxgL4zXvGWC/1xnw==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "VDqplxSZcK9CHQ9RjGiEqQ==": { "id": "VDqplxSZcK9CHQ9RjGiEqQ==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "VGewdTS02tdqYoORYHK7Rg==": { "id": "VGewdTS02tdqYoORYHK7Rg==", "updater": "rhel-vex", "name": "CVE-2022-39253", "description": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's `$GIT_DIR/objects` directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via `--no-hardlinks`). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the `--recurse-submodules` option. Git does not create symbolic links in the `$GIT_DIR/objects` directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the `--local` optimization when on a shared machine, either by passing the `--no-local` option to `git clone` or cloning from a URL that uses the `file://` scheme. Alternatively, avoid cloning repositories from untrusted sources with `--recurse-submodules` or run `git config --global protocol.file.allow user`.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39253 https://bugzilla.redhat.com/show_bug.cgi?id=2137422 https://www.cve.org/CVERecord?id=CVE-2022-39253 https://nvd.nist.gov/vuln/detail/CVE-2022-39253 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39253.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "VJAm4vMolMmA2ytzFknQUA==": { "id": "VJAm4vMolMmA2ytzFknQUA==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "VJggyJ1jjyIM3XdMGzsDrg==": { "id": "VJggyJ1jjyIM3XdMGzsDrg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "VMOHtQeyAtpNyzG6HE0XhQ==": { "id": "VMOHtQeyAtpNyzG6HE0XhQ==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "VMyDbkft4E3T+1eXNk/i7A==": { "id": "VMyDbkft4E3T+1eXNk/i7A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "VNA7ljkMyeRq9SDNO9drHQ==": { "id": "VNA7ljkMyeRq9SDNO9drHQ==", "updater": "osv/go", "name": "GO-2023-1568", "description": "Path traversal on Windows in path/filepath", "issued": "2023-02-16T19:49:19Z", "links": "https://go.dev/issue/57274 https://go.dev/cl/468123 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.6" }, "VQ+eWJsUMBep4PD4xfj8Vw==": { "id": "VQ+eWJsUMBep4PD4xfj8Vw==", "updater": "rhel-vex", "name": "CVE-2022-3517", "description": "A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service.", "issued": "2022-02-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3517 https://bugzilla.redhat.com/show_bug.cgi?id=2134609 https://www.cve.org/CVERecord?id=CVE-2022-3517 https://nvd.nist.gov/vuln/detail/CVE-2022-3517 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3517.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "VUNwpBj4hvcLARxqxrvCCg==": { "id": "VUNwpBj4hvcLARxqxrvCCg==", "updater": "rhel-vex", "name": "CVE-2024-21891", "description": "A flaw was found in Node.js. Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwritten with user-defined implementations, leading to a filesystem permission model bypass through a path traversal attack.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21891 https://bugzilla.redhat.com/show_bug.cgi?id=2265720 https://www.cve.org/CVERecord?id=CVE-2024-21891 https://nvd.nist.gov/vuln/detail/CVE-2024-21891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21891.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "VVUozaap6uAAqX8QCLFGyg==": { "id": "VVUozaap6uAAqX8QCLFGyg==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "VWEbeFnFOHy1IkG21b5a5g==": { "id": "VWEbeFnFOHy1IkG21b5a5g==", "updater": "rhel-vex", "name": "CVE-2023-30571", "description": "A vulnerability was found in libarchive. This issue can cause a race condition in a multi-threaded use of archive_write_disk_header() on posix based systems, which could allow implicit directory creation with permissions 777, without sticky bit, which means any low privileged user on the system can delete and rename files inside those directories.", "issued": "2023-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30571 https://bugzilla.redhat.com/show_bug.cgi?id=2210921 https://www.cve.org/CVERecord?id=CVE-2023-30571 https://nvd.nist.gov/vuln/detail/CVE-2023-30571 https://access.redhat.com/solutions/7033331 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30571.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VZxWbc2wJwiwTLhillEtpA==": { "id": "VZxWbc2wJwiwTLhillEtpA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "Vbqm1jpiIiIM2rxq++FdoQ==": { "id": "Vbqm1jpiIiIM2rxq++FdoQ==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "VcgFEXPgpzLsj5tOjILVtw==": { "id": "VcgFEXPgpzLsj5tOjILVtw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "VdMk4kWMgrdK/5+i3n6XhA==": { "id": "VdMk4kWMgrdK/5+i3n6XhA==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "VdavXNeRp4EjkXxldYSiUw==": { "id": "VdavXNeRp4EjkXxldYSiUw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Ve1jg9SxTDjeNdfGHjxP2g==": { "id": "Ve1jg9SxTDjeNdfGHjxP2g==", "updater": "rhel-vex", "name": "CVE-2025-3198", "description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "issued": "2025-04-04T01:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3198 https://bugzilla.redhat.com/show_bug.cgi?id=2357358 https://www.cve.org/CVERecord?id=CVE-2025-3198 https://nvd.nist.gov/vuln/detail/CVE-2025-3198 https://sourceware.org/bugzilla/show_bug.cgi?id=32716 https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c0 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ba6ad3a18cb26b79e0e3b84c39f707535bbc344d https://vuldb.com/?ctiid.303151 https://vuldb.com/?id.303151 https://vuldb.com/?submit.545773 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3198.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VgTIKWxJpYFkd788UcqT3A==": { "id": "VgTIKWxJpYFkd788UcqT3A==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "VgaIsJDFBatjqT1h+RQLFQ==": { "id": "VgaIsJDFBatjqT1h+RQLFQ==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Vl7X+IopOqzOWh1MyUOYCw==": { "id": "Vl7X+IopOqzOWh1MyUOYCw==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "VxNINARrmRd6QnZ2htNesA==": { "id": "VxNINARrmRd6QnZ2htNesA==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "VyeYHICkBiXwLbWKsz4//A==": { "id": "VyeYHICkBiXwLbWKsz4//A==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "W01A5sOetTjsV/4bYawPgA==": { "id": "W01A5sOetTjsV/4bYawPgA==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "W08Ska67/8hV/b3GYflglQ==": { "id": "W08Ska67/8hV/b3GYflglQ==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "W0TAw6aTfwXOMlJwloDkZA==": { "id": "W0TAw6aTfwXOMlJwloDkZA==", "updater": "rhel-vex", "name": "CVE-2021-4136", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4136 https://bugzilla.redhat.com/show_bug.cgi?id=2034720 https://www.cve.org/CVERecord?id=CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4136.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W3qe9/KhW5BUF2s+kXxVcA==": { "id": "W3qe9/KhW5BUF2s+kXxVcA==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "W5birtu1clZwp55QDPxkAA==": { "id": "W5birtu1clZwp55QDPxkAA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "W9IdHW1dLxMcDTawlof8yw==": { "id": "W9IdHW1dLxMcDTawlof8yw==", "updater": "rhel-vex", "name": "CVE-2024-28863", "description": "A flaw was found in ISAACS's node-tar, where it is vulnerable to a denial of service, caused by the lack of folder count validation. The vulnerability exists due to the application not properly controlling the consumption of internal resources while parsing a tar file. By sending a specially crafted request, a remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28863 https://bugzilla.redhat.com/show_bug.cgi?id=2293200 https://www.cve.org/CVERecord?id=CVE-2024-28863 https://nvd.nist.gov/vuln/detail/CVE-2024-28863 https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 https://security.netapp.com/advisory/ntap-20240524-0005/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28863.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "W9Pcn9xdPg78KgFAK5oOyQ==": { "id": "W9Pcn9xdPg78KgFAK5oOyQ==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WACsy7vAhq3GJRyxAuj7NA==": { "id": "WACsy7vAhq3GJRyxAuj7NA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "WALxwIFXDH8ZvKesDKBFiQ==": { "id": "WALxwIFXDH8ZvKesDKBFiQ==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "WCZXmTnbo+2lbMuZdpH8NA==": { "id": "WCZXmTnbo+2lbMuZdpH8NA==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "WFXV6zzHKCX8JuqtokClVw==": { "id": "WFXV6zzHKCX8JuqtokClVw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WGccGAwrqbQSNjycPuaPsA==": { "id": "WGccGAwrqbQSNjycPuaPsA==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "WIbunUW6+W30QKZc5Tmqzw==": { "id": "WIbunUW6+W30QKZc5Tmqzw==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "WKC52So9Haaq0Y0pkIeTJg==": { "id": "WKC52So9Haaq0Y0pkIeTJg==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "WKEI7EQhRkCAgIF18HZjKg==": { "id": "WKEI7EQhRkCAgIF18HZjKg==", "updater": "rhel-vex", "name": "CVE-2023-32573", "description": "A vulnerability was found in qt. The security flaw occurs due to uninitialized variable usage in m_unitsPerEm.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32573 https://bugzilla.redhat.com/show_bug.cgi?id=2208135 https://www.cve.org/CVERecord?id=CVE-2023-32573 https://nvd.nist.gov/vuln/detail/CVE-2023-32573 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32573.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "WLpGLJSV+lV8a0xggVfA3A==": { "id": "WLpGLJSV+lV8a0xggVfA3A==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "WLri8p9NfgX8reKybIYziw==": { "id": "WLri8p9NfgX8reKybIYziw==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "WNA27LqRIql90O1m/PSAgQ==": { "id": "WNA27LqRIql90O1m/PSAgQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "WNRX1UWo4fDLFOhq9mcbIA==": { "id": "WNRX1UWo4fDLFOhq9mcbIA==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "WOIdi+BEnCeSEkfRBmj1AA==": { "id": "WOIdi+BEnCeSEkfRBmj1AA==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "WOmMgxwwjpbn/RLQX8HPBg==": { "id": "WOmMgxwwjpbn/RLQX8HPBg==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "WPitnGSVxSl/y97AJTQIFQ==": { "id": "WPitnGSVxSl/y97AJTQIFQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "WU+A3QdBd331DcSM3AXFew==": { "id": "WU+A3QdBd331DcSM3AXFew==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "WV6CLob4bxW/eDgXBTJfxA==": { "id": "WV6CLob4bxW/eDgXBTJfxA==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "WVPPqMDSvwuthc5RexsDjg==": { "id": "WVPPqMDSvwuthc5RexsDjg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "WVkwWFZlIInzrX99VsKBBQ==": { "id": "WVkwWFZlIInzrX99VsKBBQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "Wd+GQ3y21/7kl1XV9m/oiQ==": { "id": "Wd+GQ3y21/7kl1XV9m/oiQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "WhaoYkvfheR7Tz30m0/IKA==": { "id": "WhaoYkvfheR7Tz30m0/IKA==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gcc-plugin-annobin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "WlLXHoXR9O8Ph+uSZ6aDCg==": { "id": "WlLXHoXR9O8Ph+uSZ6aDCg==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "WnkMM/SD0E+7EEac0/vMVg==": { "id": "WnkMM/SD0E+7EEac0/vMVg==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.18.19.1.1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "WoF8HAs7BhQT5cycNGL9tw==": { "id": "WoF8HAs7BhQT5cycNGL9tw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "WorXACje3vTXq/wv3RUODg==": { "id": "WorXACje3vTXq/wv3RUODg==", "updater": "rhel-vex", "name": "CVE-2025-6395", "description": "A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite().", "issued": "2025-07-10T07:56:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6395 https://bugzilla.redhat.com/show_bug.cgi?id=2376755 https://www.cve.org/CVERecord?id=CVE-2025-6395 https://nvd.nist.gov/vuln/detail/CVE-2025-6395 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6395.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "WqlqRQL17MeMqdTx+SuEyw==": { "id": "WqlqRQL17MeMqdTx+SuEyw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Ws0fZZUTvLi37jSEx1MM5g==": { "id": "Ws0fZZUTvLi37jSEx1MM5g==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "Wv5rERdynoJ/gHM2CtgXiw==": { "id": "Wv5rERdynoJ/gHM2CtgXiw==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "WwkM3aNBW0LnenEr6xDxWQ==": { "id": "WwkM3aNBW0LnenEr6xDxWQ==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "WxO9le6q4ACTs4KnSuckDw==": { "id": "WxO9le6q4ACTs4KnSuckDw==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json https://access.redhat.com/errata/RHSA-2025:20559", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:4.9-15.el9", "arch_op": "pattern match" }, "Wy87cIX7luFb8A/riFwUyw==": { "id": "Wy87cIX7luFb8A/riFwUyw==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "WzMeKgvORq7XF2Xr4q+JaQ==": { "id": "WzMeKgvORq7XF2Xr4q+JaQ==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "X+rjva7ecn1JedeVO9IX9w==": { "id": "X+rjva7ecn1JedeVO9IX9w==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-3.el9_2", "arch_op": "pattern match" }, "X10PEbhI2yv6KYFUPacecg==": { "id": "X10PEbhI2yv6KYFUPacecg==", "updater": "rhel-vex", "name": "CVE-2022-1619", "description": "A flaw was found in vim, which is vulnerable to a heap-buffer-overflow in cmdline_erase_chars of the ex_getln.c function. This flaw allows a specially crafted file to crash software, modify memory or execute code when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1619 https://bugzilla.redhat.com/show_bug.cgi?id=2083026 https://www.cve.org/CVERecord?id=CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 https://huntr.dev/bounties/b3200483-624e-4c76-a070-e246f62a7450/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1619.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X2wqIFGbKlJQpE/DojrwxA==": { "id": "X2wqIFGbKlJQpE/DojrwxA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.1-1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "X3NBOrSivf9I926V0a2/oQ==": { "id": "X3NBOrSivf9I926V0a2/oQ==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X3WuoMxfqKQH/0bF7PkAAQ==": { "id": "X3WuoMxfqKQH/0bF7PkAAQ==", "updater": "rhel-vex", "name": "CVE-2022-3235", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3235 https://bugzilla.redhat.com/show_bug.cgi?id=2129371 https://www.cve.org/CVERecord?id=CVE-2022-3235 https://nvd.nist.gov/vuln/detail/CVE-2022-3235 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3235.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X4CDljJQJsftQ2RA57ftuw==": { "id": "X4CDljJQJsftQ2RA57ftuw==", "updater": "rhel-vex", "name": "CVE-2021-3807", "description": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.", "issued": "2021-09-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3807 https://bugzilla.redhat.com/show_bug.cgi?id=2007557 https://www.cve.org/CVERecord?id=CVE-2021-3807 https://nvd.nist.gov/vuln/detail/CVE-2021-3807 https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3807.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "X9G3TF69Pz3xUY5yIPno7w==": { "id": "X9G3TF69Pz3xUY5yIPno7w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "X9na4KYJ5u50u+KLDr2iTQ==": { "id": "X9na4KYJ5u50u+KLDr2iTQ==", "updater": "rhel-vex", "name": "CVE-2022-40090", "description": "A flaw was found in the libtiff library. This issue allows an attacker who can submit a specially crafted file to an application linked with libtiff to cause an infinite loop, resulting in a denial of service.", "issued": "2022-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-40090 https://bugzilla.redhat.com/show_bug.cgi?id=2234970 https://www.cve.org/CVERecord?id=CVE-2022-40090 https://nvd.nist.gov/vuln/detail/CVE-2022-40090 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-40090.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "XAIf2EIgyFF5+OA6csVS5w==": { "id": "XAIf2EIgyFF5+OA6csVS5w==", "updater": "rhel-vex", "name": "CVE-2025-61723", "description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61723 https://bugzilla.redhat.com/show_bug.cgi?id=2407252 https://www.cve.org/CVERecord?id=CVE-2025-61723 https://nvd.nist.gov/vuln/detail/CVE-2025-61723 https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b https://go.dev/cl/709858 https://go.dev/issue/75676 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4009 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61723.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XC3MXlpMb9D+YigNspsXlA==": { "id": "XC3MXlpMb9D+YigNspsXlA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "XEJhztOC2qEngMnVDsmKtA==": { "id": "XEJhztOC2qEngMnVDsmKtA==", "updater": "rhel-vex", "name": "CVE-2025-47910", "description": "When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.", "issued": "2025-09-22T21:01:55Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47910 https://bugzilla.redhat.com/show_bug.cgi?id=2397528 https://www.cve.org/CVERecord?id=CVE-2025-47910 https://nvd.nist.gov/vuln/detail/CVE-2025-47910 https://go.dev/cl/699275 https://go.dev/issue/75054 https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ https://pkg.go.dev/vuln/GO-2025-3955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47910.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XEhX6upCFgCYuF9SSk9Iyg==": { "id": "XEhX6upCFgCYuF9SSk9Iyg==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "XH8pWtqEhhBDhQuq+NWhvQ==": { "id": "XH8pWtqEhhBDhQuq+NWhvQ==", "updater": "rhel-vex", "name": "CVE-2023-5129", "description": "This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.", "issued": "2023-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5129 https://bugzilla.redhat.com/show_bug.cgi?id=2240759 https://www.cve.org/CVERecord?id=CVE-2023-5129 https://nvd.nist.gov/vuln/detail/CVE-2023-5129 https://chromium.googlesource.com/webm/libwebp/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76 https://chromium.googlesource.com/webm/libwebp/+/902bc9190331343b2017211debcec8d2ab87e17a https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5129.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N", "normalized_severity": "Unknown", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "XHSXqyF2rScxnK03VnME5Q==": { "id": "XHSXqyF2rScxnK03VnME5Q==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "XIb0YQoMG8k0zzVWHpmvAA==": { "id": "XIb0YQoMG8k0zzVWHpmvAA==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "XL1Nv8y45q8aiA92A99YyA==": { "id": "XL1Nv8y45q8aiA92A99YyA==", "updater": "rhel-vex", "name": "CVE-2023-0512", "description": "A divide-by-zero flaw was found in Vim's adjust_skipcol() function in the move.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a floating point exception error and causing an application to crash, eventually leading to a denial of service.", "issued": "2023-01-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0512 https://bugzilla.redhat.com/show_bug.cgi?id=2165798 https://www.cve.org/CVERecord?id=CVE-2023-0512 https://nvd.nist.gov/vuln/detail/CVE-2023-0512 https://huntr.dev/bounties/de83736a-1936-4872-830b-f1e9b0ad2a74 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0512.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XM09w+ZScTz4IEN6LeAUgg==": { "id": "XM09w+ZScTz4IEN6LeAUgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "XPUXyp+BOEJyEGOgXafi8Q==": { "id": "XPUXyp+BOEJyEGOgXafi8Q==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XSCYGr+cvuvD+k3V0XhWSw==": { "id": "XSCYGr+cvuvD+k3V0XhWSw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "XTLakHdORg480i8g31JU6A==": { "id": "XTLakHdORg480i8g31JU6A==", "updater": "rhel-vex", "name": "CVE-2017-17095", "description": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file.", "issued": "2017-11-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17095 https://bugzilla.redhat.com/show_bug.cgi?id=1524284 https://www.cve.org/CVERecord?id=CVE-2017-17095 https://nvd.nist.gov/vuln/detail/CVE-2017-17095 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17095.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "XVnPYCI1ck0zTs/Cz6Yl5A==": { "id": "XVnPYCI1ck0zTs/Cz6Yl5A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "XW4X9/W6MfETfE/VICA4Jw==": { "id": "XW4X9/W6MfETfE/VICA4Jw==", "updater": "rhel-vex", "name": "CVE-2025-1376", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the function elf_strptr in /libelf/elf_strptr.c.", "issued": "2025-02-17T04:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1376 https://bugzilla.redhat.com/show_bug.cgi?id=2346061 https://www.cve.org/CVERecord?id=CVE-2025-1376 https://nvd.nist.gov/vuln/detail/CVE-2025-1376 https://sourceware.org/bugzilla/attachment.cgi?id=15940 https://sourceware.org/bugzilla/show_bug.cgi?id=32672 https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 https://vuldb.com/?ctiid.295984 https://vuldb.com/?id.295984 https://vuldb.com/?submit.497538 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1376.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWaBdbEJiHpYXT1f1eBk1Q==": { "id": "XWaBdbEJiHpYXT1f1eBk1Q==", "updater": "rhel-vex", "name": "CVE-2022-47007", "description": "A memory leak was found in function stab_demangle_v3_arg in stabs.c in Binutils, allows local attacker to exploit the vulnerability using specially crafted file to cause Denial of Service.", "issued": "2022-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47007 https://bugzilla.redhat.com/show_bug.cgi?id=2233980 https://www.cve.org/CVERecord?id=CVE-2022-47007 https://nvd.nist.gov/vuln/detail/CVE-2022-47007 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47007.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "XWfDomoStj3uOui0AGO+Tg==": { "id": "XWfDomoStj3uOui0AGO+Tg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "XXYPGOxEabdavz27Qo+rWQ==": { "id": "XXYPGOxEabdavz27Qo+rWQ==", "updater": "rhel-vex", "name": "CVE-2024-52006", "description": "A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260 incomplete for credential helpers, which has the potential to expose stored credentials to malicious URLs.", "issued": "2025-01-14T18:39:52Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52006 https://bugzilla.redhat.com/show_bug.cgi?id=2337956 https://www.cve.org/CVERecord?id=CVE-2024-52006 https://nvd.nist.gov/vuln/detail/CVE-2024-52006 https://github.com/git-ecosystem/git-credential-manager/security/advisories/GHSA-86c2-4x57-wc8g https://github.com/git/git/commit/b01b9b81d36759cdcd07305e78765199e1bc2060 https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q https://github.com/git/git/security/advisories/GHSA-r5ph-xg7q-xfrp https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52006.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "XXaDpMG90Mb3fV4QxoLqXA==": { "id": "XXaDpMG90Mb3fV4QxoLqXA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "XctMW4QJZO0RsDAv/VoABQ==": { "id": "XctMW4QJZO0RsDAv/VoABQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-cloud-what", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "XfjE+J06ONMJAg7vkQ3tbQ==": { "id": "XfjE+J06ONMJAg7vkQ3tbQ==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "XhhNgYgTJmDdYc90YuE8vw==": { "id": "XhhNgYgTJmDdYc90YuE8vw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "XjQpmqOxrg5I1zgVKxswFw==": { "id": "XjQpmqOxrg5I1zgVKxswFw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Xrz5/LPkSDdzEfbSbOXzZA==": { "id": "Xrz5/LPkSDdzEfbSbOXzZA==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "XuMP4XKeqFlYH9jgvFKXXw==": { "id": "XuMP4XKeqFlYH9jgvFKXXw==", "updater": "rhel-vex", "name": "CVE-2023-2609", "description": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2609 https://bugzilla.redhat.com/show_bug.cgi?id=2209050 https://www.cve.org/CVERecord?id=CVE-2023-2609 https://nvd.nist.gov/vuln/detail/CVE-2023-2609 https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2609.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y+LzorqDQD2Povh+kyYSqw==": { "id": "Y+LzorqDQD2Povh+kyYSqw==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "Y/6FiFNJ+h2jXNTlPOzrnQ==": { "id": "Y/6FiFNJ+h2jXNTlPOzrnQ==", "updater": "rhel-vex", "name": "CVE-2023-0051", "description": "A heap-based buffer overflow was found in Vim in the msg_puts_printf function in the message.c file. The issue occurs because of an invalid memory access when calculating the length of a string when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash.", "issued": "2023-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0051 https://bugzilla.redhat.com/show_bug.cgi?id=2161348 https://www.cve.org/CVERecord?id=CVE-2023-0051 https://nvd.nist.gov/vuln/detail/CVE-2023-0051 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0051.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y08Ni7+TSPQ/xSSRr851zQ==": { "id": "Y08Ni7+TSPQ/xSSRr851zQ==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "Y2pXpR4HKVIWAZ1sDtjo8A==": { "id": "Y2pXpR4HKVIWAZ1sDtjo8A==", "updater": "rhel-vex", "name": "CVE-2024-32004", "description": "A vulnerability was found in Git. This vulnerability can be exploited by an unauthenticated attacker who places a specialized repository on the target's local system. If the victim clones this repository, the attacker can execute arbitrary code.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32004 https://bugzilla.redhat.com/show_bug.cgi?id=2280428 https://www.cve.org/CVERecord?id=CVE-2024-32004 https://nvd.nist.gov/vuln/detail/CVE-2024-32004 https://github.com/git/git/security/advisories/GHSA-xfc6-vwr8-r389 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32004.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "Y3PSsgfYVK7+nWpNGBO9lQ==": { "id": "Y3PSsgfYVK7+nWpNGBO9lQ==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "Y6TEBwH0+CoZ50j5sQV23w==": { "id": "Y6TEBwH0+CoZ50j5sQV23w==", "updater": "rhel-vex", "name": "CVE-2021-3968", "description": "A flaw was found in vim. A possible heap use-after-free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3968 https://bugzilla.redhat.com/show_bug.cgi?id=2025056 https://www.cve.org/CVERecord?id=CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3968.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Y7ypeGdtYfJMJApDHYX9tg==": { "id": "Y7ypeGdtYfJMJApDHYX9tg==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "Y9X/nbUFq4l8+xowG5hDkg==": { "id": "Y9X/nbUFq4l8+xowG5hDkg==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "YCFy9R5BUcPVuUEYQkJQ4w==": { "id": "YCFy9R5BUcPVuUEYQkJQ4w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "YHdZ6rml8dKQg9XmpjCrnw==": { "id": "YHdZ6rml8dKQg9XmpjCrnw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "YJkc0fG7G+dwREiIQihS/A==": { "id": "YJkc0fG7G+dwREiIQihS/A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "YPJKJ4DYdTXL0BJCCS9pgA==": { "id": "YPJKJ4DYdTXL0BJCCS9pgA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "YPUY4Y/POEizUQSOdGH26g==": { "id": "YPUY4Y/POEizUQSOdGH26g==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "YQVoCJX8BLl6S5wPwmTGtg==": { "id": "YQVoCJX8BLl6S5wPwmTGtg==", "updater": "rhel-vex", "name": "CVE-2023-45290", "description": "A flaw was discovered in Go's net/http standard library package. When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45290 https://bugzilla.redhat.com/show_bug.cgi?id=2268017 https://www.cve.org/CVERecord?id=CVE-2023-45290 https://nvd.nist.gov/vuln/detail/CVE-2023-45290 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://go.dev/cl/569341 https://go.dev/issue/65383 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2599 https://security.netapp.com/advisory/ntap-20240329-0004 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45290.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "YSdK7PYtLQ7JLXu7W4mdRQ==": { "id": "YSdK7PYtLQ7JLXu7W4mdRQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-FileHandle", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.03-481.el9", "arch_op": "pattern match" }, "YUwZZ9Cg1FloxBZV60vOCg==": { "id": "YUwZZ9Cg1FloxBZV60vOCg==", "updater": "rhel-vex", "name": "CVE-2022-2522", "description": "A heap buffer overflow vulnerability was found in vim's ins_compl_infercase_gettext() function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap-based buffer overflow that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2522 https://bugzilla.redhat.com/show_bug.cgi?id=2112299 https://www.cve.org/CVERecord?id=CVE-2022-2522 https://nvd.nist.gov/vuln/detail/CVE-2022-2522 https://huntr.dev/bounties/3a2d83af-9542-4d93-8784-98b115135a22 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2522.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YVYIQ/H++AefhUYldlykPg==": { "id": "YVYIQ/H++AefhUYldlykPg==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "YZq+CTlAXva/aUDDEFdZNQ==": { "id": "YZq+CTlAXva/aUDDEFdZNQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YfE+7ocdRscmJ75uekg0tA==": { "id": "YfE+7ocdRscmJ75uekg0tA==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "YgD8tCzB10z/Jq6XOfCfgQ==": { "id": "YgD8tCzB10z/Jq6XOfCfgQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "Ygj77GRBaQkoNVODBO6xEQ==": { "id": "Ygj77GRBaQkoNVODBO6xEQ==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YgwLp863ho/Lz7XdBK6IXw==": { "id": "YgwLp863ho/Lz7XdBK6IXw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Compare", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.100.600-481.1.el9_6", "arch_op": "pattern match" }, "YjXf6yY9feRqNoLqPt5iEQ==": { "id": "YjXf6yY9feRqNoLqPt5iEQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "YlN21JbaOAqORXBYjgJOYA==": { "id": "YlN21JbaOAqORXBYjgJOYA==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "YmjsPDVfe7xyjGwOgJunGw==": { "id": "YmjsPDVfe7xyjGwOgJunGw==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "YnyGgq68v/XTMEk0yU1qsA==": { "id": "YnyGgq68v/XTMEk0yU1qsA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "Yp6L2DOgQNnvp2uXVvH8NA==": { "id": "Yp6L2DOgQNnvp2uXVvH8NA==", "updater": "rhel-vex", "name": "CVE-2025-58185", "description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58185 https://bugzilla.redhat.com/show_bug.cgi?id=2407251 https://www.cve.org/CVERecord?id=CVE-2025-58185 https://nvd.nist.gov/vuln/detail/CVE-2025-58185 https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd https://go.dev/cl/709856 https://go.dev/issue/75671 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4011 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YpjyzhR3jAhlzb479lBoJw==": { "id": "YpjyzhR3jAhlzb479lBoJw==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "YuJLEitJYK/0Cuux1rRK+Q==": { "id": "YuJLEitJYK/0Cuux1rRK+Q==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "YvRDVCmqISFAkWCu7WaKkQ==": { "id": "YvRDVCmqISFAkWCu7WaKkQ==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "Z0bbSkX8e3OUKdJa86CbBw==": { "id": "Z0bbSkX8e3OUKdJa86CbBw==", "updater": "rhel-vex", "name": "CVE-2021-4217", "description": "A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.", "issued": "2022-01-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4217 https://bugzilla.redhat.com/show_bug.cgi?id=2044583 https://www.cve.org/CVERecord?id=CVE-2021-4217 https://nvd.nist.gov/vuln/detail/CVE-2021-4217 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4217.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Z5H14Z81HW+BVvKWtV5kDQ==": { "id": "Z5H14Z81HW+BVvKWtV5kDQ==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "Z707rrfU/uxs1xujVpKMRA==": { "id": "Z707rrfU/uxs1xujVpKMRA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "Z9vlvDewcgZxmJe4Kp3wxA==": { "id": "Z9vlvDewcgZxmJe4Kp3wxA==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZAKrc32qORy4LwsxMQgfrw==": { "id": "ZAKrc32qORy4LwsxMQgfrw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "ZAUFPHu5UQZ+B2n+SrWIqQ==": { "id": "ZAUFPHu5UQZ+B2n+SrWIqQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.el9", "arch_op": "pattern match" }, "ZBDjl4GlHR5BEu3WvRQHHQ==": { "id": "ZBDjl4GlHR5BEu3WvRQHHQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ZC2BsE3IgWbuyuu1cz3YMQ==": { "id": "ZC2BsE3IgWbuyuu1cz3YMQ==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "ZCWnPSXILcJ9aE646DCmag==": { "id": "ZCWnPSXILcJ9aE646DCmag==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZMCWgxkMJ4LjF/nj5/+01g==": { "id": "ZMCWgxkMJ4LjF/nj5/+01g==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZMp4FVCkBvOUuQnhgF/KRQ==": { "id": "ZMp4FVCkBvOUuQnhgF/KRQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json https://access.redhat.com/errata/RHSA-2025:6977", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9", "arch_op": "pattern match" }, "ZNESegZx5Vgpkv3OXwE5Cw==": { "id": "ZNESegZx5Vgpkv3OXwE5Cw==", "updater": "rhel-vex", "name": "CVE-2023-23946", "description": "A vulnerability was found in Git. This security issue occurs when feeding a crafted input to \"git apply.\" A path outside the working tree can be overwritten by the user running \"git apply.\"", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23946 https://bugzilla.redhat.com/show_bug.cgi?id=2168161 https://www.cve.org/CVERecord?id=CVE-2023-23946 https://nvd.nist.gov/vuln/detail/CVE-2023-23946 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-r87m-v37r-cwfh https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23946.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "ZPTYG1GW4N8khhdO0sFXlQ==": { "id": "ZPTYG1GW4N8khhdO0sFXlQ==", "updater": "rhel-vex", "name": "CVE-2024-39331", "description": "A flaw was found in Emacs. Arbitrary shell commands can be executed without prompting when an Org mode file is opened or when the Org mode is enabled, when Emacs is used as an email client, this issue can be triggered when previewing email attachments.", "issued": "2024-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-39331 https://bugzilla.redhat.com/show_bug.cgi?id=2293942 https://www.cve.org/CVERecord?id=CVE-2024-39331 https://nvd.nist.gov/vuln/detail/CVE-2024-39331 https://www.openwall.com/lists/oss-security/2024/06/23/1 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-39331.json https://access.redhat.com/errata/RHSA-2024:6510", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9_4", "arch_op": "pattern match" }, "ZQsszFOlqLuLyfXZGfRKxQ==": { "id": "ZQsszFOlqLuLyfXZGfRKxQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "ZUoGCxFJ/+PUPUdg60izwg==": { "id": "ZUoGCxFJ/+PUPUdg60izwg==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ZZEVbWhAYTXw9FIX3zIAtw==": { "id": "ZZEVbWhAYTXw9FIX3zIAtw==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "ZZLfaN7MH3nRy8BlgA10kg==": { "id": "ZZLfaN7MH3nRy8BlgA10kg==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ZZj+FChMvULXnT4QSAEvQQ==": { "id": "ZZj+FChMvULXnT4QSAEvQQ==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zc9mVAa+SgrDGA78Zo8GIg==": { "id": "Zc9mVAa+SgrDGA78Zo8GIg==", "updater": "rhel-vex", "name": "CVE-2025-22871", "description": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.", "issued": "2025-04-08T20:04:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22871 https://bugzilla.redhat.com/show_bug.cgi?id=2358493 https://www.cve.org/CVERecord?id=CVE-2025-22871 https://nvd.nist.gov/vuln/detail/CVE-2025-22871 https://go.dev/cl/652998 https://go.dev/issue/71988 https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk https://pkg.go.dev/vuln/GO-2025-3563 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22871.json https://access.redhat.com/errata/RHSA-2025:8476", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.9-1.el9_6", "arch_op": "pattern match" }, "ZeLcisCXFaeQKOi8dej/BQ==": { "id": "ZeLcisCXFaeQKOi8dej/BQ==", "updater": "rhel-vex", "name": "CVE-2023-30086", "description": "A vulnerability was found in the libtiff library. This flaw causes a buffer overflow in libtiff that allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30086 https://bugzilla.redhat.com/show_bug.cgi?id=2203650 https://www.cve.org/CVERecord?id=CVE-2023-30086 https://nvd.nist.gov/vuln/detail/CVE-2023-30086 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30086.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "Zg/5yy5ojZu/q0X+9MCQQA==": { "id": "Zg/5yy5ojZu/q0X+9MCQQA==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZhxWQvKqBGgL77fuUQ4Ghg==": { "id": "ZhxWQvKqBGgL77fuUQ4Ghg==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "ZiZuAbc4Tq3tBRSI53FjWg==": { "id": "ZiZuAbc4Tq3tBRSI53FjWg==", "updater": "rhel-vex", "name": "CVE-2025-27613", "description": "A vulnerability has been identified in the gitk application that could lead to unauthorized file modification or data loss.\n\nThis flaw manifests in two primary scenarios:\n- Untrusted Repository Cloning: When a user is tricked into cloning an untrusted Git repository and then uses gitk to visualize it without any additional parameters, any writable file on the user's system can be arbitrarily created or truncated. Exploitation via this method also requires the Support per-file encoding option to be explicitly enabled in Gitk's preferences, which is not the default setting.\n- 'Show origin of this line' Command: The vulnerability can also be triggered if a user employs the Show origin of this line command within gitk's main window while viewing a malicious repository. This method does not depend on the Support per-file encoding option being enabled.\n\nThe primary risk is unauthorized file system modification, which could lead to data integrity issues, data loss, or potentially open avenues for further system compromise.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27613 https://bugzilla.redhat.com/show_bug.cgi?id=2379124 https://www.cve.org/CVERecord?id=CVE-2025-27613 https://nvd.nist.gov/vuln/detail/CVE-2025-27613 https://github.com/j6t/gitk/security/advisories/GHSA-f3cw-xrj3-wr2v https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27613.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "Zk3m2J10w4VuwKsJJMXB2Q==": { "id": "Zk3m2J10w4VuwKsJJMXB2Q==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ZmOheSIAULld8cF9POTj/w==": { "id": "ZmOheSIAULld8cF9POTj/w==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "Zn86UzCNWJIJ8FVaY91JYg==": { "id": "Zn86UzCNWJIJ8FVaY91JYg==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "ZoK4/bCJQ036BMFIy2mG8g==": { "id": "ZoK4/bCJQ036BMFIy2mG8g==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ZpoRIduwcda+XFGXyoaDAA==": { "id": "ZpoRIduwcda+XFGXyoaDAA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ZrKcftBnwBVZKQlRJoJcLw==": { "id": "ZrKcftBnwBVZKQlRJoJcLw==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "ZtlPcxFiuXhGia0ZM6cNBg==": { "id": "ZtlPcxFiuXhGia0ZM6cNBg==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "Zv+LSqi94387CYLrb5PiCw==": { "id": "Zv+LSqi94387CYLrb5PiCw==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "a+77t9fGz9BxOnJlGe2W1Q==": { "id": "a+77t9fGz9BxOnJlGe2W1Q==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "a1E+QseojoZ2Q73j8WWCLg==": { "id": "a1E+QseojoZ2Q73j8WWCLg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "a5tv38r7RoeoKCznzGbyPQ==": { "id": "a5tv38r7RoeoKCznzGbyPQ==", "updater": "rhel-vex", "name": "CVE-2024-6345", "description": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", "issued": "2024-07-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6345 https://bugzilla.redhat.com/show_bug.cgi?id=2297771 https://www.cve.org/CVERecord?id=CVE-2024-6345 https://nvd.nist.gov/vuln/detail/CVE-2024-6345 https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6345.json https://access.redhat.com/errata/RHSA-2024:5534", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-setuptools", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:53.0.0-12.el9_4.1", "arch_op": "pattern match" }, "a7PsXEXsbw8aTCMWFxM9mg==": { "id": "a7PsXEXsbw8aTCMWFxM9mg==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "a7WPDd2/UqA1rqbo6pjM9Q==": { "id": "a7WPDd2/UqA1rqbo6pjM9Q==", "updater": "rhel-vex", "name": "CVE-2023-27535", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several FTP settings were left out from the configuration match checks, making them match too easily. The problematic settings are `CURLOPT_FTP_ACCOUNT`, `CURLOPT_FTP_ALTERNATIVE_TO_USER`, `CURLOPT_FTP_SSL_CCC` and `CURLOPT_USE_SSL` level.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27535 https://bugzilla.redhat.com/show_bug.cgi?id=2179073 https://www.cve.org/CVERecord?id=CVE-2023-27535 https://nvd.nist.gov/vuln/detail/CVE-2023-27535 https://curl.se/docs/CVE-2023-27535.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27535.json https://access.redhat.com/errata/RHSA-2023:2650", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.1", "arch_op": "pattern match" }, "a8lEoliaJpwjl9bCwQSdLA==": { "id": "a8lEoliaJpwjl9bCwQSdLA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libpng", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a9FllBAJiFi5FeYl0KG4aQ==": { "id": "a9FllBAJiFi5FeYl0KG4aQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aDJK/oIxfKTdGBwKif3CBA==": { "id": "aDJK/oIxfKTdGBwKif3CBA==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aFDenLkUq0L68+/zzTfPpQ==": { "id": "aFDenLkUq0L68+/zzTfPpQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "aJcuD8I2FFtYOQG27x05WQ==": { "id": "aJcuD8I2FFtYOQG27x05WQ==", "updater": "rhel-vex", "name": "CVE-2025-24855", "description": "A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24855 https://bugzilla.redhat.com/show_bug.cgi?id=2352483 https://www.cve.org/CVERecord?id=CVE-2025-24855 https://nvd.nist.gov/vuln/detail/CVE-2025-24855 https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24855.json https://access.redhat.com/errata/RHSA-2025:3107", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.1", "arch_op": "pattern match" }, "aQ/ax84rpyWNveVTm/MQww==": { "id": "aQ/ax84rpyWNveVTm/MQww==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "aQGx6Am8fU9TZmcyiMNL4A==": { "id": "aQGx6Am8fU9TZmcyiMNL4A==", "updater": "rhel-vex", "name": "CVE-2024-43802", "description": "A flaw was found in Vim. This issue may allow a heap-buffer overflow via improper management of the typeahead buffer, leading to crashes when error messages occur in combination with several long mappings.", "issued": "2024-08-26T19:15:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-43802 https://bugzilla.redhat.com/show_bug.cgi?id=2307995 https://www.cve.org/CVERecord?id=CVE-2024-43802 https://nvd.nist.gov/vuln/detail/CVE-2024-43802 https://github.com/vim/vim/commit/322ba9108612bead5eb https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-43802.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aR+DKIj7GETMsDtNSfYXNA==": { "id": "aR+DKIj7GETMsDtNSfYXNA==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "aUFq3vh1h0/30jIMgLEGbg==": { "id": "aUFq3vh1h0/30jIMgLEGbg==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ac4lX1PsJ8EE0cPV3DeA7Q==": { "id": "ac4lX1PsJ8EE0cPV3DeA7Q==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "ah5gJjq6ntKGHe05l2QLEA==": { "id": "ah5gJjq6ntKGHe05l2QLEA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "akEF6NF80R9wfgwbXmOEDA==": { "id": "akEF6NF80R9wfgwbXmOEDA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "alSeOMnzCu4eh8h4VjVrpA==": { "id": "alSeOMnzCu4eh8h4VjVrpA==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "am8Nu2Xz4xTgOxf+V74bZg==": { "id": "am8Nu2Xz4xTgOxf+V74bZg==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "anPJmbS134IB2gfGIWKJ0Q==": { "id": "anPJmbS134IB2gfGIWKJ0Q==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ao8l/bKVk/yRH6auM4IE9g==": { "id": "ao8l/bKVk/yRH6auM4IE9g==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "aouER1d5ARUcTEP5rjxlQA==": { "id": "aouER1d5ARUcTEP5rjxlQA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "aqaaxa85Ibw3RSMRWLL7yg==": { "id": "aqaaxa85Ibw3RSMRWLL7yg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "arPTXFJYsCT564EgyQClGA==": { "id": "arPTXFJYsCT564EgyQClGA==", "updater": "rhel-vex", "name": "CVE-2021-31535", "description": "A missing validation flaw was found in libX11. This flaw allows an attacker to inject X11 protocol commands on X clients, and in some cases, also bypass, authenticate (via injection of control characters), or potentially execute arbitrary code with permissions of the application compiled with libX11. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.", "issued": "2021-05-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-31535 https://bugzilla.redhat.com/show_bug.cgi?id=1961822 https://www.cve.org/CVERecord?id=CVE-2021-31535 https://nvd.nist.gov/vuln/detail/CVE-2021-31535 https://unparalleled.eu/blog/2021/20210518-using-xterm-to-navigate-the-huge-color-space/ https://unparalleled.eu/publications/2021/advisory-unpar-2021-1.txt https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-31535.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "atAnLiOuVhy8qyEUVNzM2w==": { "id": "atAnLiOuVhy8qyEUVNzM2w==", "updater": "rhel-vex", "name": "CVE-2022-48338", "description": "A flaw was found in the Emacs package. A malicious ruby source file may cause a local command injection.", "issued": "2023-02-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48338 https://bugzilla.redhat.com/show_bug.cgi?id=2171988 https://www.cve.org/CVERecord?id=CVE-2022-48338 https://nvd.nist.gov/vuln/detail/CVE-2022-48338 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48338.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "b+wJbUYHuGJqeuEtodqG3A==": { "id": "b+wJbUYHuGJqeuEtodqG3A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "b/JoMKSdjTg9hoFgyAsYGg==": { "id": "b/JoMKSdjTg9hoFgyAsYGg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "b0xlBSDO/qp5khqjIfXlSQ==": { "id": "b0xlBSDO/qp5khqjIfXlSQ==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "b2xf65/2S45gOxG8Grxy0g==": { "id": "b2xf65/2S45gOxG8Grxy0g==", "updater": "rhel-vex", "name": "CVE-2023-5441", "description": "A NULL pointer dereference vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the NULL pointer dereference, causing the application to crash.", "issued": "2023-10-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5441 https://bugzilla.redhat.com/show_bug.cgi?id=2242926 https://www.cve.org/CVERecord?id=CVE-2023-5441 https://nvd.nist.gov/vuln/detail/CVE-2023-5441 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5441.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "b3gcqhWrOMtSFjkTMyyWQw==": { "id": "b3gcqhWrOMtSFjkTMyyWQw==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "b8cX6Z3ptet250uYs1XjIQ==": { "id": "b8cX6Z3ptet250uYs1XjIQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "b93ucKpooFuvf5DZpkuQ4Q==": { "id": "b93ucKpooFuvf5DZpkuQ4Q==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "bACUKZThWu3kcO82NfO4eg==": { "id": "bACUKZThWu3kcO82NfO4eg==", "updater": "rhel-vex", "name": "CVE-2023-1264", "description": "A NULL pointer dereference vulnerability was discovered in vim's utfc_ptr2len() function in the mbyte.c file. This issue is due to using a NULL pointer with the nested :open command. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering an issue that causes an application to crash, leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1264 https://bugzilla.redhat.com/show_bug.cgi?id=2176413 https://www.cve.org/CVERecord?id=CVE-2023-1264 https://nvd.nist.gov/vuln/detail/CVE-2023-1264 https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1264.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bDMsFO9+dr7IgrwHxKJ/2g==": { "id": "bDMsFO9+dr7IgrwHxKJ/2g==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "bDvGK7B1/5BJREOCtiSQyw==": { "id": "bDvGK7B1/5BJREOCtiSQyw==", "updater": "rhel-vex", "name": "CVE-2024-37371", "description": "A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper handling of authentication tokens.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37371 https://bugzilla.redhat.com/show_bug.cgi?id=2294676 https://www.cve.org/CVERecord?id=CVE-2024-37371 https://nvd.nist.gov/vuln/detail/CVE-2024-37371 https://web.mit.edu/kerberos/www/krb5-1.21/ https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37371.json https://access.redhat.com/errata/RHSA-2024:6166", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-2.el9_4", "arch_op": "pattern match" }, "bKE3ov27WR5dMz8a/M+jUA==": { "id": "bKE3ov27WR5dMz8a/M+jUA==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bOMmd0jIpY2e7Cl4owS24g==": { "id": "bOMmd0jIpY2e7Cl4owS24g==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "bVLJeNp3UltT+T1xu6C55A==": { "id": "bVLJeNp3UltT+T1xu6C55A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "bb9X6domCAmA+m40PgE/jg==": { "id": "bb9X6domCAmA+m40PgE/jg==", "updater": "rhel-vex", "name": "CVE-2024-21896", "description": "A flaw was found in Node.js. The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a buffer, the implementation uses Buffer.from() to obtain a buffer from the result of path.resolve(). By monkey-patching buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability.", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21896 https://bugzilla.redhat.com/show_bug.cgi?id=2265717 https://www.cve.org/CVERecord?id=CVE-2024-21896 https://nvd.nist.gov/vuln/detail/CVE-2024-21896 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21896.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "bdJdbp3pWxo6biBmwKijBQ==": { "id": "bdJdbp3pWxo6biBmwKijBQ==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "be+F+Fkt9wYh4z6YwfNqdw==": { "id": "be+F+Fkt9wYh4z6YwfNqdw==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "bf41zTvm6HAv6xdiXpwGWQ==": { "id": "bf41zTvm6HAv6xdiXpwGWQ==", "updater": "rhel-vex", "name": "CVE-2025-32728", "description": "A flaw was found in OpenSSH. In affected versions of sshd, the DisableForwarding directive does not fully adhere to the intended functionality as documented. Specifically, it fails to disable X11 and agent forwarding, which may allow unintended access under certain configurations.", "issued": "2025-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32728 https://bugzilla.redhat.com/show_bug.cgi?id=2358767 https://www.cve.org/CVERecord?id=CVE-2025-32728 https://nvd.nist.gov/vuln/detail/CVE-2025-32728 https://lists.mindrot.org/pipermail/openssh-unix-dev/2025-April/041879.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32728.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bfa/XbakkA2/5GrUyvwSyw==": { "id": "bfa/XbakkA2/5GrUyvwSyw==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "bh7RRRlNP555+LOFASdB0w==": { "id": "bh7RRRlNP555+LOFASdB0w==", "updater": "rhel-vex", "name": "CVE-2022-2980", "description": "A NULL pointer dereference vulnerability was found in vim's do_mouse() function of the src/mouse.c file. The issue occurs with a mouse click when it is not initialized. This flaw allows an attacker to trick a user into opening a specially crafted input file, triggering the vulnerability that could cause an application to crash.", "issued": "2022-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2980 https://bugzilla.redhat.com/show_bug.cgi?id=2123709 https://www.cve.org/CVERecord?id=CVE-2022-2980 https://nvd.nist.gov/vuln/detail/CVE-2022-2980 https://huntr.dev/bounties/6e7b12a5-242c-453d-b39e-9625d563b0ea https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2980.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bj9lurrpBxE/q4lRd2Wp7A==": { "id": "bj9lurrpBxE/q4lRd2Wp7A==", "updater": "rhel-vex", "name": "CVE-2025-4673", "description": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.", "issued": "2025-06-11T16:42:53Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4673 https://bugzilla.redhat.com/show_bug.cgi?id=2373305 https://www.cve.org/CVERecord?id=CVE-2025-4673 https://nvd.nist.gov/vuln/detail/CVE-2025-4673 https://go.dev/cl/679257 https://go.dev/issue/73816 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3751 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4673.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "bjkXZ4ZTp29EFzF+wMw4xw==": { "id": "bjkXZ4ZTp29EFzF+wMw4xw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.8.el9_4", "arch_op": "pattern match" }, "bklfMYFV2WKM17hKPU+5BA==": { "id": "bklfMYFV2WKM17hKPU+5BA==", "updater": "osv/go", "name": "GO-2025-3373", "description": "Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643099 https://go.dev/issue/71156 https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "bmNjdpodhrAjmmeNv8j2ZA==": { "id": "bmNjdpodhrAjmmeNv8j2ZA==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bmwYxyT6fmHIa8FODhI70w==": { "id": "bmwYxyT6fmHIa8FODhI70w==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "bmyf3V3WjS7kQmiAcGoBiQ==": { "id": "bmyf3V3WjS7kQmiAcGoBiQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "bpM7BDVV04atOPduc9mI8Q==": { "id": "bpM7BDVV04atOPduc9mI8Q==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "bpwdCug2xQZhmaazCqwIew==": { "id": "bpwdCug2xQZhmaazCqwIew==", "updater": "rhel-vex", "name": "CVE-2023-51767", "description": "An authentication bypass vulnerability was found in a modified version of OpenSSH. When common types of DRAM memory are used, it might allow row hammer attacks because the integer value of authenticated authpassword does not resist flips of a single bit. Exploiting a Rowhammer-style attack to flip bits in memory, forces successful authentication by setting the return code to 0.", "issued": "2023-12-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51767 https://bugzilla.redhat.com/show_bug.cgi?id=2255850 https://www.cve.org/CVERecord?id=CVE-2023-51767 https://nvd.nist.gov/vuln/detail/CVE-2023-51767 https://arxiv.org/abs/2309.02545 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77 https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51767.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "bqEGDVpuXY3j7Kr18B5E4w==": { "id": "bqEGDVpuXY3j7Kr18B5E4w==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "bqKZTtfId9l8zdFZE/mZZg==": { "id": "bqKZTtfId9l8zdFZE/mZZg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "brTmpkOORx2yJvCnkPzYRw==": { "id": "brTmpkOORx2yJvCnkPzYRw==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "by+PAyhAcd2LS2O/tZxbRQ==": { "id": "by+PAyhAcd2LS2O/tZxbRQ==", "updater": "rhel-vex", "name": "CVE-2025-5245", "description": "A denial-of-service vulnerability has been identified in GNU Binutils, affecting versions up to 2.44. The flaw resides within the debug_type_samep function in the /binutils/debug.c file of the objdump component. An attacker with local access can trigger a program crash by manipulating input data, leading to a denial of service for the objdump utility.", "issued": "2025-05-27T14:31:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5245 https://bugzilla.redhat.com/show_bug.cgi?id=2368771 https://www.cve.org/CVERecord?id=CVE-2025-5245 https://nvd.nist.gov/vuln/detail/CVE-2025-5245 https://sourceware.org/bugzilla/attachment.cgi?id=16004 https://sourceware.org/bugzilla/show_bug.cgi?id=32829 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a https://vuldb.com/?ctiid.310347 https://vuldb.com/?id.310347 https://vuldb.com/?submit.584635 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5245.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "by4qEj8r2+yQ8xw2ZHB4/Q==": { "id": "by4qEj8r2+yQ8xw2ZHB4/Q==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "bytYw82gsP7fmiiqIEcGNw==": { "id": "bytYw82gsP7fmiiqIEcGNw==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "bzewxC8waOXL414yMxKcqQ==": { "id": "bzewxC8waOXL414yMxKcqQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "c+walK0V+dA1g3qnPME4Ow==": { "id": "c+walK0V+dA1g3qnPME4Ow==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "c/+IhJOZwrUFnxH/AA8NiA==": { "id": "c/+IhJOZwrUFnxH/AA8NiA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "c/EuG5G0xeL87UQs3yxxqQ==": { "id": "c/EuG5G0xeL87UQs3yxxqQ==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "subscription-manager", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "c/TMKje5Txl9grWesV+S0A==": { "id": "c/TMKje5Txl9grWesV+S0A==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "c0R7sQMFyTIRhp8ZTCTmlw==": { "id": "c0R7sQMFyTIRhp8ZTCTmlw==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "c3ac46MKEwGXSYV8lTnQoA==": { "id": "c3ac46MKEwGXSYV8lTnQoA==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "c3eMx85yv79gfxNsxZXPHQ==": { "id": "c3eMx85yv79gfxNsxZXPHQ==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "c4b8AyMPp1ls7ClKiTCbAg==": { "id": "c4b8AyMPp1ls7ClKiTCbAg==", "updater": "rhel-vex", "name": "CVE-2024-36137", "description": "A flaw was found in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The Node.js Permission Model does not operate on file descriptors. However, operations such as fs.fchown or fs.fchmod can use a \"read-only\" file descriptor to change the owner and permissions of a file.", "issued": "2024-07-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-36137 https://bugzilla.redhat.com/show_bug.cgi?id=2299281 https://www.cve.org/CVERecord?id=CVE-2024-36137 https://nvd.nist.gov/vuln/detail/CVE-2024-36137 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-36137.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "c95Jb/MAeM4/Wnq2jSIopg==": { "id": "c95Jb/MAeM4/Wnq2jSIopg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "c9kKQdmqE31JfE8hW1jBfg==": { "id": "c9kKQdmqE31JfE8hW1jBfg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "cA4I0UWWtzTwMIMUTfN+Sg==": { "id": "cA4I0UWWtzTwMIMUTfN+Sg==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "cBmZwV0l/QLSSsoNwTuUWA==": { "id": "cBmZwV0l/QLSSsoNwTuUWA==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "cD+9p+2eb4ubWbn/ynDqrQ==": { "id": "cD+9p+2eb4ubWbn/ynDqrQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-vars", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.05-481.1.el9_6", "arch_op": "pattern match" }, "cJ4BQpErMW3FIQ2vBfopJw==": { "id": "cJ4BQpErMW3FIQ2vBfopJw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "cKtHM3xMrk1VjV0S8Zl4qQ==": { "id": "cKtHM3xMrk1VjV0S8Zl4qQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "cLetPtVgm731iRPvGEIeyw==": { "id": "cLetPtVgm731iRPvGEIeyw==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "cMY+6QfPqyOZE380Mf5rIQ==": { "id": "cMY+6QfPqyOZE380Mf5rIQ==", "updater": "rhel-vex", "name": "CVE-2022-0351", "description": "A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-01-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0351 https://bugzilla.redhat.com/show_bug.cgi?id=2046436 https://www.cve.org/CVERecord?id=CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0351.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cNsQU/uNFf7PsCWqaKxjAQ==": { "id": "cNsQU/uNFf7PsCWqaKxjAQ==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.1.1.el9_2", "arch_op": "pattern match" }, "cS8BJbrTN4Z2MOJCTGMR8w==": { "id": "cS8BJbrTN4Z2MOJCTGMR8w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "cSPoRTB3BjDaa16wszdN3g==": { "id": "cSPoRTB3BjDaa16wszdN3g==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "cUH9U4T8Wpzm/UIIektEAQ==": { "id": "cUH9U4T8Wpzm/UIIektEAQ==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "cWbhx4ozV3Pkh4rK/phNRA==": { "id": "cWbhx4ozV3Pkh4rK/phNRA==", "updater": "osv/go", "name": "GO-2025-3420", "description": "Sensitive headers incorrectly sent after cross-domain redirect in net/http", "issued": "2025-01-28T00:47:30Z", "links": "https://go.dev/cl/643100 https://go.dev/issue/70530 https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.22.11" }, "ca+BSCGp5tEYAgJqvm8GFw==": { "id": "ca+BSCGp5tEYAgJqvm8GFw==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "cbNKZbfbJhPfPLHi6va27w==": { "id": "cbNKZbfbJhPfPLHi6va27w==", "updater": "rhel-vex", "name": "CVE-2022-3555", "description": "A flaw was found in the libX11 package in the_XFreeX11XCBStructure function of the xcb_disp.c file. The manipulation of the argument dpy may lead to a memory leak, resulting in a crash.", "issued": "2022-10-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3555 https://bugzilla.redhat.com/show_bug.cgi?id=2136412 https://www.cve.org/CVERecord?id=CVE-2022-3555 https://nvd.nist.gov/vuln/detail/CVE-2022-3555 https://ubuntu.com/security/CVE-2022-3555 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3555.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libX11", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cbSiFirRdrVkpUeOLy/CjA==": { "id": "cbSiFirRdrVkpUeOLy/CjA==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "cex7jEfdv/MaWi3px1ZgxQ==": { "id": "cex7jEfdv/MaWi3px1ZgxQ==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "cgUuYY1sKP0jeDPr/wEn4w==": { "id": "cgUuYY1sKP0jeDPr/wEn4w==", "updater": "rhel-vex", "name": "CVE-2024-24789", "description": "A flaw was found in Golang. The ZIP implementation of the Go language archive/zip library behaves differently than the rest of the ZIP file format implementations. When handling ZIP files with a corrupted central directory record, the library skips over the invalid record and processes the next valid one. This flaw allows a malicious user to access hidden information or files inside maliciously crafted ZIP files.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24789 https://bugzilla.redhat.com/show_bug.cgi?id=2292668 https://www.cve.org/CVERecord?id=CVE-2024-24789 https://nvd.nist.gov/vuln/detail/CVE-2024-24789 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24789.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "cje1a6rWyE5Ko85v8goPNQ==": { "id": "cje1a6rWyE5Ko85v8goPNQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11802", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-2.module+el9.6.0+23339+d3c8acfa", "arch_op": "pattern match" }, "cjoCrbQlAeGxtTPUlcMPuA==": { "id": "cjoCrbQlAeGxtTPUlcMPuA==", "updater": "rhel-vex", "name": "CVE-2025-26603", "description": "A flaw was found in Vim's :redir command. This vulnerability allows a use-after-free condition via redirecting the :display command to a clipboard register (* or +), which allows access to freed memory.", "issued": "2025-02-18T19:04:24Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26603 https://bugzilla.redhat.com/show_bug.cgi?id=2346346 https://www.cve.org/CVERecord?id=CVE-2025-26603 https://nvd.nist.gov/vuln/detail/CVE-2025-26603 https://github.com/vim/vim/commit/c0f0e2380e5954f4a52a131bf6b8 https://github.com/vim/vim/security/advisories/GHSA-63p5-mwg2-787v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26603.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cm/gvI0AVbEJW8SbZVw6fw==": { "id": "cm/gvI0AVbEJW8SbZVw6fw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "cr4RGJYSJM2QUssm6cAQ4w==": { "id": "cr4RGJYSJM2QUssm6cAQ4w==", "updater": "rhel-vex", "name": "CVE-2023-4863", "description": "A heap-based buffer flaw was found in the way libwebp, a library used to process \"WebP\" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.", "issued": "2023-09-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431 https://www.cve.org/CVERecord?id=CVE-2023-4863 https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/ https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4863.json https://access.redhat.com/errata/RHSA-2023:5214", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-7.el9_2", "arch_op": "pattern match" }, "cv/HKlhaI7EJMBLIaTimwg==": { "id": "cv/HKlhaI7EJMBLIaTimwg==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "cw4W3PskPKPJZy+QzFk5bA==": { "id": "cw4W3PskPKPJZy+QzFk5bA==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "cwXdqs9AFOcThYn4e8y3yw==": { "id": "cwXdqs9AFOcThYn4e8y3yw==", "updater": "rhel-vex", "name": "CVE-2024-35195", "description": "An incorrect control flow implementation vulnerability was found in Requests. If the first request in a session is made with verify=False, all subsequent requests to the same host will continue to ignore cert verification.", "issued": "2024-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-35195 https://bugzilla.redhat.com/show_bug.cgi?id=2282114 https://www.cve.org/CVERecord?id=CVE-2024-35195 https://nvd.nist.gov/vuln/detail/CVE-2024-35195 https://github.com/psf/requests/security/advisories/GHSA-9wx4-h78v-vm56 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json https://access.redhat.com/errata/RHSA-2025:7049", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-9.el9", "arch_op": "pattern match" }, "cxMZ2TEnkk6RdtuU9fDThg==": { "id": "cxMZ2TEnkk6RdtuU9fDThg==", "updater": "rhel-vex", "name": "CVE-2021-3927", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-10-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3927 https://bugzilla.redhat.com/show_bug.cgi?id=2021290 https://www.cve.org/CVERecord?id=CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3927.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1fus7ZZWC8VndZJIxm7pQ==": { "id": "d1fus7ZZWC8VndZJIxm7pQ==", "updater": "rhel-vex", "name": "CVE-2025-10158", "description": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "issued": "2025-11-18T14:24:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10158 https://bugzilla.redhat.com/show_bug.cgi?id=2415637 https://www.cve.org/CVERecord?id=CVE-2025-10158 https://nvd.nist.gov/vuln/detail/CVE-2025-10158 https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1 https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10158.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "d1j+WeBwgxUY2DD8tjQwMA==": { "id": "d1j+WeBwgxUY2DD8tjQwMA==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "d2mdhZ97rWRfD+pslcl6uw==": { "id": "d2mdhZ97rWRfD+pslcl6uw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "d8O/Pp2nkWZxFhUyXQucZg==": { "id": "d8O/Pp2nkWZxFhUyXQucZg==", "updater": "rhel-vex", "name": "CVE-2025-1094", "description": "A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to construct input to psql, the PostgreSQL interactive terminal. Similarly, improper neutralization of quoting syntax in PostgreSQL command line utility programs allows a source of command line arguments to achieve SQL injection when `client_encoding` is `BIG5` and `server_encoding` is one of `EUC_TW` or `MULE_INTERNAL`.", "issued": "2025-02-13T13:00:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1094 https://bugzilla.redhat.com/show_bug.cgi?id=2345548 https://www.cve.org/CVERecord?id=CVE-2025-1094 https://nvd.nist.gov/vuln/detail/CVE-2025-1094 https://attackerkb.com/topics/G5s8ZWAbYH/cve-2024-12356/rapid7-analysis https://www.postgresql.org/support/security/CVE-2025-1094/ https://www.rapid7.com/blog/post/2025/02/13/cve-2025-1094-postgresql-psql-sql-injection-fixed/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1094.json https://access.redhat.com/errata/RHSA-2025:1738", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libpq", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:13.20-1.el9_5", "arch_op": "pattern match" }, "d9qJI4TyihrqXixZ+S73jg==": { "id": "d9qJI4TyihrqXixZ+S73jg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dKzgwwkG/spsYd8PVvrk6A==": { "id": "dKzgwwkG/spsYd8PVvrk6A==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dMO4fX/IkQ2bi0ds65uBZA==": { "id": "dMO4fX/IkQ2bi0ds65uBZA==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "dN3ZkuuHRauklH+tfqwFYA==": { "id": "dN3ZkuuHRauklH+tfqwFYA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "dO/rj/SVo/ZlfJAB2ajOEQ==": { "id": "dO/rj/SVo/ZlfJAB2ajOEQ==", "updater": "rhel-vex", "name": "CVE-2023-5535", "description": "A heap-based buffer overflow vulnerability was found in some affected packages of Vim. This flaw allows an attacker to send a specially crafted file that could lead to a complete system compromise when opened by a victim.", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2244101 https://www.cve.org/CVERecord?id=CVE-2023-5535 https://nvd.nist.gov/vuln/detail/CVE-2023-5535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5535.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dO3yYWRHtCsx6+NRjjAIsg==": { "id": "dO3yYWRHtCsx6+NRjjAIsg==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dPlld/v+ZrL/y3NT/M5t9A==": { "id": "dPlld/v+ZrL/y3NT/M5t9A==", "updater": "rhel-vex", "name": "CVE-2025-5222", "description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "issued": "2024-11-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5222 https://bugzilla.redhat.com/show_bug.cgi?id=2368600 https://www.cve.org/CVERecord?id=CVE-2025-5222 https://nvd.nist.gov/vuln/detail/CVE-2025-5222 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5222.json https://access.redhat.com/errata/RHSA-2025:12083", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libicu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:67.1-10.el9_6", "arch_op": "pattern match" }, "dRNxgKG0w/nM5rSMcvz/kQ==": { "id": "dRNxgKG0w/nM5rSMcvz/kQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "dT4TBdsMnRpAlGfPboRcFg==": { "id": "dT4TBdsMnRpAlGfPboRcFg==", "updater": "rhel-vex", "name": "CVE-2024-34158", "description": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34158 https://bugzilla.redhat.com/show_bug.cgi?id=2310529 https://www.cve.org/CVERecord?id=CVE-2024-34158 https://nvd.nist.gov/vuln/detail/CVE-2024-34158 https://go.dev/cl/611240 https://go.dev/issue/69141 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34158.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "dTT2owdN4FTG/LqoICFf+w==": { "id": "dTT2owdN4FTG/LqoICFf+w==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "dWdVOD7SorvI9CNble8XGw==": { "id": "dWdVOD7SorvI9CNble8XGw==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "dXgWtIQra5a7FOM/lmTQMQ==": { "id": "dXgWtIQra5a7FOM/lmTQMQ==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "de6Wm8GcUOvZ/vqX7ogEtQ==": { "id": "de6Wm8GcUOvZ/vqX7ogEtQ==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "dgwlwyboh6/BQfJsyoE8Eg==": { "id": "dgwlwyboh6/BQfJsyoE8Eg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "dhk9SR7XgMlUT1SwbOzs0A==": { "id": "dhk9SR7XgMlUT1SwbOzs0A==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dhv7M9LLYIyyRsKi71f6Ew==": { "id": "dhv7M9LLYIyyRsKi71f6Ew==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:9526", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-25.el9_6", "arch_op": "pattern match" }, "dkB2JDRx/pLwN9EbsYh6UA==": { "id": "dkB2JDRx/pLwN9EbsYh6UA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "dkGOl+YKkRksmyjmvQ3FsA==": { "id": "dkGOl+YKkRksmyjmvQ3FsA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "dkvelc7KXIcNmlVEKWwOSg==": { "id": "dkvelc7KXIcNmlVEKWwOSg==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "dpCbBO9jgzvekz9nKJpSRA==": { "id": "dpCbBO9jgzvekz9nKJpSRA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "dqYoyBWLAQszVE/IX85oqg==": { "id": "dqYoyBWLAQszVE/IX85oqg==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "dr+z30s3mVMvpF2iMBJ7YA==": { "id": "dr+z30s3mVMvpF2iMBJ7YA==", "updater": "rhel-vex", "name": "CVE-2025-24928", "description": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24928 https://bugzilla.redhat.com/show_bug.cgi?id=2346421 https://www.cve.org/CVERecord?id=CVE-2025-24928 https://nvd.nist.gov/vuln/detail/CVE-2025-24928 https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 https://issues.oss-fuzz.com/issues/392687022 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24928.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "du8AOXnNlQgdqsSZceyiaQ==": { "id": "du8AOXnNlQgdqsSZceyiaQ==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "dwNH2KaulTKNFX+9quNpvw==": { "id": "dwNH2KaulTKNFX+9quNpvw==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "dxRzT6G0UObuWf8SWujnng==": { "id": "dxRzT6G0UObuWf8SWujnng==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "e+8uKOviBSOTR4ltKl/Y5Q==": { "id": "e+8uKOviBSOTR4ltKl/Y5Q==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "e/bnYsWq3UNe4TO8qzzb8A==": { "id": "e/bnYsWq3UNe4TO8qzzb8A==", "updater": "rhel-vex", "name": "CVE-2022-47010", "description": "A memory leak flaw was found in binutils in the pr_function_type function. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47010 https://bugzilla.redhat.com/show_bug.cgi?id=2233988 https://www.cve.org/CVERecord?id=CVE-2022-47010 https://nvd.nist.gov/vuln/detail/CVE-2022-47010 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47010.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e0VfCD1REapdkagkByCnXQ==": { "id": "e0VfCD1REapdkagkByCnXQ==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e2U3+rnCE0yJbEhq/B49zQ==": { "id": "e2U3+rnCE0yJbEhq/B49zQ==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "e37CxvNgywelF2ouwzqL2Q==": { "id": "e37CxvNgywelF2ouwzqL2Q==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "e7h3lwyDkLbzwbeza9/TWw==": { "id": "e7h3lwyDkLbzwbeza9/TWw==", "updater": "rhel-vex", "name": "CVE-2022-4293", "description": "A floating point exception flaw was found in Vim's num_divide() function of the eval.c file. This issue occurs when dividing the largest negative number by -1. This could allow an attacker to trick a user into opening a specially crafted file, triggering an application to crash and leading to a denial of service.", "issued": "2022-12-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4293 https://bugzilla.redhat.com/show_bug.cgi?id=2151566 https://www.cve.org/CVERecord?id=CVE-2022-4293 https://nvd.nist.gov/vuln/detail/CVE-2022-4293 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4293.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "e8Ba4iAzVtDvrookiM9XAg==": { "id": "e8Ba4iAzVtDvrookiM9XAg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "e91QDoc1m7i0h9Urg1XIuQ==": { "id": "e91QDoc1m7i0h9Urg1XIuQ==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "eDxAdI0cgddAZnBSd4FI0Q==": { "id": "eDxAdI0cgddAZnBSd4FI0Q==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libstdc++", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "eERb0a2u5NJoo8XHmwI23A==": { "id": "eERb0a2u5NJoo8XHmwI23A==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-subs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.03-481.el9", "arch_op": "pattern match" }, "eGYBZQZGb7FuYNSi9wuFzg==": { "id": "eGYBZQZGb7FuYNSi9wuFzg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "eKKwwoH894W3Vae5kYCKtA==": { "id": "eKKwwoH894W3Vae5kYCKtA==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "eKvGCJDf1Iytf5g2d8kaFQ==": { "id": "eKvGCJDf1Iytf5g2d8kaFQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eMVMlNYLRzjk+Xt/peAYqg==": { "id": "eMVMlNYLRzjk+Xt/peAYqg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eNUwUuL3W5wSpnxJfClXhg==": { "id": "eNUwUuL3W5wSpnxJfClXhg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "eOOfcRLf3CHL5spaYEPovQ==": { "id": "eOOfcRLf3CHL5spaYEPovQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "eT0Z6G4b2zSUUUSLlyL8Tg==": { "id": "eT0Z6G4b2zSUUUSLlyL8Tg==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "eTM7aUBt48fzJjd2YY1Kaw==": { "id": "eTM7aUBt48fzJjd2YY1Kaw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "eXNCnm2O3ulyDBrjgqgngA==": { "id": "eXNCnm2O3ulyDBrjgqgngA==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "eZ2tz3j+u7GWuS6rb2RB7g==": { "id": "eZ2tz3j+u7GWuS6rb2RB7g==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "eZDuJI6jaohxUM7fcdYEYA==": { "id": "eZDuJI6jaohxUM7fcdYEYA==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "eaW+XnaOzUpP/JmOZv+wCg==": { "id": "eaW+XnaOzUpP/JmOZv+wCg==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "ecYseAb1rFmqPx4kHRWeQQ==": { "id": "ecYseAb1rFmqPx4kHRWeQQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "edf9qrl//4hhbTQ8nlVN7g==": { "id": "edf9qrl//4hhbTQ8nlVN7g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "eeetX6Vv3iXNMfmjNIPkQg==": { "id": "eeetX6Vv3iXNMfmjNIPkQg==", "updater": "rhel-vex", "name": "CVE-2025-8176", "description": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.", "issued": "2025-07-26T03:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2383598 https://www.cve.org/CVERecord?id=CVE-2025-8176 https://nvd.nist.gov/vuln/detail/CVE-2025-8176 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172 https://gitlab.com/libtiff/libtiff/-/issues/707 https://gitlab.com/libtiff/libtiff/-/merge_requests/727 https://vuldb.com/?ctiid.317590 https://vuldb.com/?id.317590 https://vuldb.com/?submit.621796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8176.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "eejojwYHRaSarkdAMLD2OA==": { "id": "eejojwYHRaSarkdAMLD2OA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "eekbTUpqIafepE8Hfmhn6g==": { "id": "eekbTUpqIafepE8Hfmhn6g==", "updater": "rhel-vex", "name": "CVE-2021-4187", "description": "A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4187 https://bugzilla.redhat.com/show_bug.cgi?id=2036129 https://www.cve.org/CVERecord?id=CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4187.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eh1RT9v3ol1cjACTvuohFQ==": { "id": "eh1RT9v3ol1cjACTvuohFQ==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.1-1.20.16.0.1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "eh73UwgswuQUUBPGmZNxLg==": { "id": "eh73UwgswuQUUBPGmZNxLg==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "ekipReKDch8nQkv6wLHVww==": { "id": "ekipReKDch8nQkv6wLHVww==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "eoZiXVXIYF5HZwY9O+NvfQ==": { "id": "eoZiXVXIYF5HZwY9O+NvfQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "eqZVUGTs5pHRR/tV2jQA/Q==": { "id": "eqZVUGTs5pHRR/tV2jQA/Q==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "esWNnTXfVcQMP31EwLadpw==": { "id": "esWNnTXfVcQMP31EwLadpw==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "ewA3f3GyFBJhwPX+CvDYtg==": { "id": "ewA3f3GyFBJhwPX+CvDYtg==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "f+wdQFOhBCEFYs6UTbgVcw==": { "id": "f+wdQFOhBCEFYs6UTbgVcw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "f5rDGDIgGLk7iLvtlKjm1w==": { "id": "f5rDGDIgGLk7iLvtlKjm1w==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "f6K2rwitLCyOeqkSvuUcFA==": { "id": "f6K2rwitLCyOeqkSvuUcFA==", "updater": "rhel-vex", "name": "CVE-2025-27614", "description": "Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user who has cloned the repository can be tricked into running any script (e.g., Bourne shell, Perl, Python, ...) supplied by the attacker by invoking gitk filename, where filename has a particular structure. The script is run with the privileges of the user. This vulnerability is fixed in 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.", "issued": "2025-07-08T13:01:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27614 https://bugzilla.redhat.com/show_bug.cgi?id=2379125 https://www.cve.org/CVERecord?id=CVE-2025-27614 https://nvd.nist.gov/vuln/detail/CVE-2025-27614 https://lore.kernel.org/git/xmqq5xg2wrd1.fsf@gitster.g/ https://www.openwall.com/lists/oss-security/2025/07/08/4 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27614.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "f6muqKqBGKMbn75htgvMLQ==": { "id": "f6muqKqBGKMbn75htgvMLQ==", "updater": "rhel-vex", "name": "CVE-2024-50602", "description": "A security issue was found in Expat (libexpat). A crash can be triggered in the XML_ResumeParser function due to XML_StopParser's ability to stop or suspend an unstarted parser, which can lead to a denial of service.", "issued": "2024-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50602 https://bugzilla.redhat.com/show_bug.cgi?id=2321987 https://www.cve.org/CVERecord?id=CVE-2024-50602 https://nvd.nist.gov/vuln/detail/CVE-2024-50602 https://github.com/libexpat/libexpat/pull/915 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50602.json https://access.redhat.com/errata/RHSA-2024:9541", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-3.el9_5.1", "arch_op": "pattern match" }, "f9AAdWBkmOO1/+acrJji3Q==": { "id": "f9AAdWBkmOO1/+acrJji3Q==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "fBIyxzoMf4PtxmiD953WFg==": { "id": "fBIyxzoMf4PtxmiD953WFg==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:7410", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-13.el9_6", "arch_op": "pattern match" }, "fD8Z9mQCc8h27ZwElVMLmA==": { "id": "fD8Z9mQCc8h27ZwElVMLmA==", "updater": "rhel-vex", "name": "CVE-2022-24765", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-04-12T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-24765 https://bugzilla.redhat.com/show_bug.cgi?id=2073414 https://www.cve.org/CVERecord?id=CVE-2022-24765 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 https://github.com/git-for-windows/git/security/advisories/GHSA-vw2c-22j4-2fh2 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-24765.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fDvGbDNJpsxaSncFLSlH5Q==": { "id": "fDvGbDNJpsxaSncFLSlH5Q==", "updater": "rhel-vex", "name": "CVE-2024-12133", "description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "issued": "2025-02-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12133 https://bugzilla.redhat.com/show_bug.cgi?id=2344611 https://www.cve.org/CVERecord?id=CVE-2024-12133 https://nvd.nist.gov/vuln/detail/CVE-2024-12133 https://gitlab.com/gnutls/libtasn1/-/issues/52 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12133.json https://access.redhat.com/errata/RHSA-2025:7077", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.0-9.el9", "arch_op": "pattern match" }, "fEW9HCDGh5vauL1jhvKpFQ==": { "id": "fEW9HCDGh5vauL1jhvKpFQ==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "fHxgcXxpn2MkgE/aUd2Vkw==": { "id": "fHxgcXxpn2MkgE/aUd2Vkw==", "updater": "rhel-vex", "name": "CVE-2021-29390", "description": "A heap buffer over-read flaw was found in libjpeg-turbo. For certain types of smoothed jpeg images, the decompress_smooth_data() function may improperly enter a condition statement that leads to heap memory read of uninitialized data, which may cause an application crash or loss of confidentiality.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-29390 https://bugzilla.redhat.com/show_bug.cgi?id=2235521 https://www.cve.org/CVERecord?id=CVE-2021-29390 https://nvd.nist.gov/vuln/detail/CVE-2021-29390 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469 https://github.com/libjpeg-turbo/libjpeg-turbo/issues/459#issuecomment-733720010 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/476 https://github.com/libjpeg-turbo/libjpeg-turbo/pull/724 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-29390.json https://access.redhat.com/errata/RHSA-2024:2295", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-7.el9", "arch_op": "pattern match" }, "fI1ruEtJ325PbGUQKXuiVA==": { "id": "fI1ruEtJ325PbGUQKXuiVA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "fKSzg5ZVW35n1QRKSQYbUA==": { "id": "fKSzg5ZVW35n1QRKSQYbUA==", "updater": "rhel-vex", "name": "CVE-2024-12085", "description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12085 https://bugzilla.redhat.com/show_bug.cgi?id=2330539 https://www.cve.org/CVERecord?id=CVE-2024-12085 https://nvd.nist.gov/vuln/detail/CVE-2024-12085 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12085.json https://access.redhat.com/errata/RHSA-2025:0324", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.3-20.el9_5.1", "arch_op": "pattern match" }, "fM+r7qYMTXMx81IJhr45YA==": { "id": "fM+r7qYMTXMx81IJhr45YA==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fMQ6kctftYthbGvZli2/sg==": { "id": "fMQ6kctftYthbGvZli2/sg==", "updater": "rhel-vex", "name": "CVE-2023-27043", "description": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.", "issued": "2023-04-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27043 https://bugzilla.redhat.com/show_bug.cgi?id=2196183 https://www.cve.org/CVERecord?id=CVE-2023-27043 https://nvd.nist.gov/vuln/detail/CVE-2023-27043 https://access.redhat.com/articles/7051467 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27043.json https://access.redhat.com/errata/RHSA-2024:0466", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-1.el9_3.1", "arch_op": "pattern match" }, "fSeU4QTAs+fY+ihLpgdM9A==": { "id": "fSeU4QTAs+fY+ihLpgdM9A==", "updater": "rhel-vex", "name": "CVE-2025-1377", "description": "A flaw was found in GNU elfutils. This vulnerability allows denial of service via manipulation of the gelf_getsymshndx function in strip.c.", "issued": "2025-02-17T05:00:19Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1377 https://bugzilla.redhat.com/show_bug.cgi?id=2346066 https://www.cve.org/CVERecord?id=CVE-2025-1377 https://nvd.nist.gov/vuln/detail/CVE-2025-1377 https://sourceware.org/bugzilla/attachment.cgi?id=15941 https://sourceware.org/bugzilla/show_bug.cgi?id=32673 https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2 https://vuldb.com/?ctiid.295985 https://vuldb.com/?id.295985 https://vuldb.com/?submit.497539 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1377.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fT2bR3Pvvu+yOGDatxsWcw==": { "id": "fT2bR3Pvvu+yOGDatxsWcw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "fUkL/QrHEZtoCydnxvHQYQ==": { "id": "fUkL/QrHEZtoCydnxvHQYQ==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "fUlz8/rwVV2PbflGdFYCdw==": { "id": "fUlz8/rwVV2PbflGdFYCdw==", "updater": "rhel-vex", "name": "CVE-2023-26965", "description": "A heap use-after-free vulnerability was found in LibTIFF's tiffcrop utility in the loadImage() function. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcrop utility, which causes an out-of-bounds write access, resulting in an application crash, eventually leading to a denial of service.", "issued": "2023-06-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26965 https://bugzilla.redhat.com/show_bug.cgi?id=2215206 https://www.cve.org/CVERecord?id=CVE-2023-26965 https://nvd.nist.gov/vuln/detail/CVE-2023-26965 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26965.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "fVstMFtDcM3yfjjb8mKxrg==": { "id": "fVstMFtDcM3yfjjb8mKxrg==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fZX9tMkRg8Ij95v2HLw9Ew==": { "id": "fZX9tMkRg8Ij95v2HLw9Ew==", "updater": "osv/go", "name": "GO-2025-3750", "description": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "issued": "2025-06-11T16:59:06Z", "links": "https://go.dev/cl/672396 https://go.dev/issue/73702 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.10" }, "fbRJLkkKyAqhMbdbbcLwwg==": { "id": "fbRJLkkKyAqhMbdbbcLwwg==", "updater": "rhel-vex", "name": "CVE-2025-4207", "description": "A flaw was found in PostgreSQL. A buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can lead to process termination.", "issued": "2025-05-08T14:22:45Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4207 https://bugzilla.redhat.com/show_bug.cgi?id=2365111 https://www.cve.org/CVERecord?id=CVE-2025-4207 https://nvd.nist.gov/vuln/detail/CVE-2025-4207 https://www.postgresql.org/support/security/CVE-2025-4207/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4207.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libpq", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fcEhBEQT+7+nxaOwZEIInQ==": { "id": "fcEhBEQT+7+nxaOwZEIInQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "fcJXnA1/CqZDeUcxpMPyzg==": { "id": "fcJXnA1/CqZDeUcxpMPyzg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "fdA0Wp/waErtsQk4sTTbPQ==": { "id": "fdA0Wp/waErtsQk4sTTbPQ==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fdpDWwmwFLyFeyU+CnbxxQ==": { "id": "fdpDWwmwFLyFeyU+CnbxxQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "fezwmAwUNAjVNYh+YY0Wrw==": { "id": "fezwmAwUNAjVNYh+YY0Wrw==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "ff3woW6bpDBZXooXnBPlNQ==": { "id": "ff3woW6bpDBZXooXnBPlNQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "fh2y5aivazupTx0EZ+2Cag==": { "id": "fh2y5aivazupTx0EZ+2Cag==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3.9", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fjsXh+vV+qSWYTJhGoqerg==": { "id": "fjsXh+vV+qSWYTJhGoqerg==", "updater": "rhel-vex", "name": "CVE-2025-24528", "description": "A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.", "issued": "2024-01-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24528 https://bugzilla.redhat.com/show_bug.cgi?id=2342796 https://www.cve.org/CVERecord?id=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24528.json https://access.redhat.com/errata/RHSA-2025:7067", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-6.el9", "arch_op": "pattern match" }, "flC/+W9ll6TqBKBRm/YUiA==": { "id": "flC/+W9ll6TqBKBRm/YUiA==", "updater": "rhel-vex", "name": "CVE-2023-29406", "description": "A flaw was found in Golang, where it is vulnerable to HTTP header injection caused by improper content validation of the Host header by the HTTP/1 client. A remote attacker can inject arbitrary HTTP headers by persuading a victim to visit a specially crafted Web page. This flaw allows the attacker to conduct various attacks against the vulnerable system, including Cross-site scripting, cache poisoning, or session hijacking.", "issued": "2023-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29406 https://bugzilla.redhat.com/show_bug.cgi?id=2222167 https://www.cve.org/CVERecord?id=CVE-2023-29406 https://nvd.nist.gov/vuln/detail/CVE-2023-29406 https://groups.google.com/g/golang-announce/c/2q13H6LEEx0 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29406.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "ftPQfiVA8qRKJwxT2xcXRw==": { "id": "ftPQfiVA8qRKJwxT2xcXRw==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.18.20.2.2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "fu2viInfwA1Zq9LmALUkzg==": { "id": "fu2viInfwA1Zq9LmALUkzg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "fv3/0oUmGvxLyxCaIIt3kg==": { "id": "fv3/0oUmGvxLyxCaIIt3kg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "fvxiOpnl4vL2UcobmeaYnA==": { "id": "fvxiOpnl4vL2UcobmeaYnA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "fwXkQZwZsVuPtoAZBIG06w==": { "id": "fwXkQZwZsVuPtoAZBIG06w==", "updater": "rhel-vex", "name": "CVE-2020-17049", "description": "It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.", "issued": "2020-11-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-17049 https://bugzilla.redhat.com/show_bug.cgi?id=2025721 https://www.cve.org/CVERecord?id=CVE-2020-17049 https://nvd.nist.gov/vuln/detail/CVE-2020-17049 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17049 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-17049.json https://access.redhat.com/errata/RHSA-2023:2570", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.1-8.el9", "arch_op": "pattern match" }, "fwfAtjf5gVRneidAp93edQ==": { "id": "fwfAtjf5gVRneidAp93edQ==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fxc/de3PyQgiwjyykMQ4ow==": { "id": "fxc/de3PyQgiwjyykMQ4ow==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "fyE+IA6J77V4hC6QL4QCJQ==": { "id": "fyE+IA6J77V4hC6QL4QCJQ==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "g2+VTeiFdddqhRpToXK2Vw==": { "id": "g2+VTeiFdddqhRpToXK2Vw==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "g29pa0L/tOFblhQQDFeJbA==": { "id": "g29pa0L/tOFblhQQDFeJbA==", "updater": "osv/go", "name": "GO-2022-0533", "description": "Path traversal via Clean on Windows in path/filepath", "issued": "2022-07-28T17:25:07Z", "links": "https://go.dev/cl/401595 https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290 https://go.dev/issue/52476 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "g3/sX4CO9sGFGMvToQ+how==": { "id": "g3/sX4CO9sGFGMvToQ+how==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "g63+znub5tyxpqqmyP8Tjg==": { "id": "g63+znub5tyxpqqmyP8Tjg==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "g6spFzT6DoopzuQCE0pjRg==": { "id": "g6spFzT6DoopzuQCE0pjRg==", "updater": "rhel-vex", "name": "CVE-2022-2285", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2285 https://bugzilla.redhat.com/show_bug.cgi?id=2103874 https://www.cve.org/CVERecord?id=CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2285.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g8hJlpBfWMarbfdU+OkQdw==": { "id": "g8hJlpBfWMarbfdU+OkQdw==", "updater": "rhel-vex", "name": "CVE-2024-10524", "description": "A flaw was found in the Wget package. Wget might issue an FTP request to a different host in configurations where the HTTP shorthand format is used with user-provided input. An attacker may be able to use specially crafted input to cause Wget to access an arbitrary host.", "issued": "2024-11-19T14:23:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10524 https://bugzilla.redhat.com/show_bug.cgi?id=2327303 https://www.cve.org/CVERecord?id=CVE-2024-10524 https://nvd.nist.gov/vuln/detail/CVE-2024-10524 https://git.savannah.gnu.org/cgit/wget.git/commit/?id=c419542d956a2607bbce5df64b9d378a8588d778 https://jfrog.com/blog/cve-2024-10524-wget-zero-day-vulnerability/ https://seclists.org/oss-sec/2024/q4/107 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10524.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "wget", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "g9gU2/SbcO/F9X65zpT4Uw==": { "id": "g9gU2/SbcO/F9X65zpT4Uw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "gC8lb/CZmVxLK6PkYWC9cw==": { "id": "gC8lb/CZmVxLK6PkYWC9cw==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "gCKIolAPxKn/MwnZqQ5viA==": { "id": "gCKIolAPxKn/MwnZqQ5viA==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "gEN3j5KPSWh2c+RarvSBNQ==": { "id": "gEN3j5KPSWh2c+RarvSBNQ==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gGrGej/Pj6/poAgebFb+dg==": { "id": "gGrGej/Pj6/poAgebFb+dg==", "updater": "rhel-vex", "name": "CVE-2022-3352", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.", "issued": "2022-09-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3352 https://bugzilla.redhat.com/show_bug.cgi?id=2131087 https://www.cve.org/CVERecord?id=CVE-2022-3352 https://nvd.nist.gov/vuln/detail/CVE-2022-3352 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3352.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gIt1VKjk5s7zkgD1H7aLmQ==": { "id": "gIt1VKjk5s7zkgD1H7aLmQ==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "gJ/fF2D4AXb0sjRGNWgixw==": { "id": "gJ/fF2D4AXb0sjRGNWgixw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "gNGv6C2nj/tHk2ntVJUOWw==": { "id": "gNGv6C2nj/tHk2ntVJUOWw==", "updater": "rhel-vex", "name": "CVE-2022-47011", "description": "A memory leak flaw was found in binutils. This flaw allows an attacker to use a set of steps to trigger a memory leak and perform a denial of service, resulting in a loss of the system's availability.", "issued": "2022-06-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-47011 https://bugzilla.redhat.com/show_bug.cgi?id=2233992 https://www.cve.org/CVERecord?id=CVE-2022-47011 https://nvd.nist.gov/vuln/detail/CVE-2022-47011 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-47011.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gR+h15dyWueqbKII4cPOWg==": { "id": "gR+h15dyWueqbKII4cPOWg==", "updater": "rhel-vex", "name": "CVE-2023-27536", "description": "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27536 https://bugzilla.redhat.com/show_bug.cgi?id=2179092 https://www.cve.org/CVERecord?id=CVE-2023-27536 https://nvd.nist.gov/vuln/detail/CVE-2023-27536 https://curl.se/docs/CVE-2023-27536.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27536.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "gZKcOjx7BKTLxDMH6ZvfGw==": { "id": "gZKcOjx7BKTLxDMH6ZvfGw==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "gZW7OlWAfe3YqvPh9YUqJA==": { "id": "gZW7OlWAfe3YqvPh9YUqJA==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "gaDJ+6UMi8jegvsDECsoeg==": { "id": "gaDJ+6UMi8jegvsDECsoeg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "gchW+O287jwZk0Cnma5sKw==": { "id": "gchW+O287jwZk0Cnma5sKw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "gg092DB69lXLcZyDPZ/RtQ==": { "id": "gg092DB69lXLcZyDPZ/RtQ==", "updater": "rhel-vex", "name": "CVE-2024-24788", "description": "A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service (DoS) conditions.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24788 https://bugzilla.redhat.com/show_bug.cgi?id=2279814 https://www.cve.org/CVERecord?id=CVE-2024-24788 https://nvd.nist.gov/vuln/detail/CVE-2024-24788 https://pkg.go.dev/vuln/GO-2024-2824 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24788.json https://access.redhat.com/errata/RHBA-2024:3840", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.10-1.el9_4", "arch_op": "pattern match" }, "ggJq5z8YW0kySCUAGUYdXg==": { "id": "ggJq5z8YW0kySCUAGUYdXg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "gh3MdGIod7lYo7rDnSpHLw==": { "id": "gh3MdGIod7lYo7rDnSpHLw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "gjn1JHWHaWtPNhKrrRINWw==": { "id": "gjn1JHWHaWtPNhKrrRINWw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "gl5O329psI82Wn7F+BP/pw==": { "id": "gl5O329psI82Wn7F+BP/pw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "glwEUWfaBwNPBrXUJo34tg==": { "id": "glwEUWfaBwNPBrXUJo34tg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "gmo+iv72N8R3ZKjUbp9DXg==": { "id": "gmo+iv72N8R3ZKjUbp9DXg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-interpreter", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "goLAuNZUT0caQTKiv7m0Fg==": { "id": "goLAuNZUT0caQTKiv7m0Fg==", "updater": "rhel-vex", "name": "CVE-2024-32021", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a repository on their target's local system that contains symlinks. During the cloning process, Git could be tricked into creating hardlinked arbitrary files into their repository's objects/ directory, impacting availability and integrity.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32021 https://bugzilla.redhat.com/show_bug.cgi?id=2280484 https://www.cve.org/CVERecord?id=CVE-2024-32021 https://nvd.nist.gov/vuln/detail/CVE-2024-32021 https://github.com/git/git/security/advisories/GHSA-mvxm-9j2h-qjx7 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32021.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "gpPTgXxcA95Uk2vaf3/2dw==": { "id": "gpPTgXxcA95Uk2vaf3/2dw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gqWTMUdDL1db9YSLA4qpRQ==": { "id": "gqWTMUdDL1db9YSLA4qpRQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "grZJQsj3BT+fQns8dkci1g==": { "id": "grZJQsj3BT+fQns8dkci1g==", "updater": "osv/go", "name": "GO-2022-0520", "description": "Exposure of client IP addresses in net/http", "issued": "2022-07-28T17:23:05Z", "links": "https://go.dev/cl/412857 https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a https://go.dev/issue/53423 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "gs7k9o3a1jAc/zZ5AEytpQ==": { "id": "gs7k9o3a1jAc/zZ5AEytpQ==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "guovo7cvog/lYbVq887U/w==": { "id": "guovo7cvog/lYbVq887U/w==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "gvOYexCvSFjRc1ovPwHsww==": { "id": "gvOYexCvSFjRc1ovPwHsww==", "updater": "rhel-vex", "name": "CVE-2023-34410", "description": "An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate.", "issued": "2023-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34410 https://bugzilla.redhat.com/show_bug.cgi?id=2212747 https://www.cve.org/CVERecord?id=CVE-2023-34410 https://nvd.nist.gov/vuln/detail/CVE-2023-34410 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34410.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "gwO7tO+7wG4yYN77KHpJIg==": { "id": "gwO7tO+7wG4yYN77KHpJIg==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "gxC5QcXnizTYqfkIqc6zTA==": { "id": "gxC5QcXnizTYqfkIqc6zTA==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "h+nOQU6khNxAH7kkGqVqkQ==": { "id": "h+nOQU6khNxAH7kkGqVqkQ==", "updater": "rhel-vex", "name": "CVE-2022-3296", "description": "A stack-based buffer overflow vulnerability was found in vim's ex_finally() function of the src/ex_eval.c file. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a bug that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3296 https://bugzilla.redhat.com/show_bug.cgi?id=2129835 https://www.cve.org/CVERecord?id=CVE-2022-3296 https://nvd.nist.gov/vuln/detail/CVE-2022-3296 https://huntr.dev/bounties/958866b8-526a-4979-9471-39392e0c9077 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3296.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h/OVEZRz5ndHYLHsNXXXMg==": { "id": "h/OVEZRz5ndHYLHsNXXXMg==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "h08ca9AawAYymWtiO1A44A==": { "id": "h08ca9AawAYymWtiO1A44A==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "h5U/sk69K9TcWs3P9TuKxQ==": { "id": "h5U/sk69K9TcWs3P9TuKxQ==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "h7m1EaKKCwaqq30R6Q/BlQ==": { "id": "h7m1EaKKCwaqq30R6Q/BlQ==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "h7rVfEQf7/yrRLndyq6HvA==": { "id": "h7rVfEQf7/yrRLndyq6HvA==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "h8RB92Gx2aWFJ7WtAQ4wDA==": { "id": "h8RB92Gx2aWFJ7WtAQ4wDA==", "updater": "rhel-vex", "name": "CVE-2023-4016", "description": "A heap-based buffer overflow vulnerability was found in the procps project when handling untrusted input with the -C option. This issue may allow a user with \"ps\" utility access to write unfiltered data into the process heap, triggering an out-of-bounds write, consuming memory and causing a crash, resulting in a denial of service.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4016 https://bugzilla.redhat.com/show_bug.cgi?id=2228494 https://www.cve.org/CVERecord?id=CVE-2023-4016 https://nvd.nist.gov/vuln/detail/CVE-2023-4016 https://gitlab.com/procps-ng/procps/-/commit/2c933ecba3bb1d3041a5a7a53a7b4078a6003413 https://gitlab.com/procps-ng/procps/-/issues/297 https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4016.json https://access.redhat.com/errata/RHSA-2023:6705", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "procps-ng", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.3.17-13.el9", "arch_op": "pattern match" }, "h8nlVtUPrGKdJF9xyffy7g==": { "id": "h8nlVtUPrGKdJF9xyffy7g==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hECLdfUszFQo2UbzQI3BMQ==": { "id": "hECLdfUszFQo2UbzQI3BMQ==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:8446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.6", "arch_op": "pattern match" }, "hEt6vsfHYq4kHELEO5xWxA==": { "id": "hEt6vsfHYq4kHELEO5xWxA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "hGz8R5Dny4UCIDPZzXbK3g==": { "id": "hGz8R5Dny4UCIDPZzXbK3g==", "updater": "rhel-vex", "name": "CVE-2021-38593", "description": "Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke).", "issued": "2021-07-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-38593 https://bugzilla.redhat.com/show_bug.cgi?id=1994719 https://www.cve.org/CVERecord?id=CVE-2021-38593 https://nvd.nist.gov/vuln/detail/CVE-2021-38593 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-38593.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hHQvhYHv8KxCCQMiFpmyWg==": { "id": "hHQvhYHv8KxCCQMiFpmyWg==", "updater": "rhel-vex", "name": "CVE-2024-12718", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.", "issued": "2025-06-03T12:59:10Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12718 https://bugzilla.redhat.com/show_bug.cgi?id=2370013 https://www.cve.org/CVERecord?id=CVE-2024-12718 https://nvd.nist.gov/vuln/detail/CVE-2024-12718 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/127987 https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12718.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "hIHRMVndQh85jnW2uCawbw==": { "id": "hIHRMVndQh85jnW2uCawbw==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "hIP4iOnrw2sfStgfnTKJKw==": { "id": "hIP4iOnrw2sfStgfnTKJKw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "hJqH5PsFQ03HT/LzTwaCXA==": { "id": "hJqH5PsFQ03HT/LzTwaCXA==", "updater": "rhel-vex", "name": "CVE-2025-47912", "description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "issued": "2025-10-29T22:10:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47912 https://bugzilla.redhat.com/show_bug.cgi?id=2407247 https://www.cve.org/CVERecord?id=CVE-2025-47912 https://nvd.nist.gov/vuln/detail/CVE-2025-47912 https://go.dev/cl/709857 https://go.dev/issue/75678 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4010 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47912.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hK/f5zoJDHjYWcidbJwYsg==": { "id": "hK/f5zoJDHjYWcidbJwYsg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "hMwTXtuK2CPZup51st8vag==": { "id": "hMwTXtuK2CPZup51st8vag==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hOaq2CFtnMvxmr4bZOUh6A==": { "id": "hOaq2CFtnMvxmr4bZOUh6A==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json https://access.redhat.com/errata/RHSA-2025:21255", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.5.1-4.el9_7", "arch_op": "pattern match" }, "hRSnphgIhBaU8a2RyBPsuA==": { "id": "hRSnphgIhBaU8a2RyBPsuA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:3501", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_4.3", "arch_op": "pattern match" }, "hUC86VV8kD262xFcev0ZiA==": { "id": "hUC86VV8kD262xFcev0ZiA==", "updater": "rhel-vex", "name": "CVE-2025-11412", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the bfd_elf_gc_record_vtentry function in the bfd/elflink.c file due to a missing sanity check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11412 https://bugzilla.redhat.com/show_bug.cgi?id=2402425 https://www.cve.org/CVERecord?id=CVE-2025-11412 https://nvd.nist.gov/vuln/detail/CVE-2025-11412 https://sourceware.org/bugzilla/show_bug.cgi?id=33452 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc https://vuldb.com/?id.327348 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11412.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hWXaFNGw43ZC0VkI4/s2Pw==": { "id": "hWXaFNGw43ZC0VkI4/s2Pw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "hYg6jGCQ5Nuq7UsitAzuiw==": { "id": "hYg6jGCQ5Nuq7UsitAzuiw==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "hazOAbpBSQ6ZcoEMkq6UhQ==": { "id": "hazOAbpBSQ6ZcoEMkq6UhQ==", "updater": "rhel-vex", "name": "CVE-2023-5981", "description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "issued": "2023-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5981 https://bugzilla.redhat.com/show_bug.cgi?id=2248445 https://www.cve.org/CVERecord?id=CVE-2023-5981 https://nvd.nist.gov/vuln/detail/CVE-2023-5981 https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5981.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "helnYsRUBV0VLNZe0kvTiA==": { "id": "helnYsRUBV0VLNZe0kvTiA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "hfVFht+buqTExOEVhwr1xQ==": { "id": "hfVFht+buqTExOEVhwr1xQ==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "hgtI79dU1WVsnkd0nzqqTg==": { "id": "hgtI79dU1WVsnkd0nzqqTg==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "hinEteXkZ2xZbWF5lSQDEw==": { "id": "hinEteXkZ2xZbWF5lSQDEw==", "updater": "rhel-vex", "name": "CVE-2023-0797", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0797 https://bugzilla.redhat.com/show_bug.cgi?id=2170151 https://www.cve.org/CVERecord?id=CVE-2023-0797 https://nvd.nist.gov/vuln/detail/CVE-2023-0797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0797.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "hjzu3I+m68mPWogOfZscVg==": { "id": "hjzu3I+m68mPWogOfZscVg==", "updater": "rhel-vex", "name": "CVE-2023-39318", "description": "A flaw was found in Golang. The html/template package did not properly handle HMTL-like \"\u003c!--\" and \"--\u003e\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This issue may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39318 https://bugzilla.redhat.com/show_bug.cgi?id=2237776 https://www.cve.org/CVERecord?id=CVE-2023-39318 https://nvd.nist.gov/vuln/detail/CVE-2023-39318 https://go.dev/cl/526156 https://go.dev/issue/62196 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2041.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39318.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "hlV8M1lvezTjDMlaNPSTvg==": { "id": "hlV8M1lvezTjDMlaNPSTvg==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "hnVuaDEhxbGffMCkOiTy1A==": { "id": "hnVuaDEhxbGffMCkOiTy1A==", "updater": "rhel-vex", "name": "CVE-2023-3446", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3446 https://bugzilla.redhat.com/show_bug.cgi?id=2224962 https://www.cve.org/CVERecord?id=CVE-2023-3446 https://nvd.nist.gov/vuln/detail/CVE-2023-3446 https://www.openssl.org/news/secadv/20230719.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3446.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "htRPPeb7P9MNS47zhEuuaw==": { "id": "htRPPeb7P9MNS47zhEuuaw==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "hv1o+8ALinWTDa5cH4j3rA==": { "id": "hv1o+8ALinWTDa5cH4j3rA==", "updater": "rhel-vex", "name": "CVE-2022-4645", "description": "A flaw was found in tiffcp, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the tiffcp function in tools/tiffcp.c, resulting in a denial of service and limited information disclosure.", "issued": "2023-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4645 https://bugzilla.redhat.com/show_bug.cgi?id=2176220 https://www.cve.org/CVERecord?id=CVE-2022-4645 https://nvd.nist.gov/vuln/detail/CVE-2022-4645 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4645.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "hwn8HSXSxoAi1TYe+ACqPA==": { "id": "hwn8HSXSxoAi1TYe+ACqPA==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "hx3c9WG+Xum3pwxo0+FyRQ==": { "id": "hx3c9WG+Xum3pwxo0+FyRQ==", "updater": "rhel-vex", "name": "CVE-2023-23919", "description": "A cryptographic vulnerability exists in Node.js \u003c19.2.0, \u003c18.14.1, \u003c16.19.1, \u003c14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23919 https://bugzilla.redhat.com/show_bug.cgi?id=2172170 https://www.cve.org/CVERecord?id=CVE-2023-23919 https://nvd.nist.gov/vuln/detail/CVE-2023-23919 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23919.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "hxluEp8Si16NQcfaJDWcLg==": { "id": "hxluEp8Si16NQcfaJDWcLg==", "updater": "rhel-vex", "name": "CVE-2022-3324", "description": "A stack-based buffer overflow vulnerability was found in Vim's win_redr_ruler() function of the src/drawscreen.c file. The issue occurs when using a negative array index with a negative width window. This flaw allows an attacker to trick a user into opening a specially crafted file, which triggers the bug, causing an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3324 https://bugzilla.redhat.com/show_bug.cgi?id=2132558 https://www.cve.org/CVERecord?id=CVE-2022-3324 https://nvd.nist.gov/vuln/detail/CVE-2022-3324 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3324.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "hzkoKs3QdYyXJMnifzGbxA==": { "id": "hzkoKs3QdYyXJMnifzGbxA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "i+IfpRQo89HWL/sPRoOFsw==": { "id": "i+IfpRQo89HWL/sPRoOFsw==", "updater": "rhel-vex", "name": "CVE-2023-0799", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a use-after-free problem in the extractContigSamplesShifted32bits function in tools/tiffcrop.c, resulting in a Denial of Service.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0799 https://bugzilla.redhat.com/show_bug.cgi?id=2170162 https://www.cve.org/CVERecord?id=CVE-2023-0799 https://nvd.nist.gov/vuln/detail/CVE-2023-0799 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0799.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "i1aZclSgDVfSpq3wWatknQ==": { "id": "i1aZclSgDVfSpq3wWatknQ==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "i1iqh+iGOleBv5v21I50xw==": { "id": "i1iqh+iGOleBv5v21I50xw==", "updater": "rhel-vex", "name": "CVE-2024-37891", "description": "A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the `Proxy-Authorization` HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-37891 https://bugzilla.redhat.com/show_bug.cgi?id=2292788 https://www.cve.org/CVERecord?id=CVE-2024-37891 https://nvd.nist.gov/vuln/detail/CVE-2024-37891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-37891.json https://access.redhat.com/errata/RHSA-2024:6162", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-5.el9_4.1", "arch_op": "pattern match" }, "i3BrKsmhYf5wZYkQCBxUGw==": { "id": "i3BrKsmhYf5wZYkQCBxUGw==", "updater": "rhel-vex", "name": "CVE-2021-43618", "description": "A flaw was found in gmp. An integer overflow vulnerability could allow an attacker to input an integer value leading to a crash. The highest threat from this vulnerability is to system availability.", "issued": "2021-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-43618 https://bugzilla.redhat.com/show_bug.cgi?id=2024904 https://www.cve.org/CVERecord?id=CVE-2021-43618 https://nvd.nist.gov/vuln/detail/CVE-2021-43618 https://bugs.debian.org/994405 https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-43618.json https://access.redhat.com/errata/RHSA-2023:6661", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gmp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:6.2.0-13.el9", "arch_op": "pattern match" }, "iA/QQjWhvxyNLUaetWDlcQ==": { "id": "iA/QQjWhvxyNLUaetWDlcQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "iACEEOg8p4u2oul22eTv+Q==": { "id": "iACEEOg8p4u2oul22eTv+Q==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "iAZzrtYDqIG5uluq/FjhDA==": { "id": "iAZzrtYDqIG5uluq/FjhDA==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "iE+bfILM7uszXcxvEd6gYA==": { "id": "iE+bfILM7uszXcxvEd6gYA==", "updater": "rhel-vex", "name": "CVE-2025-23165", "description": "A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23165 https://bugzilla.redhat.com/show_bug.cgi?id=2367162 https://www.cve.org/CVERecord?id=CVE-2025-23165 https://nvd.nist.gov/vuln/detail/CVE-2025-23165 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23165.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "iJ/65EjB0RUIoiFFN5HgAw==": { "id": "iJ/65EjB0RUIoiFFN5HgAw==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "iK/w4oP0ry88Fhi1iG/FpA==": { "id": "iK/w4oP0ry88Fhi1iG/FpA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.el9", "arch_op": "pattern match" }, "iKVtZrDNXfISjmDp1xYKBQ==": { "id": "iKVtZrDNXfISjmDp1xYKBQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "iL/VOECJBzyFgTCwWDppVw==": { "id": "iL/VOECJBzyFgTCwWDppVw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iMwaCmNtKHrK2+scb+hkxw==": { "id": "iMwaCmNtKHrK2+scb+hkxw==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "iPCZH9YqKm3Qb2Qeqw32sA==": { "id": "iPCZH9YqKm3Qb2Qeqw32sA==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iQtqv3HeCGvWBf2ImnFK1w==": { "id": "iQtqv3HeCGvWBf2ImnFK1w==", "updater": "rhel-vex", "name": "CVE-2025-8941", "description": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.", "issued": "2025-08-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8941 https://bugzilla.redhat.com/show_bug.cgi?id=2388220 https://www.cve.org/CVERecord?id=CVE-2025-8941 https://nvd.nist.gov/vuln/detail/CVE-2025-8941 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8941.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "iRRK+UGfH5YqM+4LOHExpQ==": { "id": "iRRK+UGfH5YqM+4LOHExpQ==", "updater": "rhel-vex", "name": "CVE-2024-45492", "description": "A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for m_groupSize on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45492 https://bugzilla.redhat.com/show_bug.cgi?id=2308617 https://www.cve.org/CVERecord?id=CVE-2024-45492 https://nvd.nist.gov/vuln/detail/CVE-2024-45492 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/889 https://github.com/libexpat/libexpat/pull/892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45492.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "iRvSvKSGVLHqIXREJ4Ht/w==": { "id": "iRvSvKSGVLHqIXREJ4Ht/w==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "iSsTR9jTS/494HfIgB9pGQ==": { "id": "iSsTR9jTS/494HfIgB9pGQ==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "iSzOvPxPGZr2PfJTBTQBCQ==": { "id": "iSzOvPxPGZr2PfJTBTQBCQ==", "updater": "rhel-vex", "name": "CVE-2024-29040", "description": "A flaw was found in the tpm2-tss package, where it was not checked to see if the magic number in the attest is equal to the TPM2_GENERATED_VALUE. This flaw allows an attacker to generate arbitrary quote data, which may not be detected by Fapi_VerifyQuote.", "issued": "2024-04-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-29040 https://bugzilla.redhat.com/show_bug.cgi?id=2278077 https://www.cve.org/CVERecord?id=CVE-2024-29040 https://nvd.nist.gov/vuln/detail/CVE-2024-29040 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-29040.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "iUURXijANkMZIH/VbXWyYQ==": { "id": "iUURXijANkMZIH/VbXWyYQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "iWeHI13pT0mygP25w8npPg==": { "id": "iWeHI13pT0mygP25w8npPg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.18.2-1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "ibGOv13N1m/577Kb32wGxw==": { "id": "ibGOv13N1m/577Kb32wGxw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "ihcyIiYlnktNuXSrEgrQjg==": { "id": "ihcyIiYlnktNuXSrEgrQjg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "ijNNBHI8o+gObvRZ97LRdA==": { "id": "ijNNBHI8o+gObvRZ97LRdA==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-build-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ikYp9FVR/trdSFxeYpqAcA==": { "id": "ikYp9FVR/trdSFxeYpqAcA==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "ipjYj7xm8hx7kmgjjp0cpg==": { "id": "ipjYj7xm8hx7kmgjjp0cpg==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "iveVedfC78Qk/6ltHJ21kQ==": { "id": "iveVedfC78Qk/6ltHJ21kQ==", "updater": "rhel-vex", "name": "CVE-2024-34397", "description": "A flaw was found in GNOME GLib. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by the trusted system service. This issue could lead to the GDBus-based client behaving incorrectly with an application-dependent impact.", "issued": "2024-05-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34397 https://bugzilla.redhat.com/show_bug.cgi?id=2279632 https://www.cve.org/CVERecord?id=CVE-2024-34397 https://nvd.nist.gov/vuln/detail/CVE-2024-34397 https://gitlab.gnome.org/GNOME/glib/-/issues/3268 https://www.openwall.com/lists/oss-security/2024/05/07/5 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34397.json https://access.redhat.com/errata/RHSA-2024:6464", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-14.el9_4.1", "arch_op": "pattern match" }, "ixc06f0H9vqMfsbwQSwwvA==": { "id": "ixc06f0H9vqMfsbwQSwwvA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ixlSuy1zsWjDOO7lFuUNAQ==": { "id": "ixlSuy1zsWjDOO7lFuUNAQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "izYg2kL7sTEI8ASmlxRCdA==": { "id": "izYg2kL7sTEI8ASmlxRCdA==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "j/6W06GHqfn2irJJ7LDKTQ==": { "id": "j/6W06GHqfn2irJJ7LDKTQ==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "j7HjBQaZ5PNpv7JydPZ8OQ==": { "id": "j7HjBQaZ5PNpv7JydPZ8OQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "j7yoSCks+i8LevHtgFwCwQ==": { "id": "j7yoSCks+i8LevHtgFwCwQ==", "updater": "rhel-vex", "name": "CVE-2023-24056", "description": "A flaw was found in pkgconf, where a variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. This issue may lead to a buffer overflow, which can crash the software.", "issued": "2023-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24056 https://bugzilla.redhat.com/show_bug.cgi?id=2165034 https://www.cve.org/CVERecord?id=CVE-2023-24056 https://nvd.nist.gov/vuln/detail/CVE-2023-24056 https://nullprogram.com/blog/2023/01/18/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24056.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "pkgconf", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j8vL1GycOevI00+qC9aKmw==": { "id": "j8vL1GycOevI00+qC9aKmw==", "updater": "rhel-vex", "name": "CVE-2021-35939", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://www.cve.org/CVERecord?id=CVE-2021-35939 https://nvd.nist.gov/vuln/detail/CVE-2021-35939 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35939.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "j9SRMWigV/U3u/1hsi7gLA==": { "id": "j9SRMWigV/U3u/1hsi7gLA==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jAwMSdGdL8Maby3fRvFUDA==": { "id": "jAwMSdGdL8Maby3fRvFUDA==", "updater": "rhel-vex", "name": "CVE-2025-11082", "description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T22:32:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11082 https://bugzilla.redhat.com/show_bug.cgi?id=2399943 https://www.cve.org/CVERecord?id=CVE-2025-11082 https://nvd.nist.gov/vuln/detail/CVE-2025-11082 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/bugzilla/show_bug.cgi?id=33464 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://vuldb.com/?ctiid.326123 https://vuldb.com/?id.326123 https://vuldb.com/?submit.661276 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11082.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jDj44frt+6TCj0cwExt14w==": { "id": "jDj44frt+6TCj0cwExt14w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "jL7k69KOM8ZjTH+gwznwQg==": { "id": "jL7k69KOM8ZjTH+gwznwQg==", "updater": "osv/go", "name": "GO-2022-1039", "description": "Memory exhaustion when compiling regular expressions in regexp/syntax", "issued": "2022-10-06T16:42:07Z", "links": "https://go.dev/issue/55949 https://go.dev/cl/439356 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "jVClMHCoFf8RUCB6W2c2cQ==": { "id": "jVClMHCoFf8RUCB6W2c2cQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "jY7qsjEMOfcaNJkgI4dijw==": { "id": "jY7qsjEMOfcaNJkgI4dijw==", "updater": "rhel-vex", "name": "CVE-2023-26966", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to an out-of-bounds read in the uv_encode function in libtiff/tif_luv.c, resulting in a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-26966 https://bugzilla.redhat.com/show_bug.cgi?id=2218749 https://www.cve.org/CVERecord?id=CVE-2023-26966 https://nvd.nist.gov/vuln/detail/CVE-2023-26966 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-26966.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "jYkhobM1mHtLOwQie8WeWA==": { "id": "jYkhobM1mHtLOwQie8WeWA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "jYmxPZjDM/CNw9uJ4rnMHQ==": { "id": "jYmxPZjDM/CNw9uJ4rnMHQ==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "jZXEa4mdIQd85t4aOIhsfA==": { "id": "jZXEa4mdIQd85t4aOIhsfA==", "updater": "rhel-vex", "name": "CVE-2024-12087", "description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12087 https://bugzilla.redhat.com/show_bug.cgi?id=2330672 https://www.cve.org/CVERecord?id=CVE-2024-12087 https://nvd.nist.gov/vuln/detail/CVE-2024-12087 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12087.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "jb1tyEUU0h95jkJRbmTeVg==": { "id": "jb1tyEUU0h95jkJRbmTeVg==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "jbS9IFs59O0uPYg9IZeksQ==": { "id": "jbS9IFs59O0uPYg9IZeksQ==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "jcBNjU0VQp8W5rs9GaZnrw==": { "id": "jcBNjU0VQp8W5rs9GaZnrw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "jdtzUluiOvXnFmwaOX/6KQ==": { "id": "jdtzUluiOvXnFmwaOX/6KQ==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "je5QkI9XlXAaLqMv+l8ztQ==": { "id": "je5QkI9XlXAaLqMv+l8ztQ==", "updater": "rhel-vex", "name": "CVE-2025-58189", "description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "issued": "2025-10-29T22:10:12Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58189 https://bugzilla.redhat.com/show_bug.cgi?id=2407260 https://www.cve.org/CVERecord?id=CVE-2025-58189 https://nvd.nist.gov/vuln/detail/CVE-2025-58189 https://go.dev/cl/707776 https://go.dev/issue/75652 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4008 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jecTmyeay6DKd/7zioYjow==": { "id": "jecTmyeay6DKd/7zioYjow==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "jh1Mqm3BaTYV6MdA+4D74g==": { "id": "jh1Mqm3BaTYV6MdA+4D74g==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "jiVVTQmOtKqVixv7agF/Hg==": { "id": "jiVVTQmOtKqVixv7agF/Hg==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jlQB8YKpspXbBoHQT0JY7A==": { "id": "jlQB8YKpspXbBoHQT0JY7A==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "jlm8MnE+Ua07hmnpXd564A==": { "id": "jlm8MnE+Ua07hmnpXd564A==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "jmCYpsGWnnwiehZQL2tyGg==": { "id": "jmCYpsGWnnwiehZQL2tyGg==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "juRvPdedfeoW/YVn4PBM8Q==": { "id": "juRvPdedfeoW/YVn4PBM8Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "jvIOr2cGPChl6X44xwkz2w==": { "id": "jvIOr2cGPChl6X44xwkz2w==", "updater": "rhel-vex", "name": "CVE-2023-48795", "description": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48795 https://bugzilla.redhat.com/show_bug.cgi?id=2254210 https://www.cve.org/CVERecord?id=CVE-2023-48795 https://nvd.nist.gov/vuln/detail/CVE-2023-48795 https://access.redhat.com/solutions/7071748 https://terrapin-attack.com/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48795.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "jweM09oSTMKt4t5s2Lpg9g==": { "id": "jweM09oSTMKt4t5s2Lpg9g==", "updater": "rhel-vex", "name": "CVE-2023-29400", "description": "A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, \"attr={{.}}\") executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into tags.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29400 https://bugzilla.redhat.com/show_bug.cgi?id=2196029 https://www.cve.org/CVERecord?id=CVE-2023-29400 https://nvd.nist.gov/vuln/detail/CVE-2023-29400 https://go.dev/issue/59722 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29400.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "jyRfRwiUvNWAyNlZmv3MkQ==": { "id": "jyRfRwiUvNWAyNlZmv3MkQ==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "k+Eb8x9IQ/IHa5nSq7kcSQ==": { "id": "k+Eb8x9IQ/IHa5nSq7kcSQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "k/2DvTn2KLL28Yuh/WFLmw==": { "id": "k/2DvTn2KLL28Yuh/WFLmw==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "k/RAvY71xpuUVrSpsGkYlA==": { "id": "k/RAvY71xpuUVrSpsGkYlA==", "updater": "osv/go", "name": "GO-2022-1143", "description": "Restricted file access on Windows in os and net/http", "issued": "2022-12-07T16:08:45Z", "links": "https://go.dev/issue/56694 https://go.dev/cl/455716 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "k4dDUqBohIhzwbUS8fZiCA==": { "id": "k4dDUqBohIhzwbUS8fZiCA==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "k5LjlV1zmKau2rAIOnay6g==": { "id": "k5LjlV1zmKau2rAIOnay6g==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5765", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.3.el9_2", "arch_op": "pattern match" }, "k9Yjqv3ifDP4XwsJSZ8XiQ==": { "id": "k9Yjqv3ifDP4XwsJSZ8XiQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kBdyi87P4B1cTF5hLS7ByA==": { "id": "kBdyi87P4B1cTF5hLS7ByA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "kCgZMoKRMbRx90oiE7jJ+w==": { "id": "kCgZMoKRMbRx90oiE7jJ+w==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "kCqPC9VTuWeNYsZfiAbN4g==": { "id": "kCqPC9VTuWeNYsZfiAbN4g==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "kEe4Kuw3hXrzhJ/JDjR7wg==": { "id": "kEe4Kuw3hXrzhJ/JDjR7wg==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json https://access.redhat.com/errata/RHSA-2024:0464", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-urllib3", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.26.5-3.el9_3.1", "arch_op": "pattern match" }, "kFbIkTDdc0p9e6ndPrAnHA==": { "id": "kFbIkTDdc0p9e6ndPrAnHA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "kHC7JlgJ1gpjDIHxKgXZuQ==": { "id": "kHC7JlgJ1gpjDIHxKgXZuQ==", "updater": "osv/go", "name": "GO-2024-2609", "description": "Comments in display names are incorrectly handled in net/mail", "issued": "2024-03-05T22:15:04Z", "links": "https://go.dev/issue/65083 https://go.dev/cl/555596 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "kJ/PUfmUBn2Ep03yRLItuQ==": { "id": "kJ/PUfmUBn2Ep03yRLItuQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kMB61Eclf1Qb2Suk3JRmXw==": { "id": "kMB61Eclf1Qb2Suk3JRmXw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "kQEcZDAS6Ka6J710VZUH9w==": { "id": "kQEcZDAS6Ka6J710VZUH9w==", "updater": "rhel-vex", "name": "CVE-2024-25062", "description": "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", "issued": "2024-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25062 https://bugzilla.redhat.com/show_bug.cgi?id=2262726 https://www.cve.org/CVERecord?id=CVE-2024-25062 https://nvd.nist.gov/vuln/detail/CVE-2024-25062 https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 https://gitlab.gnome.org/GNOME/libxml2/-/tags https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25062.json https://access.redhat.com/errata/RHSA-2024:2679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_4", "arch_op": "pattern match" }, "kQq8hvN2yLWiupMaLbRduA==": { "id": "kQq8hvN2yLWiupMaLbRduA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.el9", "arch_op": "pattern match" }, "kRGVc4s/SuXPOfCHc7Q9ug==": { "id": "kRGVc4s/SuXPOfCHc7Q9ug==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kRa60N9SRvgjl+iiwZ9fZg==": { "id": "kRa60N9SRvgjl+iiwZ9fZg==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "kRj1Frl5pmWWgd5LR0IPyw==": { "id": "kRj1Frl5pmWWgd5LR0IPyw==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "kRqkfuoNHXgeW9vp8iyzQw==": { "id": "kRqkfuoNHXgeW9vp8iyzQw==", "updater": "rhel-vex", "name": "CVE-2023-41175", "description": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.", "issued": "2023-07-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-41175 https://bugzilla.redhat.com/show_bug.cgi?id=2235264 https://www.cve.org/CVERecord?id=CVE-2023-41175 https://nvd.nist.gov/vuln/detail/CVE-2023-41175 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-41175.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "kTasTqgA/HsT2H85z8VDPw==": { "id": "kTasTqgA/HsT2H85z8VDPw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "kTyfGInwWoCVv7gGPYCF5g==": { "id": "kTyfGInwWoCVv7gGPYCF5g==", "updater": "rhel-vex", "name": "CVE-2023-2610", "description": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.", "issued": "2023-05-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2610 https://bugzilla.redhat.com/show_bug.cgi?id=2209048 https://www.cve.org/CVERecord?id=CVE-2023-2610 https://nvd.nist.gov/vuln/detail/CVE-2023-2610 https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2610.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kUo4IyXRh1XFppRDAqTNnw==": { "id": "kUo4IyXRh1XFppRDAqTNnw==", "updater": "rhel-vex", "name": "CVE-2023-33285", "description": "A vulnerability was discovered in Qt. This security flaw occurs in the QDnsLookup function, which has a buffer over-read via a crafted reply from a DNS server.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-33285 https://bugzilla.redhat.com/show_bug.cgi?id=2209488 https://www.cve.org/CVERecord?id=CVE-2023-33285 https://nvd.nist.gov/vuln/detail/CVE-2023-33285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-33285.json https://access.redhat.com/errata/RHSA-2023:6369", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5-srpm-macros", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.15.9-1.el9", "arch_op": "pattern match" }, "kVJhm1LYIfhvn92InJZLDQ==": { "id": "kVJhm1LYIfhvn92InJZLDQ==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "kVjUyjaMJ0bXnwb03Ksw3A==": { "id": "kVjUyjaMJ0bXnwb03Ksw3A==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "kXL26w3j4LcAqSQ9tOuWMA==": { "id": "kXL26w3j4LcAqSQ9tOuWMA==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.2.1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "kaUbMItvWrS1leJMEsAk9A==": { "id": "kaUbMItvWrS1leJMEsAk9A==", "updater": "rhel-vex", "name": "CVE-2022-2284", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.", "issued": "2022-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2284 https://bugzilla.redhat.com/show_bug.cgi?id=2103872 https://www.cve.org/CVERecord?id=CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2284.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kdSSzkEHTOGF0fpTfXjzcg==": { "id": "kdSSzkEHTOGF0fpTfXjzcg==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "keMF1HAI1OIF8MvJtPZQ+g==": { "id": "keMF1HAI1OIF8MvJtPZQ+g==", "updater": "rhel-vex", "name": "CVE-2023-31124", "description": "A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31124 https://bugzilla.redhat.com/show_bug.cgi?id=2209494 https://www.cve.org/CVERecord?id=CVE-2023-31124 https://nvd.nist.gov/vuln/detail/CVE-2023-31124 https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31124.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "kgCv9K1pgDK48LdFtpFN9Q==": { "id": "kgCv9K1pgDK48LdFtpFN9Q==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "khaGOQZwNAF+Kql1EAlBfw==": { "id": "khaGOQZwNAF+Kql1EAlBfw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "khwtIlYEcWkkzJP1rg7BNg==": { "id": "khwtIlYEcWkkzJP1rg7BNg==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "kiHPM08GilYyFXQYDbdefw==": { "id": "kiHPM08GilYyFXQYDbdefw==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "kkBeA26IUhnokem2LDfx1A==": { "id": "kkBeA26IUhnokem2LDfx1A==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "kkxgUCDqJw1GL8dK+Je2RA==": { "id": "kkxgUCDqJw1GL8dK+Je2RA==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "knD9e5c9mhfEteHg6iIbAQ==": { "id": "knD9e5c9mhfEteHg6iIbAQ==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "koaJtTt9+fGxG4OSw5hxFA==": { "id": "koaJtTt9+fGxG4OSw5hxFA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-DynaLoader", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.47-481.1.el9_6", "arch_op": "pattern match" }, "ktNuCXztDAtRpUWlUtIWUg==": { "id": "ktNuCXztDAtRpUWlUtIWUg==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "ktZZSLvjrHrh7DYZ23sMhw==": { "id": "ktZZSLvjrHrh7DYZ23sMhw==", "updater": "rhel-vex", "name": "CVE-2023-45143", "description": "A flaw was found in the Undici node package due to the occurrence of Cross-origin requests, possibly leading to a cookie header leakage. By default, cookie headers are forbidden request headers, and they must be enabled. This flaw allows a malicious user to access this leaked cookie if they have control of the redirection.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45143 https://bugzilla.redhat.com/show_bug.cgi?id=2244104 https://www.cve.org/CVERecord?id=CVE-2023-45143 https://nvd.nist.gov/vuln/detail/CVE-2023-45143 https://github.com/nodejs/undici/security/advisories/GHSA-wqq4-5wpv-mx2g https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45143.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.8.1-1.18.18.2.2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "kwBmjCC7+d5xUliMZJPNWA==": { "id": "kwBmjCC7+d5xUliMZJPNWA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.el9", "arch_op": "pattern match" }, "kxjEyJZKMrQwjAj12bH0Ag==": { "id": "kxjEyJZKMrQwjAj12bH0Ag==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "ky4IJ5u2Ib7CaDmE7xOysg==": { "id": "ky4IJ5u2Ib7CaDmE7xOysg==", "updater": "rhel-vex", "name": "CVE-2021-46822", "description": "A heap-based buffer overflow vulnerability was found in libjpeg-turbo in the get_word_rgb_row() function in rdppm.c. The flaw occurs when the PPM reader in libjpeg-turbo mishandles use of the tjLoadImage() function for loading a 16-bit binary PPM file into a grayscale uncompressed image buffer and then loading a 16-bit binary PGM file into an RGB uncompressed image buffer. This flaw allows a remote attacker to persuade a victim to open a specially-crafted file, causing the application to crash.", "issued": "2021-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-46822 https://bugzilla.redhat.com/show_bug.cgi?id=2100044 https://www.cve.org/CVERecord?id=CVE-2021-46822 https://nvd.nist.gov/vuln/detail/CVE-2021-46822 https://exchange.xforce.ibmcloud.com/vulnerabilities/221567 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-46822.json https://access.redhat.com/errata/RHSA-2023:1068", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libjpeg-turbo-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.0.90-6.el9_1", "arch_op": "pattern match" }, "kyjbj2qojW5SnPuCG4+T3A==": { "id": "kyjbj2qojW5SnPuCG4+T3A==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "l2+nQ26t0lYvVluseJErUQ==": { "id": "l2+nQ26t0lYvVluseJErUQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Copy", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-481.el9", "arch_op": "pattern match" }, "l2fXal/tlhZFSzN3bmiLSg==": { "id": "l2fXal/tlhZFSzN3bmiLSg==", "updater": "rhel-vex", "name": "CVE-2024-4603", "description": "A flaw was found in OpenSSL. Applications that use the EVP_PKEY_param_check() or EVP_PKEY_public_check() function to check a DSA public key or DSA parameters may experience long delays when checking excessively long DSA keys or parameters.  In applications that allow untrusted sources to provide the key or parameters that are checked, an attacker may be able to cause a denial of service. These functions are not called by OpenSSL on untrusted DSA keys. The applications that directly call these functions are the ones that may be vulnerable to this issue.", "issued": "2024-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4603 https://bugzilla.redhat.com/show_bug.cgi?id=2281029 https://www.cve.org/CVERecord?id=CVE-2024-4603 https://nvd.nist.gov/vuln/detail/CVE-2024-4603 https://www.openssl.org/news/secadv/20240516.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4603.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "l3j9C20yHr6ZHIXLApzl0A==": { "id": "l3j9C20yHr6ZHIXLApzl0A==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "l7gfVyLrNH9qcWdXdRt9Kg==": { "id": "l7gfVyLrNH9qcWdXdRt9Kg==", "updater": "rhel-vex", "name": "CVE-2022-30632", "description": "A flaw was found in golang. Calling Glob on a path that contains a large number of path separators can cause a panic issue due to stack exhaustion. This can cause an attacker to impact availability.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30632 https://bugzilla.redhat.com/show_bug.cgi?id=2107386 https://www.cve.org/CVERecord?id=CVE-2022-30632 https://nvd.nist.gov/vuln/detail/CVE-2022-30632 https://go.dev/issue/53416 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30632.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "l8driNMmALQs2/V7+uCq+w==": { "id": "l8driNMmALQs2/V7+uCq+w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-NDBM_File", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.15-481.1.el9_6", "arch_op": "pattern match" }, "l8z3hCmcLYlZgxzha0zw+g==": { "id": "l8z3hCmcLYlZgxzha0zw+g==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "lBoi08D0xA11v+agRADO8A==": { "id": "lBoi08D0xA11v+agRADO8A==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "lCd4ciOqH+xVdJTAK6erDg==": { "id": "lCd4ciOqH+xVdJTAK6erDg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.el9", "arch_op": "pattern match" }, "lG2c0hNx+Fgq8Zf8B1rJyw==": { "id": "lG2c0hNx+Fgq8Zf8B1rJyw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "lH27Z8PmZeo/EM/AegpCTA==": { "id": "lH27Z8PmZeo/EM/AegpCTA==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "lHLNxD93t7uUJfmDhNwvCQ==": { "id": "lHLNxD93t7uUJfmDhNwvCQ==", "updater": "rhel-vex", "name": "CVE-2022-3256", "description": "A heap use-after-free vulnerability was found in vim's movemark() function of the src/mark.c file. This issue occurs because vim uses freed memory when 'autocmd' changes the mark. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap use-after-free that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3256 https://bugzilla.redhat.com/show_bug.cgi?id=2132571 https://www.cve.org/CVERecord?id=CVE-2022-3256 https://nvd.nist.gov/vuln/detail/CVE-2022-3256 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3256.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lIzMhy2E3/kAp+LsQCQyCA==": { "id": "lIzMhy2E3/kAp+LsQCQyCA==", "updater": "osv/go", "name": "GO-2023-1704", "description": "Excessive memory allocation in net/http and net/textproto", "issued": "2023-04-05T21:04:28Z", "links": "https://go.dev/issue/58975 https://go.dev/cl/481994 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "lJ8RTw7m+AgAnWW6upSntA==": { "id": "lJ8RTw7m+AgAnWW6upSntA==", "updater": "rhel-vex", "name": "CVE-2021-45078", "description": "An out-of-bounds flaw was found in binutils’ stabs functionality. The attack needs to be initiated locally where an attacker could convince a victim to read a specially crafted file that is processed by objdump, leading to the disclosure of memory and possibly leading to the execution of arbitrary code or causing the utility to crash.", "issued": "2021-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-45078 https://bugzilla.redhat.com/show_bug.cgi?id=2033715 https://www.cve.org/CVERecord?id=CVE-2021-45078 https://nvd.nist.gov/vuln/detail/CVE-2021-45078 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-45078.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lJah2RfNfRF+vEQdCucT7w==": { "id": "lJah2RfNfRF+vEQdCucT7w==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "lKniGV6mBq1xFWJ6V0QVvA==": { "id": "lKniGV6mBq1xFWJ6V0QVvA==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses-base", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "lM6Cai1zYvH4FYQ8nb6tQg==": { "id": "lM6Cai1zYvH4FYQ8nb6tQg==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lO89yYeT5Xt1E5KBgR1OXw==": { "id": "lO89yYeT5Xt1E5KBgR1OXw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "lQ+CMunyB1B/r/pkv6U72w==": { "id": "lQ+CMunyB1B/r/pkv6U72w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Class-Struct", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.66-481.1.el9_6", "arch_op": "pattern match" }, "lWKRi6BgpanbsQgeIct91A==": { "id": "lWKRi6BgpanbsQgeIct91A==", "updater": "rhel-vex", "name": "CVE-2022-35252", "description": "A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTP(S) server, where it accepts cookies using control codes (byte values below 32), and also when cookies that contain such control codes are later sent back to an HTTP(S) server, possibly causing the server to return a 400 response. This issue effectively allows a \"sister site\" to deny service to siblings and cause a denial of service attack.", "issued": "2022-08-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-35252 https://bugzilla.redhat.com/show_bug.cgi?id=2120718 https://www.cve.org/CVERecord?id=CVE-2022-35252 https://nvd.nist.gov/vuln/detail/CVE-2022-35252 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-35252.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "lWdVDKK0NI1ECjrQyrQZhA==": { "id": "lWdVDKK0NI1ECjrQyrQZhA==", "updater": "rhel-vex", "name": "CVE-2025-11414", "description": "A flaw was found in binutils. Processing a specially crafted object file with the ld linker can trigger an out-of-bounds read in the get_link_hash_entry function in the bfd/elflink.c file due to an improper check, causing a crash and resulting in a denial of service.", "issued": "2025-10-07T22:32:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11414 https://bugzilla.redhat.com/show_bug.cgi?id=2402424 https://www.cve.org/CVERecord?id=CVE-2025-11414 https://nvd.nist.gov/vuln/detail/CVE-2025-11414 https://sourceware.org/bugzilla/show_bug.cgi?id=33450 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703 https://vuldb.com/?id.327350 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11414.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "lbvVctqpDivb/6OV/xVV+A==": { "id": "lbvVctqpDivb/6OV/xVV+A==", "updater": "rhel-vex", "name": "CVE-2025-4802", "description": "A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen(), including internal dlopen() calls after setlocale() or calls to NSS functions such as getaddrinfo(), may incorrectly search LD_LIBRARY_PATH to determine which library to load, allowing a local attacker to load malicious shared libraries, escalate privileges and execute arbitrary code.", "issued": "2025-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4802 https://bugzilla.redhat.com/show_bug.cgi?id=2367468 https://www.cve.org/CVERecord?id=CVE-2025-4802 https://nvd.nist.gov/vuln/detail/CVE-2025-4802 https://www.openwall.com/lists/oss-security/2025/05/16/7 https://www.openwall.com/lists/oss-security/2025/05/17/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4802.json https://access.redhat.com/errata/RHSA-2025:8655", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.19", "arch_op": "pattern match" }, "lc0ErrFagkcQxsv9AGKTjw==": { "id": "lc0ErrFagkcQxsv9AGKTjw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ldTn/Q3i3BpKZ95U4mfrcQ==": { "id": "ldTn/Q3i3BpKZ95U4mfrcQ==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "lgYZVj6kPc0Poy1meDiyZQ==": { "id": "lgYZVj6kPc0Poy1meDiyZQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "lh/EYac7XXFvwJr7gkU1TA==": { "id": "lh/EYac7XXFvwJr7gkU1TA==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "ljT4JJv6XdYorFfJ6zbfog==": { "id": "ljT4JJv6XdYorFfJ6zbfog==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "lnhGLE2iCT1nizqrTioMEA==": { "id": "lnhGLE2iCT1nizqrTioMEA==", "updater": "rhel-vex", "name": "CVE-2025-6020", "description": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.", "issued": "2025-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6020 https://bugzilla.redhat.com/show_bug.cgi?id=2372512 https://www.cve.org/CVERecord?id=CVE-2025-6020 https://nvd.nist.gov/vuln/detail/CVE-2025-6020 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6020.json https://access.redhat.com/errata/RHSA-2025:15099", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-26.el9_6", "arch_op": "pattern match" }, "lsfrxxENmZMCtV8uOKkr8Q==": { "id": "lsfrxxENmZMCtV8uOKkr8Q==", "updater": "rhel-vex", "name": "CVE-2024-6119", "description": "A flaw was found in OpenSSL. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process.", "issued": "2024-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6119 https://bugzilla.redhat.com/show_bug.cgi?id=2306158 https://www.cve.org/CVERecord?id=CVE-2024-6119 https://nvd.nist.gov/vuln/detail/CVE-2024-6119 https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6119.json https://access.redhat.com/errata/RHSA-2024:6783", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-28.el9_4", "arch_op": "pattern match" }, "ltoIfsso65jjPxRqV9UMRw==": { "id": "ltoIfsso65jjPxRqV9UMRw==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "ltryu+P4IG4b3EAJKjyGHQ==": { "id": "ltryu+P4IG4b3EAJKjyGHQ==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "lv4eSxX+AEAW88phUmOolQ==": { "id": "lv4eSxX+AEAW88phUmOolQ==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "lz6O0nYiDpis8SScmTUuSg==": { "id": "lz6O0nYiDpis8SScmTUuSg==", "updater": "rhel-vex", "name": "CVE-2025-1215", "description": "A flaw was found in Vim. A local user may be able to trigger memory corruption by using the `--log` option with a non-existent path, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-12T18:31:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1215 https://bugzilla.redhat.com/show_bug.cgi?id=2345318 https://www.cve.org/CVERecord?id=CVE-2025-1215 https://nvd.nist.gov/vuln/detail/CVE-2025-1215 https://github.com/vim/vim/commit/c5654b84480822817bb7b69ebc97c174c91185e9 https://github.com/vim/vim/issues/16606 https://github.com/vim/vim/releases/tag/v9.1.1097 https://vuldb.com/?ctiid.295174 https://vuldb.com/?id.295174 https://vuldb.com/?submit.497546 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1215.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m+ltkfB6bwuyxpSjgAFr9w==": { "id": "m+ltkfB6bwuyxpSjgAFr9w==", "updater": "rhel-vex", "name": "CVE-2023-5363", "description": "A flaw was found in OpenSSL in how it processes key and initialization vector (IV) lengths. This issue can lead to potential truncation or overruns during the initialization of some symmetric ciphers. A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. Both truncations and overruns of the key and the IV will produce incorrect results and could, in some cases, trigger a memory exception.", "issued": "2023-10-24T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5363 https://bugzilla.redhat.com/show_bug.cgi?id=2243839 https://www.cve.org/CVERecord?id=CVE-2023-5363 https://nvd.nist.gov/vuln/detail/CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5363.json https://access.redhat.com/errata/RHSA-2024:0310", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-25.el9_3", "arch_op": "pattern match" }, "m/d6QTwNzEzxGSR3T2263Q==": { "id": "m/d6QTwNzEzxGSR3T2263Q==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "m02T5S9rBezyv/+a/R6Fkw==": { "id": "m02T5S9rBezyv/+a/R6Fkw==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m0VRm0XEm9FSwttsQ8QLaQ==": { "id": "m0VRm0XEm9FSwttsQ8QLaQ==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "m2sL00H9lvJ4xs2UqwHxiQ==": { "id": "m2sL00H9lvJ4xs2UqwHxiQ==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "m4A081U6rE2WLJ4u/pMkqg==": { "id": "m4A081U6rE2WLJ4u/pMkqg==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "m5AiZOpiUf+2oOMwsbQnSg==": { "id": "m5AiZOpiUf+2oOMwsbQnSg==", "updater": "rhel-vex", "name": "CVE-2025-11840", "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.", "issued": "2025-10-16T15:32:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11840 https://bugzilla.redhat.com/show_bug.cgi?id=2404481 https://www.cve.org/CVERecord?id=CVE-2025-11840 https://nvd.nist.gov/vuln/detail/CVE-2025-11840 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://vuldb.com/?ctiid.328775 https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m77LjZYd/4k9LSozG2S2mA==": { "id": "m77LjZYd/4k9LSozG2S2mA==", "updater": "rhel-vex", "name": "CVE-2024-50349", "description": "A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed directly. This can allow an attacker to manipulate URLs by including ANSI escape sequences, which can be interpreted by the terminal to mislead users by tricking them into entering passwords that are redirected to malicious attacker-controlled sites.", "issued": "2025-01-14T18:43:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-50349 https://bugzilla.redhat.com/show_bug.cgi?id=2337824 https://www.cve.org/CVERecord?id=CVE-2024-50349 https://nvd.nist.gov/vuln/detail/CVE-2024-50349 https://github.com/git/git/commit/7725b8100ffbbff2750ee4d61a0fcc1f53a086e8 https://github.com/git/git/commit/c903985bf7e772e2d08275c1a95c8a55ab011577 https://github.com/git/git/security/advisories/GHSA-hmg8-h7qf-7cxr https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-50349.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "m94VQcvA5qigjAcL/i2L2Q==": { "id": "m94VQcvA5qigjAcL/i2L2Q==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.1.el9_6", "arch_op": "pattern match" }, "mAh/ixYuQOgKvSoO2gk7SQ==": { "id": "mAh/ixYuQOgKvSoO2gk7SQ==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "mBrf1Yfgr5icNwG8S0edeA==": { "id": "mBrf1Yfgr5icNwG8S0edeA==", "updater": "rhel-vex", "name": "CVE-2023-29007", "description": "A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29007 https://bugzilla.redhat.com/show_bug.cgi?id=2188338 https://www.cve.org/CVERecord?id=CVE-2023-29007 https://nvd.nist.gov/vuln/detail/CVE-2023-29007 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29007.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "mIzvIMMUHDBMdt3eAx+4Rw==": { "id": "mIzvIMMUHDBMdt3eAx+4Rw==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mL/QvlBQrld+4EwXWLYTNQ==": { "id": "mL/QvlBQrld+4EwXWLYTNQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "mOQ3hJyzcYBnd65M1VVdFA==": { "id": "mOQ3hJyzcYBnd65M1VVdFA==", "updater": "osv/go", "name": "GO-2025-4011", "description": "Parsing DER payload can cause memory exhaustion in encoding/asn1", "issued": "2025-10-29T21:50:00Z", "links": "https://go.dev/issue/75671 https://go.dev/cl/709856 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "mPAC5fvINjFbBEv6qTd6tQ==": { "id": "mPAC5fvINjFbBEv6qTd6tQ==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "mQKKxdEERDHEVyOMhYExEw==": { "id": "mQKKxdEERDHEVyOMhYExEw==", "updater": "rhel-vex", "name": "CVE-2023-30590", "description": "A vulnerability has been identified in the Node.js, where a generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30590 https://bugzilla.redhat.com/show_bug.cgi?id=2219842 https://www.cve.org/CVERecord?id=CVE-2023-30590 https://nvd.nist.gov/vuln/detail/CVE-2023-30590 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30590.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "mUXGZjQ6odB/7zYNoJjJRA==": { "id": "mUXGZjQ6odB/7zYNoJjJRA==", "updater": "rhel-vex", "name": "CVE-2025-4138", "description": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:59:02Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4138 https://bugzilla.redhat.com/show_bug.cgi?id=2372426 https://www.cve.org/CVERecord?id=CVE-2025-4138 https://nvd.nist.gov/vuln/detail/CVE-2025-4138 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4138.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "mX276ORRxpj/FeNL+3OrXg==": { "id": "mX276ORRxpj/FeNL+3OrXg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mXfTdwl2racpbSHHHKO6EA==": { "id": "mXfTdwl2racpbSHHHKO6EA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "mbMEAQXpYoMKq7Io1LfrJA==": { "id": "mbMEAQXpYoMKq7Io1LfrJA==", "updater": "rhel-vex", "name": "CVE-2023-32067", "description": "A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32067 https://bugzilla.redhat.com/show_bug.cgi?id=2209502 https://www.cve.org/CVERecord?id=CVE-2023-32067 https://nvd.nist.gov/vuln/detail/CVE-2023-32067 https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32067.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "mfYVQsCdSPyqR1UobqhEIw==": { "id": "mfYVQsCdSPyqR1UobqhEIw==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "miA8N3aOifbt6s11v8VS/A==": { "id": "miA8N3aOifbt6s11v8VS/A==", "updater": "rhel-vex", "name": "CVE-2024-1394", "description": "A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs​. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey​ and ctx​. That function uses named return parameters to free pkey​ and ctx​ if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the \"return nil, nil, fail(...)\" pattern, meaning that pkey​ and ctx​ will be nil inside the deferred function that should free them.", "issued": "2024-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-1394 https://bugzilla.redhat.com/show_bug.cgi?id=2262921 https://www.cve.org/CVERecord?id=CVE-2024-1394 https://nvd.nist.gov/vuln/detail/CVE-2024-1394 https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136 https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f https://pkg.go.dev/vuln/GO-2024-2660 https://vuln.go.dev/ID/GO-2024-2660.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-1394.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "mjI/WzMYY52AQdc1No8ugQ==": { "id": "mjI/WzMYY52AQdc1No8ugQ==", "updater": "rhel-vex", "name": "CVE-2025-61724", "description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-61724 https://bugzilla.redhat.com/show_bug.cgi?id=2407257 https://www.cve.org/CVERecord?id=CVE-2025-61724 https://nvd.nist.gov/vuln/detail/CVE-2025-61724 https://go.dev/cl/709859 https://go.dev/issue/75716 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4015 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61724.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mjV/DAgymXlZYSj9rj04pg==": { "id": "mjV/DAgymXlZYSj9rj04pg==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "mk/9oG3VlXeyR83vbnlC7g==": { "id": "mk/9oG3VlXeyR83vbnlC7g==", "updater": "rhel-vex", "name": "CVE-2024-24790", "description": "A flaw was found in the Go language standard library net/netip. The method Is*() (IsPrivate(), IsPublic(), etc) doesn't behave properly when working with IPv6 mapped to IPv4 addresses. The unexpected behavior can lead to integrity and confidentiality issues, specifically when these methods are used to control access to resources or data.", "issued": "2024-06-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24790 https://bugzilla.redhat.com/show_bug.cgi?id=2292787 https://www.cve.org/CVERecord?id=CVE-2024-24790 https://nvd.nist.gov/vuln/detail/CVE-2024-24790 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24790.json https://access.redhat.com/errata/RHSA-2024:4212", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.11-1.el9_4", "arch_op": "pattern match" }, "mmFI4mA7exd6BfbwTUwJfQ==": { "id": "mmFI4mA7exd6BfbwTUwJfQ==", "updater": "rhel-vex", "name": "CVE-2021-20197", "description": "There is an open race window when writing output in the following utilities in GNU binutils1: ar, objcopy, strip, and ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.", "issued": "2021-01-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20197 https://bugzilla.redhat.com/show_bug.cgi?id=1913743 https://www.cve.org/CVERecord?id=CVE-2021-20197 https://nvd.nist.gov/vuln/detail/CVE-2021-20197 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20197.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mpDlR2Lk6PsJrTVRdAvAng==": { "id": "mpDlR2Lk6PsJrTVRdAvAng==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "mqxlcVJc3F4dPOTEtUve1Q==": { "id": "mqxlcVJc3F4dPOTEtUve1Q==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "mwpgk/i3GXoSJDpblt44zg==": { "id": "mwpgk/i3GXoSJDpblt44zg==", "updater": "rhel-vex", "name": "CVE-2023-1255", "description": "A vulnerability was found in OpenSSL. This security flaw occurs because the AES-XTS cipher decryption implementation for the 64-bit ARM platform contains an issue that could cause it to read past the input buffer, leading to a crash.", "issued": "2023-04-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1255 https://bugzilla.redhat.com/show_bug.cgi?id=2188461 https://www.cve.org/CVERecord?id=CVE-2023-1255 https://nvd.nist.gov/vuln/detail/CVE-2023-1255 https://www.openssl.org/news/secadv/20230420.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1255.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "mypK4Oz3YEbjmcF//Lb3ug==": { "id": "mypK4Oz3YEbjmcF//Lb3ug==", "updater": "rhel-vex", "name": "CVE-2023-24538", "description": "A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks (`) as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24538 https://bugzilla.redhat.com/show_bug.cgi?id=2184481 https://www.cve.org/CVERecord?id=CVE-2023-24538 https://nvd.nist.gov/vuln/detail/CVE-2023-24538 https://github.com/golang/go/issues/59234 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24538.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "n+8zHdzpUdNYaOfjqM+rvQ==": { "id": "n+8zHdzpUdNYaOfjqM+rvQ==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "n0AAvWWXPdMdY6hEXZez1A==": { "id": "n0AAvWWXPdMdY6hEXZez1A==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "n2MoI6iOOGKJg6CiwpZkxg==": { "id": "n2MoI6iOOGKJg6CiwpZkxg==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "n39YhRffL6tFFAy/S18A8Q==": { "id": "n39YhRffL6tFFAy/S18A8Q==", "updater": "rhel-vex", "name": "CVE-2025-1371", "description": "A flaw was found in GNU elfutils. This vulnerability allows a NULL pointer dereference via the handle_dynamic_symtab function in readelf.c.", "issued": "2025-02-17T02:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1371 https://bugzilla.redhat.com/show_bug.cgi?id=2346055 https://www.cve.org/CVERecord?id=CVE-2025-1371 https://nvd.nist.gov/vuln/detail/CVE-2025-1371 https://sourceware.org/bugzilla/attachment.cgi?id=15926 https://sourceware.org/bugzilla/show_bug.cgi?id=32655 https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2 https://vuldb.com/?ctiid.295978 https://vuldb.com/?id.295978 https://vuldb.com/?submit.496484 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1371.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n5bOb2nwIXCE6i6WEpGlzA==": { "id": "n5bOb2nwIXCE6i6WEpGlzA==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n6Vm6uSXhVeVnZmJCVL4pw==": { "id": "n6Vm6uSXhVeVnZmJCVL4pw==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "n78TtR5pw5YtOwMk7gVGmg==": { "id": "n78TtR5pw5YtOwMk7gVGmg==", "updater": "rhel-vex", "name": "CVE-2024-56171", "description": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56171 https://bugzilla.redhat.com/show_bug.cgi?id=2346416 https://www.cve.org/CVERecord?id=CVE-2024-56171 https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56171.json https://access.redhat.com/errata/RHSA-2025:2679", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.2", "arch_op": "pattern match" }, "n9h0mZrBntcdO8rut9mZew==": { "id": "n9h0mZrBntcdO8rut9mZew==", "updater": "osv/go", "name": "GO-2023-1703", "description": "Backticks not treated as string delimiters in html/template", "issued": "2023-04-05T21:05:27Z", "links": "https://go.dev/issue/59234 https://go.dev/cl/482079 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "nD4gdXb8ND61ypX9fYklTQ==": { "id": "nD4gdXb8ND61ypX9fYklTQ==", "updater": "rhel-vex", "name": "CVE-2023-30774", "description": "A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30774 https://bugzilla.redhat.com/show_bug.cgi?id=2187139 https://www.cve.org/CVERecord?id=CVE-2023-30774 https://nvd.nist.gov/vuln/detail/CVE-2023-30774 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30774.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "nF1VC5iJhTtrDBwL8mfOiw==": { "id": "nF1VC5iJhTtrDBwL8mfOiw==", "updater": "rhel-vex", "name": "CVE-2024-12747", "description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "issued": "2025-01-14T15:06:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12747 https://bugzilla.redhat.com/show_bug.cgi?id=2332968 https://www.cve.org/CVERecord?id=CVE-2024-12747 https://nvd.nist.gov/vuln/detail/CVE-2024-12747 https://kb.cert.org/vuls/id/952657 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12747.json https://access.redhat.com/errata/RHSA-2025:7050", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "rsync", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.5-3.el9", "arch_op": "pattern match" }, "nFaODSvvA4RrGIiPJ9FjRA==": { "id": "nFaODSvvA4RrGIiPJ9FjRA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-POSIX", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.94-481.1.el9_6", "arch_op": "pattern match" }, "nKGJQ32gv73mgVLbPDD8Qg==": { "id": "nKGJQ32gv73mgVLbPDD8Qg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "nLbsKQgcqXqFJTjqeQs6Vg==": { "id": "nLbsKQgcqXqFJTjqeQs6Vg==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "nM+XWkmaG537tz4PDM13+w==": { "id": "nM+XWkmaG537tz4PDM13+w==", "updater": "rhel-vex", "name": "CVE-2022-41723", "description": "A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.", "issued": "2023-02-17T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41723 https://bugzilla.redhat.com/show_bug.cgi?id=2178358 https://www.cve.org/CVERecord?id=CVE-2022-41723 https://nvd.nist.gov/vuln/detail/CVE-2022-41723 https://github.com/advisories/GHSA-vvpx-j8f3-3w6h https://go.dev/cl/468135 https://go.dev/cl/468295 https://go.dev/issue/57855 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1571 https://vuln.go.dev/ID/GO-2023-1571.json https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41723.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "nNNVXLjFvnegTKkITfCBuA==": { "id": "nNNVXLjFvnegTKkITfCBuA==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "nNzRt87EkCVymyYuDyEW2w==": { "id": "nNzRt87EkCVymyYuDyEW2w==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "nOD1OtMP4aGP/bT3iktDEQ==": { "id": "nOD1OtMP4aGP/bT3iktDEQ==", "updater": "osv/go", "name": "GO-2022-1144", "description": "Excessive memory growth in net/http and golang.org/x/net/http2", "issued": "2022-12-08T19:01:21Z", "links": "https://go.dev/issue/56350 https://go.dev/cl/455717 https://go.dev/cl/455635 https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.9" }, "nPl1VYR04nooFy6e74yZlg==": { "id": "nPl1VYR04nooFy6e74yZlg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "nRYrn2tFn8hdV0x+2YRPYQ==": { "id": "nRYrn2tFn8hdV0x+2YRPYQ==", "updater": "rhel-vex", "name": "CVE-2024-28835", "description": "A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the \"certtool --verify-chain\" command.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28835 https://bugzilla.redhat.com/show_bug.cgi?id=2269084 https://www.cve.org/CVERecord?id=CVE-2024-28835 https://nvd.nist.gov/vuln/detail/CVE-2024-28835 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28835.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "nRlBpDuWR9J0Ttd/BugkSQ==": { "id": "nRlBpDuWR9J0Ttd/BugkSQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "nS4rhARAcjvkSY8dJUFdOA==": { "id": "nS4rhARAcjvkSY8dJUFdOA==", "updater": "rhel-vex", "name": "CVE-2023-39319", "description": "A flaw was found in Golang. The html/template package did not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This issue may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39319 https://bugzilla.redhat.com/show_bug.cgi?id=2237773 https://www.cve.org/CVERecord?id=CVE-2023-39319 https://nvd.nist.gov/vuln/detail/CVE-2023-39319 https://go.dev/cl/526157 https://go.dev/issue/62197 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2043.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39319.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "nSAqYkKsqi7arKT9mgba5w==": { "id": "nSAqYkKsqi7arKT9mgba5w==", "updater": "rhel-vex", "name": "CVE-2025-32989", "description": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.", "issued": "2025-07-10T07:54:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32989 https://bugzilla.redhat.com/show_bug.cgi?id=2359621 https://www.cve.org/CVERecord?id=CVE-2025-32989 https://nvd.nist.gov/vuln/detail/CVE-2025-32989 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32989.json https://access.redhat.com/errata/RHSA-2025:16116", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.8.3-6.el9_6.2", "arch_op": "pattern match" }, "nVEuAeNYaydUTqNE5GOm/w==": { "id": "nVEuAeNYaydUTqNE5GOm/w==", "updater": "rhel-vex", "name": "CVE-2023-24536", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an issue during multipart form parsing. By sending a specially crafted input, a remote attacker can consume large amounts of CPU and memory, resulting in a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24536 https://bugzilla.redhat.com/show_bug.cgi?id=2184482 https://www.cve.org/CVERecord?id=CVE-2023-24536 https://nvd.nist.gov/vuln/detail/CVE-2023-24536 https://go.dev/issue/59153 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24536.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "nVgNlf1p1N8UKAkTllJrCA==": { "id": "nVgNlf1p1N8UKAkTllJrCA==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "nW07GBIUhWrN6iKB9MBAkg==": { "id": "nW07GBIUhWrN6iKB9MBAkg==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "naO+9RNjE/hIMaezFHe7IA==": { "id": "naO+9RNjE/hIMaezFHe7IA==", "updater": "osv/go", "name": "GO-2024-2888", "description": "Mishandling of corrupt central directory record in archive/zip", "issued": "2024-06-04T22:48:55Z", "links": "https://go.dev/cl/585397 https://go.dev/issue/66869 https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.11" }, "nbtTb8L4YMUxpajoNaatQg==": { "id": "nbtTb8L4YMUxpajoNaatQg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "nfRozYKxaq/cbStnERagAQ==": { "id": "nfRozYKxaq/cbStnERagAQ==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "nhTPOqyx5Hjq5RaQThVb3A==": { "id": "nhTPOqyx5Hjq5RaQThVb3A==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "noShzkxXeZ6xaXHAA8su4g==": { "id": "noShzkxXeZ6xaXHAA8su4g==", "updater": "rhel-vex", "name": "CVE-2023-22490", "description": "A vulnerability was found in Git. Using a specially-crafted repository, Git can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source $GIT_DIR/objects directory contains symbolic links (CVE-2022-39253), the objects directory may still be a symbolic link.", "issued": "2023-02-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22490 https://bugzilla.redhat.com/show_bug.cgi?id=2168160 https://www.cve.org/CVERecord?id=CVE-2023-22490 https://nvd.nist.gov/vuln/detail/CVE-2023-22490 https://github.blog/2023-02-14-git-security-vulnerabilities-announced-3/ https://github.com/git/git/security/advisories/GHSA-gw92-x3fm-3g3q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22490.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "noUIfMZn5dUZdEKTi/GsOA==": { "id": "noUIfMZn5dUZdEKTi/GsOA==", "updater": "rhel-vex", "name": "CVE-2024-30204", "description": "A flaw was found in Emacs. When Emacs is used as an email client, a preview of a crafted LaTeX document attached to an email can exhaust the disk space or the inodes allocated for the partition where the /tmp directory is located. This issue possibly results in a denial of service.", "issued": "2024-03-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-30204 https://bugzilla.redhat.com/show_bug.cgi?id=2280297 https://www.cve.org/CVERecord?id=CVE-2024-30204 https://nvd.nist.gov/vuln/detail/CVE-2024-30204 https://www.openwall.com/lists/oss-security/2024/03/25/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-30204.json https://access.redhat.com/errata/RHSA-2024:9302", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-10.el9", "arch_op": "pattern match" }, "ntPgpTaOsf+PmS8l/Ba/Gw==": { "id": "ntPgpTaOsf+PmS8l/Ba/Gw==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "nxT/hl64jXfWptNxWhmDuA==": { "id": "nxT/hl64jXfWptNxWhmDuA==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "nzSVb3AtyNNflDi2DJAqSg==": { "id": "nzSVb3AtyNNflDi2DJAqSg==", "updater": "rhel-vex", "name": "CVE-2025-47906", "description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "issued": "2025-09-18T18:41:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47906 https://bugzilla.redhat.com/show_bug.cgi?id=2396546 https://www.cve.org/CVERecord?id=CVE-2025-47906 https://nvd.nist.gov/vuln/detail/CVE-2025-47906 https://go.dev/cl/691775 https://go.dev/issue/74466 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3956 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47906.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "o+oNdKG9C3ouEb/OQo1GOQ==": { "id": "o+oNdKG9C3ouEb/OQo1GOQ==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.6.7-1.18.17.1.1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "o/JG334q9R0nTyZD1vNw7w==": { "id": "o/JG334q9R0nTyZD1vNw7w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-sign-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "o16kBwzDyL2DXuhbCPWX9Q==": { "id": "o16kBwzDyL2DXuhbCPWX9Q==", "updater": "rhel-vex", "name": "CVE-2021-3572", "description": "A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity.", "issued": "2021-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3572 https://bugzilla.redhat.com/show_bug.cgi?id=1962856 https://www.cve.org/CVERecord?id=CVE-2021-3572 https://nvd.nist.gov/vuln/detail/CVE-2021-3572 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3572.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o1V8hGX+jv19u/R1lSOgXA==": { "id": "o1V8hGX+jv19u/R1lSOgXA==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "o2Jv7s2Wil4Jz6qK6599ww==": { "id": "o2Jv7s2Wil4Jz6qK6599ww==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "o2RzBkbyaO/aJUexQwQheA==": { "id": "o2RzBkbyaO/aJUexQwQheA==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.2.el9_2", "arch_op": "pattern match" }, "o3TqxXhqdegYIl51fSMQ1A==": { "id": "o3TqxXhqdegYIl51fSMQ1A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "o52gvb+djtuOAe8fWpXboQ==": { "id": "o52gvb+djtuOAe8fWpXboQ==", "updater": "osv/go", "name": "GO-2025-3849", "description": "Incorrect results returned from Rows.Scan in database/sql", "issued": "2025-08-07T15:07:27Z", "links": "https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.23.12" }, "o6arI4B+lOjvgV6k7kauyw==": { "id": "o6arI4B+lOjvgV6k7kauyw==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "o7U6pbXnKgxDi4OXl/ryRA==": { "id": "o7U6pbXnKgxDi4OXl/ryRA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "o8O4Ttqnv0lQfm1yyfyVsw==": { "id": "o8O4Ttqnv0lQfm1yyfyVsw==", "updater": "rhel-vex", "name": "CVE-2022-1720", "description": "A heap buffer over-read vulnerability was found in Vim's grab_file_name() function of the src/findfile.c file. This flaw occurs because the function reads after the NULL terminates the line with \"gf\" in Visual block mode. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a heap buffer over-read vulnerability that causes an application to crash and corrupt memory.", "issued": "2022-05-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1720 https://bugzilla.redhat.com/show_bug.cgi?id=2099979 https://www.cve.org/CVERecord?id=CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1720.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "o94cfzaEslnrzBtYm19DkA==": { "id": "o94cfzaEslnrzBtYm19DkA==", "updater": "rhel-vex", "name": "CVE-2022-3970", "description": "An integer overflow flaw was found in LibTIFF. This issue exists in the TIFFReadRGBATileExt function of the libtiff/tif_getimage.c file, and may lead to a buffer overflow.", "issued": "2022-11-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3970 https://bugzilla.redhat.com/show_bug.cgi?id=2148918 https://www.cve.org/CVERecord?id=CVE-2022-3970 https://nvd.nist.gov/vuln/detail/CVE-2022-3970 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3970.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "oAa5rQ+ettvHgaEihiWA9A==": { "id": "oAa5rQ+ettvHgaEihiWA9A==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:5763", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.4", "arch_op": "pattern match" }, "oBl0IuwDdaD9PwMwSDcQpg==": { "id": "oBl0IuwDdaD9PwMwSDcQpg==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "oCDLcNdeKQmSOcg6w237gw==": { "id": "oCDLcNdeKQmSOcg6w237gw==", "updater": "rhel-vex", "name": "CVE-2024-47081", "description": "A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue.", "issued": "2025-06-09T17:57:47Z", "links": "https://access.redhat.com/security/cve/CVE-2024-47081 https://bugzilla.redhat.com/show_bug.cgi?id=2371272 https://www.cve.org/CVERecord?id=CVE-2024-47081 https://nvd.nist.gov/vuln/detail/CVE-2024-47081 http://seclists.org/fulldisclosure/2025/Jun/2 http://www.openwall.com/lists/oss-security/2025/06/03/11 http://www.openwall.com/lists/oss-security/2025/06/03/9 http://www.openwall.com/lists/oss-security/2025/06/04/1 http://www.openwall.com/lists/oss-security/2025/06/04/6 https://github.com/psf/requests/commit/96ba401c1296ab1dda74a2365ef36d88f7d144ef https://github.com/psf/requests/pull/6965 https://github.com/psf/requests/security/advisories/GHSA-9hjg-9r4m-mvj7 https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env https://seclists.org/fulldisclosure/2025/Jun/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-47081.json https://access.redhat.com/errata/RHSA-2025:12519", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-10.el9_6", "arch_op": "pattern match" }, "oDGZCaWnkiaSQdz+QhIr5Q==": { "id": "oDGZCaWnkiaSQdz+QhIr5Q==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "oEKqq2GIVwWjorWJihmJiw==": { "id": "oEKqq2GIVwWjorWJihmJiw==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "oGKMWwqd8g23cJbO7k5MNA==": { "id": "oGKMWwqd8g23cJbO7k5MNA==", "updater": "osv/go", "name": "GO-2023-1753", "description": "Improper handling of empty HTML attributes in html/template", "issued": "2023-05-05T21:10:24Z", "links": "https://go.dev/issue/59722 https://go.dev/cl/491617 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "oGVW07Zdco+t8LxGqPbEUA==": { "id": "oGVW07Zdco+t8LxGqPbEUA==", "updater": "rhel-vex", "name": "CVE-2023-32681", "description": "A flaw was found in the Python-requests package, where it is vulnerable to potentially leaking Proxy-Authorization headers to destination servers, specifically during redirects to an HTTPS origin. This is a product of how rebuild_proxies is used to recompute and reattach the Proxy-Authorization header to requests when redirected. This behavior only affects proxied requests when credentials are supplied in the URL user information component (for example, https://username:password@proxy:8080).", "issued": "2023-05-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32681 https://bugzilla.redhat.com/show_bug.cgi?id=2209469 https://www.cve.org/CVERecord?id=CVE-2023-32681 https://nvd.nist.gov/vuln/detail/CVE-2023-32681 https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32681.json https://access.redhat.com/errata/RHSA-2023:4350", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-requests", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.25.1-7.el9_2", "arch_op": "pattern match" }, "oGhsPyoyEtiEHT7/0qF+CQ==": { "id": "oGhsPyoyEtiEHT7/0qF+CQ==", "updater": "rhel-vex", "name": "CVE-2025-7545", "description": "A flaw was found in binutils. The `copy_section` function in `binutils/objcopy.c` is susceptible to a heap-based buffer overflow due to improper bounds checking during data copying. This flaw allows a local attacker to provide a specially crafted file. This manipulation can lead to a denial of service.", "issued": "2025-07-13T21:44:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7545 https://bugzilla.redhat.com/show_bug.cgi?id=2379785 https://www.cve.org/CVERecord?id=CVE-2025-7545 https://nvd.nist.gov/vuln/detail/CVE-2025-7545 https://sourceware.org/bugzilla/attachment.cgi?id=16117 https://sourceware.org/bugzilla/show_bug.cgi?id=33049 https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 https://vuldb.com/?ctiid.316243 https://vuldb.com/?id.316243 https://vuldb.com/?submit.614355 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7545.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oIBUxFCAPk4vRXBwpcmtFw==": { "id": "oIBUxFCAPk4vRXBwpcmtFw==", "updater": "rhel-vex", "name": "CVE-2022-44840", "description": "A heap-based buffer overflow vulnerability was found in binutils in the find_section_in_set function. This flaw allows an attacker to use a specially crafted payload to trigger a buffer overflow, resulting in issues with availability, confidentiality, and integrity.", "issued": "2022-10-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44840 https://bugzilla.redhat.com/show_bug.cgi?id=2234004 https://www.cve.org/CVERecord?id=CVE-2022-44840 https://nvd.nist.gov/vuln/detail/CVE-2022-44840 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44840.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oNps3pS/KBKadK++zlgktA==": { "id": "oNps3pS/KBKadK++zlgktA==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "delve", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.1-2.el9_5", "arch_op": "pattern match" }, "oPNobp4gxHQj7UMaryNaHw==": { "id": "oPNobp4gxHQj7UMaryNaHw==", "updater": "rhel-vex", "name": "CVE-2024-12797", "description": "A flaw was found in OpenSSL's RFC7250 Raw Public Key (RPK) authentication. This vulnerability allows man-in-the-middle (MITM) attacks via failure to abort TLS/DTLS handshakes when the server's RPK does not match the expected key despite the SSL_VERIFY_PEER verification mode being set.", "issued": "2025-02-11T15:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-12797 https://bugzilla.redhat.com/show_bug.cgi?id=2342757 https://www.cve.org/CVERecord?id=CVE-2024-12797 https://nvd.nist.gov/vuln/detail/CVE-2024-12797 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-12797.json https://access.redhat.com/errata/RHSA-2025:1330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5.1", "arch_op": "pattern match" }, "oQ3Lediq93z2xbrIoJUi7Q==": { "id": "oQ3Lediq93z2xbrIoJUi7Q==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "oQ8YhXsWl1bwUCG1x+HzDQ==": { "id": "oQ8YhXsWl1bwUCG1x+HzDQ==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "oUbBUuaPbKO68xR8hm0EKg==": { "id": "oUbBUuaPbKO68xR8hm0EKg==", "updater": "rhel-vex", "name": "CVE-2023-27538", "description": "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27538 https://bugzilla.redhat.com/show_bug.cgi?id=2179103 https://www.cve.org/CVERecord?id=CVE-2023-27538 https://nvd.nist.gov/vuln/detail/CVE-2023-27538 https://curl.se/docs/CVE-2023-27538.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27538.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "oVI7j6msaWseNIkn6m/3+A==": { "id": "oVI7j6msaWseNIkn6m/3+A==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "oVgcRSL89qnSRkMXpV8N8A==": { "id": "oVgcRSL89qnSRkMXpV8N8A==", "updater": "rhel-vex", "name": "CVE-2022-2819", "description": "A flaw was found in vim. The vulnerability occurs due to illegal memory access and leads to a heap buffer overflow vulnerability. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution.", "issued": "2022-08-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2819 https://bugzilla.redhat.com/show_bug.cgi?id=2118594 https://www.cve.org/CVERecord?id=CVE-2022-2819 https://nvd.nist.gov/vuln/detail/CVE-2022-2819 https://huntr.dev/bounties/0a9bd71e-66b8-4eb1-9566-7dfd9b097e59 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2819.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "oXbtPoAI0xd/D3jVRZ8E8Q==": { "id": "oXbtPoAI0xd/D3jVRZ8E8Q==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "oYEyIJ07SURdsg7rK6qrYw==": { "id": "oYEyIJ07SURdsg7rK6qrYw==", "updater": "osv/go", "name": "GO-2022-1037", "description": "Unbounded memory consumption when reading headers in archive/tar", "issued": "2022-10-06T16:26:05Z", "links": "https://go.dev/issue/54853 https://go.dev/cl/439355 https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.7" }, "oZ/2a9w+ysaJ6Y0prrNk0g==": { "id": "oZ/2a9w+ysaJ6Y0prrNk0g==", "updater": "rhel-vex", "name": "CVE-2025-11081", "description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "issued": "2025-09-27T22:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11081 https://bugzilla.redhat.com/show_bug.cgi?id=2399944 https://www.cve.org/CVERecord?id=CVE-2025-11081 https://nvd.nist.gov/vuln/detail/CVE-2025-11081 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://vuldb.com/?ctiid.326122 https://vuldb.com/?id.326122 https://vuldb.com/?submit.661275 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11081.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "obSzOBXxlQxURPk04eb+8Q==": { "id": "obSzOBXxlQxURPk04eb+8Q==", "updater": "rhel-vex", "name": "CVE-2023-52356", "description": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.", "issued": "2023-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-52356 https://bugzilla.redhat.com/show_bug.cgi?id=2251344 https://www.cve.org/CVERecord?id=CVE-2023-52356 https://nvd.nist.gov/vuln/detail/CVE-2023-52356 https://gitlab.com/libtiff/libtiff/-/issues/622 https://gitlab.com/libtiff/libtiff/-/merge_requests/546 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-52356.json https://access.redhat.com/errata/RHSA-2025:20801", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9", "arch_op": "pattern match" }, "obTTrP5oWTTgSGItpJqyKg==": { "id": "obTTrP5oWTTgSGItpJqyKg==", "updater": "rhel-vex", "name": "CVE-2022-30631", "description": "A flaw was found in golang. Calling the Reader, Read method on an archive that contains a large number of concatenated 0-length compressed files can cause a panic issue due to stack exhaustion.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-30631 https://bugzilla.redhat.com/show_bug.cgi?id=2107342 https://www.cve.org/CVERecord?id=CVE-2022-30631 https://nvd.nist.gov/vuln/detail/CVE-2022-30631 https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-30631.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ohJ0B7EgOJ9MaxYsbvhjIA==": { "id": "ohJ0B7EgOJ9MaxYsbvhjIA==", "updater": "rhel-vex", "name": "CVE-2021-3826", "description": "A vulnerability was found in Libiberty. A heap and stack buffer overflow found in the dlang_lname function in d-demangle.c leads to a denial of service.", "issued": "2021-09-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3826 https://bugzilla.redhat.com/show_bug.cgi?id=2122627 https://www.cve.org/CVERecord?id=CVE-2021-3826 https://nvd.nist.gov/vuln/detail/CVE-2021-3826 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3826.json https://access.redhat.com/errata/RHSA-2023:6372", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gdb-gdbserver", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:10.2-11.el9", "arch_op": "pattern match" }, "okRzJuZWda3BPI4wHU6OSg==": { "id": "okRzJuZWda3BPI4wHU6OSg==", "updater": "rhel-vex", "name": "CVE-2024-24784", "description": "A flaw was found in Go's net/mail standard library package. The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions made by programs using different parsers.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24784 https://bugzilla.redhat.com/show_bug.cgi?id=2268021 https://www.cve.org/CVERecord?id=CVE-2024-24784 https://nvd.nist.gov/vuln/detail/CVE-2024-24784 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24784.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "okW8xf+CinO7BWuM9dEk4Q==": { "id": "okW8xf+CinO7BWuM9dEk4Q==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "opnb226IH8+SU+iAVOx8hw==": { "id": "opnb226IH8+SU+iAVOx8hw==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "oqSc7q4k6wTno/u9knscCQ==": { "id": "oqSc7q4k6wTno/u9knscCQ==", "updater": "rhel-vex", "name": "CVE-2024-9681", "description": "A vulnerability was found in curl. When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than intended.", "issued": "2024-11-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9681 https://bugzilla.redhat.com/show_bug.cgi?id=2322969 https://www.cve.org/CVERecord?id=CVE-2024-9681 https://nvd.nist.gov/vuln/detail/CVE-2024-9681 https://hackerone.com/reports/2764830 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9681.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "osxk1q2jE3TCrr5JCQRhNA==": { "id": "osxk1q2jE3TCrr5JCQRhNA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "owALVsfUiwMtDqenpdt7Zg==": { "id": "owALVsfUiwMtDqenpdt7Zg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "oybDfBRpKC7mq0IkNE/WbA==": { "id": "oybDfBRpKC7mq0IkNE/WbA==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "oyvtOIVUDqm1ruQx8vhRhA==": { "id": "oyvtOIVUDqm1ruQx8vhRhA==", "updater": "rhel-vex", "name": "CVE-2024-22667", "description": "A stack-based buffer overflow flaw was found in Vim. The did_set_langmap function in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. That buffer can be overflown, possibly leading to memory corruption and escalation of privileges.", "issued": "2024-02-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22667 https://bugzilla.redhat.com/show_bug.cgi?id=2262999 https://www.cve.org/CVERecord?id=CVE-2024-22667 https://nvd.nist.gov/vuln/detail/CVE-2024-22667 https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22667.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ozbcadljjD/zIm3hj6kVaw==": { "id": "ozbcadljjD/zIm3hj6kVaw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "p2+Y5XRhYt7mgZ7H+35S0w==": { "id": "p2+Y5XRhYt7mgZ7H+35S0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Find", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.37-481.1.el9_6", "arch_op": "pattern match" }, "p2D36zAi5tbYfUPJhBVLhg==": { "id": "p2D36zAi5tbYfUPJhBVLhg==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "p4PSGpZ+FENmdQZ22vQ2FQ==": { "id": "p4PSGpZ+FENmdQZ22vQ2FQ==", "updater": "rhel-vex", "name": "CVE-2025-48385", "description": "A bundled uri handling flaw was found in Git. When cloning a repository, Git knows to optionally fetch a bundle advertised by the remote server, which allows the server side to offload parts of the clone to a CDN. The Git client does not perform sufficient validation of the advertised bundles, which allows the remote side to perform protocol injection.", "issued": "2025-07-08T18:23:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48385 https://bugzilla.redhat.com/show_bug.cgi?id=2378808 https://www.cve.org/CVERecord?id=CVE-2025-48385 https://nvd.nist.gov/vuln/detail/CVE-2025-48385 https://github.com/git/git/security/advisories/GHSA-m98c-vgpc-9655 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48385.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "p5Ki7Z96ChbT07EZ4WnnKg==": { "id": "p5Ki7Z96ChbT07EZ4WnnKg==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "p8XKlr7C/uFXLykQP2132Q==": { "id": "p8XKlr7C/uFXLykQP2132Q==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "pEwkPeffucbY50JSGQdERQ==": { "id": "pEwkPeffucbY50JSGQdERQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "pFXK+S/0lzfxv0ToVY49hA==": { "id": "pFXK+S/0lzfxv0ToVY49hA==", "updater": "rhel-vex", "name": "CVE-2024-22018", "description": "A flaw was found in the Node.js package. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files they do not have explicit read access to.", "issued": "2024-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22018 https://bugzilla.redhat.com/show_bug.cgi?id=2296990 https://www.cve.org/CVERecord?id=CVE-2024-22018 https://nvd.nist.gov/vuln/detail/CVE-2024-22018 https://hackerone.com/reports/2145862 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22018.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "pGkOHCsusTyFHJ/G9JGXiA==": { "id": "pGkOHCsusTyFHJ/G9JGXiA==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "pGvoS/decJ8g3YpAYIFmmw==": { "id": "pGvoS/decJ8g3YpAYIFmmw==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:20936", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-9.el9_7", "arch_op": "pattern match" }, "pHq3XsQe5Y157BuUHMufyg==": { "id": "pHq3XsQe5Y157BuUHMufyg==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "pIJllB0DitFR4biXCLWlfQ==": { "id": "pIJllB0DitFR4biXCLWlfQ==", "updater": "rhel-vex", "name": "CVE-2024-24783", "description": "A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24783 https://bugzilla.redhat.com/show_bug.cgi?id=2268019 https://www.cve.org/CVERecord?id=CVE-2024-24783 https://nvd.nist.gov/vuln/detail/CVE-2024-24783 http://www.openwall.com/lists/oss-security/2024/03/08/4 https://github.com/advisories/GHSA-3q2c-pvp5-3cqp https://go.dev/cl/569339 https://go.dev/issue/65390 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://pkg.go.dev/vuln/GO-2024-2598 https://security.netapp.com/advisory/ntap-20240329-0005 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24783.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "pLMgO5RHEs1yrujEkb226g==": { "id": "pLMgO5RHEs1yrujEkb226g==", "updater": "rhel-vex", "name": "CVE-2025-22870", "description": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.", "issued": "2025-03-12T18:27:59Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22870 https://bugzilla.redhat.com/show_bug.cgi?id=2351766 https://www.cve.org/CVERecord?id=CVE-2025-22870 https://nvd.nist.gov/vuln/detail/CVE-2025-22870 https://go.dev/cl/654697 https://go.dev/issue/71984 https://pkg.go.dev/vuln/GO-2025-3503 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22870.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pN9L6/wRgu21CuY/FfnkIA==": { "id": "pN9L6/wRgu21CuY/FfnkIA==", "updater": "rhel-vex", "name": "CVE-2023-7008", "description": "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", "issued": "2022-12-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222672 https://www.cve.org/CVERecord?id=CVE-2023-7008 https://nvd.nist.gov/vuln/detail/CVE-2023-7008 https://bugzilla.redhat.com/show_bug.cgi?id=2222261 https://github.com/systemd/systemd/issues/25676 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7008.json https://access.redhat.com/errata/RHSA-2024:2463", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:252-32.el9_4", "arch_op": "pattern match" }, "pNsmsBM6zioL8gqkR9CNUA==": { "id": "pNsmsBM6zioL8gqkR9CNUA==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pT+67u2xHyxzA5Cl+Ui55Q==": { "id": "pT+67u2xHyxzA5Cl+Ui55Q==", "updater": "rhel-vex", "name": "CVE-2023-28321", "description": "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28321 https://bugzilla.redhat.com/show_bug.cgi?id=2196786 https://www.cve.org/CVERecord?id=CVE-2023-28321 https://nvd.nist.gov/vuln/detail/CVE-2023-28321 https://curl.se/docs/CVE-2023-28321.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28321.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "pTT7g2z3OsAYgdVqJMZOLQ==": { "id": "pTT7g2z3OsAYgdVqJMZOLQ==", "updater": "osv/go", "name": "GO-2022-0521", "description": "Stack exhaustion from deeply nested XML documents in encoding/xml", "issued": "2022-07-20T17:02:04Z", "links": "https://go.dev/cl/417062 https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3 https://go.dev/issue/53614 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pWQV0Z8XQHYl5n7sHUZBqA==": { "id": "pWQV0Z8XQHYl5n7sHUZBqA==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "pX9giWYBuTR0yK974RC2ng==": { "id": "pX9giWYBuTR0yK974RC2ng==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "pd2B9G+4ekvOFTzso0NXCw==": { "id": "pd2B9G+4ekvOFTzso0NXCw==", "updater": "rhel-vex", "name": "CVE-2024-8088", "description": "A flaw was found in Python's zipfile module. When iterating over the entries of a zip archive, the process can enter into an infinite loop state and become unresponsive. This flaw allows an attacker to craft a malicious ZIP archive, leading to a denial of service from the application consuming the zipfile module. Only applications that handle user-controlled zip archives are affected by this vulnerability.", "issued": "2024-08-22T19:15:09Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8088 https://bugzilla.redhat.com/show_bug.cgi?id=2307370 https://www.cve.org/CVERecord?id=CVE-2024-8088 https://nvd.nist.gov/vuln/detail/CVE-2024-8088 https://github.com/python/cpython/commit/795f2597a4be988e2bb19b69ff9958e981cb894e https://github.com/python/cpython/commit/8c7348939d8a3ecd79d630075f6be1b0c5b41f64 https://github.com/python/cpython/commit/dcc5182f27c1500006a1ef78e10613bb45788dea https://github.com/python/cpython/issues/122905 https://github.com/python/cpython/pull/122906 https://mail.python.org/archives/list/security-announce@python.org/thread/GNFCKVI4TCATKQLALJ5SN4L4CSPSMILU/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8088.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "peMVLpnT962hXrm4IDBPqg==": { "id": "peMVLpnT962hXrm4IDBPqg==", "updater": "rhel-vex", "name": "CVE-2024-52005", "description": "A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with \"remote:\" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information or to mislead the user into executing untrusted scripts.", "issued": "2025-01-15T17:35:02Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52005 https://bugzilla.redhat.com/show_bug.cgi?id=2338289 https://www.cve.org/CVERecord?id=CVE-2024-52005 https://nvd.nist.gov/vuln/detail/CVE-2024-52005 https://github.com/git/git/security/advisories/GHSA-7jjc-gg6m-3329 https://lore.kernel.org/git/1M9FnZ-1taoNo1wwh-00ESSd@mail.gmx.net https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52005.json https://access.redhat.com/errata/RHSA-2025:7409", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.1-2.el9_6", "arch_op": "pattern match" }, "peuiWx2cfvlg0ej3db5p4Q==": { "id": "peuiWx2cfvlg0ej3db5p4Q==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "pfNYlxG8sY9hFt3528zJoA==": { "id": "pfNYlxG8sY9hFt3528zJoA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "pfZcHRowGRRifIIMXAg+9w==": { "id": "pfZcHRowGRRifIIMXAg+9w==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pg+SRV3v3Mv4Yg+0x76+jg==": { "id": "pg+SRV3v3Mv4Yg+0x76+jg==", "updater": "rhel-vex", "name": "CVE-2023-29469", "description": "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29469 https://bugzilla.redhat.com/show_bug.cgi?id=2185984 https://www.cve.org/CVERecord?id=CVE-2023-29469 https://nvd.nist.gov/vuln/detail/CVE-2023-29469 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29469.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "piA8HykwHgm/u3haFYSPzw==": { "id": "piA8HykwHgm/u3haFYSPzw==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "pl0eAtev2igDstYhHd6sxw==": { "id": "pl0eAtev2igDstYhHd6sxw==", "updater": "rhel-vex", "name": "CVE-2022-25881", "description": "A flaw was found in http-cache-semantics. When the server reads the cache policy from the request using this library, a Regular Expression Denial of Service occurs, caused by malicious request header values sent to the server.", "issued": "2023-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25881 https://bugzilla.redhat.com/show_bug.cgi?id=2165824 https://www.cve.org/CVERecord?id=CVE-2022-25881 https://nvd.nist.gov/vuln/detail/CVE-2022-25881 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25881.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "plTl3JV8fPj1sUiMh31FmQ==": { "id": "plTl3JV8fPj1sUiMh31FmQ==", "updater": "rhel-vex", "name": "CVE-2023-6597", "description": "A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6597 https://bugzilla.redhat.com/show_bug.cgi?id=2276518 https://www.cve.org/CVERecord?id=CVE-2023-6597 https://nvd.nist.gov/vuln/detail/CVE-2023-6597 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6597.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "pmYCdyBPlSpsjaT+VrrmLg==": { "id": "pmYCdyBPlSpsjaT+VrrmLg==", "updater": "rhel-vex", "name": "CVE-2023-24807", "description": "Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24807 https://bugzilla.redhat.com/show_bug.cgi?id=2172204 https://www.cve.org/CVERecord?id=CVE-2023-24807 https://nvd.nist.gov/vuln/detail/CVE-2023-24807 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24807.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "pp3PQor2CpTCVnKZusQgwg==": { "id": "pp3PQor2CpTCVnKZusQgwg==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "pp7NHxA1qAOUnsy/IRCLbw==": { "id": "pp7NHxA1qAOUnsy/IRCLbw==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "pr6wo3A29JKUBSVK/BGExw==": { "id": "pr6wo3A29JKUBSVK/BGExw==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "psR1kVsSZz19yYKHsoaoNg==": { "id": "psR1kVsSZz19yYKHsoaoNg==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "psr6EfqmKkDu2s/af+27mw==": { "id": "psr6EfqmKkDu2s/af+27mw==", "updater": "rhel-vex", "name": "CVE-2023-30589", "description": "A vulnerability has been identified in the Node.js, where llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30589 https://bugzilla.redhat.com/show_bug.cgi?id=2219841 https://www.cve.org/CVERecord?id=CVE-2023-30589 https://nvd.nist.gov/vuln/detail/CVE-2023-30589 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30589.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "pv5Nm8Lwfq3X5Sm3cuoD1g==": { "id": "pv5Nm8Lwfq3X5Sm3cuoD1g==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "pvm4gwkuqzgisbgZu1oTlQ==": { "id": "pvm4gwkuqzgisbgZu1oTlQ==", "updater": "osv/go", "name": "GO-2022-0527", "description": "Stack exhaustion in Glob on certain paths in io/fs", "issued": "2022-07-20T20:52:22Z", "links": "https://go.dev/cl/417065 https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59 https://go.dev/issue/53415 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "pvtiIO9KHqFscFbvNo86Dw==": { "id": "pvtiIO9KHqFscFbvNo86Dw==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "pwFS1oPwyZIRVgVgtAgSPQ==": { "id": "pwFS1oPwyZIRVgVgtAgSPQ==", "updater": "rhel-vex", "name": "CVE-2023-4527", "description": "A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4527 https://bugzilla.redhat.com/show_bug.cgi?id=2234712 https://www.cve.org/CVERecord?id=CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4527.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "pwNeC1oSJCRKeW3NQ1Zwmw==": { "id": "pwNeC1oSJCRKeW3NQ1Zwmw==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "pwSWzlcJAuR/J5zikGUxiw==": { "id": "pwSWzlcJAuR/J5zikGUxiw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "pxuVFZsuUa8YFBkmcjpnxQ==": { "id": "pxuVFZsuUa8YFBkmcjpnxQ==", "updater": "rhel-vex", "name": "CVE-2022-43552", "description": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "issued": "2022-12-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43552 https://bugzilla.redhat.com/show_bug.cgi?id=2152652 https://www.cve.org/CVERecord?id=CVE-2022-43552 https://nvd.nist.gov/vuln/detail/CVE-2022-43552 https://curl.se/docs/CVE-2022-43552.html https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43552.json https://access.redhat.com/errata/RHSA-2023:2478", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9", "arch_op": "pattern match" }, "q29SxeDdhfgnRkudvf3mdA==": { "id": "q29SxeDdhfgnRkudvf3mdA==", "updater": "rhel-vex", "name": "CVE-2022-41724", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41724 https://bugzilla.redhat.com/show_bug.cgi?id=2178492 https://www.cve.org/CVERecord?id=CVE-2022-41724 https://nvd.nist.gov/vuln/detail/CVE-2022-41724 https://go.dev/cl/468125 https://go.dev/issue/58001 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1570 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41724.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "q4W6wpO2YbOLS87LUXPVBw==": { "id": "q4W6wpO2YbOLS87LUXPVBw==", "updater": "rhel-vex", "name": "CVE-2025-8851", "description": "A stack based buffer overflow flaw has been discovered in libTIFF. An attacker with local access may be able to craft input to the readSeparateStripsetoBuffer function in the file tools/tiffcrop.c that triggers this flaw. This issue could allow an attacker to achieve local code execution in the context of the affected process.", "issued": "2025-08-11T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8851 https://bugzilla.redhat.com/show_bug.cgi?id=2387618 https://www.cve.org/CVERecord?id=CVE-2025-8851 https://nvd.nist.gov/vuln/detail/CVE-2025-8851 http://www.libtiff.org/ https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3 https://vuldb.com/?ctiid.319382 https://vuldb.com/?id.319382 https://vuldb.com/?submit.624604 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8851.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "q6x8gUSR0HLnQLHLmB4Htw==": { "id": "q6x8gUSR0HLnQLHLmB4Htw==", "updater": "rhel-vex", "name": "CVE-2023-0795", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0795 https://bugzilla.redhat.com/show_bug.cgi?id=2170119 https://www.cve.org/CVERecord?id=CVE-2023-0795 https://nvd.nist.gov/vuln/detail/CVE-2023-0795 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0795.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "q7IyWv1MOsi/PXOLUGKElQ==": { "id": "q7IyWv1MOsi/PXOLUGKElQ==", "updater": "rhel-vex", "name": "CVE-2024-6409", "description": "A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.", "issued": "2024-07-08T17:45:07Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6409 https://bugzilla.redhat.com/show_bug.cgi?id=2295085 https://www.cve.org/CVERecord?id=CVE-2024-6409 https://nvd.nist.gov/vuln/detail/CVE-2024-6409 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6409.json https://access.redhat.com/errata/RHSA-2024:4457", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.4", "arch_op": "pattern match" }, "q9L+6bHSCCXbReRfXEPeTg==": { "id": "q9L+6bHSCCXbReRfXEPeTg==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "qB1uVwi5ydv4et+JpGcenw==": { "id": "qB1uVwi5ydv4et+JpGcenw==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "qEQEeZkI3fZm1RmMiKeYYg==": { "id": "qEQEeZkI3fZm1RmMiKeYYg==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:5815", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.16.0-1.module+el9.4.0+22197+9e60f127", "arch_op": "pattern match" }, "qEhRdzGH44SGjJIcqcIv/g==": { "id": "qEhRdzGH44SGjJIcqcIv/g==", "updater": "rhel-vex", "name": "CVE-2022-2344", "description": "A heap-based buffer overflow was found in Vim in the ins_compl_add function in the insexpand.c file. This issue occurs due to a read past the end of a buffer when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the heap-based buffer overflow, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-07-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2344 https://bugzilla.redhat.com/show_bug.cgi?id=2106787 https://www.cve.org/CVERecord?id=CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2344.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qFhnV7djagzTbJn2rH4ndA==": { "id": "qFhnV7djagzTbJn2rH4ndA==", "updater": "rhel-vex", "name": "CVE-2024-32020", "description": "A vulnerability was found in Git. This flaw allows an unauthenticated attacker to place a specialized repository on their target's local system. For performance reasons, Git uses hardlinks when cloning a repository located on the same disk. However, if the repo being cloned is owned by a different user, this can introduce a security risk. At any time in the future, the original repo owner could rewrite the hardlinked files in the cloned user's repo.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32020 https://bugzilla.redhat.com/show_bug.cgi?id=2280466 https://www.cve.org/CVERecord?id=CVE-2024-32020 https://nvd.nist.gov/vuln/detail/CVE-2024-32020 https://github.com/git/git/security/advisories/GHSA-5rfh-556j-fhgj https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32020.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "qI12E1AIG5PjZFUHEhSkgw==": { "id": "qI12E1AIG5PjZFUHEhSkgw==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qIRy7/v51ILezECGLzLGBw==": { "id": "qIRy7/v51ILezECGLzLGBw==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "git-core-doc", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "qLHoaQ/4ax3G7SRd9aV2yg==": { "id": "qLHoaQ/4ax3G7SRd9aV2yg==", "updater": "rhel-vex", "name": "CVE-2023-30775", "description": "A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.", "issued": "2023-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30775 https://bugzilla.redhat.com/show_bug.cgi?id=2187141 https://www.cve.org/CVERecord?id=CVE-2023-30775 https://nvd.nist.gov/vuln/detail/CVE-2023-30775 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30775.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "qMnTnRnGw88RiTP1PFxynA==": { "id": "qMnTnRnGw88RiTP1PFxynA==", "updater": "rhel-vex", "name": "CVE-2024-2398", "description": "A flaw was found in curl. When an application configures libcurl to use HTTP/2 server push and the amount of received headers for the push surpasses the maximum allowed limit, libcurl aborts the server push. When aborting, libcurl does not free all the previously allocated headers, resulting in a memory leak.", "issued": "2024-03-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2398 https://bugzilla.redhat.com/show_bug.cgi?id=2270498 https://www.cve.org/CVERecord?id=CVE-2024-2398 https://nvd.nist.gov/vuln/detail/CVE-2024-2398 https://curl.se/docs/CVE-2024-2398.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2398.json https://access.redhat.com/errata/RHSA-2024:5529", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-29.el9_4.1", "arch_op": "pattern match" }, "qNhEJopIC+OWvXbrkilAfQ==": { "id": "qNhEJopIC+OWvXbrkilAfQ==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "qOdN56IOMUot4YWCQPjPvA==": { "id": "qOdN56IOMUot4YWCQPjPvA==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "qPGxfT+FyuMifHo1C/aY6w==": { "id": "qPGxfT+FyuMifHo1C/aY6w==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "qQxzRYdLEwZ+uwtq33H+Uw==": { "id": "qQxzRYdLEwZ+uwtq33H+Uw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "qV/TxipuOJ9b9a/x4IT2cw==": { "id": "qV/TxipuOJ9b9a/x4IT2cw==", "updater": "rhel-vex", "name": "CVE-2024-11168", "description": "A flaw was found in Python. The `urllib.parse.urlsplit()` and `urlparse()` functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture compliant. This behavior was not conformant to RFC 3986 and was potentially vulnerable to server-side request forgery (SSRF) if a URL is processed by more than one URL parser.", "issued": "2024-11-12T21:22:23Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11168 https://bugzilla.redhat.com/show_bug.cgi?id=2325776 https://www.cve.org/CVERecord?id=CVE-2024-11168 https://nvd.nist.gov/vuln/detail/CVE-2024-11168 https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5 https://github.com/python/cpython/commit/b2171a2fd41416cf68afd67460578631d755a550 https://github.com/python/cpython/issues/103848 https://github.com/python/cpython/pull/103849 https://mail.python.org/archives/list/security-announce@python.org/thread/XPWB6XVZ5G5KGEI63M4AWLIEUF5BPH4T/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11168.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qWK7H7gz7e8gS19GJSeIIg==": { "id": "qWK7H7gz7e8gS19GJSeIIg==", "updater": "rhel-vex", "name": "CVE-2022-2889", "description": "A use-after-free vulnerability was found in Vim in the find_var_also_in_script function in the evalvars.c file. This issue occurs because an already freed memory is used when a specially crafted input is processed. This flaw allows an attacker who can trick a user into opening a specially crafted file into triggering the use-after-free, causing the application to crash, possibly executing code and corrupting memory.", "issued": "2022-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2889 https://bugzilla.redhat.com/show_bug.cgi?id=2119864 https://www.cve.org/CVERecord?id=CVE-2022-2889 https://nvd.nist.gov/vuln/detail/CVE-2022-2889 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2889.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXBiVfXy4luW+BbyG9z9BQ==": { "id": "qXBiVfXy4luW+BbyG9z9BQ==", "updater": "rhel-vex", "name": "CVE-2023-3576", "description": "A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.", "issued": "2023-03-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3576 https://bugzilla.redhat.com/show_bug.cgi?id=2219340 https://www.cve.org/CVERecord?id=CVE-2023-3576 https://nvd.nist.gov/vuln/detail/CVE-2023-3576 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3576.json https://access.redhat.com/errata/RHSA-2023:6575", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-10.el9", "arch_op": "pattern match" }, "qYLCfB1EzRWGloOr+Ke8RA==": { "id": "qYLCfB1EzRWGloOr+Ke8RA==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "qYORp6v9x0Jy6S8OKerZvw==": { "id": "qYORp6v9x0Jy6S8OKerZvw==", "updater": "rhel-vex", "name": "CVE-2023-4738", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.", "issued": "2023-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4738 https://bugzilla.redhat.com/show_bug.cgi?id=2237176 https://www.cve.org/CVERecord?id=CVE-2023-4738 https://nvd.nist.gov/vuln/detail/CVE-2023-4738 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4738.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qZqMILFWCv2+sfRyc+XFfg==": { "id": "qZqMILFWCv2+sfRyc+XFfg==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qaC6F9Z9j5kAaiDeRwL7nA==": { "id": "qaC6F9Z9j5kAaiDeRwL7nA==", "updater": "rhel-vex", "name": "CVE-2025-4330", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows bypassing of extraction filters, enabling symlink traversal outside the intended extraction directory and potential modification of file metadata via malicious tar archives using TarFile.extractall() or TarFile.extract() with the filter=\"data\" or filter=\"tar\" parameters. This issue leads to potentially overwriting or modifying system files and metadata.", "issued": "2025-06-03T12:58:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4330 https://bugzilla.redhat.com/show_bug.cgi?id=2370014 https://www.cve.org/CVERecord?id=CVE-2025-4330 https://nvd.nist.gov/vuln/detail/CVE-2025-4330 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4330.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "qb5Q/H2wcR/YimCQn+AUYw==": { "id": "qb5Q/H2wcR/YimCQn+AUYw==", "updater": "rhel-vex", "name": "CVE-2022-39260", "description": "Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.", "issued": "2022-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-39260 https://bugzilla.redhat.com/show_bug.cgi?id=2137423 https://www.cve.org/CVERecord?id=CVE-2022-39260 https://nvd.nist.gov/vuln/detail/CVE-2022-39260 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-39260.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "qbsbXExNvRlblIMDPNkFzA==": { "id": "qbsbXExNvRlblIMDPNkFzA==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "qcGz8bluItM475eimPK89w==": { "id": "qcGz8bluItM475eimPK89w==", "updater": "rhel-vex", "name": "CVE-2025-22874", "description": "A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages.", "issued": "2025-06-11T16:42:52Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22874 https://bugzilla.redhat.com/show_bug.cgi?id=2372320 https://www.cve.org/CVERecord?id=CVE-2025-22874 https://nvd.nist.gov/vuln/detail/CVE-2025-22874 https://go.dev/cl/670375 https://go.dev/issue/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A https://pkg.go.dev/vuln/GO-2025-3749 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22874.json https://access.redhat.com/errata/RHSA-2025:10676", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.4-1.el9_6", "arch_op": "pattern match" }, "qdWe9wwJNQD9uM1J1li1Vg==": { "id": "qdWe9wwJNQD9uM1J1li1Vg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgomp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "qdXDrJ7D0lw6kIY2dy+1KQ==": { "id": "qdXDrJ7D0lw6kIY2dy+1KQ==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:20956", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-15.el9_7.2", "arch_op": "pattern match" }, "qhSIFNwi876BQWyJqx7TXw==": { "id": "qhSIFNwi876BQWyJqx7TXw==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "qhl/5MtAFFjdvINFEhyFsg==": { "id": "qhl/5MtAFFjdvINFEhyFsg==", "updater": "rhel-vex", "name": "CVE-2023-29409", "description": "A denial of service vulnerability was found in the Golang Go package caused by an uncontrolled resource consumption flaw. By persuading a victim to use a specially crafted certificate with large RSA keys, a remote attacker can cause a client/server to expend significant CPU time verifying signatures, resulting in a denial of service condition.", "issued": "2023-08-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29409 https://bugzilla.redhat.com/show_bug.cgi?id=2228743 https://www.cve.org/CVERecord?id=CVE-2023-29409 https://nvd.nist.gov/vuln/detail/CVE-2023-29409 https://go.dev/cl/515257 https://go.dev/issue/61460 https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ https://pkg.go.dev/vuln/GO-2023-1987 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29409.json https://access.redhat.com/errata/RHSA-2023:5738", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.13-1.el9_2", "arch_op": "pattern match" }, "qhxrSy/lodS857k/RFYSFg==": { "id": "qhxrSy/lodS857k/RFYSFg==", "updater": "rhel-vex", "name": "CVE-2025-11495", "description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "issued": "2025-10-08T20:02:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11495 https://bugzilla.redhat.com/show_bug.cgi?id=2402584 https://www.cve.org/CVERecord?id=CVE-2025-11495 https://nvd.nist.gov/vuln/detail/CVE-2025-11495 https://sourceware.org/bugzilla/attachment.cgi?id=16393 https://sourceware.org/bugzilla/show_bug.cgi?id=33502 https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0 https://vuldb.com/?ctiid.327620 https://vuldb.com/?id.327620 https://vuldb.com/?submit.668290 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11495.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qj3kMXpJzib/tg7NOcmtdQ==": { "id": "qj3kMXpJzib/tg7NOcmtdQ==", "updater": "rhel-vex", "name": "CVE-2025-6965", "description": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.", "issued": "2025-07-15T13:44:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6965 https://bugzilla.redhat.com/show_bug.cgi?id=2380149 https://www.cve.org/CVERecord?id=CVE-2025-6965 https://nvd.nist.gov/vuln/detail/CVE-2025-6965 https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6965.json https://access.redhat.com/errata/RHSA-2025:11992", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "sqlite-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-8.el9_6", "arch_op": "pattern match" }, "qnfP2y61ycFKlR/SBnZ5sw==": { "id": "qnfP2y61ycFKlR/SBnZ5sw==", "updater": "rhel-vex", "name": "CVE-2023-2602", "description": "A vulnerability was found in the pthread_create() function in libcap. This issue may allow a malicious actor to use cause __real_pthread_create() to return an error, which can exhaust the process memory.", "issued": "2023-05-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2602 https://bugzilla.redhat.com/show_bug.cgi?id=2209114 https://www.cve.org/CVERecord?id=CVE-2023-2602 https://nvd.nist.gov/vuln/detail/CVE-2023-2602 https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2602.json https://access.redhat.com/errata/RHSA-2023:5071", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libcap", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.48-9.el9_2", "arch_op": "pattern match" }, "qpRD6NPbAOP7sG5S6hInXg==": { "id": "qpRD6NPbAOP7sG5S6hInXg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "qr6Jra3xQBxvbIQJAqILNQ==": { "id": "qr6Jra3xQBxvbIQJAqILNQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "qsn7RE1KMH045/wAyIDw7A==": { "id": "qsn7RE1KMH045/wAyIDw7A==", "updater": "rhel-vex", "name": "CVE-2025-53905", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:48:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53905 https://bugzilla.redhat.com/show_bug.cgi?id=2380362 https://www.cve.org/CVERecord?id=CVE-2025-53905 https://nvd.nist.gov/vuln/detail/CVE-2025-53905 https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239 https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53905.json https://access.redhat.com/errata/RHSA-2025:17742", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6.1", "arch_op": "pattern match" }, "qtpMNZ+V4szO/Tox+eT3Cg==": { "id": "qtpMNZ+V4szO/Tox+eT3Cg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "4:5.32.1-481.1.el9_6", "arch_op": "pattern match" }, "quMgsZt2z8hlQ+HzwzaVJQ==": { "id": "quMgsZt2z8hlQ+HzwzaVJQ==", "updater": "rhel-vex", "name": "CVE-2023-0800", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0800 https://bugzilla.redhat.com/show_bug.cgi?id=2170167 https://www.cve.org/CVERecord?id=CVE-2023-0800 https://nvd.nist.gov/vuln/detail/CVE-2023-0800 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0800.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "qug1advw8m4TjVAUPEUPiA==": { "id": "qug1advw8m4TjVAUPEUPiA==", "updater": "rhel-vex", "name": "CVE-2023-4751", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331.", "issued": "2023-09-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4751 https://bugzilla.redhat.com/show_bug.cgi?id=2237187 https://www.cve.org/CVERecord?id=CVE-2023-4751 https://nvd.nist.gov/vuln/detail/CVE-2023-4751 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4751.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r+NuuQcHZ5hOWGRHanlG0w==": { "id": "r+NuuQcHZ5hOWGRHanlG0w==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "r0yngP+sUJvKraMLgaaWww==": { "id": "r0yngP+sUJvKraMLgaaWww==", "updater": "osv/go", "name": "GO-2023-1702", "description": "Infinite loop in parsing in go/scanner", "issued": "2023-04-05T21:05:07Z", "links": "https://go.dev/issue/59180 https://go.dev/cl/482078 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "r35oOcTyVY7X2QLaChkjdw==": { "id": "r35oOcTyVY7X2QLaChkjdw==", "updater": "rhel-vex", "name": "CVE-2025-49794", "description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "issued": "2025-06-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49794 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 https://www.cve.org/CVERecord?id=CVE-2025-49794 https://nvd.nist.gov/vuln/detail/CVE-2025-49794 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49794.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "r3RLKNYtYvKarBqnnrlrew==": { "id": "r3RLKNYtYvKarBqnnrlrew==", "updater": "rhel-vex", "name": "CVE-2022-0529", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0529 https://bugzilla.redhat.com/show_bug.cgi?id=2051402 https://www.cve.org/CVERecord?id=CVE-2022-0529 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0529.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r3htJBqpa1VO27wdQgcGyw==": { "id": "r3htJBqpa1VO27wdQgcGyw==", "updater": "rhel-vex", "name": "CVE-2024-34156", "description": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "issued": "2024-09-06T21:15:12Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34156 https://bugzilla.redhat.com/show_bug.cgi?id=2310528 https://www.cve.org/CVERecord?id=CVE-2024-34156 https://nvd.nist.gov/vuln/detail/CVE-2024-34156 https://go.dev/cl/611239 https://go.dev/issue/69139 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3106 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34156.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "r410Z5X0yojDsVg9YVcNqQ==": { "id": "r410Z5X0yojDsVg9YVcNqQ==", "updater": "rhel-vex", "name": "CVE-2022-2182", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2182 https://bugzilla.redhat.com/show_bug.cgi?id=2102153 https://www.cve.org/CVERecord?id=CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2182.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "r8kk8OjPGZXkalD/ogI9TQ==": { "id": "r8kk8OjPGZXkalD/ogI9TQ==", "updater": "rhel-vex", "name": "CVE-2023-24532", "description": "A flaw was found in the crypto/internal/nistec golang library. The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars, such as a scalar larger than the order of the curve. This does not impact usages of crypto/ecdsa or crypto/ecdh.", "issued": "2023-03-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24532 https://bugzilla.redhat.com/show_bug.cgi?id=2223355 https://www.cve.org/CVERecord?id=CVE-2023-24532 https://nvd.nist.gov/vuln/detail/CVE-2023-24532 https://go.dev/cl/471255 https://go.dev/issue/58647 https://groups.google.com/g/golang-announce/c/3-TpUx48iQY https://pkg.go.dev/vuln/GO-2023-1621 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24532.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "r9W84DjqWVoSeRkzoMmOdA==": { "id": "r9W84DjqWVoSeRkzoMmOdA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "r9qwoudvbxrKUZqCmUc7NA==": { "id": "r9qwoudvbxrKUZqCmUc7NA==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "rBDj6tuhee896qgiVA2peA==": { "id": "rBDj6tuhee896qgiVA2peA==", "updater": "rhel-vex", "name": "CVE-2023-6237", "description": "A flaw was found in OpenSSL. When the EVP_PKEY_public_check() function is called in RSA public keys, a computation is done to confirm that the RSA modulus, n, is composite. For valid RSA keys, n is a product of two or more large primes and this computation completes quickly. However, if n is a large prime, this computation takes a long time. An application that calls EVP_PKEY_public_check() and supplies an RSA key obtained from an untrusted source could be vulnerable to a Denial of Service attack.", "issued": "2024-01-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6237 https://bugzilla.redhat.com/show_bug.cgi?id=2258502 https://www.cve.org/CVERecord?id=CVE-2023-6237 https://nvd.nist.gov/vuln/detail/CVE-2023-6237 https://www.openssl.org/news/secadv/20240115.txt https://www.openwall.com/lists/oss-security/2024/01/15/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6237.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "rDeZ9YqARbQ/8OcOA5Tn4g==": { "id": "rDeZ9YqARbQ/8OcOA5Tn4g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "rDx7RcnC1Ce961LxuRo53Q==": { "id": "rDx7RcnC1Ce961LxuRo53Q==", "updater": "rhel-vex", "name": "CVE-2023-29404", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29404 https://bugzilla.redhat.com/show_bug.cgi?id=2217565 https://www.cve.org/CVERecord?id=CVE-2023-29404 https://nvd.nist.gov/vuln/detail/CVE-2023-29404 https://go.dev/cl/501225 https://go.dev/issue/60305 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29404.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rFWIZJAOzhCWoZKNelyFsQ==": { "id": "rFWIZJAOzhCWoZKNelyFsQ==", "updater": "rhel-vex", "name": "CVE-2023-23916", "description": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23916 https://bugzilla.redhat.com/show_bug.cgi?id=2167815 https://www.cve.org/CVERecord?id=CVE-2023-23916 https://nvd.nist.gov/vuln/detail/CVE-2023-23916 https://curl.se/docs/CVE-2023-23916.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23916.json https://access.redhat.com/errata/RHSA-2023:1701", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-19.el9_1.2", "arch_op": "pattern match" }, "rIk/NHa428tmc6oDgqypQw==": { "id": "rIk/NHa428tmc6oDgqypQw==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "rJHkC74NrobNudSijB/y4A==": { "id": "rJHkC74NrobNudSijB/y4A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rJljaCTiTdw1uI1lvfy+hw==": { "id": "rJljaCTiTdw1uI1lvfy+hw==", "updater": "rhel-vex", "name": "CVE-2023-1170", "description": "A heap-based buffer overflow vulnerability was found in Vim's utf_ptr2char() function of the src/mbyte.c file. This flaw occurs because there is access to invalid memory with put in visual block mode. An attacker can trick a user into opening a specially crafted file, triggering an out-of-bounds read that causes an application to crash, leading to a denial of service.", "issued": "2023-03-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1170 https://bugzilla.redhat.com/show_bug.cgi?id=2176462 https://www.cve.org/CVERecord?id=CVE-2023-1170 https://nvd.nist.gov/vuln/detail/CVE-2023-1170 https://huntr.dev/bounties/286e0090-e654-46d2-ac60-29f81799d0a4 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1170.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rKpZxH2tXrNLthuse32FWg==": { "id": "rKpZxH2tXrNLthuse32FWg==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "rO5a9fYyaqaIZ4bH0M8fdA==": { "id": "rO5a9fYyaqaIZ4bH0M8fdA==", "updater": "rhel-vex", "name": "CVE-2022-2862", "description": "Use After Free in GitHub repository vim/vim prior to 9.0.0221.", "issued": "2022-08-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2862 https://bugzilla.redhat.com/show_bug.cgi?id=2122139 https://www.cve.org/CVERecord?id=CVE-2022-2862 https://nvd.nist.gov/vuln/detail/CVE-2022-2862 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2862.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rPWZNH+en7vYfObneQGeUA==": { "id": "rPWZNH+en7vYfObneQGeUA==", "updater": "osv/go", "name": "GO-2025-4006", "description": "Excessive CPU consumption in ParseAddress in net/mail", "issued": "2025-10-29T21:48:35Z", "links": "https://go.dev/cl/709860 https://go.dev/issue/75680 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "rPXe6sMC/46EZbom2R58Iw==": { "id": "rPXe6sMC/46EZbom2R58Iw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "rR226S9SV4WbmIVotM0CsQ==": { "id": "rR226S9SV4WbmIVotM0CsQ==", "updater": "rhel-vex", "name": "CVE-2023-46246", "description": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.", "issued": "2023-10-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46246 https://bugzilla.redhat.com/show_bug.cgi?id=2246953 https://www.cve.org/CVERecord?id=CVE-2023-46246 https://nvd.nist.gov/vuln/detail/CVE-2023-46246 https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46246.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rRfIMqTlNWlpWE9Bi6NGYw==": { "id": "rRfIMqTlNWlpWE9Bi6NGYw==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "rTV9bjfy2M3+eJBkP+611w==": { "id": "rTV9bjfy2M3+eJBkP+611w==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "rWYn/Km2lN55sVL7Ui4zmQ==": { "id": "rWYn/Km2lN55sVL7Ui4zmQ==", "updater": "rhel-vex", "name": "CVE-2023-23920", "description": "An untrusted search path vulnerability exists in Node.js. \u003c19.6.1, \u003c18.14.1, \u003c16.19.1, and \u003c14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23920 https://bugzilla.redhat.com/show_bug.cgi?id=2172217 https://www.cve.org/CVERecord?id=CVE-2023-23920 https://nvd.nist.gov/vuln/detail/CVE-2023-23920 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23920.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "rXJvA1HAsx+E4rVQeqU3qQ==": { "id": "rXJvA1HAsx+E4rVQeqU3qQ==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "ra+5M5K0yyS4TNorJBFVYw==": { "id": "ra+5M5K0yyS4TNorJBFVYw==", "updater": "rhel-vex", "name": "CVE-2024-28182", "description": "A vulnerability was found in how nghttp2 implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated remote attacker to send packets to vulnerable servers, which could use up compute or memory resources to cause a Denial of Service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28182 https://bugzilla.redhat.com/show_bug.cgi?id=2268639 https://www.cve.org/CVERecord?id=CVE-2024-28182 https://nvd.nist.gov/vuln/detail/CVE-2024-28182 https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28182.json https://access.redhat.com/errata/RHSA-2024:2910", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-8.el9_4", "arch_op": "pattern match" }, "rcUIg6JYVsZx379+fVhSVg==": { "id": "rcUIg6JYVsZx379+fVhSVg==", "updater": "rhel-vex", "name": "CVE-2023-38408", "description": "A vulnerability was found in OpenSSH. The PKCS#11 feature in the ssh-agent in OpenSSH has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system (the code in /usr/lib is not necessarily safe for loading into ssh-agent). This flaw allows an attacker with control of the forwarded agent-socket on the server and the ability to write to the filesystem of the client host to execute arbitrary code with the privileges of the user running the ssh-agent.", "issued": "2023-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38408 https://bugzilla.redhat.com/show_bug.cgi?id=2224173 https://www.cve.org/CVERecord?id=CVE-2023-38408 https://nvd.nist.gov/vuln/detail/CVE-2023-38408 https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38408.json https://access.redhat.com/errata/RHSA-2023:4412", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-30.el9_2", "arch_op": "pattern match" }, "rct+rak3m0uMzU51NldQpg==": { "id": "rct+rak3m0uMzU51NldQpg==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.1-1.18.16.1.1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "rd7C8AD7IYUHYPSfAYtKrQ==": { "id": "rd7C8AD7IYUHYPSfAYtKrQ==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-if", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.60.800-481.el9", "arch_op": "pattern match" }, "rkpLgzhV90FRHYY3ESWHfw==": { "id": "rkpLgzhV90FRHYY3ESWHfw==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "rm3fF4UjNztR1JpYwTPaVg==": { "id": "rm3fF4UjNztR1JpYwTPaVg==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "roGA0nQUzXWg+M1vb3jr3g==": { "id": "roGA0nQUzXWg+M1vb3jr3g==", "updater": "rhel-vex", "name": "CVE-2023-31147", "description": "A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31147 https://bugzilla.redhat.com/show_bug.cgi?id=2209501 https://www.cve.org/CVERecord?id=CVE-2023-31147 https://nvd.nist.gov/vuln/detail/CVE-2023-31147 https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31147.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "rpqh6K+YqMAxf172QUbycQ==": { "id": "rpqh6K+YqMAxf172QUbycQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "rpwsfSDtxz8KgCjcE5LUgg==": { "id": "rpwsfSDtxz8KgCjcE5LUgg==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "rpzV0o5XSSiqAfiLvn+7sw==": { "id": "rpzV0o5XSSiqAfiLvn+7sw==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Errno", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.30-481.1.el9_6", "arch_op": "pattern match" }, "rtmfAClgZr+pMIYCffofpQ==": { "id": "rtmfAClgZr+pMIYCffofpQ==", "updater": "rhel-vex", "name": "CVE-2022-4285", "description": "An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.", "issued": "2022-10-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4285 https://bugzilla.redhat.com/show_bug.cgi?id=2150768 https://www.cve.org/CVERecord?id=CVE-2022-4285 https://nvd.nist.gov/vuln/detail/CVE-2022-4285 https://sourceware.org/bugzilla/show_bug.cgi?id=29699 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4285.json https://access.redhat.com/errata/RHSA-2023:6593", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "binutils-gold", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.35.2-42.el9", "arch_op": "pattern match" }, "ruok+KtL5TC6jhvqLAZEzw==": { "id": "ruok+KtL5TC6jhvqLAZEzw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "rwX0WRiXvDcxdTv5pslgxw==": { "id": "rwX0WRiXvDcxdTv5pslgxw==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "ryPu/punYtMOzifbFWj3Xg==": { "id": "ryPu/punYtMOzifbFWj3Xg==", "updater": "rhel-vex", "name": "CVE-2023-1999", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA double-free in libwebp could have led to memory corruption and a potentially exploitable crash.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1999 https://bugzilla.redhat.com/show_bug.cgi?id=2186102 https://www.cve.org/CVERecord?id=CVE-2023-1999 https://nvd.nist.gov/vuln/detail/CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999 https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1999.json https://access.redhat.com/errata/RHSA-2023:2078", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libwebp", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.2.0-6.el9_1", "arch_op": "pattern match" }, "ryv0HUHLJe8DIxGNl9VAgQ==": { "id": "ryv0HUHLJe8DIxGNl9VAgQ==", "updater": "rhel-vex", "name": "CVE-2025-27363", "description": "A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.", "issued": "2025-03-11T13:28:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27363 https://bugzilla.redhat.com/show_bug.cgi?id=2351357 https://www.cve.org/CVERecord?id=CVE-2025-27363 https://nvd.nist.gov/vuln/detail/CVE-2025-27363 https://www.facebook.com/security/advisories/cve-2025-27363 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27363.json https://access.redhat.com/errata/RHSA-2025:3407", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "freetype-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.10.4-10.el9_5", "arch_op": "pattern match" }, "s+/PgMrbczH4dntN+Uku4A==": { "id": "s+/PgMrbczH4dntN+Uku4A==", "updater": "osv/go", "name": "GO-2023-1705", "description": "Excessive resource consumption in net/http, net/textproto and mime/multipart", "issued": "2023-04-05T21:04:39Z", "links": "https://go.dev/issue/59153 https://go.dev/cl/482076 https://go.dev/cl/482075 https://go.dev/cl/482077 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.8" }, "s/wLIAA4VDi9HrbyrnYgbg==": { "id": "s/wLIAA4VDi9HrbyrnYgbg==", "updater": "rhel-vex", "name": "CVE-2024-32465", "description": "A flaw was found in Git in a full copy of a Git repository. A prerequisite for this vulnerability is for an unauthenticated attacker to place a specialized repository on their target's local system. If the victim were to clone this repository, it could result in arbitrary code execution.", "issued": "2024-05-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32465 https://bugzilla.redhat.com/show_bug.cgi?id=2280446 https://www.cve.org/CVERecord?id=CVE-2024-32465 https://nvd.nist.gov/vuln/detail/CVE-2024-32465 https://github.com/git/git/security/advisories/GHSA-vm9j-46j9-qvq4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32465.json https://access.redhat.com/errata/RHSA-2024:4083", "severity": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.43.5-1.el9_4", "arch_op": "pattern match" }, "s0BW8R7FNYnFn+nWkJnUqQ==": { "id": "s0BW8R7FNYnFn+nWkJnUqQ==", "updater": "rhel-vex", "name": "CVE-2022-3358", "description": "A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialization functions). Instead of using the custom cipher directly, it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However, it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used this way, the OpenSSL encryption/decryption initialization function will match the NULL cipher as equivalent and fetch this from the available providers. This is successful if the default provider has been loaded (or if a third-party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext.", "issued": "2022-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3358 https://bugzilla.redhat.com/show_bug.cgi?id=2134740 https://www.cve.org/CVERecord?id=CVE-2022-3358 https://nvd.nist.gov/vuln/detail/CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3358.json https://access.redhat.com/errata/RHSA-2023:2523", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-6.el9_2", "arch_op": "pattern match" }, "s0PUMgVnEtuqOkBdJNAqUA==": { "id": "s0PUMgVnEtuqOkBdJNAqUA==", "updater": "rhel-vex", "name": "CVE-2023-3899", "description": "A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.", "issued": "2023-08-22T14:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3899 https://bugzilla.redhat.com/show_bug.cgi?id=2225407 https://www.cve.org/CVERecord?id=CVE-2023-3899 https://nvd.nist.gov/vuln/detail/CVE-2023-3899 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3899.json https://access.redhat.com/errata/RHSA-2023:4708", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "python3-subscription-manager-rhsm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.29.33.1-2.el9_2", "arch_op": "pattern match" }, "s20Tn7zOYHvK/n/K8/hWrA==": { "id": "s20Tn7zOYHvK/n/K8/hWrA==", "updater": "rhel-vex", "name": "CVE-2023-44487", "description": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "issued": "2023-10-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-44487 https://bugzilla.redhat.com/show_bug.cgi?id=2242803 https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://www.cve.org/CVERecord?id=CVE-2023-44487 https://nvd.nist.gov/vuln/detail/CVE-2023-44487 https://github.com/dotnet/announcements/issues/277 https://pkg.go.dev/vuln/GO-2023-2102 https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-44487.json https://access.redhat.com/errata/RHSA-2023:5838", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libnghttp2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.43.0-5.el9_2.1", "arch_op": "pattern match" }, "s2uSNGuV+OyVW2eHDGWWKw==": { "id": "s2uSNGuV+OyVW2eHDGWWKw==", "updater": "rhel-vex", "name": "CVE-2025-29768", "description": "A flaw was found in Vim's zip.vim plugin. This vulnerability allows potential data loss via specially crafted zip files when a user views the archive in Vim and presses 'x' on an unusual filename.", "issued": "2025-03-13T17:04:56Z", "links": "https://access.redhat.com/security/cve/CVE-2025-29768 https://bugzilla.redhat.com/show_bug.cgi?id=2352418 https://www.cve.org/CVERecord?id=CVE-2025-29768 https://nvd.nist.gov/vuln/detail/CVE-2025-29768 https://github.com/vim/vim/commit/f209dcd3defb95bae21b2740910e6aa7bb940531 https://github.com/vim/vim/security/advisories/GHSA-693p-m996-3rmf https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-29768.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s4mktw9S/tOEdbFRu8ZxjA==": { "id": "s4mktw9S/tOEdbFRu8ZxjA==", "updater": "rhel-vex", "name": "CVE-2024-0553", "description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "issued": "2024-01-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0553 https://bugzilla.redhat.com/show_bug.cgi?id=2258412 https://www.cve.org/CVERecord?id=CVE-2024-0553 https://nvd.nist.gov/vuln/detail/CVE-2024-0553 https://gitlab.com/gnutls/gnutls/-/issues/1522 https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0553.json https://access.redhat.com/errata/RHSA-2024:0533", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.3", "arch_op": "pattern match" }, "s6kt2DqKLHgzYSGciPtGtQ==": { "id": "s6kt2DqKLHgzYSGciPtGtQ==", "updater": "rhel-vex", "name": "CVE-2021-4166", "description": "A flaw was found in vim. A possible heap-based buffer overflow could allow an attacker to input a specially crafted file leading to a crash or code execution.", "issued": "2021-12-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4166 https://bugzilla.redhat.com/show_bug.cgi?id=2035928 https://www.cve.org/CVERecord?id=CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4166.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "s6zRbI6E6xMFwOoLRjlPfw==": { "id": "s6zRbI6E6xMFwOoLRjlPfw==", "updater": "rhel-vex", "name": "CVE-2024-26462", "description": "A memory leak flaw was found in krb5 in /krb5/src/kdc/ndr.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26462 https://bugzilla.redhat.com/show_bug.cgi?id=2266742 https://www.cve.org/CVERecord?id=CVE-2024-26462 https://nvd.nist.gov/vuln/detail/CVE-2024-26462 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26462.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "s9zla+0u22E+Nq1zlK4A0A==": { "id": "s9zla+0u22E+Nq1zlK4A0A==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.5.0-1.20.12.2.2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "sAlO/t+jkkm59mLcdOgB9w==": { "id": "sAlO/t+jkkm59mLcdOgB9w==", "updater": "rhel-vex", "name": "CVE-2025-1151", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T17:00:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1151 https://bugzilla.redhat.com/show_bug.cgi?id=2344713 https://www.cve.org/CVERecord?id=CVE-2025-1151 https://nvd.nist.gov/vuln/detail/CVE-2025-1151 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295055 https://vuldb.com/?id.295055 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1151.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sEXYrXIRghEOX+5cKfh4HA==": { "id": "sEXYrXIRghEOX+5cKfh4HA==", "updater": "osv/go", "name": "GO-2022-0524", "description": "Stack exhaustion when reading certain archives in compress/gzip", "issued": "2022-07-20T20:52:11Z", "links": "https://go.dev/cl/417067 https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e https://go.dev/issue/53168 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "sEY+u8JcXEvFyPiUDTNKow==": { "id": "sEY+u8JcXEvFyPiUDTNKow==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "sFUeaSTxmIP9ksmZtDFy/w==": { "id": "sFUeaSTxmIP9ksmZtDFy/w==", "updater": "rhel-vex", "name": "CVE-2025-9301", "description": "A reachable assertion flaw has been discovered in the Cmake build system. A local attacker who can construct crafted input could reach this assertion and cause a program crash.", "issued": "2025-08-21T13:32:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9301 https://bugzilla.redhat.com/show_bug.cgi?id=2390085 https://www.cve.org/CVERecord?id=CVE-2025-9301 https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://drive.google.com/file/d/1TerUqQB8_lzJTwIBCBmE94zn7n-gOz4f/view?usp=sharing https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 https://gitlab.kitware.com/cmake/cmake/-/issues/27135#note_1691629 https://vuldb.com/?ctiid.320906 https://vuldb.com/?id.320906 https://vuldb.com/?submit.632369 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9301.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "cmake", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGBviOATX07Y4438NYu+Aw==": { "id": "sGBviOATX07Y4438NYu+Aw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "sHu0Ihy6+HrKJvDoll9f5g==": { "id": "sHu0Ihy6+HrKJvDoll9f5g==", "updater": "rhel-vex", "name": "CVE-2024-22020", "description": "A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security.", "issued": "2024-07-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22020 https://bugzilla.redhat.com/show_bug.cgi?id=2296417 https://www.cve.org/CVERecord?id=CVE-2024-22020 https://nvd.nist.gov/vuln/detail/CVE-2024-22020 https://hackerone.com/reports/2092749 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22020.json https://access.redhat.com/errata/RHSA-2024:6147", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.4-1.module+el9.4.0+22195+c221878e", "arch_op": "pattern match" }, "sHvGKpRovk0D6WznAeRDaw==": { "id": "sHvGKpRovk0D6WznAeRDaw==", "updater": "rhel-vex", "name": "CVE-2024-52533", "description": "A flaw was found in the Glib library. A buffer overflow condition can be triggered in certain conditions due to an off-by-one error in SOCKS4_CONN_MSG_LEN. This issue may lead to an application crash or other undefined behavior.", "issued": "2024-11-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52533 https://bugzilla.redhat.com/show_bug.cgi?id=2325340 https://www.cve.org/CVERecord?id=CVE-2024-52533 https://nvd.nist.gov/vuln/detail/CVE-2024-52533 https://gitlab.gnome.org/GNOME/glib/-/issues/3461 https://gitlab.gnome.org/GNOME/glib/-/releases/2.82.1 https://gitlab.gnome.org/Teams/Releng/security/-/wikis/home https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52533.json https://access.redhat.com/errata/RHSA-2025:11140", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-16.el9_6.2", "arch_op": "pattern match" }, "sJOXRbCL0QuUC1P4v8JTZA==": { "id": "sJOXRbCL0QuUC1P4v8JTZA==", "updater": "rhel-vex", "name": "CVE-2024-5535", "description": "A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSL_select_next_proto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called with a zero-length client list. This issue is only exploitable if the application is misconfigured to use a zero-length server list and mishandles the 'no overlap' response in ALPN or uses the output as the opportunistic protocol in NPN.", "issued": "2024-06-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-5535 https://bugzilla.redhat.com/show_bug.cgi?id=2294581 https://www.cve.org/CVERecord?id=CVE-2024-5535 https://nvd.nist.gov/vuln/detail/CVE-2024-5535 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-5535.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "sQrexr1vAx+h04KwvoON3w==": { "id": "sQrexr1vAx+h04KwvoON3w==", "updater": "rhel-vex", "name": "CVE-2023-38546", "description": "A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38546 https://bugzilla.redhat.com/show_bug.cgi?id=2241938 https://access.redhat.com/errata/RHSA-2024:2101 https://www.cve.org/CVERecord?id=CVE-2023-38546 https://nvd.nist.gov/vuln/detail/CVE-2023-38546 https://curl.se/docs/CVE-2023-38546.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38546.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "sQzygdvKruRINz20KeXUpg==": { "id": "sQzygdvKruRINz20KeXUpg==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "sSpyMuxbh/+/Nula2ikXPw==": { "id": "sSpyMuxbh/+/Nula2ikXPw==", "updater": "rhel-vex", "name": "CVE-2017-17973", "description": "In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue", "issued": "2017-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-17973 https://bugzilla.redhat.com/show_bug.cgi?id=1530912 https://www.cve.org/CVERecord?id=CVE-2017-17973 https://nvd.nist.gov/vuln/detail/CVE-2017-17973 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-17973.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sTJKOfHbxppSoExQl7mYpQ==": { "id": "sTJKOfHbxppSoExQl7mYpQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "sTWSbUm1UHqZR0zHxPPV1A==": { "id": "sTWSbUm1UHqZR0zHxPPV1A==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "sVTwqtGyRA8GgZdyQgXnqw==": { "id": "sVTwqtGyRA8GgZdyQgXnqw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "sWPZolO+x42N83xPk/byrw==": { "id": "sWPZolO+x42N83xPk/byrw==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "sXReFixXG4Bn4+eq/AJDBA==": { "id": "sXReFixXG4Bn4+eq/AJDBA==", "updater": "rhel-vex", "name": "CVE-2023-51385", "description": "A flaw was found in OpenSSH. In certain circumstances, a remote attacker may be able to execute arbitrary OS commands by using expansion tokens, such as %u or %h, with user names or host names that contain shell metacharacters.", "issued": "2023-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-51385 https://bugzilla.redhat.com/show_bug.cgi?id=2255271 https://www.cve.org/CVERecord?id=CVE-2023-51385 https://nvd.nist.gov/vuln/detail/CVE-2023-51385 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-51385.json https://access.redhat.com/errata/RHSA-2024:1130", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-34.el9_3.3", "arch_op": "pattern match" }, "sXnCRVNv4i/ZmrJ0YxWonw==": { "id": "sXnCRVNv4i/ZmrJ0YxWonw==", "updater": "rhel-vex", "name": "CVE-2023-30079", "description": "A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow that results in a denial of service.", "issued": "2023-08-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30079 https://bugzilla.redhat.com/show_bug.cgi?id=2234595 https://www.cve.org/CVERecord?id=CVE-2023-30079 https://nvd.nist.gov/vuln/detail/CVE-2023-30079 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30079.json https://access.redhat.com/errata/RHSA-2023:4347", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libeconf", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:0.4.1-3.el9_2", "arch_op": "pattern match" }, "sY8NON9Vp1LES9AwtY+jzA==": { "id": "sY8NON9Vp1LES9AwtY+jzA==", "updater": "rhel-vex", "name": "CVE-2025-53906", "description": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.", "issued": "2025-07-15T20:52:40Z", "links": "https://access.redhat.com/security/cve/CVE-2025-53906 https://bugzilla.redhat.com/show_bug.cgi?id=2380360 https://www.cve.org/CVERecord?id=CVE-2025-53906 https://nvd.nist.gov/vuln/detail/CVE-2025-53906 https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8 https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-53906.json https://access.redhat.com/errata/RHSA-2025:20945", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-23.el9_7", "arch_op": "pattern match" }, "sYa4l6veBD/KmL7osWW7fQ==": { "id": "sYa4l6veBD/KmL7osWW7fQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "sa5mIA5TIgDDEs7v0PwTjQ==": { "id": "sa5mIA5TIgDDEs7v0PwTjQ==", "updater": "rhel-vex", "name": "CVE-2023-29405", "description": "A flaw was found in golang. The go command may execute arbitrary code at build time when using cgo. This can occur when running \"go get\" on a malicious module, or when running any other command which builds untrusted code. This can be triggered by linker flags, specified via a \"#cgo LDFLAGS\" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.", "issued": "2023-06-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29405 https://bugzilla.redhat.com/show_bug.cgi?id=2217569 https://www.cve.org/CVERecord?id=CVE-2023-29405 https://nvd.nist.gov/vuln/detail/CVE-2023-29405 https://go.dev/cl/501224 https://go.dev/issue/60306 https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ https://pkg.go.dev/vuln/GO-2023-1842 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29405.json https://access.redhat.com/errata/RHSA-2023:3923", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.10-1.el9_2", "arch_op": "pattern match" }, "scmQI6T6oitCtZW5973ovw==": { "id": "scmQI6T6oitCtZW5973ovw==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "sgKxepKQb+uxgfzzrcWS7w==": { "id": "sgKxepKQb+uxgfzzrcWS7w==", "updater": "rhel-vex", "name": "CVE-2023-43788", "description": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2242248 https://www.cve.org/CVERecord?id=CVE-2023-43788 https://nvd.nist.gov/vuln/detail/CVE-2023-43788 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43788.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "skjryijgaN9YVeVVq8xZmA==": { "id": "skjryijgaN9YVeVVq8xZmA==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "sna4IH0E1Ui1jpzpKgnFOg==": { "id": "sna4IH0E1Ui1jpzpKgnFOg==", "updater": "rhel-vex", "name": "CVE-2020-11023", "description": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.", "issued": "2020-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-11023 https://bugzilla.redhat.com/show_bug.cgi?id=1850004 https://www.cve.org/CVERecord?id=CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-11023.json https://access.redhat.com/errata/RHSA-2025:1346", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:11.5.0-5.el9_5", "arch_op": "pattern match" }, "sosNUrsbT764ZsBIEQm5Tw==": { "id": "sosNUrsbT764ZsBIEQm5Tw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "srkxdJQ82zHIMw9egdZc5w==": { "id": "srkxdJQ82zHIMw9egdZc5w==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:9.5.0-1.18.14.2.2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "ssYEt3aOFwnaqoufFlsCAw==": { "id": "ssYEt3aOFwnaqoufFlsCAw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "svdlbVzNwZE9P/M3GvQ7Xw==": { "id": "svdlbVzNwZE9P/M3GvQ7Xw==", "updater": "rhel-vex", "name": "CVE-2024-9355", "description": "A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.", "issued": "2024-09-30T20:53:42Z", "links": "https://access.redhat.com/security/cve/CVE-2024-9355 https://bugzilla.redhat.com/show_bug.cgi?id=2315719 https://www.cve.org/CVERecord?id=CVE-2024-9355 https://nvd.nist.gov/vuln/detail/CVE-2024-9355 https://github.com/golang-fips/openssl/pull/198 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-9355.json https://access.redhat.com/errata/RHSA-2024:7550", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-4.el9_4", "arch_op": "pattern match" }, "sx5ziSZauoyjmcMB827V/Q==": { "id": "sx5ziSZauoyjmcMB827V/Q==", "updater": "rhel-vex", "name": "CVE-2024-24791", "description": "A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service.", "issued": "2024-07-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24791 https://bugzilla.redhat.com/show_bug.cgi?id=2295310 https://www.cve.org/CVERecord?id=CVE-2024-24791 https://nvd.nist.gov/vuln/detail/CVE-2024-24791 https://go.dev/cl/591255 https://go.dev/issue/67555 https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24791.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "sxxGu02J6Xp0UskX/yPO4w==": { "id": "sxxGu02J6Xp0UskX/yPO4w==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "szMAuHDpCq8KehOnG/58kg==": { "id": "szMAuHDpCq8KehOnG/58kg==", "updater": "rhel-vex", "name": "CVE-2022-25883", "description": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.", "issued": "2023-06-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-25883 https://bugzilla.redhat.com/show_bug.cgi?id=2216475 https://www.cve.org/CVERecord?id=CVE-2022-25883 https://nvd.nist.gov/vuln/detail/CVE-2022-25883 https://github.com/advisories/GHSA-c2qf-rxjj-qqgw https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-25883.json https://access.redhat.com/errata/RHSA-2023:5363", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.17.1-1.module+el9.2.0.z+19753+58118bc0", "arch_op": "pattern match" }, "t+vHm4kt0AB+tq2CG41TQQ==": { "id": "t+vHm4kt0AB+tq2CG41TQQ==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tC2r7U8qVBEhU9NaT3fMVg==": { "id": "tC2r7U8qVBEhU9NaT3fMVg==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "tDVJVtVXjEp2hZmPcOFM9w==": { "id": "tDVJVtVXjEp2hZmPcOFM9w==", "updater": "rhel-vex", "name": "CVE-2024-0450", "description": "A flaw was found in the Python/CPython 'zipfile' that can allow a zip-bomb type of attack. An attacker may craft a zip file format, leading to a Denial of Service when processed.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0450 https://bugzilla.redhat.com/show_bug.cgi?id=2276525 https://www.cve.org/CVERecord?id=CVE-2024-0450 https://nvd.nist.gov/vuln/detail/CVE-2024-0450 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0450.json https://access.redhat.com/errata/RHSA-2024:4078", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.1", "arch_op": "pattern match" }, "tEG4S6zEddB/Fl32LgLV+A==": { "id": "tEG4S6zEddB/Fl32LgLV+A==", "updater": "rhel-vex", "name": "CVE-2022-3627", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3627 https://bugzilla.redhat.com/show_bug.cgi?id=2142742 https://www.cve.org/CVERecord?id=CVE-2022-3627 https://nvd.nist.gov/vuln/detail/CVE-2022-3627 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3627.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "tJJUE3O+B2dj0YzqLSTtDA==": { "id": "tJJUE3O+B2dj0YzqLSTtDA==", "updater": "rhel-vex", "name": "CVE-2022-44638", "description": "A flaw was found in pixman. This issue causes an out-of-bounds write in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. This can result in data corruption, a crash, or code execution.", "issued": "2022-11-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-44638 https://bugzilla.redhat.com/show_bug.cgi?id=2139988 https://www.cve.org/CVERecord?id=CVE-2022-44638 https://nvd.nist.gov/vuln/detail/CVE-2022-44638 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-44638.json https://access.redhat.com/errata/RHSA-2023:7754", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pixman", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.40.0-6.el9_3", "arch_op": "pattern match" }, "tKVE3VH+DixxL49Cbeit6Q==": { "id": "tKVE3VH+DixxL49Cbeit6Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "tLSR0X6hQ7hvyPbBXZslBQ==": { "id": "tLSR0X6hQ7hvyPbBXZslBQ==", "updater": "rhel-vex", "name": "CVE-2022-2126", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2126 https://bugzilla.redhat.com/show_bug.cgi?id=2099596 https://www.cve.org/CVERecord?id=CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2126.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tLfvNXQJ1ryG1oIjuKoLPQ==": { "id": "tLfvNXQJ1ryG1oIjuKoLPQ==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "tNFH1YUHHwU3vwUWrO3mLQ==": { "id": "tNFH1YUHHwU3vwUWrO3mLQ==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "tQmmf4j1ZMloac9gv7yd7w==": { "id": "tQmmf4j1ZMloac9gv7yd7w==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "tTdsNcqGarFD7KtMB1ag6Q==": { "id": "tTdsNcqGarFD7KtMB1ag6Q==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "tVvgs8QNtuRqLgnWoPIWbw==": { "id": "tVvgs8QNtuRqLgnWoPIWbw==", "updater": "rhel-vex", "name": "CVE-2025-26465", "description": "A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.", "issued": "2025-02-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-26465 https://bugzilla.redhat.com/show_bug.cgi?id=2344780 https://www.cve.org/CVERecord?id=CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://access.redhat.com/solutions/7109879 https://seclists.org/oss-sec/2025/q1/144 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-26465.json https://access.redhat.com/errata/RHSA-2025:6993", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh-clients", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-45.el9", "arch_op": "pattern match" }, "tW4ew6Bpf68YpYbdwMyYGA==": { "id": "tW4ew6Bpf68YpYbdwMyYGA==", "updater": "rhel-vex", "name": "CVE-2023-43789", "description": "A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43789 https://bugzilla.redhat.com/show_bug.cgi?id=2242249 https://www.cve.org/CVERecord?id=CVE-2023-43789 https://nvd.nist.gov/vuln/detail/CVE-2023-43789 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43789.json https://access.redhat.com/errata/RHSA-2024:2146", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libXpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.5.13-10.el9", "arch_op": "pattern match" }, "tZCJ3EMmfQYEKmNY0R6pgg==": { "id": "tZCJ3EMmfQYEKmNY0R6pgg==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json https://access.redhat.com/errata/RHSA-2024:10983", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-1.el9_5", "arch_op": "pattern match" }, "tZSfr7Q1QfQP2u7Sjxqmrw==": { "id": "tZSfr7Q1QfQP2u7Sjxqmrw==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "taWP10HWuyQrPSEFSUjPPw==": { "id": "taWP10HWuyQrPSEFSUjPPw==", "updater": "rhel-vex", "name": "CVE-2024-33601", "description": "A flaw was found in the glibc netgroup cache. The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33601 https://bugzilla.redhat.com/show_bug.cgi?id=2277205 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://nvd.nist.gov/vuln/detail/CVE-2024-33601 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33601.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "tbkEtEs3aa+p2/YQaD8BfQ==": { "id": "tbkEtEs3aa+p2/YQaD8BfQ==", "updater": "rhel-vex", "name": "CVE-2023-1972", "description": "A potential heap-based buffer overflow was found in binutils in the _bfd_elf_slurp_version_tables() function in bfd/elf.c. This issue may lead to a loss of availability.", "issued": "2023-04-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-1972 https://bugzilla.redhat.com/show_bug.cgi?id=2185646 https://www.cve.org/CVERecord?id=CVE-2023-1972 https://nvd.nist.gov/vuln/detail/CVE-2023-1972 https://sourceware.org/bugzilla/show_bug.cgi?id=30285 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-1972.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tboTb+/fwz1O/l+3w5n9ew==": { "id": "tboTb+/fwz1O/l+3w5n9ew==", "updater": "rhel-vex", "name": "CVE-2024-22019", "description": "A flaw was found in Node.js due to a lack of safeguards on chunk extension bytes. The server may read an unbounded number of bytes from a single connection, which can allow an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and a denial of service.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22019 https://bugzilla.redhat.com/show_bug.cgi?id=2264574 https://www.cve.org/CVERecord?id=CVE-2024-22019 https://nvd.nist.gov/vuln/detail/CVE-2024-22019 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22019.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "te0mQBJAxCZ9Xzg2xrzQcg==": { "id": "te0mQBJAxCZ9Xzg2xrzQcg==", "updater": "rhel-vex", "name": "CVE-2024-45490", "description": "A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XML_ParseBuffer function.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45490 https://bugzilla.redhat.com/show_bug.cgi?id=2308615 https://www.cve.org/CVERecord?id=CVE-2024-45490 https://nvd.nist.gov/vuln/detail/CVE-2024-45490 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/887 https://github.com/libexpat/libexpat/pull/890 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45490.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "teVzqeXKz5qAL9KrVUsKAA==": { "id": "teVzqeXKz5qAL9KrVUsKAA==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-overloading", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.02-481.el9", "arch_op": "pattern match" }, "tiOci2zd4htCAwtqrJPUhA==": { "id": "tiOci2zd4htCAwtqrJPUhA==", "updater": "rhel-vex", "name": "CVE-2025-9390", "description": "A vulnerability was found in the xxd component of Vim in the main function of src/xxd/xxd.c. This flaw allows a local attacker to trigger a buffer overflow, which leads to a denial of service.", "issued": "2025-08-24T14:02:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9390 https://bugzilla.redhat.com/show_bug.cgi?id=2390603 https://www.cve.org/CVERecord?id=CVE-2025-9390 https://nvd.nist.gov/vuln/detail/CVE-2025-9390 https://drive.google.com/file/d/1JLnqrdcGsjUhbYzIEweXIGZyETjHlKtX/view?usp=sharing https://github.com/vim/vim/commit/eeef7c77436a78cd27047b0f5fa6925d56de3cb0 https://github.com/vim/vim/issues/17944 https://github.com/vim/vim/pull/17947 https://github.com/vim/vim/releases/tag/v9.1.1616 https://vuldb.com/?ctiid.321223 https://vuldb.com/?id.321223 https://vuldb.com/?submit.630903 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9390.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "tjg7NtH3QatPaaScohSsZg==": { "id": "tjg7NtH3QatPaaScohSsZg==", "updater": "rhel-vex", "name": "CVE-2024-27982", "description": "An HTTP Request Smuggling vulnerability was found in Node.js due to Content-Length Obfuscation in the HTTP server. Malformed headers, particularly if a space is inserted before a content-length header, can result in HTTP request smuggling. This flaw allows attackers to inject a second request within the body of the first and poison web caches, bypass web application firewalls, and execute Cross-site scripting (XSS) attacks.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27982 https://bugzilla.redhat.com/show_bug.cgi?id=2275392 https://www.cve.org/CVERecord?id=CVE-2024-27982 https://nvd.nist.gov/vuln/detail/CVE-2024-27982 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27982.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "tlbehmhIbT1WwXt6llfQYw==": { "id": "tlbehmhIbT1WwXt6llfQYw==", "updater": "osv/go", "name": "GO-2022-0515", "description": "Stack exhaustion due to deeply nested types in go/parser", "issued": "2022-07-20T17:01:45Z", "links": "https://go.dev/cl/417063 https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879 https://go.dev/issue/53616 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "toXp/ZwNqXAUsdXRb/4DVg==": { "id": "toXp/ZwNqXAUsdXRb/4DVg==", "updater": "rhel-vex", "name": "CVE-2024-22365", "description": "A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.", "issued": "2024-01-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22365 https://bugzilla.redhat.com/show_bug.cgi?id=2257722 https://www.cve.org/CVERecord?id=CVE-2024-22365 https://nvd.nist.gov/vuln/detail/CVE-2024-22365 https://www.openwall.com/lists/oss-security/2024/01/18/3 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22365.json https://access.redhat.com/errata/RHSA-2024:2438", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-19.el9", "arch_op": "pattern match" }, "todSxpG0ADSu6dX8ZW+q4A==": { "id": "todSxpG0ADSu6dX8ZW+q4A==", "updater": "rhel-vex", "name": "CVE-2023-43787", "description": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43787 https://bugzilla.redhat.com/show_bug.cgi?id=2242254 https://www.cve.org/CVERecord?id=CVE-2023-43787 https://nvd.nist.gov/vuln/detail/CVE-2023-43787 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43787.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "u+eDY1Q5WfNp0Krtzvv+AQ==": { "id": "u+eDY1Q5WfNp0Krtzvv+AQ==", "updater": "rhel-vex", "name": "CVE-2024-8176", "description": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", "issued": "2025-03-13T13:51:54Z", "links": "https://access.redhat.com/security/cve/CVE-2024-8176 https://bugzilla.redhat.com/show_bug.cgi?id=2310137 https://www.cve.org/CVERecord?id=CVE-2024-8176 https://nvd.nist.gov/vuln/detail/CVE-2024-8176 https://github.com/libexpat/libexpat/issues/893 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-8176.json https://access.redhat.com/errata/RHSA-2025:7444", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-5.el9_6", "arch_op": "pattern match" }, "u/b1G56mYgMO4E+lYxSxjA==": { "id": "u/b1G56mYgMO4E+lYxSxjA==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3577", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-3.module+el9.2.0.z+18964+42696395", "arch_op": "pattern match" }, "u0MfT/CHY1AhIYRRjCtdhw==": { "id": "u0MfT/CHY1AhIYRRjCtdhw==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.16.0-1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "u0i6Tc2zpzW8/pMdj7AH4w==": { "id": "u0i6Tc2zpzW8/pMdj7AH4w==", "updater": "rhel-vex", "name": "CVE-2025-46835", "description": "A vulnerability was found in the git GUI package. When a user clones an untrusted repository and edits a file located in a maliciously named directory, git GUI may end up creating or overwriting arbitrary files for the running user has written permission. This flaw allows an attacker to modify the content of target files without the affected user's intent, resulting in a data integrity issue.", "issued": "2025-07-10T15:09:42Z", "links": "https://access.redhat.com/security/cve/CVE-2025-46835 https://bugzilla.redhat.com/show_bug.cgi?id=2379326 https://www.cve.org/CVERecord?id=CVE-2025-46835 https://nvd.nist.gov/vuln/detail/CVE-2025-46835 https://github.com/j6t/git-gui/compare/dcda716dbc9c90bcac4611bd1076747671ee0906..a437f5bc93330a70b42a230e52f3bd036ca1b1da https://github.com/j6t/git-gui/security/advisories/GHSA-xfx7-68v4-v8fg https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-46835.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "git", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "u1caIbS4Tk6y8c7sz8Hvhw==": { "id": "u1caIbS4Tk6y8c7sz8Hvhw==", "updater": "rhel-vex", "name": "CVE-2024-41957", "description": "A double-free and use-after-free vulnerability was found in the Vim editor. This flaw exists due to the corresponding tagstack being used twice when closing the window and if the quick fix list belonging to that window is also cleared using the same tagstack data. In this instance, Vim will try to free the memory again, causing a crash.", "issued": "2024-08-01T20:41:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41957 https://bugzilla.redhat.com/show_bug.cgi?id=2302418 https://www.cve.org/CVERecord?id=CVE-2024-41957 https://nvd.nist.gov/vuln/detail/CVE-2024-41957 https://github.com/vim/vim/commit/8a0bbe7b8aad6f8da28dee218c01bc8a0185a https://github.com/vim/vim/security/advisories/GHSA-f9cr-gv85-hcr4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41957.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "u3VIQ3Bv2EdQNxxr10FAOQ==": { "id": "u3VIQ3Bv2EdQNxxr10FAOQ==", "updater": "rhel-vex", "name": "CVE-2023-23936", "description": "A flaw was found in the fetch API in Node.js that did not prevent CRLF injection in the 'host' header. This issue could allow HTTP response splitting and HTTP header injection.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23936 https://bugzilla.redhat.com/show_bug.cgi?id=2172190 https://www.cve.org/CVERecord?id=CVE-2023-23936 https://nvd.nist.gov/vuln/detail/CVE-2023-23936 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23936.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.3-1.16.19.1.1.el9_2", "arch_op": "pattern match" }, "u6PjuomLq+nVKrTw/0Jyeg==": { "id": "u6PjuomLq+nVKrTw/0Jyeg==", "updater": "rhel-vex", "name": "CVE-2022-28805", "description": "A heap buffer-overflow vulnerability was found in Lua. The flaw occurs due to vulnerable code present in the lparser.c function of Lua that allows the execution of untrusted Lua code into a system, resulting in malicious activity.", "issued": "2022-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-28805 https://bugzilla.redhat.com/show_bug.cgi?id=2073884 https://www.cve.org/CVERecord?id=CVE-2022-28805 https://nvd.nist.gov/vuln/detail/CVE-2022-28805 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-28805.json https://access.redhat.com/errata/RHSA-2023:2582", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "lua-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.4.4-3.el9", "arch_op": "pattern match" }, "uDUK/vmP915z5uyCv2VhVg==": { "id": "uDUK/vmP915z5uyCv2VhVg==", "updater": "rhel-vex", "name": "CVE-2023-40217", "description": "Python ssl.SSLSocket is vulnerable to a bypass of the TLS handshake in certain instances for HTTPS servers and other server-side protocols that use TLS client authentication such as mTLS. This issue may result in a breach of integrity as its possible to modify or delete resources that are authenticated only by a TLS certificate. No breach of confidentiality is possible.", "issued": "2023-08-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-40217 https://bugzilla.redhat.com/show_bug.cgi?id=2235789 https://www.cve.org/CVERecord?id=CVE-2023-40217 https://nvd.nist.gov/vuln/detail/CVE-2023-40217 https://github.com/python/cpython/issues/108310 https://github.com/python/cpython/pull/108315 https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-40217.json https://access.redhat.com/errata/RHSA-2023:5462", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.16-1.el9_2.2", "arch_op": "pattern match" }, "uDfc8ZaPfrhTGcFwVaIvAA==": { "id": "uDfc8ZaPfrhTGcFwVaIvAA==", "updater": "rhel-vex", "name": "CVE-2023-48706", "description": "A heap use-after-free flaw was found in the vim package. When executing a `:s` command for the first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes memory to be freed, which may later then be accessed by the initial `:s` command. This issue may result in Vim crashing.", "issued": "2023-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-48706 https://bugzilla.redhat.com/show_bug.cgi?id=2251118 https://www.cve.org/CVERecord?id=CVE-2023-48706 https://nvd.nist.gov/vuln/detail/CVE-2023-48706 http://www.openwall.com/lists/oss-security/2023/11/22/3 https://github.com/vim/vim/security/advisories/GHSA-c8qm-x72m-q53q https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-48706.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uEn9qA67O/SoYHOtH/EL2w==": { "id": "uEn9qA67O/SoYHOtH/EL2w==", "updater": "rhel-vex", "name": "CVE-2025-1150", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T16:31:07Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1150 https://bugzilla.redhat.com/show_bug.cgi?id=2344681 https://www.cve.org/CVERecord?id=CVE-2025-1150 https://nvd.nist.gov/vuln/detail/CVE-2025-1150 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295054 https://vuldb.com/?id.295054 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1150.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFR2NXYHCgkD0jUkHBTh3g==": { "id": "uFR2NXYHCgkD0jUkHBTh3g==", "updater": "rhel-vex", "name": "CVE-2025-7425", "description": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.", "issued": "2025-07-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-7425 https://bugzilla.redhat.com/show_bug.cgi?id=2379274 https://www.cve.org/CVERecord?id=CVE-2025-7425 https://nvd.nist.gov/vuln/detail/CVE-2025-7425 https://gitlab.gnome.org/GNOME/libxslt/-/issues/140 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-7425.json https://access.redhat.com/errata/RHSA-2025:12447", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-11.el9_6", "arch_op": "pattern match" }, "uFRb2siFSROrNSaSMqsvqQ==": { "id": "uFRb2siFSROrNSaSMqsvqQ==", "updater": "rhel-vex", "name": "CVE-2023-39323", "description": "A flaw was found in the golang cmd/go standard library. A line directive (\"//line\") can be used to bypass the restrictions on \"//go:cgo_\" directives, allowing blocked linker and compiler flags to pass during compilation. This can result in the unexpected execution of arbitrary code when running \"go build\". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.", "issued": "2023-10-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39323 https://bugzilla.redhat.com/show_bug.cgi?id=2242544 https://www.cve.org/CVERecord?id=CVE-2023-39323 https://nvd.nist.gov/vuln/detail/CVE-2023-39323 https://go.dev/cl/533215 https://go.dev/issue/63211 https://groups.google.com/g/golang-announce/c/XBa1oHDevAo https://vuln.go.dev/ID/GO-2023-2095.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39323.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uFXEnN9gepJ4+HtQWdLrOg==": { "id": "uFXEnN9gepJ4+HtQWdLrOg==", "updater": "rhel-vex", "name": "CVE-2023-25433", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the processCropSelections function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25433 https://bugzilla.redhat.com/show_bug.cgi?id=2218744 https://www.cve.org/CVERecord?id=CVE-2023-25433 https://nvd.nist.gov/vuln/detail/CVE-2023-25433 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25433.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uGPuYR0b3uiHdpdRa97mfw==": { "id": "uGPuYR0b3uiHdpdRa97mfw==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "uGxAJHfmN99PtsQCJqV/nQ==": { "id": "uGxAJHfmN99PtsQCJqV/nQ==", "updater": "rhel-vex", "name": "CVE-2022-36227", "description": "A flaw was found in libarchive. A missing check of the return value of the calloc function can cause a NULL pointer dereference in an out-of-memory condition or when a memory allocation limit is reached, resulting in the program linked with libarchive to crash.", "issued": "2022-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-36227 https://bugzilla.redhat.com/show_bug.cgi?id=2144972 https://www.cve.org/CVERecord?id=CVE-2022-36227 https://nvd.nist.gov/vuln/detail/CVE-2022-36227 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-36227.json https://access.redhat.com/errata/RHSA-2023:2532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "bsdtar", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.5.3-4.el9", "arch_op": "pattern match" }, "uILMvGS6obqeMj18FLYSbg==": { "id": "uILMvGS6obqeMj18FLYSbg==", "updater": "rhel-vex", "name": "CVE-2023-25815", "description": "A vulnerability was found in Git. This security flaw occurs when Git compiles with runtime prefix support and runs without translated messages, and it still uses the gettext machinery to display messages, which subsequently looks for translated messages in unexpected places. This flaw allows the malicious placement of crafted messages.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25815 https://bugzilla.redhat.com/show_bug.cgi?id=2188337 https://www.cve.org/CVERecord?id=CVE-2023-25815 https://nvd.nist.gov/vuln/detail/CVE-2023-25815 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25815.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "uJDCv1FWYpz7eywFMZ5WnA==": { "id": "uJDCv1FWYpz7eywFMZ5WnA==", "updater": "rhel-vex", "name": "CVE-2024-21892", "description": "A flaw was found in Node.js. On Linux, Node.js ignores certain environment variables if an unprivileged user has set them while the process is running with elevated privileges, except for CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when other capabilities have been set. This flaw allows unprivileged users to inject code that inherits the process's elevated privileges.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-21892 https://bugzilla.redhat.com/show_bug.cgi?id=2264582 https://www.cve.org/CVERecord?id=CVE-2024-21892 https://nvd.nist.gov/vuln/detail/CVE-2024-21892 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-21892.json https://access.redhat.com/errata/RHSA-2024:1503", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.19.1-1.module+el9.3.0+21388+22892fb9", "arch_op": "pattern match" }, "uO3OOEY6W3k9QH/tNVK0LQ==": { "id": "uO3OOEY6W3k9QH/tNVK0LQ==", "updater": "rhel-vex", "name": "CVE-2025-1152", "description": "A flaw was found in the ld linker utility of GNU Binutils. A specially-crafted payload may be able to trigger a memory leak, which can lead to an application crash or other undefined behavior.", "issued": "2025-02-10T18:00:09Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1152 https://bugzilla.redhat.com/show_bug.cgi?id=2344723 https://www.cve.org/CVERecord?id=CVE-2025-1152 https://nvd.nist.gov/vuln/detail/CVE-2025-1152 https://sourceware.org/bugzilla/attachment.cgi?id=15887 https://sourceware.org/bugzilla/show_bug.cgi?id=32576 https://vuldb.com/?ctiid.295056 https://vuldb.com/?id.295056 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1152.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "binutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uOeAKP5ZyZtLLU7CjOuFcw==": { "id": "uOeAKP5ZyZtLLU7CjOuFcw==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "uPUYRQErrH0+5XWkYAjsjw==": { "id": "uPUYRQErrH0+5XWkYAjsjw==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "uRGTeRjJyz2NEeH/TpkK8Q==": { "id": "uRGTeRjJyz2NEeH/TpkK8Q==", "updater": "rhel-vex", "name": "CVE-2025-4435", "description": "A flaw was found in CPython's tarfile module. This vulnerability allows unauthorized file extraction via crafted tar archives when TarFile.errorlevel=0, bypassing expected filtering mechanisms.", "issued": "2025-06-03T12:59:06Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4435 https://bugzilla.redhat.com/show_bug.cgi?id=2370010 https://www.cve.org/CVERecord?id=CVE-2025-4435 https://nvd.nist.gov/vuln/detail/CVE-2025-4435 https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4435.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "uTjjTMH3twVH5hmw0Wmskw==": { "id": "uTjjTMH3twVH5hmw0Wmskw==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "uW/TgHSIKlO53BnXG1YZSA==": { "id": "uW/TgHSIKlO53BnXG1YZSA==", "updater": "rhel-vex", "name": "CVE-2025-32414", "description": "A flaw was found in libxml2. This vulnerability allows out-of-bounds memory access due to incorrect handling of return values in xmlPythonFileRead and xmlPythonFileReadRaw. This is caused by a mismatch between the length of the file in bytes vs the length in characters, as unicode characters can occupy up to 4 bytes per character.", "issued": "2025-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-32414 https://bugzilla.redhat.com/show_bug.cgi?id=2358121 https://www.cve.org/CVERecord?id=CVE-2025-32414 https://nvd.nist.gov/vuln/detail/CVE-2025-32414 https://gitlab.gnome.org/GNOME/libxml2/-/issues/889 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-32414.json https://access.redhat.com/errata/RHSA-2025:13428", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-12.el9_6", "arch_op": "pattern match" }, "uWvHibmfs86jbjyb5h+qpg==": { "id": "uWvHibmfs86jbjyb5h+qpg==", "updater": "rhel-vex", "name": "CVE-2023-25136", "description": "A flaw was found in the OpenSSH server (sshd), which introduced a double-free vulnerability during options.kex_algorithms handling. An unauthenticated attacker can trigger the double-free in the default configuration.", "issued": "2023-02-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25136 https://bugzilla.redhat.com/show_bug.cgi?id=2167636 https://www.cve.org/CVERecord?id=CVE-2023-25136 https://nvd.nist.gov/vuln/detail/CVE-2023-25136 https://bugzilla.mindrot.org/show_bug.cgi?id=3522 https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/017_sshd.patch.sig https://github.com/openssh/openssh-portable/commit/486c4dc3b83b4b67d663fb0fa62bc24138ec3946 https://www.openwall.com/lists/oss-security/2023/02/02/2 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25136.json https://access.redhat.com/errata/RHSA-2023:2645", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-29.el9_2", "arch_op": "pattern match" }, "uXRgwaipa8s2OMXjAf1Thg==": { "id": "uXRgwaipa8s2OMXjAf1Thg==", "updater": "rhel-vex", "name": "CVE-2023-6129", "description": "A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.", "issued": "2024-01-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6129 https://bugzilla.redhat.com/show_bug.cgi?id=2257571 https://www.cve.org/CVERecord?id=CVE-2023-6129 https://nvd.nist.gov/vuln/detail/CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt https://www.openwall.com/lists/oss-security/2024/01/09/1 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6129.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "ueWEd2PE6kwBx153FL1eIA==": { "id": "ueWEd2PE6kwBx153FL1eIA==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "ug2Mk8LI1eIN0hRNT0s8JQ==": { "id": "ug2Mk8LI1eIN0hRNT0s8JQ==", "updater": "rhel-vex", "name": "CVE-2022-3599", "description": "An out-of-bounds read flaw was found in the writeSingleSection function in tools/tiffcrop.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-02-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3599 https://bugzilla.redhat.com/show_bug.cgi?id=2142740 https://www.cve.org/CVERecord?id=CVE-2022-3599 https://nvd.nist.gov/vuln/detail/CVE-2022-3599 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3599.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "ugAB401UYtKGrqztlPOlZA==": { "id": "ugAB401UYtKGrqztlPOlZA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "ugk8bc5JAs//Hgj923HTXA==": { "id": "ugk8bc5JAs//Hgj923HTXA==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "uglqkYqbcsDd4SCu9NI2Ww==": { "id": "uglqkYqbcsDd4SCu9NI2Ww==", "updater": "rhel-vex", "name": "CVE-2023-25435", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to a heap-based buffer overflow in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a denial of service.", "issued": "2023-01-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25435 https://bugzilla.redhat.com/show_bug.cgi?id=2216614 https://www.cve.org/CVERecord?id=CVE-2023-25435 https://nvd.nist.gov/vuln/detail/CVE-2023-25435 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25435.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uhGUZtCY1OXgM1L55/upYA==": { "id": "uhGUZtCY1OXgM1L55/upYA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "uioq0s2+upthXeIfuu8dpA==": { "id": "uioq0s2+upthXeIfuu8dpA==", "updater": "rhel-vex", "name": "CVE-2025-49796", "description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "issued": "2025-06-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-49796 https://bugzilla.redhat.com/show_bug.cgi?id=2372385 https://www.cve.org/CVERecord?id=CVE-2025-49796 https://nvd.nist.gov/vuln/detail/CVE-2025-49796 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-49796.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "ujzNJ5kQVFINisRmEnkrzA==": { "id": "ujzNJ5kQVFINisRmEnkrzA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "ukBMje282PDzxzC8wCZoJA==": { "id": "ukBMje282PDzxzC8wCZoJA==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ulsMCA3bm5VANCxYIf54Zw==": { "id": "ulsMCA3bm5VANCxYIf54Zw==", "updater": "rhel-vex", "name": "CVE-2021-35938", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://www.cve.org/CVERecord?id=CVE-2021-35938 https://nvd.nist.gov/vuln/detail/CVE-2021-35938 https://rpm.org/wiki/Releases/4.18.0 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35938.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "ummv/ARHzS4IbQ59dpGtvQ==": { "id": "ummv/ARHzS4IbQ59dpGtvQ==", "updater": "rhel-vex", "name": "CVE-2024-10963", "description": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.", "issued": "2024-11-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10963 https://bugzilla.redhat.com/show_bug.cgi?id=2324291 https://www.cve.org/CVERecord?id=CVE-2024-10963 https://nvd.nist.gov/vuln/detail/CVE-2024-10963 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10963.json https://access.redhat.com/errata/RHSA-2024:10244", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-22.el9_5", "arch_op": "pattern match" }, "urOIF+inUTTF1gL7DeWkzg==": { "id": "urOIF+inUTTF1gL7DeWkzg==", "updater": "rhel-vex", "name": "CVE-2023-28322", "description": "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", "issued": "2023-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28322 https://bugzilla.redhat.com/show_bug.cgi?id=2196793 https://www.cve.org/CVERecord?id=CVE-2023-28322 https://nvd.nist.gov/vuln/detail/CVE-2023-28322 https://curl.se/docs/CVE-2023-28322.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28322.json https://access.redhat.com/errata/RHSA-2023:4354", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-23.el9_2.2", "arch_op": "pattern match" }, "uvaZxZFE7cKBjyjVQ/t6lg==": { "id": "uvaZxZFE7cKBjyjVQ/t6lg==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "curl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "v+VZolEvt4HU4yiZTpFx+Q==": { "id": "v+VZolEvt4HU4yiZTpFx+Q==", "updater": "osv/go", "name": "GO-2024-2687", "description": "HTTP/2 CONTINUATION flood in net/http", "issued": "2024-04-03T21:12:01Z", "links": "https://go.dev/issue/65051 https://go.dev/cl/576155 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.9" }, "v+qPraJNH1peMhjiTk1OgA==": { "id": "v+qPraJNH1peMhjiTk1OgA==", "updater": "rhel-vex", "name": "CVE-2024-55549", "description": "A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.", "issued": "2025-03-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-55549 https://bugzilla.redhat.com/show_bug.cgi?id=2352484 https://www.cve.org/CVERecord?id=CVE-2024-55549 https://nvd.nist.gov/vuln/detail/CVE-2024-55549 https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-55549.json https://access.redhat.com/errata/RHSA-2025:4025", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libxslt", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.1.34-9.el9_5.2", "arch_op": "pattern match" }, "v/LL4YgDGZJlkF77eUtvPw==": { "id": "v/LL4YgDGZJlkF77eUtvPw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.6-1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "v6t7qJCF3xL8IO0nPwJX1g==": { "id": "v6t7qJCF3xL8IO0nPwJX1g==", "updater": "rhel-vex", "name": "CVE-2023-24537", "description": "A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by an infinite loop due to integer overflow when calling any of the Parse functions. By sending a specially crafted input, a remote attacker can cause a denial of service.", "issued": "2023-04-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24537 https://bugzilla.redhat.com/show_bug.cgi?id=2184484 https://www.cve.org/CVERecord?id=CVE-2023-24537 https://nvd.nist.gov/vuln/detail/CVE-2023-24537 https://github.com/golang/go/issues/59180 https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24537.json https://access.redhat.com/errata/RHSA-2023:3318", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.9-2.el9_2", "arch_op": "pattern match" }, "v9nWDWoVTUzEu77hVCL+xw==": { "id": "v9nWDWoVTUzEu77hVCL+xw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "vAAzy4RBfYsNO+V3LlPJ7A==": { "id": "vAAzy4RBfYsNO+V3LlPJ7A==", "updater": "rhel-vex", "name": "CVE-2024-7006", "description": "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.", "issued": "2024-07-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996 https://www.cve.org/CVERecord?id=CVE-2024-7006 https://nvd.nist.gov/vuln/detail/CVE-2024-7006 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7006.json https://access.redhat.com/errata/RHSA-2024:8914", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9_4.1", "arch_op": "pattern match" }, "vBXrhxnu9HxQSmN5xWhZaQ==": { "id": "vBXrhxnu9HxQSmN5xWhZaQ==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "vHIEJpBGkCNiUPmahPyLqQ==": { "id": "vHIEJpBGkCNiUPmahPyLqQ==", "updater": "rhel-vex", "name": "CVE-2025-0395", "description": "A flaw was found in the GNU C Library (glibc). A buffer overflow condition via the `assert()` function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading to an application crash or other undefined behavior.", "issued": "2025-01-22T13:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0395 https://bugzilla.redhat.com/show_bug.cgi?id=2339460 https://www.cve.org/CVERecord?id=CVE-2025-0395 https://nvd.nist.gov/vuln/detail/CVE-2025-0395 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0395.json https://access.redhat.com/errata/RHSA-2025:4244", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-125.el9_5.8", "arch_op": "pattern match" }, "vJceii8mKrpQPBtlAKleGQ==": { "id": "vJceii8mKrpQPBtlAKleGQ==", "updater": "rhel-vex", "name": "CVE-2023-34969", "description": "An assertion failure vulnerability was found in D-Bus. This issue occurs when a privileged monitoring connection (dbus-monitor, busctl monitor, gdbus monitor, or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to \u003cdeny\u003e rules or outgoing message quota. If a privileged user with control over the dbus-daemon is monitoring the message bus traffic using the Monitoring clients like the dbus-monitor or busctl monitor interfaces, then an unprivileged local user with the ability to connect to the same dbus-daemon could send specially crafted request, causing a dbus-daemon to crash, resulting in a denial of service under some circumstances.", "issued": "2023-06-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-34969 https://bugzilla.redhat.com/show_bug.cgi?id=2213166 https://www.cve.org/CVERecord?id=CVE-2023-34969 https://nvd.nist.gov/vuln/detail/CVE-2023-34969 https://gitlab.freedesktop.org/dbus/dbus/-/issues/457 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-34969.json https://access.redhat.com/errata/RHSA-2023:4569", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dbus-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:1.12.20-7.el9_2.1", "arch_op": "pattern match" }, "vLDNpmPSXi+t8ebIQHILIw==": { "id": "vLDNpmPSXi+t8ebIQHILIw==", "updater": "rhel-vex", "name": "CVE-2023-4806", "description": "A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.", "issued": "2023-09-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4806 https://bugzilla.redhat.com/show_bug.cgi?id=2237782 https://www.cve.org/CVERecord?id=CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4806.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "vLLr24Ej4L78gTG08XYkRg==": { "id": "vLLr24Ej4L78gTG08XYkRg==", "updater": "rhel-vex", "name": "CVE-2023-2975", "description": "A vulnerability was found in OpenSSL. The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries, which are unauthenticated as a consequence. Applications that use the AES-SIV algorithm and want to authenticate empty data entries as associated data can be misled by removing, adding, or reordering such empty entries as these are ignored by the OpenSSL implementation. The AES-SIV algorithm allows for the authentication of multiple associated data entries and encryption. To authenticate empty data, the application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with a NULL pointer as the output buffer and 0 as the input buffer length. The AES-SIV implementation in OpenSSL returns success for such a call instead of performing the associated data authentication operation. Thus, the empty data will not be authenticated.", "issued": "2023-07-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2975 https://bugzilla.redhat.com/show_bug.cgi?id=2223016 https://www.cve.org/CVERecord?id=CVE-2023-2975 https://nvd.nist.gov/vuln/detail/CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2975.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "vLgELeoIueNM9KX5ZIMtjg==": { "id": "vLgELeoIueNM9KX5ZIMtjg==", "updater": "rhel-vex", "name": "CVE-2021-35937", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://www.cve.org/CVERecord?id=CVE-2021-35937 https://nvd.nist.gov/vuln/detail/CVE-2021-35937 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35937.json https://access.redhat.com/errata/RHSA-2024:0463", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-rpm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.16.1.3-27.el9_3", "arch_op": "pattern match" }, "vPDXRcEg4abq9PCqTBFkAg==": { "id": "vPDXRcEg4abq9PCqTBFkAg==", "updater": "rhel-vex", "name": "CVE-2023-25652", "description": "A vulnerability was found in Git. This security flaw occurs when feeding specially crafted input to `git apply --reject`; a path outside the working tree can be overwritten with partially controlled contents corresponding to the rejected hunk(s) from the given patch.", "issued": "2023-04-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25652 https://bugzilla.redhat.com/show_bug.cgi?id=2188333 https://www.cve.org/CVERecord?id=CVE-2023-25652 https://nvd.nist.gov/vuln/detail/CVE-2023-25652 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25652.json https://access.redhat.com/errata/RHSA-2023:3245", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.3-1.el9_2", "arch_op": "pattern match" }, "vQedZoMzqBElfCAKIwQo5w==": { "id": "vQedZoMzqBElfCAKIwQo5w==", "updater": "rhel-vex", "name": "CVE-2023-32006", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32006 https://bugzilla.redhat.com/show_bug.cgi?id=2230955 https://www.cve.org/CVERecord?id=CVE-2023-32006 https://nvd.nist.gov/vuln/detail/CVE-2023-32006 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-impersonate-other-modules-in-using-moduleconstructorcreaterequire-mediumcve-2023-32006 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32006.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "vWwpCPVTGndMb9IraxXgGg==": { "id": "vWwpCPVTGndMb9IraxXgGg==", "updater": "rhel-vex", "name": "CVE-2023-6228", "description": "An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash.", "issued": "2023-09-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-6228 https://bugzilla.redhat.com/show_bug.cgi?id=2240995 https://www.cve.org/CVERecord?id=CVE-2023-6228 https://nvd.nist.gov/vuln/detail/CVE-2023-6228 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-6228.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "vZzq+XzhXQpcGK6x6C81SQ==": { "id": "vZzq+XzhXQpcGK6x6C81SQ==", "updater": "rhel-vex", "name": "CVE-2023-23918", "description": "A privilege escalation vulnerability exists in Node.js \u003c19.6.1, \u003c18.14.1, \u003c16.19.1 and \u003c14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). This only affects users who had enabled the experimental permissions option with --experimental-policy.", "issued": "2023-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-23918 https://bugzilla.redhat.com/show_bug.cgi?id=2171935 https://www.cve.org/CVERecord?id=CVE-2023-23918 https://nvd.nist.gov/vuln/detail/CVE-2023-23918 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-23918.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vagSYtfX2ayPhseLZe8kAA==": { "id": "vagSYtfX2ayPhseLZe8kAA==", "updater": "rhel-vex", "name": "CVE-2023-46809", "description": "A flaw was found in Node.js. The privateDecrypt() API of the crypto library may allow a covert timing side-channel during PKCS#1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing JSON Web Encryption messages.", "issued": "2024-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46809 https://bugzilla.redhat.com/show_bug.cgi?id=2264569 https://www.cve.org/CVERecord?id=CVE-2023-46809 https://nvd.nist.gov/vuln/detail/CVE-2023-46809 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46809.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.11.1-1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "vb7DdaxZjPV5NEcCqN9EkQ==": { "id": "vb7DdaxZjPV5NEcCqN9EkQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-stat", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.09-481.1.el9_6", "arch_op": "pattern match" }, "vbUGycVGGL83rd1I5CfHuQ==": { "id": "vbUGycVGGL83rd1I5CfHuQ==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "vc3i6DfzTVpLFX6x0zKE4A==": { "id": "vc3i6DfzTVpLFX6x0zKE4A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "vceRrCjaQs4/Tb9s36m+gQ==": { "id": "vceRrCjaQs4/Tb9s36m+gQ==", "updater": "rhel-vex", "name": "CVE-2024-45341", "description": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45341 https://bugzilla.redhat.com/show_bug.cgi?id=2341750 https://www.cve.org/CVERecord?id=CVE-2024-45341 https://nvd.nist.gov/vuln/detail/CVE-2024-45341 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45341.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "vdokiHWKHEv0aYbydeDs5Q==": { "id": "vdokiHWKHEv0aYbydeDs5Q==", "updater": "rhel-vex", "name": "CVE-2023-43785", "description": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43785 https://bugzilla.redhat.com/show_bug.cgi?id=2242252 https://www.cve.org/CVERecord?id=CVE-2023-43785 https://nvd.nist.gov/vuln/detail/CVE-2023-43785 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43785.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "ve8kNOScD+vxLjbMehgbRA==": { "id": "ve8kNOScD+vxLjbMehgbRA==", "updater": "rhel-vex", "name": "CVE-2023-32002", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32002 https://bugzilla.redhat.com/show_bug.cgi?id=2230948 https://www.cve.org/CVERecord?id=CVE-2023-32002 https://nvd.nist.gov/vuln/detail/CVE-2023-32002 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-module_load-highcve-2023-32002 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32002.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:8.19.4-1.16.20.2.1.el9_2", "arch_op": "pattern match" }, "vekzBecfH1YN/Zd4MHsZmA==": { "id": "vekzBecfH1YN/Zd4MHsZmA==", "updater": "rhel-vex", "name": "CVE-2023-30630", "description": "A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo.", "issued": "2023-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30630 https://bugzilla.redhat.com/show_bug.cgi?id=2186669 https://www.cve.org/CVERecord?id=CVE-2023-30630 https://nvd.nist.gov/vuln/detail/CVE-2023-30630 https://github.com/adamreiser/dmiwrite https://github.com/advisories/GHSA-9r2p-xmm5-5ppg https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30630.json https://access.redhat.com/errata/RHSA-2023:5061", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "dmidecode", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.3-7.el9_2.1", "arch_op": "pattern match" }, "ves1GfNCYjdCXJceNwT2Lw==": { "id": "ves1GfNCYjdCXJceNwT2Lw==", "updater": "rhel-vex", "name": "CVE-2023-39326", "description": "A flaw was found in the Golang net/http/internal package. This issue may allow a malicious user to send an HTTP request and cause the receiver to read more bytes from network than are in the body (up to 1GiB), causing the receiver to fail reading the response, possibly leading to a Denial of Service (DoS).", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39326 https://bugzilla.redhat.com/show_bug.cgi?id=2253330 https://www.cve.org/CVERecord?id=CVE-2023-39326 https://nvd.nist.gov/vuln/detail/CVE-2023-39326 https://pkg.go.dev/vuln/GO-2023-2382 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39326.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vgP3FAR9tXjiqUc0mFlRrg==": { "id": "vgP3FAR9tXjiqUc0mFlRrg==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-Symbol", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.08-481.1.el9_6", "arch_op": "pattern match" }, "viJWUTYaczSUI8knrOEDyQ==": { "id": "viJWUTYaczSUI8knrOEDyQ==", "updater": "rhel-vex", "name": "CVE-2025-3277", "description": "A flaw was found in SQLite’s `concat_ws()` function, where an integer overflow can be triggered. The resulting truncated integer can allocate a buffer. When SQLite writes the resulting string to the buffer, it uses the original, untruncated size, and a wild heap buffer overflow size of around 4GB can occur. This issue can result in arbitrary code execution.", "issued": "2025-04-14T16:50:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3277 https://bugzilla.redhat.com/show_bug.cgi?id=2359553 https://www.cve.org/CVERecord?id=CVE-2025-3277 https://nvd.nist.gov/vuln/detail/CVE-2025-3277 https://sqlite.org/src/info/498e3f1cf57f164f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3277.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "vn/18J5TIuzcd8MxdMgYlw==": { "id": "vn/18J5TIuzcd8MxdMgYlw==", "updater": "rhel-vex", "name": "CVE-2023-45285", "description": "A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure \"git://\" if trying to fetch a .git module that has no \"https://\" or \"git+ssh://\" available.", "issued": "2023-12-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45285 https://bugzilla.redhat.com/show_bug.cgi?id=2253323 https://www.cve.org/CVERecord?id=CVE-2023-45285 https://nvd.nist.gov/vuln/detail/CVE-2023-45285 https://pkg.go.dev/vuln/GO-2023-2383 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45285.json https://access.redhat.com/errata/RHSA-2024:1131", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-1.el9_3", "arch_op": "pattern match" }, "vnBlYA/0lXrfCSSYxgwhSQ==": { "id": "vnBlYA/0lXrfCSSYxgwhSQ==", "updater": "rhel-vex", "name": "CVE-2021-35065", "description": "A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability.", "issued": "2022-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-35065 https://bugzilla.redhat.com/show_bug.cgi?id=2156324 https://www.cve.org/CVERecord?id=CVE-2021-35065 https://nvd.nist.gov/vuln/detail/CVE-2021-35065 https://security.snyk.io/vuln/SNYK-JS-GLOBPARENT-1314294 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-35065.json https://access.redhat.com/errata/RHSA-2023:2654", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.14.2-2.module+el9.2.0.z+18497+a402347c", "arch_op": "pattern match" }, "vnQE6sVVricZrrWA9Xv5RQ==": { "id": "vnQE6sVVricZrrWA9Xv5RQ==", "updater": "rhel-vex", "name": "CVE-2025-48384", "description": "A line-end handling flaw was found in Git. When writing a config entry, values with a trailing carriage return (CR) are not quoted, resulting in the CR being lost when the config is read later. When initializing a submodule, if the submodule path contains a trailing CR, the altered path is read, resulting in the submodule being checked out to an incorrect location.", "issued": "2025-07-08T18:23:48Z", "links": "https://access.redhat.com/security/cve/CVE-2025-48384 https://bugzilla.redhat.com/show_bug.cgi?id=2378806 https://www.cve.org/CVERecord?id=CVE-2025-48384 https://nvd.nist.gov/vuln/detail/CVE-2025-48384 https://dgl.cx/2025/07/git-clone-submodule-cve-2025-48384 https://github.com/git/git/commit/05e9cd64ee23bbadcea6bcffd6660ed02b8eab89 https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-48384.json https://access.redhat.com/errata/RHSA-2025:11462", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "perl-Git", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.47.3-1.el9_6", "arch_op": "pattern match" }, "vpkqaxRDIkUCRIT3f2sk6Q==": { "id": "vpkqaxRDIkUCRIT3f2sk6Q==", "updater": "osv/go", "name": "GO-2024-2598", "description": "Verify panics on certificates with an unknown public key algorithm in crypto/x509", "issued": "2024-03-05T22:14:58Z", "links": "https://go.dev/issue/65390 https://go.dev/cl/569339 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.21.8" }, "vu4nws6mMs6GJYT1BNu9DQ==": { "id": "vu4nws6mMs6GJYT1BNu9DQ==", "updater": "rhel-vex", "name": "CVE-2024-2961", "description": "An out-of-bounds write flaw was found in the ISO-2022-CN-EXT plugin for glibc's iconv library. When converting from UCS4 charset, adding certain escape charterers is required to indicate where the charset was changed to the library. During this process, iconv improperly checks the boundaries of internal buffers, leading to a buffer overflow, which allows writing up to 3 bytes outside the desired memory location. This issue may allow an attacker to craft a malicious characters sequence that will trigger the out-of-bounds write and perform remote code execution, presenting a high impact to the Integrity, Confidentiality, and Availability triad.", "issued": "2024-04-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2961 https://bugzilla.redhat.com/show_bug.cgi?id=2273404 https://www.cve.org/CVERecord?id=CVE-2024-2961 https://nvd.nist.gov/vuln/detail/CVE-2024-2961 https://www.openwall.com/lists/oss-security/2024/04/17/9 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2961.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwUe6Dpe5Fb7V8GdyGEhjA==": { "id": "vwUe6Dpe5Fb7V8GdyGEhjA==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "vwdkC2aeXSkn642Di7lXbw==": { "id": "vwdkC2aeXSkn642Di7lXbw==", "updater": "rhel-vex", "name": "CVE-2023-39615", "description": "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", "issued": "2023-08-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39615 https://bugzilla.redhat.com/show_bug.cgi?id=2235864 https://www.cve.org/CVERecord?id=CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615 https://gitlab.gnome.org/GNOME/libxml2/-/issues/535 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39615.json https://access.redhat.com/errata/RHSA-2023:7747", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-5.el9_3", "arch_op": "pattern match" }, "vy6yzxdusLc9vaaiu2HI2w==": { "id": "vy6yzxdusLc9vaaiu2HI2w==", "updater": "rhel-vex", "name": "CVE-2023-7104", "description": "A vulnerability has been identified in SQLite3. This issue affects the sessionReadRecord function of the ext/session/sqlite3session.c function in the make alltest Handler component. Manipulation may cause a heap-based buffer overflow to occur.", "issued": "2023-12-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-7104 https://bugzilla.redhat.com/show_bug.cgi?id=2256194 https://www.cve.org/CVERecord?id=CVE-2023-7104 https://nvd.nist.gov/vuln/detail/CVE-2023-7104 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-7104.json https://access.redhat.com/errata/RHSA-2024:0465", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.34.1-7.el9_3", "arch_op": "pattern match" }, "vz18/+7m2wxxY2NMQUQ6Yg==": { "id": "vz18/+7m2wxxY2NMQUQ6Yg==", "updater": "rhel-vex", "name": "CVE-2022-3597", "description": "An out-of-bounds write flaw was found in the _TIFFmemcpy function in libtiff/tif_unix.c in the libtiff package. By persuading a victim to open a specially-crafted TIFF image file, a remote attacker could cause a denial of service condition.", "issued": "2022-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3597 https://bugzilla.redhat.com/show_bug.cgi?id=2142736 https://www.cve.org/CVERecord?id=CVE-2022-3597 https://nvd.nist.gov/vuln/detail/CVE-2022-3597 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3597.json https://access.redhat.com/errata/RHSA-2023:2340", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-7.el9", "arch_op": "pattern match" }, "w/NMuS0o9hChTkNvZhIOtg==": { "id": "w/NMuS0o9hChTkNvZhIOtg==", "updater": "rhel-vex", "name": "CVE-2023-38552", "description": "When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to node's policy implementation, thus effectively disabling the integrity check.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38552 https://bugzilla.redhat.com/show_bug.cgi?id=2244415 https://www.cve.org/CVERecord?id=CVE-2023-38552 https://nvd.nist.gov/vuln/detail/CVE-2023-38552 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38552.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "w/qPRfgu7T1MbY4EuhkWZw==": { "id": "w/qPRfgu7T1MbY4EuhkWZw==", "updater": "osv/go", "name": "GO-2022-0531", "description": "Session tickets lack random ticket_age_add in crypto/tls", "issued": "2022-07-28T17:24:57Z", "links": "https://go.dev/cl/405994 https://go.googlesource.com/go/+/fe4de36198794c447fbd9d7cc2d7199a506c76a5 https://go.dev/issue/52814 https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.3" }, "w1094TrprBpG+5TZJus6FA==": { "id": "w1094TrprBpG+5TZJus6FA==", "updater": "rhel-vex", "name": "CVE-2022-1674", "description": "A NULL pointer dereference flaw was found in vim's vim_regexec_string() function in regexp.c file. The issue occurs when the function tries to match the buffer with an invalid pattern. This flaw allows an attacker to trick a user into opening a specially crafted file, triggering a NULL pointer dereference that causes an application to crash, leading to a denial of service.", "issued": "2022-05-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1674 https://bugzilla.redhat.com/show_bug.cgi?id=2085393 https://www.cve.org/CVERecord?id=CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w8af/LTYrBLWhYkZBSi2Lg==": { "id": "w8af/LTYrBLWhYkZBSi2Lg==", "updater": "rhel-vex", "name": "CVE-2022-4141", "description": "A heap-based buffer overflow vulnerability was found in Vim due to invalid memory access. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering an out-of-bounds write that causes an application to crash, possibly executing code and corrupting memory.", "issued": "2022-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4141 https://bugzilla.redhat.com/show_bug.cgi?id=2148991 https://www.cve.org/CVERecord?id=CVE-2022-4141 https://nvd.nist.gov/vuln/detail/CVE-2022-4141 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4141.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "w93rRV74Y3Xaae9j4uy2iQ==": { "id": "w93rRV74Y3Xaae9j4uy2iQ==", "updater": "rhel-vex", "name": "CVE-2023-0801", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the _TIFFmemcpy function in libtiff/tif_unix.c when called by functions in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0801 https://bugzilla.redhat.com/show_bug.cgi?id=2170172 https://www.cve.org/CVERecord?id=CVE-2023-0801 https://nvd.nist.gov/vuln/detail/CVE-2023-0801 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0801.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "wBC264S906jsJ9EHip/24A==": { "id": "wBC264S906jsJ9EHip/24A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wCl622H8UElXM4AFHot1bA==": { "id": "wCl622H8UElXM4AFHot1bA==", "updater": "rhel-vex", "name": "CVE-2023-46218", "description": "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", "issued": "2023-12-06T07:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-46218 https://bugzilla.redhat.com/show_bug.cgi?id=2252030 https://www.cve.org/CVERecord?id=CVE-2023-46218 https://nvd.nist.gov/vuln/detail/CVE-2023-46218 https://curl.se/docs/CVE-2023-46218.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-46218.json https://access.redhat.com/errata/RHSA-2024:1129", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libcurl-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.3", "arch_op": "pattern match" }, "wEVnFZ6M5zpBHSw+nqU0rg==": { "id": "wEVnFZ6M5zpBHSw+nqU0rg==", "updater": "rhel-vex", "name": "CVE-2023-3618", "description": "A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.", "issued": "2023-02-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3618 https://bugzilla.redhat.com/show_bug.cgi?id=2215865 https://www.cve.org/CVERecord?id=CVE-2023-3618 https://nvd.nist.gov/vuln/detail/CVE-2023-3618 https://gitlab.com/libtiff/libtiff/-/issues/529 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3618.json https://access.redhat.com/errata/RHSA-2024:2289", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-12.el9", "arch_op": "pattern match" }, "wEZLQNUZyYD6Rz0ucz5fzQ==": { "id": "wEZLQNUZyYD6Rz0ucz5fzQ==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-lib", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:0.65-481.1.el9_6", "arch_op": "pattern match" }, "wG1iwTc5HBr1VKWUstaeHw==": { "id": "wG1iwTc5HBr1VKWUstaeHw==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "wL88v46Y3XlOQ8xtlmBugA==": { "id": "wL88v46Y3XlOQ8xtlmBugA==", "updater": "rhel-vex", "name": "CVE-2024-28834", "description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "issued": "2024-03-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28834 https://bugzilla.redhat.com/show_bug.cgi?id=2269228 https://www.cve.org/CVERecord?id=CVE-2024-28834 https://nvd.nist.gov/vuln/detail/CVE-2024-28834 https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html https://minerva.crocs.fi.muni.cz/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28834.json https://access.redhat.com/errata/RHSA-2024:1879", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "gnutls", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.7.6-23.el9_3.4", "arch_op": "pattern match" }, "wMpTUDltgKPDv4b44/0Spg==": { "id": "wMpTUDltgKPDv4b44/0Spg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHSA-2023:5453", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-60.el9_2.7", "arch_op": "pattern match" }, "wN+C2Zg1myHVbcMR/36bqA==": { "id": "wN+C2Zg1myHVbcMR/36bqA==", "updater": "rhel-vex", "name": "CVE-2023-30588", "description": "A vulnerability has been identified in the Node.js, where an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30588 https://bugzilla.redhat.com/show_bug.cgi?id=2219838 https://www.cve.org/CVERecord?id=CVE-2023-30588 https://nvd.nist.gov/vuln/detail/CVE-2023-30588 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30588.json https://access.redhat.com/errata/RHSA-2023:4331", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.1-1.el9_2", "arch_op": "pattern match" }, "wO2dcFx5JhDjz2K4QDYydw==": { "id": "wO2dcFx5JhDjz2K4QDYydw==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "wSNG00q+az+IW0NBCU7MPQ==": { "id": "wSNG00q+az+IW0NBCU7MPQ==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-minimal-langpack", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "wTqPXpGv5suIYx7xVHwxzw==": { "id": "wTqPXpGv5suIYx7xVHwxzw==", "updater": "rhel-vex", "name": "CVE-2024-45491", "description": "An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINT_MAX equals SIZE_MAX.", "issued": "2024-08-30T03:15:03Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45491 https://bugzilla.redhat.com/show_bug.cgi?id=2308616 https://www.cve.org/CVERecord?id=CVE-2024-45491 https://nvd.nist.gov/vuln/detail/CVE-2024-45491 https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes https://github.com/libexpat/libexpat/issues/888 https://github.com/libexpat/libexpat/pull/891 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45491.json https://access.redhat.com/errata/RHSA-2024:6754", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.5.0-2.el9_4.1", "arch_op": "pattern match" }, "wVu6Drfzxh1KT5UxKndpTQ==": { "id": "wVu6Drfzxh1KT5UxKndpTQ==", "updater": "rhel-vex", "name": "CVE-2022-41725", "description": "A flaw was found in Go, where it is vulnerable to a denial of service caused by an excessive resource consumption flaw in the net/http and mime/multipart packages. By sending a specially-crafted request, a remote attacker can cause a denial of service.", "issued": "2023-02-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41725 https://bugzilla.redhat.com/show_bug.cgi?id=2178488 https://www.cve.org/CVERecord?id=CVE-2022-41725 https://nvd.nist.gov/vuln/detail/CVE-2022-41725 https://go.dev/cl/468124 https://go.dev/issue/58006 https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E https://pkg.go.dev/vuln/GO-2023-1569 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41725.json https://access.redhat.com/errata/RHBA-2023:2181", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.19.6-2.el9_2", "arch_op": "pattern match" }, "wXA+dwIpPFBMKZHFylJdgg==": { "id": "wXA+dwIpPFBMKZHFylJdgg==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "walyEMfvPvVh3KXxCNA/pQ==": { "id": "walyEMfvPvVh3KXxCNA/pQ==", "updater": "osv/go", "name": "GO-2023-1751", "description": "Improper sanitization of CSS values in html/template", "issued": "2023-05-05T21:10:20Z", "links": "https://go.dev/issue/59720 https://go.dev/cl/491615 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.19.9" }, "wbgbZuReVn7DfcAmqe3XZA==": { "id": "wbgbZuReVn7DfcAmqe3XZA==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-headers", "version": "", "kind": "binary", "normalized_version": "", "arch": "s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "wc5lIWGg0A45t1Tgl/aghw==": { "id": "wc5lIWGg0A45t1Tgl/aghw==", "updater": "rhel-vex", "name": "CVE-2025-22150", "description": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.", "issued": "2025-01-21T17:46:58Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22150 https://bugzilla.redhat.com/show_bug.cgi?id=2339176 https://www.cve.org/CVERecord?id=CVE-2025-22150 https://nvd.nist.gov/vuln/detail/CVE-2025-22150 https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 https://hackerone.com/reports/2913312 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22150.json https://access.redhat.com/errata/RHSA-2025:1613", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.13.1-1.module+el9.5.0+22763+17233acb", "arch_op": "pattern match" }, "wed5fBK5xYyUEx1EpoQtEg==": { "id": "wed5fBK5xYyUEx1EpoQtEg==", "updater": "rhel-vex", "name": "CVE-2025-23083", "description": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.", "issued": "2025-01-22T01:11:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23083 https://bugzilla.redhat.com/show_bug.cgi?id=2339392 https://www.cve.org/CVERecord?id=CVE-2025-23083 https://nvd.nist.gov/vuln/detail/CVE-2025-23083 https://nodejs.org/en/blog/vulnerability/january-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23083.json https://access.redhat.com/errata/RHSA-2025:1443", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198", "arch_op": "pattern match" }, "wfyGNkRP1AKTpRqTPf0oQQ==": { "id": "wfyGNkRP1AKTpRqTPf0oQQ==", "updater": "rhel-vex", "name": "CVE-2023-32559", "description": "A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding('spawn_sync') to run arbitrary code outside of the limits defined in a policy.json file.", "issued": "2023-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32559 https://bugzilla.redhat.com/show_bug.cgi?id=2230956 https://www.cve.org/CVERecord?id=CVE-2023-32559 https://nvd.nist.gov/vuln/detail/CVE-2023-32559 https://nodejs.org/en/blog/vulnerability/august-2023-security-releases#permissions-policies-can-be-bypassed-via-processbinding-mediumcve-2023-32559 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32559.json https://access.redhat.com/errata/RHSA-2023:5532", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.20.2-1.el9_2", "arch_op": "pattern match" }, "wgjZroGG2ECX8FlIRRqZmw==": { "id": "wgjZroGG2ECX8FlIRRqZmw==", "updater": "rhel-vex", "name": "CVE-2022-4904", "description": "A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.", "issued": "2022-12-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4904 https://bugzilla.redhat.com/show_bug.cgi?id=2168631 https://www.cve.org/CVERecord?id=CVE-2022-4904 https://nvd.nist.gov/vuln/detail/CVE-2022-4904 https://github.com/c-ares/c-ares/issues/496 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4904.json https://access.redhat.com/errata/RHSA-2023:2655", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-1.el9_2", "arch_op": "pattern match" }, "wh8UL6jE02MHJgululn0nA==": { "id": "wh8UL6jE02MHJgululn0nA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "whMVc0u5Lzujkr6AuzQzMw==": { "id": "whMVc0u5Lzujkr6AuzQzMw==", "updater": "rhel-vex", "name": "CVE-2024-33602", "description": "A flaw was found in the glibc netgroup cache. The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer. This can potentially lead to memory corruption and cause a crash.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33602 https://bugzilla.redhat.com/show_bug.cgi?id=2277206 https://www.cve.org/CVERecord?id=CVE-2024-33602 https://nvd.nist.gov/vuln/detail/CVE-2024-33602 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33602.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "wj5w4kQEe9iH2tb9jj1wEA==": { "id": "wj5w4kQEe9iH2tb9jj1wEA==", "updater": "rhel-vex", "name": "CVE-2023-39975", "description": "A vulnerability was found in MIT krb5, where an authenticated attacker can cause a KDC to free the same pointer twice if it can induce a failure in authorization data handling.", "issued": "2023-08-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39975 https://bugzilla.redhat.com/show_bug.cgi?id=2232682 https://www.cve.org/CVERecord?id=CVE-2023-39975 https://nvd.nist.gov/vuln/detail/CVE-2023-39975 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39975.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "wjPVtpb8yNf3j3pc1wfy6A==": { "id": "wjPVtpb8yNf3j3pc1wfy6A==", "updater": "rhel-vex", "name": "CVE-2023-38545", "description": "A heap-based buffer overflow flaw was found in the SOCKS5 proxy handshake in the Curl package. If Curl is unable to resolve the address itself, it passes the hostname to the SOCKS5 proxy. However, the maximum length of the hostname that can be passed is 255 bytes. If the hostname is longer, then Curl switches to the local name resolving and passes the resolved address only to the proxy. The local variable that instructs Curl to \"let the host resolve the name\" could obtain the wrong value during a slow SOCKS5 handshake, resulting in the too-long hostname being copied to the target buffer instead of the resolved address, which was not the intended behavior.", "issued": "2023-10-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-38545 https://bugzilla.redhat.com/show_bug.cgi?id=2241933 https://www.cve.org/CVERecord?id=CVE-2023-38545 https://nvd.nist.gov/vuln/detail/CVE-2023-38545 https://curl.se/docs/CVE-2023-38545.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-38545.json https://access.redhat.com/errata/RHSA-2023:6745", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9_3.2", "arch_op": "pattern match" }, "wlPwpwE94ExdZ/N5EaE3ow==": { "id": "wlPwpwE94ExdZ/N5EaE3ow==", "updater": "rhel-vex", "name": "CVE-2023-2491", "description": "A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the \"org-babel-execute:latex\" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.", "issued": "2023-05-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2491 https://bugzilla.redhat.com/show_bug.cgi?id=2192873 https://www.cve.org/CVERecord?id=CVE-2023-2491 https://nvd.nist.gov/vuln/detail/CVE-2023-2491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2491.json https://access.redhat.com/errata/RHSA-2023:2626", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "emacs-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:27.2-8.el9_2.1", "arch_op": "pattern match" }, "wn4STzMt4ytbVHyERUyNoA==": { "id": "wn4STzMt4ytbVHyERUyNoA==", "updater": "rhel-vex", "name": "CVE-2021-3903", "description": "vim is vulnerable to Heap-based Buffer Overflow", "issued": "2021-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3903 https://bugzilla.redhat.com/show_bug.cgi?id=2018558 https://www.cve.org/CVERecord?id=CVE-2021-3903 https://nvd.nist.gov/vuln/detail/CVE-2021-3903 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3903.json https://access.redhat.com/errata/RHSA-2024:9405", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-minimal", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-21.el9", "arch_op": "pattern match" }, "wqIGHEm21/U4VCTr0VeLVw==": { "id": "wqIGHEm21/U4VCTr0VeLVw==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "ws4rNVATNtezkRTpFfdzmA==": { "id": "ws4rNVATNtezkRTpFfdzmA==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "x+9X6oSMihxrE4Tni3a4Zw==": { "id": "x+9X6oSMihxrE4Tni3a4Zw==", "updater": "rhel-vex", "name": "CVE-2024-24785", "description": "A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into templates.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-24785 https://bugzilla.redhat.com/show_bug.cgi?id=2268022 https://www.cve.org/CVERecord?id=CVE-2024-24785 https://nvd.nist.gov/vuln/detail/CVE-2024-24785 https://go.dev/cl/564196 https://go.dev/issue/65697 https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg https://vuln.go.dev/ID/GO-2024-2610.json https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-24785.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "x+E+r7arkKvVcXf/ay8rdg==": { "id": "x+E+r7arkKvVcXf/ay8rdg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json https://access.redhat.com/errata/RHSA-2023:6631", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.68.4-11.el9", "arch_op": "pattern match" }, "x0tnd8GOUfHQCdr5bXMpHA==": { "id": "x0tnd8GOUfHQCdr5bXMpHA==", "updater": "rhel-vex", "name": "CVE-2024-32487", "description": "An OS command injection flaw was found in Less. Since quoting is mishandled in filename.c, opening files with attacker-controlled file names can lead to OS command execution. Exploitation requires the LESSOPEN environment variable, which is set by default in many common cases.", "issued": "2024-04-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-32487 https://bugzilla.redhat.com/show_bug.cgi?id=2274980 https://www.cve.org/CVERecord?id=CVE-2024-32487 https://nvd.nist.gov/vuln/detail/CVE-2024-32487 https://www.openwall.com/lists/oss-security/2024/04/12/5 https://www.openwall.com/lists/oss-security/2024/04/13/2 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-32487.json https://access.redhat.com/errata/RHSA-2024:3513", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "less", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:590-4.el9_4", "arch_op": "pattern match" }, "x2hzd4kogrK1x2HyIGmxuw==": { "id": "x2hzd4kogrK1x2HyIGmxuw==", "updater": "rhel-vex", "name": "CVE-2025-23085", "description": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.", "issued": "2025-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23085 https://bugzilla.redhat.com/show_bug.cgi?id=2342618 https://www.cve.org/CVERecord?id=CVE-2025-23085 https://nvd.nist.gov/vuln/detail/CVE-2025-23085 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23085.json https://access.redhat.com/errata/RHSA-2025:1446", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385", "arch_op": "pattern match" }, "x4dqDafgKW8Zo/is+xcVZQ==": { "id": "x4dqDafgKW8Zo/is+xcVZQ==", "updater": "rhel-vex", "name": "CVE-2025-22866", "description": "A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leakage is likely insufficient to recover the private key when P-256 is used in any well-known protocols.", "issued": "2025-02-06T16:54:10Z", "links": "https://access.redhat.com/security/cve/CVE-2025-22866 https://bugzilla.redhat.com/show_bug.cgi?id=2344219 https://www.cve.org/CVERecord?id=CVE-2025-22866 https://nvd.nist.gov/vuln/detail/CVE-2025-22866 https://go.dev/cl/643735 https://go.dev/issue/71383 https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k https://pkg.go.dev/vuln/GO-2025-3447 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-22866.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "x4y353xwTKkgu0582Qh5wg==": { "id": "x4y353xwTKkgu0582Qh5wg==", "updater": "rhel-vex", "name": "CVE-2023-47038", "description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "issued": "2023-11-25T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-47038 https://bugzilla.redhat.com/show_bug.cgi?id=2249523 https://www.cve.org/CVERecord?id=CVE-2023-47038 https://nvd.nist.gov/vuln/detail/CVE-2023-47038 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-47038.json https://access.redhat.com/errata/RHSA-2024:2228", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-File-Basename", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.85-481.el9", "arch_op": "pattern match" }, "x5MnAXJPkWBC+zd+i08Svw==": { "id": "x5MnAXJPkWBC+zd+i08Svw==", "updater": "rhel-vex", "name": "CVE-2023-43786", "description": "A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.", "issued": "2023-10-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-43786 https://bugzilla.redhat.com/show_bug.cgi?id=2242253 https://www.cve.org/CVERecord?id=CVE-2023-43786 https://nvd.nist.gov/vuln/detail/CVE-2023-43786 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-43786.json https://access.redhat.com/errata/RHSA-2024:2145", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-xcb", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-9.el9", "arch_op": "pattern match" }, "x80ydqeeoahPQLNiV1VXvQ==": { "id": "x80ydqeeoahPQLNiV1VXvQ==", "updater": "osv/go", "name": "GO-2025-4014", "description": "Unbounded allocation when parsing GNU sparse map in archive/tar", "issued": "2025-10-29T21:51:04Z", "links": "https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.24.8" }, "xDXpto7iDgv1dyFWeDEVcQ==": { "id": "xDXpto7iDgv1dyFWeDEVcQ==", "updater": "rhel-vex", "name": "CVE-2023-31130", "description": "A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. \"0::00:00:00/2\" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().", "issued": "2023-05-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-31130 https://bugzilla.redhat.com/show_bug.cgi?id=2209497 https://www.cve.org/CVERecord?id=CVE-2023-31130 https://nvd.nist.gov/vuln/detail/CVE-2023-31130 https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-31130.json https://access.redhat.com/errata/RHSA-2023:3586", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:16.19.1-2.el9_2", "arch_op": "pattern match" }, "xEtBJoALTqnQBn0TOsRe9w==": { "id": "xEtBJoALTqnQBn0TOsRe9w==", "updater": "rhel-vex", "name": "CVE-2023-45288", "description": "A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45288 https://bugzilla.redhat.com/show_bug.cgi?id=2268273 https://www.cve.org/CVERecord?id=CVE-2023-45288 https://nvd.nist.gov/vuln/detail/CVE-2023-45288 https://nowotarski.info/http2-continuation-flood/ https://pkg.go.dev/vuln/GO-2024-2687 https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45288.json https://access.redhat.com/errata/RHSA-2024:1963", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.12-4.el9_3", "arch_op": "pattern match" }, "xF20fK5dvutyLkWcMLVDPw==": { "id": "xF20fK5dvutyLkWcMLVDPw==", "updater": "rhel-vex", "name": "CVE-2024-6232", "description": "A regular expression denial of service (ReDos) vulnerability was found in Python's tarfile module. Due to excessive backtracking while tarfile parses headers, an attacker may be able to trigger a denial of service via a specially crafted tar archive.", "issued": "2024-09-03T13:15:05Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6232 https://bugzilla.redhat.com/show_bug.cgi?id=2309426 https://www.cve.org/CVERecord?id=CVE-2024-6232 https://nvd.nist.gov/vuln/detail/CVE-2024-6232 https://github.com/python/cpython/issues/121285 https://github.com/python/cpython/pull/121286 https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6232.json https://access.redhat.com/errata/RHSA-2024:9468", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.9.19-8.el9_5.1", "arch_op": "pattern match" }, "xIqTu52elcgV5FuN0Fuj4Q==": { "id": "xIqTu52elcgV5FuN0Fuj4Q==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "xKFSWwGN4NIDnytC6SdEvg==": { "id": "xKFSWwGN4NIDnytC6SdEvg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xKgvhqTYvQwR5QWUkRuf6Q==": { "id": "xKgvhqTYvQwR5QWUkRuf6Q==", "updater": "osv/go", "name": "GO-2022-0526", "description": "Stack exhaustion when decoding certain messages in encoding/gob", "issued": "2022-07-20T20:52:17Z", "links": "https://go.dev/cl/417064 https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7 https://go.dev/issue/53615 https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.18.4" }, "xNJWUdryH0nBQB/93HRNuw==": { "id": "xNJWUdryH0nBQB/93HRNuw==", "updater": "rhel-vex", "name": "CVE-2019-12900", "description": "A data integrity error was found in the bzip2 (User-space package) functionality when decompressing. This issue occurs when a user decompresses a particular kind of .bz2 files. A local user could get unexpected results (or corrupted data) as result of decompressing these files.", "issued": "2024-11-15T10:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12900 https://bugzilla.redhat.com/show_bug.cgi?id=2332075 https://www.cve.org/CVERecord?id=CVE-2019-12900 https://nvd.nist.gov/vuln/detail/CVE-2019-12900 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12900.json https://access.redhat.com/errata/RHSA-2025:0925", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "bzip2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.0.8-10.el9_5", "arch_op": "pattern match" }, "xP/kV8YDeJxssrXaMcjXUg==": { "id": "xP/kV8YDeJxssrXaMcjXUg==", "updater": "osv/go", "name": "GO-2023-2375", "description": "Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel", "issued": "2023-12-05T16:16:44Z", "links": "https://go.dev/issue/20654 https://go.dev/cl/326012/26 https://groups.google.com/g/golang-announce/c/QMK8IQALDvA https://people.redhat.com/~hkario/marvin/", "severity": "", "normalized_severity": "Unknown", "package": { "id": "", "name": "stdlib", "version": "", "kind": "binary", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "go", "uri": "https://pkg.go.dev/", "cpe": "" }, "fixed_in_version": "1.20.0" }, "xQ6R88+x8IssPvOAavmZXw==": { "id": "xQ6R88+x8IssPvOAavmZXw==", "updater": "rhel-vex", "name": "CVE-2022-0530", "description": "A flaw was found in Unzip. The vulnerability occurs during the conversion of a UTF-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash.", "issued": "2022-01-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-0530 https://bugzilla.redhat.com/show_bug.cgi?id=2051395 https://www.cve.org/CVERecord?id=CVE-2022-0530 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-0530.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "unzip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xUBSdDBs0fiKOh6BCZPXOA==": { "id": "xUBSdDBs0fiKOh6BCZPXOA==", "updater": "rhel-vex", "name": "CVE-2024-4032", "description": "A flaw was found in Python. The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. Due to this issue, it is possible that values will not be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4032 https://bugzilla.redhat.com/show_bug.cgi?id=2292921 https://www.cve.org/CVERecord?id=CVE-2024-4032 https://nvd.nist.gov/vuln/detail/CVE-2024-4032 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4032.json https://access.redhat.com/errata/RHSA-2024:4779", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.3", "arch_op": "pattern match" }, "xVnM1Y5F9hIYQN1//jfY7Q==": { "id": "xVnM1Y5F9hIYQN1//jfY7Q==", "updater": "rhel-vex", "name": "CVE-2024-22017", "description": "A flaw was found in Node.js, where the setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This issue allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().", "issued": "2024-02-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22017 https://bugzilla.redhat.com/show_bug.cgi?id=2265727 https://www.cve.org/CVERecord?id=CVE-2024-22017 https://nvd.nist.gov/vuln/detail/CVE-2024-22017 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22017.json https://access.redhat.com/errata/RHSA-2024:1688", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.2.4-1.20.11.1.1.module+el9.3.0+21385+bac43d5a", "arch_op": "pattern match" }, "xYZxVBz2xY/aoDQPqi4nCQ==": { "id": "xYZxVBz2xY/aoDQPqi4nCQ==", "updater": "rhel-vex", "name": "CVE-2024-33600", "description": "A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit.", "issued": "2024-04-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33600 https://bugzilla.redhat.com/show_bug.cgi?id=2277204 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://nvd.nist.gov/vuln/detail/CVE-2024-33600 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33600.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-locale-source", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "xcQReVPnPEIim0iMTZWDwA==": { "id": "xcQReVPnPEIim0iMTZWDwA==", "updater": "rhel-vex", "name": "CVE-2024-25629", "description": "A vulnerability was found in c-ares where the ares__read_line() is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.22.0, the /etc/hosts file. If the configuration files have an embedded NULL character as the first character in a new line, it can attempt to read memory before the start of the given buffer, which may result in a crash.", "issued": "2024-02-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25629 https://bugzilla.redhat.com/show_bug.cgi?id=2265713 https://www.cve.org/CVERecord?id=CVE-2024-25629 https://nvd.nist.gov/vuln/detail/CVE-2024-25629 https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25629.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "xhnxsdmWc6+n3gUj6yqBpw==": { "id": "xhnxsdmWc6+n3gUj6yqBpw==", "updater": "rhel-vex", "name": "CVE-2023-29491", "description": "A vulnerability was found in ncurses and occurs when used by a setuid application. This flaw allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "issued": "2023-04-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29491 https://bugzilla.redhat.com/show_bug.cgi?id=2191704 https://www.cve.org/CVERecord?id=CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29491.json https://access.redhat.com/errata/RHSA-2023:6698", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9", "arch_op": "pattern match" }, "xjE2Ua1GOmdwVi+xIIGVeQ==": { "id": "xjE2Ua1GOmdwVi+xIIGVeQ==", "updater": "rhel-vex", "name": "CVE-2023-0798", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted8bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0798 https://bugzilla.redhat.com/show_bug.cgi?id=2170157 https://www.cve.org/CVERecord?id=CVE-2023-0798 https://nvd.nist.gov/vuln/detail/CVE-2023-0798 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0798.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "xmhlBgW9Qhx+a2k3SdfUzA==": { "id": "xmhlBgW9Qhx+a2k3SdfUzA==", "updater": "rhel-vex", "name": "CVE-2023-36054", "description": "A vulnerability was found in the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (krb5). This issue occurs due to lack of validation in the relationship between n_key_data and the key_data array count, leading to the freeing of uninitialized pointers. This may allow a remote authenticated attacker to send a specially crafted request that causes the kadmind process to crash, resulting in a denial of service (DoS).", "issued": "2023-08-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-36054 https://bugzilla.redhat.com/show_bug.cgi?id=2230178 https://www.cve.org/CVERecord?id=CVE-2023-36054 https://nvd.nist.gov/vuln/detail/CVE-2023-36054 https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final https://web.mit.edu/kerberos/www/advisories/ https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-36054.json https://access.redhat.com/errata/RHSA-2023:6699", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-1.el9", "arch_op": "pattern match" }, "xoMyxEWbrnIOZWHnwVuShQ==": { "id": "xoMyxEWbrnIOZWHnwVuShQ==", "updater": "rhel-vex", "name": "CVE-2023-28484", "description": "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", "issued": "2023-04-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-28484 https://bugzilla.redhat.com/show_bug.cgi?id=2185994 https://www.cve.org/CVERecord?id=CVE-2023-28484 https://nvd.nist.gov/vuln/detail/CVE-2023-28484 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-28484.json https://access.redhat.com/errata/RHSA-2023:4349", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-3.el9_2.1", "arch_op": "pattern match" }, "xqLSmaq+0/3ps+9zoCEL9g==": { "id": "xqLSmaq+0/3ps+9zoCEL9g==", "updater": "rhel-vex", "name": "CVE-2024-34155", "description": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.", "issued": "2024-09-06T21:15:11Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34155 https://bugzilla.redhat.com/show_bug.cgi?id=2310527 https://www.cve.org/CVERecord?id=CVE-2024-34155 https://nvd.nist.gov/vuln/detail/CVE-2024-34155 https://go.dev/cl/611238 https://go.dev/issue/69138 https://groups.google.com/g/golang-dev/c/S9POB9NCTdk https://pkg.go.dev/vuln/GO-2024-3105 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34155.json https://access.redhat.com/errata/RHSA-2024:6913", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.13-3.el9_4", "arch_op": "pattern match" }, "xsP7BCzVmEb3+qivw8mFIQ==": { "id": "xsP7BCzVmEb3+qivw8mFIQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json https://access.redhat.com/errata/RHSA-2024:9333", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.2.2-6.el9_5", "arch_op": "pattern match" }, "xsiKeHcIwwzMLDEPFdNSFQ==": { "id": "xsiKeHcIwwzMLDEPFdNSFQ==", "updater": "rhel-vex", "name": "CVE-2020-28362", "description": "A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "issued": "2020-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-28362 https://bugzilla.redhat.com/show_bug.cgi?id=1897635 https://www.cve.org/CVERecord?id=CVE-2020-28362 https://nvd.nist.gov/vuln/detail/CVE-2020-28362 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-28362.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "go-toolset", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xvZ+aaak6OxbCE7Nu46XhA==": { "id": "xvZ+aaak6OxbCE7Nu46XhA==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:22.15.0-1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "xxrOMZzPk7ETmnvrIjBo0A==": { "id": "xxrOMZzPk7ETmnvrIjBo0A==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xxrk6qwvf/BkNdal8rz/jA==": { "id": "xxrk6qwvf/BkNdal8rz/jA==", "updater": "rhel-vex", "name": "CVE-2023-45289", "description": "A flaw was found in Go's net/http/cookiejar standard library package. When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "issued": "2024-03-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45289 https://bugzilla.redhat.com/show_bug.cgi?id=2268018 https://www.cve.org/CVERecord?id=CVE-2023-45289 https://nvd.nist.gov/vuln/detail/CVE-2023-45289 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45289.json https://access.redhat.com/errata/RHSA-2024:2562", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.9-2.el9_4", "arch_op": "pattern match" }, "xzz0v3ajpuFhN3HDJCDDYg==": { "id": "xzz0v3ajpuFhN3HDJCDDYg==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json https://access.redhat.com/errata/RHSA-2023:3722", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-16.el9_2", "arch_op": "pattern match" }, "y0c8SsIbu7kpkqoaDhf8/A==": { "id": "y0c8SsIbu7kpkqoaDhf8/A==", "updater": "rhel-vex", "name": "CVE-2025-4517", "description": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".", "issued": "2025-06-03T12:58:50Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4517 https://bugzilla.redhat.com/show_bug.cgi?id=2370016 https://www.cve.org/CVERecord?id=CVE-2025-4517 https://nvd.nist.gov/vuln/detail/CVE-2025-4517 https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a https://github.com/python/cpython/issues/135034 https://github.com/python/cpython/pull/135037 https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4517.json https://access.redhat.com/errata/RHSA-2025:10136", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "normalized_severity": "High", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.21-2.el9_6.1", "arch_op": "pattern match" }, "y1Qpo5IDwj5DRizBbMgltw==": { "id": "y1Qpo5IDwj5DRizBbMgltw==", "updater": "rhel-vex", "name": "CVE-2025-59375", "description": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.", "issued": "2025-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-59375 https://bugzilla.redhat.com/show_bug.cgi?id=2395108 https://www.cve.org/CVERecord?id=CVE-2025-59375 https://nvd.nist.gov/vuln/detail/CVE-2025-59375 https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74 https://github.com/libexpat/libexpat/issues/1018 https://github.com/libexpat/libexpat/pull/1034 https://issues.oss-fuzz.com/issues/439133977 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-59375.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "High", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y1VRnBNNx34t1XvqjEl7IQ==": { "id": "y1VRnBNNx34t1XvqjEl7IQ==", "updater": "rhel-vex", "name": "CVE-2024-26461", "description": "A memory leak flaw was found in krb5 in /krb5/src/lib/gssapi/krb5/k5sealv3.c. This issue can lead to a denial of service through memory exhaustion.", "issued": "2024-02-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-26461 https://bugzilla.redhat.com/show_bug.cgi?id=2266740 https://www.cve.org/CVERecord?id=CVE-2024-26461 https://nvd.nist.gov/vuln/detail/CVE-2024-26461 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-26461.json https://access.redhat.com/errata/RHSA-2024:9331", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "krb5-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.21.1-3.el9", "arch_op": "pattern match" }, "y5N73UEFT/BHwjJkVAx22A==": { "id": "y5N73UEFT/BHwjJkVAx22A==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "y64mIHRpNx52AEpoGbOyzQ==": { "id": "y64mIHRpNx52AEpoGbOyzQ==", "updater": "rhel-vex", "name": "CVE-2025-11839", "description": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.", "issued": "2025-10-16T14:02:13Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11839 https://bugzilla.redhat.com/show_bug.cgi?id=2404439 https://www.cve.org/CVERecord?id=CVE-2025-11839 https://nvd.nist.gov/vuln/detail/CVE-2025-11839 https://sourceware.org/bugzilla/attachment.cgi?id=16344 https://sourceware.org/bugzilla/show_bug.cgi?id=33448 https://vuldb.com/?ctiid.328774 https://vuldb.com/?id.328774 https://vuldb.com/?submit.661279 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11839.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y6Uu3YyF1CrzpsmxAF1m9w==": { "id": "y6Uu3YyF1CrzpsmxAF1m9w==", "updater": "rhel-vex", "name": "CVE-2025-11083", "description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "issued": "2025-09-27T23:02:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-11083 https://bugzilla.redhat.com/show_bug.cgi?id=2399948 https://www.cve.org/CVERecord?id=CVE-2025-11083 https://nvd.nist.gov/vuln/detail/CVE-2025-11083 https://sourceware.org/bugzilla/attachment.cgi?id=16353 https://sourceware.org/bugzilla/show_bug.cgi?id=33457 https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490 https://vuldb.com/?ctiid.326124 https://vuldb.com/?id.326124 https://vuldb.com/?submit.661277 https://www.gnu.org/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-11083.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "gdb", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "y9E+Lh5SpPDKe0DW19HLjA==": { "id": "y9E+Lh5SpPDKe0DW19HLjA==", "updater": "rhel-vex", "name": "CVE-2023-4752", "description": "A flaw was found in Vim, where it is vulnerable to a use-after-free in the ins_compl_get_exp function. This flaw allows a specially crafted file to crash software, use unexpected values, or possibly execute code when opened in Vim.", "issued": "2023-09-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4752 https://bugzilla.redhat.com/show_bug.cgi?id=2237311 https://www.cve.org/CVERecord?id=CVE-2023-4752 https://nvd.nist.gov/vuln/detail/CVE-2023-4752 https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4752.json https://access.redhat.com/errata/RHSA-2025:7440", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim-filesystem", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "2:8.2.2637-22.el9_6", "arch_op": "pattern match" }, "yCrfh+WfD/7UJatf+Ek6jA==": { "id": "yCrfh+WfD/7UJatf+Ek6jA==", "updater": "rhel-vex", "name": "CVE-2023-39333", "description": "Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39333 https://bugzilla.redhat.com/show_bug.cgi?id=2244418 https://www.cve.org/CVERecord?id=CVE-2023-39333 https://nvd.nist.gov/vuln/detail/CVE-2023-39333 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39333.json https://access.redhat.com/errata/RHSA-2023:5849", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.18.2-2.module+el9.2.0.z+20408+7cb5fda5", "arch_op": "pattern match" }, "yF/CyvOlKzDmpBu26JCuEg==": { "id": "yF/CyvOlKzDmpBu26JCuEg==", "updater": "rhel-vex", "name": "CVE-2025-23166", "description": "A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits(). This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23166 https://bugzilla.redhat.com/show_bug.cgi?id=2367163 https://www.cve.org/CVERecord?id=CVE-2025-23166 https://nvd.nist.gov/vuln/detail/CVE-2025-23166 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23166.json https://access.redhat.com/errata/RHSA-2025:8467", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.16.0.1.module+el9.6.0+23151+b1496e9d", "arch_op": "pattern match" }, "yIgeDQgyoDXR+INQbK5bbA==": { "id": "yIgeDQgyoDXR+INQbK5bbA==", "updater": "rhel-vex", "name": "CVE-2022-43548", "description": "A flaw was found in NodeJS. The issue occurs in the Node.js rebinding protector for --inspect that still allows invalid IP addresses, specifically, the octal format. This flaw allows an attacker to perform DNS rebinding and execute arbitrary code.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-43548 https://bugzilla.redhat.com/show_bug.cgi?id=2140911 https://www.cve.org/CVERecord?id=CVE-2022-43548 https://nvd.nist.gov/vuln/detail/CVE-2022-43548 https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/#dns-rebinding-in-inspect-via-invalid-octal-ip-address-medium-cve-2022-43548 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-43548.json https://access.redhat.com/errata/RHSA-2022:8832", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.12.1-1.module+el9.1.0.z+17326+318294bb", "arch_op": "pattern match" }, "yK3vcSC4PlKQSa9IQKCw1w==": { "id": "yK3vcSC4PlKQSa9IQKCw1w==", "updater": "rhel-vex", "name": "CVE-2024-33599", "description": "A stack-based buffer overflow flaw was found in the glibc netgroup cache. In certain conditions, its possible to trigger a stack-based buffer overflow condition that can lead to a denial of service and potentially other malicious actions that impact confidentiality and integrity.", "issued": "2024-04-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-33599 https://bugzilla.redhat.com/show_bug.cgi?id=2277202 https://www.cve.org/CVERecord?id=CVE-2024-33599 https://nvd.nist.gov/vuln/detail/CVE-2024-33599 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-33599.json https://access.redhat.com/errata/RHSA-2024:3339", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9_4.2", "arch_op": "pattern match" }, "yNIngFjcdt+ETIv0YvW+4Q==": { "id": "yNIngFjcdt+ETIv0YvW+4Q==", "updater": "rhel-vex", "name": "CVE-2022-49043", "description": "A flaw was found in libxml2 where improper handling of memory allocation failures in `libxml2` can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.", "issued": "2025-01-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-49043 https://bugzilla.redhat.com/show_bug.cgi?id=2342118 https://www.cve.org/CVERecord?id=CVE-2022-49043 https://nvd.nist.gov/vuln/detail/CVE-2022-49043 https://github.com/php/php-src/issues/17467 https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-49043.json https://access.redhat.com/errata/RHSA-2025:1350", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-6.el9_5.1", "arch_op": "pattern match" }, "yOFL3ef2F8Ux3GMySAVXxg==": { "id": "yOFL3ef2F8Ux3GMySAVXxg==", "updater": "rhel-vex", "name": "CVE-2025-58183", "description": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.", "issued": "2025-10-29T22:10:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-58183 https://bugzilla.redhat.com/show_bug.cgi?id=2407258 https://www.cve.org/CVERecord?id=CVE-2025-58183 https://nvd.nist.gov/vuln/detail/CVE-2025-58183 https://go.dev/cl/709861 https://go.dev/issue/75677 https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI https://pkg.go.dev/vuln/GO-2025-4014 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-58183.json https://access.redhat.com/errata/RHSA-2025:21815", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-bin", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.25.3-1.el9_7", "arch_op": "pattern match" }, "yRV28i/MrM7mz4Vw1MzWxA==": { "id": "yRV28i/MrM7mz4Vw1MzWxA==", "updater": "rhel-vex", "name": "CVE-2024-45336", "description": "A flaw was found in the net/http package of the Golang standard library. The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to `a.com/` containing an Authorization header redirected to `b.com/` will not send that header to `b.com`. However, the sensitive headers would be restored if the client received a subsequent same-domain redirect. For example, a chain of redirects from `a.com/`, to `b.com/1`, and finally to `b.com/2` would incorrectly send the Authorization header to `b.com/2`.", "issued": "2025-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-45336 https://bugzilla.redhat.com/show_bug.cgi?id=2341751 https://www.cve.org/CVERecord?id=CVE-2024-45336 https://nvd.nist.gov/vuln/detail/CVE-2024-45336 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-45336.json https://access.redhat.com/errata/RHSA-2025:3773", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.23.6-2.el9_5", "arch_op": "pattern match" }, "yU3Lpv2jlcYSr1/M/dL33A==": { "id": "yU3Lpv2jlcYSr1/M/dL33A==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yV3QixxBrXQjuo0c4OIL/w==": { "id": "yV3QixxBrXQjuo0c4OIL/w==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "ybQbHANLbpeKvvvpnEOh2Q==": { "id": "ybQbHANLbpeKvvvpnEOh2Q==", "updater": "rhel-vex", "name": "CVE-2023-30581", "description": "A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require() can bypass the policy mechanism and require modules outside of the policy.json definition.", "issued": "2023-06-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-30581 https://bugzilla.redhat.com/show_bug.cgi?id=2219824 https://www.cve.org/CVERecord?id=CVE-2023-30581 https://nvd.nist.gov/vuln/detail/CVE-2023-30581 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-30581.json https://access.redhat.com/errata/RHSA-2023:4330", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "normalized_severity": "High", "package": { "id": "", "name": "nodejs-full-i18n", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.16.1-1.module+el9.2.0.z+19424+78951f07", "arch_op": "pattern match" }, "ybg9o/djfKR8D2l5wfz/6g==": { "id": "ybg9o/djfKR8D2l5wfz/6g==", "updater": "rhel-vex", "name": "CVE-2023-4911", "description": "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", "issued": "2023-10-03T17:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4911 https://bugzilla.redhat.com/show_bug.cgi?id=2238352 https://www.cve.org/CVERecord?id=CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt https://www.qualys.com/cve-2023-4911/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4911.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "ycihN0043OihPtrAPlFZyA==": { "id": "ycihN0043OihPtrAPlFZyA==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-SelectSaver", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.02-481.1.el9_6", "arch_op": "pattern match" }, "ydN/9qW+IO/7qUsy09APhw==": { "id": "ydN/9qW+IO/7qUsy09APhw==", "updater": "rhel-vex", "name": "CVE-2023-24607", "description": "Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.", "issued": "2023-04-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-24607 https://bugzilla.redhat.com/show_bug.cgi?id=2187154 https://www.cve.org/CVERecord?id=CVE-2023-24607 https://nvd.nist.gov/vuln/detail/CVE-2023-24607 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-24607.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "qt5", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ydg80VAiaAwfrueUhGEKNA==": { "id": "ydg80VAiaAwfrueUhGEKNA==", "updater": "rhel-vex", "name": "CVE-2024-10041", "description": "A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.", "issued": "2024-10-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-10041 https://bugzilla.redhat.com/show_bug.cgi?id=2319212 https://www.cve.org/CVERecord?id=CVE-2024-10041 https://nvd.nist.gov/vuln/detail/CVE-2024-10041 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-10041.json https://access.redhat.com/errata/RHSA-2024:11250", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "pam", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:1.5.1-21.el9_5", "arch_op": "pattern match" }, "ygPqOnRCEHz9NjTVM+wIZA==": { "id": "ygPqOnRCEHz9NjTVM+wIZA==", "updater": "rhel-vex", "name": "CVE-2022-29187", "description": "A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by other users who access the repository.", "issued": "2022-07-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29187 https://bugzilla.redhat.com/show_bug.cgi?id=2107439 https://www.cve.org/CVERecord?id=CVE-2022-29187 https://nvd.nist.gov/vuln/detail/CVE-2022-29187 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29187.json https://access.redhat.com/errata/RHSA-2023:2319", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "git-core", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.39.1-1.el9", "arch_op": "pattern match" }, "ylg3k+AtgUcIl3hJiXNMlw==": { "id": "ylg3k+AtgUcIl3hJiXNMlw==", "updater": "rhel-vex", "name": "CVE-2022-2946", "description": "A flaw was found in vim, where it is vulnerable to a use-after-free in the vim_vsnprintf_typval function. This flaw allows a specially crafted file to crash a program, use unexpected values, or execute code.", "issued": "2022-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2946 https://bugzilla.redhat.com/show_bug.cgi?id=2120993 https://www.cve.org/CVERecord?id=CVE-2022-2946 https://nvd.nist.gov/vuln/detail/CVE-2022-2946 https://huntr.dev/bounties/5d389a18-5026-47df-a5d0-1548a9b555d5 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2946.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ymBGTBftPxHJSbwAfx3uNA==": { "id": "ymBGTBftPxHJSbwAfx3uNA==", "updater": "rhel-vex", "name": "CVE-2022-29458", "description": "ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.", "issued": "2022-04-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-29458 https://bugzilla.redhat.com/show_bug.cgi?id=2076483 https://www.cve.org/CVERecord?id=CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-29458.json https://access.redhat.com/errata/RHSA-2025:12876", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:6.2-10.20210508.el9_6.2", "arch_op": "pattern match" }, "ynnULh1l7jTnQPnMak7suQ==": { "id": "ynnULh1l7jTnQPnMak7suQ==", "updater": "rhel-vex", "name": "CVE-2025-5702", "description": "A flaw was found in the optimized strcmp glibc function for the Power10 CPU architecture. GNU C library versions from 2.39 onward overwrite two vector registers in a way that can disrupt the control flow of a program.", "issued": "2025-06-05T18:23:57Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5702 https://bugzilla.redhat.com/show_bug.cgi?id=2370472 https://www.cve.org/CVERecord?id=CVE-2025-5702 https://nvd.nist.gov/vuln/detail/CVE-2025-5702 https://sourceware.org/bugzilla/show_bug.cgi?id=33056 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5702.json https://access.redhat.com/errata/RHSA-2025:9877", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-gconv-extra", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.20", "arch_op": "pattern match" }, "yq06et41/lBQ0nsMvLOG/A==": { "id": "yq06et41/lBQ0nsMvLOG/A==", "updater": "rhel-vex", "name": "CVE-2023-3138", "description": "A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.", "issued": "2023-06-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3138 https://bugzilla.redhat.com/show_bug.cgi?id=2213748 https://www.cve.org/CVERecord?id=CVE-2023-3138 https://nvd.nist.gov/vuln/detail/CVE-2023-3138 https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c https://lists.x.org/archives/xorg-announce/2023-June/003406.html https://lists.x.org/archives/xorg-announce/2023-June/003407.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3138.json https://access.redhat.com/errata/RHSA-2023:6497", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libX11-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.7.0-8.el9", "arch_op": "pattern match" }, "yrD0ecVnK2Y23POHVpCwiA==": { "id": "yrD0ecVnK2Y23POHVpCwiA==", "updater": "rhel-vex", "name": "CVE-2022-48554", "description": "A flaw was found in file, a program used to identify a particular file according to the type of data contained by the file. This issue occurs when processing a specially crafted file, causing a stack-based buffer over-read, resulting in an application crash.", "issued": "2022-01-21T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-48554 https://bugzilla.redhat.com/show_bug.cgi?id=2235714 https://www.cve.org/CVERecord?id=CVE-2022-48554 https://nvd.nist.gov/vuln/detail/CVE-2022-48554 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-48554.json https://access.redhat.com/errata/RHSA-2024:2512", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "file-libs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:5.39-16.el9", "arch_op": "pattern match" }, "yrkfySEOvQHtbEYpAUNs0Q==": { "id": "yrkfySEOvQHtbEYpAUNs0Q==", "updater": "rhel-vex", "name": "CVE-2024-6923", "description": "A vulnerability was found in the email module that uses Python language. The email module doesn't properly quote new lines in email headers. This flaw allows an attacker to inject email headers that could, among other possibilities, add hidden email destinations or inject content into the email, impacting data confidentiality and integrity.", "issued": "2024-08-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6923 https://bugzilla.redhat.com/show_bug.cgi?id=2302255 https://www.cve.org/CVERecord?id=CVE-2024-6923 https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/issues/121650 https://github.com/python/cpython/pull/122233 https://mail.python.org/archives/list/security-announce@python.org/thread/QH3BUOE2DYQBWP7NAQ7UNHPPOELKISRW/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6923.json https://access.redhat.com/errata/RHSA-2024:6163", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:3.9.18-3.el9_4.5", "arch_op": "pattern match" }, "yubezWiwTBzlJyfKBBah5A==": { "id": "yubezWiwTBzlJyfKBBah5A==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "yz/zQzn72boszb6Cab3Y9w==": { "id": "yz/zQzn72boszb6Cab3Y9w==", "updater": "rhel-vex", "name": "CVE-2023-0796", "description": "A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited information disclosure.", "issued": "2023-02-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0796 https://bugzilla.redhat.com/show_bug.cgi?id=2170146 https://www.cve.org/CVERecord?id=CVE-2023-0796 https://nvd.nist.gov/vuln/detail/CVE-2023-0796 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0796.json https://access.redhat.com/errata/RHSA-2023:3711", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libtiff-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-8.el9_2", "arch_op": "pattern match" }, "z/LMTnJeia+du5LSYhMD2w==": { "id": "z/LMTnJeia+du5LSYhMD2w==", "updater": "rhel-vex", "name": "CVE-2023-22745", "description": "A flaw was found in tpm2-tss, which is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). In affected versions, `Tss2_RC_SetHandler` and `Tss2_RC_Decode` index into the `layer_handler` with an 8-bit layer number, but the array only has `TPM2_ERROR_TSS2_RC_LAYER_COUNT` entries. Trying to add a handler for higher-numbered layers or to decode a response code with a layer number, reads/writes past the end of the buffer. This buffer overrun could result in arbitrary code execution. An example attack is a man-in-the-middle (MiTM) bus attack that returns 0xFFFFFFFFFF for the RC. Given the common use case of TPM modules, an attacker must have local access to the target machine with local system privileges, which allows access to the TPM system. Usually, TPM access requires administrative privileges.", "issued": "2023-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 https://www.cve.org/CVERecord?id=CVE-2023-22745 https://nvd.nist.gov/vuln/detail/CVE-2023-22745 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-22745.json https://access.redhat.com/errata/RHSA-2023:6685", "severity": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "tpm2-tss", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:3.2.2-2.el9", "arch_op": "pattern match" }, "z1fiDjJjV7T+4MZClzquUA==": { "id": "z1fiDjJjV7T+4MZClzquUA==", "updater": "rhel-vex", "name": "CVE-2023-5678", "description": "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", "issued": "2023-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-5678 https://bugzilla.redhat.com/show_bug.cgi?id=2248616 https://www.cve.org/CVERecord?id=CVE-2023-5678 https://nvd.nist.gov/vuln/detail/CVE-2023-5678 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6 https://www.openssl.org/news/secadv/20231106.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-5678.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "z1wZ8EsA73QQBAtKsHeNNA==": { "id": "z1wZ8EsA73QQBAtKsHeNNA==", "updater": "rhel-vex", "name": "CVE-2023-25193", "description": "A vulnerability was found HarfBuzz. This flaw allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.", "issued": "2023-02-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-25193 https://bugzilla.redhat.com/show_bug.cgi?id=2167254 https://www.cve.org/CVERecord?id=CVE-2023-25193 https://nvd.nist.gov/vuln/detail/CVE-2023-25193 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-25193.json https://access.redhat.com/errata/RHSA-2024:2410", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "harfbuzz-icu", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:2.7.4-10.el9", "arch_op": "pattern match" }, "z52r/0OKaWAkLWR5L4SEkQ==": { "id": "z52r/0OKaWAkLWR5L4SEkQ==", "updater": "rhel-vex", "name": "CVE-2025-8058", "description": "A double-free vulnerability has been discovered in glibc (GNU C Library). This flaw occurs during bracket expression parsing within the regcomp function, specifically when a memory allocation failure takes place. Exploitation of a double-free vulnerability can lead to memory corruption, which could enable an attacker to achieve arbitrary code execution or a denial of service condition.", "issued": "2025-07-23T19:57:17Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8058 https://bugzilla.redhat.com/show_bug.cgi?id=2383146 https://www.cve.org/CVERecord?id=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 https://sourceware.org/bugzilla/show_bug.cgi?id=33185 https://sourceware.org/git/?p=glibc.git;a=commit;h=3ff17af18c38727b88d9115e536c069e6b5d601f https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8058.json https://access.redhat.com/errata/RHSA-2025:12748", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-common", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-168.el9_6.23", "arch_op": "pattern match" }, "z6u9MfxJ5450gPIBXVMBZg==": { "id": "z6u9MfxJ5450gPIBXVMBZg==", "updater": "rhel-vex", "name": "CVE-2025-23167", "description": "A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \\r\\n\\rX instead of the standard \\r\\n\\r\\n.", "issued": "2025-05-19T01:25:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-23167 https://bugzilla.redhat.com/show_bug.cgi?id=2367167 https://www.cve.org/CVERecord?id=CVE-2025-23167 https://nvd.nist.gov/vuln/detail/CVE-2025-23167 https://nodejs.org/en/blog/vulnerability/may-2025-security-releases https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-23167.json https://access.redhat.com/errata/RHSA-2025:8468", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.19.2-1.module+el9.6.0+23146+be9976bd", "arch_op": "pattern match" }, "zAQhwfD+1kpXY0CwZC6HxA==": { "id": "zAQhwfD+1kpXY0CwZC6HxA==", "updater": "rhel-vex", "name": "CVE-2025-24014", "description": "A flaw was found in Vim. In silent Ex mode (-s -e), Vim typically doesn't show a screen and operates silently in batch mode, however, it is possible to trigger the function that handles the scrolling of a GUI version of Vim via binary characters. The function that handles the scrolling may trigger a redraw, which will access the ScreenLines pointer and can cause a segmentation fault condition. This may lead to an application crash or other undefined behavior.", "issued": "2025-01-20T22:53:14Z", "links": "https://access.redhat.com/security/cve/CVE-2025-24014 https://bugzilla.redhat.com/show_bug.cgi?id=2339074 https://www.cve.org/CVERecord?id=CVE-2025-24014 https://nvd.nist.gov/vuln/detail/CVE-2025-24014 https://github.com/vim/vim/commit/9d1bed5eccdbb46a26b8a484f5e9163c40e63919 https://github.com/vim/vim/security/advisories/GHSA-j3g9-wg22-v955 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-24014.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zBm31RctqcDF3ITqeA/9oA==": { "id": "zBm31RctqcDF3ITqeA/9oA==", "updater": "rhel-vex", "name": "CVE-2024-27983", "description": "A vulnerability was found in how Node.js implements the HTTP/2 protocol. There are insufficient limitations placed on the amount of CONTINUATION frames that can be sent within a single stream. This issue could allow an unauthenticated, remote attacker to send packets to vulnerable servers, which could use up compute or memory resources, causing a denial of service.", "issued": "2024-04-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-27983 https://bugzilla.redhat.com/show_bug.cgi?id=2272764 https://www.cve.org/CVERecord?id=CVE-2024-27983 https://nvd.nist.gov/vuln/detail/CVE-2024-27983 https://nodejs.org/en/blog/vulnerability/april-2024-security-releases https://nowotarski.info/http2-continuation-flood/ https://www.kb.cert.org/vuls/id/421644 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-27983.json https://access.redhat.com/errata/RHSA-2024:2779", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "High", "package": { "id": "", "name": "nodejs", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:18.20.2-2.module+el9.4.0+21742+692df1ea", "arch_op": "pattern match" }, "zDmU3WG0c3AQYw7NFebUCQ==": { "id": "zDmU3WG0c3AQYw7NFebUCQ==", "updater": "rhel-vex", "name": "CVE-2022-3234", "description": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.", "issued": "2022-09-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3234 https://bugzilla.redhat.com/show_bug.cgi?id=2129370 https://www.cve.org/CVERecord?id=CVE-2022-3234 https://nvd.nist.gov/vuln/detail/CVE-2022-3234 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3234.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zEKtVLhCQn3xgvKNhFo2bg==": { "id": "zEKtVLhCQn3xgvKNhFo2bg==", "updater": "rhel-vex", "name": "CVE-2021-3115", "description": "A flaw was found in golang: cmd/go, in which Go can execute arbitrary commands at build time when cgo is in use on Windows OS. On Linux/Unix, only users who have \".\" listed explicitly in their PATH variable are affected. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "issued": "2021-01-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3115 https://bugzilla.redhat.com/show_bug.cgi?id=1918761 https://www.cve.org/CVERecord?id=CVE-2021-3115 https://nvd.nist.gov/vuln/detail/CVE-2021-3115 https://groups.google.com/g/golang-announce/c/mperVMGa98w https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3115.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zFG8iDklz8FcuYliYZGkqA==": { "id": "zFG8iDklz8FcuYliYZGkqA==", "updater": "rhel-vex", "name": "CVE-2023-27533", "description": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27533 https://bugzilla.redhat.com/show_bug.cgi?id=2179062 https://www.cve.org/CVERecord?id=CVE-2023-27533 https://nvd.nist.gov/vuln/detail/CVE-2023-27533 https://curl.se/docs/CVE-2023-27533.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27533.json https://access.redhat.com/errata/RHSA-2023:6679", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libcurl-devel", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:7.76.1-26.el9", "arch_op": "pattern match" }, "zFZE1hLph4hR8T7aNvRt0w==": { "id": "zFZE1hLph4hR8T7aNvRt0w==", "updater": "rhel-vex", "name": "CVE-2025-40909", "description": "A flaw was found in the Perl standard library threads component. This vulnerability can allow a local attacker to exploit a race condition in directory handling to access files or load code from unexpected locations.", "issued": "2025-05-30T12:20:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-40909 https://bugzilla.redhat.com/show_bug.cgi?id=2369407 https://www.cve.org/CVERecord?id=CVE-2025-40909 https://nvd.nist.gov/vuln/detail/CVE-2025-40909 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch https://github.com/Perl/perl5/issues/10387 https://github.com/Perl/perl5/issues/23010 https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads https://www.openwall.com/lists/oss-security/2025/05/22/2 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40909.json https://access.redhat.com/errata/RHSA-2025:11804", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "perl-B", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.80-481.1.el9_6", "arch_op": "pattern match" }, "zH/R3mCgsX+vslxcP7p4cg==": { "id": "zH/R3mCgsX+vslxcP7p4cg==", "updater": "rhel-vex", "name": "CVE-2024-6387", "description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "issued": "2024-07-01T08:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-6387 https://bugzilla.redhat.com/show_bug.cgi?id=2294604 https://www.cve.org/CVERecord?id=CVE-2024-6387 https://nvd.nist.gov/vuln/detail/CVE-2024-6387 https://santandersecurityresearch.github.io/blog/sshing_the_masses.html https://www.openssh.com/txt/release-9.8 https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-6387.json https://access.redhat.com/errata/RHSA-2024:4312", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "openssh", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "0:8.7p1-38.el9_4.1", "arch_op": "pattern match" }, "zLUPO/DSeItPLWNqYd2DSQ==": { "id": "zLUPO/DSeItPLWNqYd2DSQ==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zNwhU1to6ohdg5Ws/JmM/Q==": { "id": "zNwhU1to6ohdg5Ws/JmM/Q==", "updater": "rhel-vex", "name": "CVE-2023-4813", "description": "A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.", "issued": "2022-03-01T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4813 https://bugzilla.redhat.com/show_bug.cgi?id=2237798 https://www.cve.org/CVERecord?id=CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4813.json https://access.redhat.com/errata/RHBA-2024:2413", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "glibc-langpack-en", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.34-100.el9", "arch_op": "pattern match" }, "zRaIctSo0IHgkpOD2xBvHw==": { "id": "zRaIctSo0IHgkpOD2xBvHw==", "updater": "rhel-vex", "name": "CVE-2025-47907", "description": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.", "issued": "2025-08-07T15:25:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-47907 https://bugzilla.redhat.com/show_bug.cgi?id=2387083 https://www.cve.org/CVERecord?id=CVE-2025-47907 https://nvd.nist.gov/vuln/detail/CVE-2025-47907 https://go.dev/cl/693735 https://go.dev/issue/74831 https://groups.google.com/g/golang-announce/c/x5MKroML2yM https://pkg.go.dev/vuln/GO-2025-3849 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-47907.json https://access.redhat.com/errata/RHSA-2025:13935", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "golang-src", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.24.6-1.el9_6", "arch_op": "pattern match" }, "zdrK/Mitm8rUuLp2HwWnmQ==": { "id": "zdrK/Mitm8rUuLp2HwWnmQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7426", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.8.2-1.20.19.1.1.module+el9.6.0+23053+4195b0b2", "arch_op": "pattern match" }, "zi+zTCtHwI+xWITxpaOJBw==": { "id": "zi+zTCtHwI+xWITxpaOJBw==", "updater": "rhel-vex", "name": "CVE-2023-3817", "description": "A vulnerability was found in OpenSSL. This security issue occurs because the applications that use the DH_check(), DH_check_ex(), or EVP_PKEY_param_check() functions to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source may lead to a denial of service.", "issued": "2023-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-3817 https://bugzilla.redhat.com/show_bug.cgi?id=2227852 https://www.cve.org/CVERecord?id=CVE-2023-3817 https://nvd.nist.gov/vuln/detail/CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-3817.json https://access.redhat.com/errata/RHSA-2024:2447", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:baseos:*:*:*:*:*" }, "fixed_in_version": "1:3.0.7-27.el9", "arch_op": "pattern match" }, "zidvm9MkkP4S62Ofl4+xSQ==": { "id": "zidvm9MkkP4S62Ofl4+xSQ==", "updater": "rhel-vex", "name": "CVE-2025-31498", "description": "A flaw was found in c-ares. This vulnerability allows a remote or local attacker to cause a use-after-free, potentially leading to application-level denial of service or other unexpected behavior via manipulation of DNS responses or network conditions during query processing.", "issued": "2025-04-08T13:53:11Z", "links": "https://access.redhat.com/security/cve/CVE-2025-31498 https://bugzilla.redhat.com/show_bug.cgi?id=2358271 https://www.cve.org/CVERecord?id=CVE-2025-31498 https://nvd.nist.gov/vuln/detail/CVE-2025-31498 https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1 https://github.com/c-ares/c-ares/pull/821 https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-31498.json https://access.redhat.com/errata/RHSA-2025:7433", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "npm", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:10.9.2-1.22.15.0.1.module+el9.6.0+23062+9e7801b9", "arch_op": "pattern match" }, "zjZHjKf2l5+qY9/XYdFMQQ==": { "id": "zjZHjKf2l5+qY9/XYdFMQQ==", "updater": "rhel-vex", "name": "CVE-2023-39322", "description": "A flaw was found in Golang. QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With the fix, connections now consistently reject messages larger than 65KiB in size.", "issued": "2023-09-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39322 https://bugzilla.redhat.com/show_bug.cgi?id=2237778 https://www.cve.org/CVERecord?id=CVE-2023-39322 https://nvd.nist.gov/vuln/detail/CVE-2023-39322 https://go.dev/cl/523039 https://go.dev/issue/62266 https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ https://vuln.go.dev/ID/GO-2023-2045.json https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39322.json https://access.redhat.com/errata/RHBA-2023:6364", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "golang", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:1.20.10-1.el9_3", "arch_op": "pattern match" }, "zmJCk6ssM8yXKzXcDFtbsA==": { "id": "zmJCk6ssM8yXKzXcDFtbsA==", "updater": "rhel-vex", "name": "CVE-2025-6021", "description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "issued": "2025-06-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6021 https://bugzilla.redhat.com/show_bug.cgi?id=2372406 https://www.cve.org/CVERecord?id=CVE-2025-6021 https://nvd.nist.gov/vuln/detail/CVE-2025-6021 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6021.json https://access.redhat.com/errata/RHSA-2025:10699", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:2.9.13-10.el9_6", "arch_op": "pattern match" }, "zoCeQAIu1TFmWIYHnlYddg==": { "id": "zoCeQAIu1TFmWIYHnlYddg==", "updater": "rhel-vex", "name": "CVE-2022-2183", "description": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.", "issued": "2022-06-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-2183 https://bugzilla.redhat.com/show_bug.cgi?id=2102159 https://www.cve.org/CVERecord?id=CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-2183.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ztlVnn1P+W74ZN9vh2BisQ==": { "id": "ztlVnn1P+W74ZN9vh2BisQ==", "updater": "rhel-vex", "name": "CVE-2024-22025", "description": "A flaw was found in Node.js that allows a denial of service attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fetch() function in Node.js that always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. This flaw allows an attacker to control the URL passed into fetch() to exhaust memory, potentially leading to process termination, depending on the system configuration.", "issued": "2024-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-22025 https://bugzilla.redhat.com/show_bug.cgi?id=2270559 https://www.cve.org/CVERecord?id=CVE-2024-22025 https://nvd.nist.gov/vuln/detail/CVE-2024-22025 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-22025.json https://access.redhat.com/errata/RHSA-2024:2853", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "nodejs-docs", "version": "", "kind": "binary", "normalized_version": "", "arch": "noarch", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "1:20.12.2-2.module+el9.4.0+21731+46b5b8a7", "arch_op": "pattern match" }, "zwpNi+NBoVUfQ5Ed4vkNug==": { "id": "zwpNi+NBoVUfQ5Ed4vkNug==", "updater": "rhel-vex", "name": "CVE-2025-9900", "description": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.", "issued": "2025-09-22T14:29:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9900 https://bugzilla.redhat.com/show_bug.cgi?id=2392784 https://www.cve.org/CVERecord?id=CVE-2025-9900 https://nvd.nist.gov/vuln/detail/CVE-2025-9900 https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file https://gitlab.com/libtiff/libtiff/-/issues/704 https://gitlab.com/libtiff/libtiff/-/merge_requests/732 https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9900.json https://access.redhat.com/errata/RHSA-2025:19113", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "High", "package": { "id": "", "name": "libtiff", "version": "", "kind": "binary", "normalized_version": "", "arch": "aarch64|i686|ppc64le|s390x|src|amd64|x86_64", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:9:*:appstream:*:*:*:*:*" }, "fixed_in_version": "0:4.4.0-13.el9_6.2", "arch_op": "pattern match" }, "zx97OaxgXH8j+mFWesQySQ==": { "id": "zx97OaxgXH8j+mFWesQySQ==", "updater": "rhel-vex", "name": "CVE-2022-1620", "description": "A flaw was found in vim, which is vulnerable to a NULL pointer dereference in vim_regexec_string() of the regexp.c function. This flaw allows a specially crafted file to crash software when opened in vim.", "issued": "2022-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-1620 https://bugzilla.redhat.com/show_bug.cgi?id=2083029 https://www.cve.org/CVERecord?id=CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 https://huntr.dev/bounties/7a4c59f3-fcc0-4496-995d-5ca6acd2da51/ https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-1620.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "vim", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+LQ46YAn9giMKDZRMCUpfg==": [ "ZAUFPHu5UQZ+B2n+SrWIqQ==", "wEZLQNUZyYD6Rz0ucz5fzQ==" ], "+Mkqc/Y23wK8i6e0RDbi0w==": [ "FKu6EFoCfpksmq+M7pL02Q==", "XPUXyp+BOEJyEGOgXafi8Q==", "eDxAdI0cgddAZnBSd4FI0Q==" ], "+yIdH2Pb8SGFuXnry3uK/A==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "i1aZclSgDVfSpq3wWatknQ==" ], "/FMjm+UzO0PTaS3Td0lhkw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "/t0e+LuglIbDcO/k67Hr2A==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "/th8aUKrkgR3Sw9KSBM+CA==": [ "s0PUMgVnEtuqOkBdJNAqUA==" ], "0N0D43vK8KV4kQOq2LQn7g==": [ "jVClMHCoFf8RUCB6W2c2cQ==", "CSv4lPWUxMcEgRRI/WkPaA==", "aQ/ax84rpyWNveVTm/MQww==", "eMVMlNYLRzjk+Xt/peAYqg==", "Rf7m+dbWxZxBNm1A9nfdqg==", "eOOfcRLf3CHL5spaYEPovQ==", "glwEUWfaBwNPBrXUJo34tg==", "GEDO3j20WMwIj0JMNMq5Iw==", "G77a8vVkDX/8Yt/v29MOhA==", "0UWL07sxLog3CGNaaYYQxQ==", "31zk833ZdfHhkO9sg82MSw==", "ihcyIiYlnktNuXSrEgrQjg==", "Q2+f0ITzWPp+YCesnwp1Ng==", "G/dmoDOpwh0GrsMovfySVw==", "O0QnjS+0zUH+vff5xaIpCw==", "AJcMDco3zISLrE/7+42hGA==", "lbvVctqpDivb/6OV/xVV+A==", "2DPl1NLEsHotw7kYOPR/8A==", "2432H9ZBrMWDJ7HhyQT63A==", "QY4aLgQQjP1oPPp38ArMrQ==", "xYZxVBz2xY/aoDQPqi4nCQ==", "pwFS1oPwyZIRVgVgtAgSPQ==", "IfZDrkeHpfXHfjHzETuKbw==", "cUH9U4T8Wpzm/UIIektEAQ==", "7CqLd0zk1hiFU3yrvTTdyg==", "DCflC/lDsmgt9IFXJM3PyA==", "o3TqxXhqdegYIl51fSMQ1A==", "LcEYljn+QTWUC36NwQCf7w==", "bKE3ov27WR5dMz8a/M+jUA==", "SjbW0rogoRJo0my37ozMDg==", "whMVc0u5Lzujkr6AuzQzMw==", "uhGUZtCY1OXgM1L55/upYA==" ], "0Yvc2+M8FAry625wuL4S5A==": [ "8utuZQ/Ix8fDNAmmSZivvQ==", "x0tnd8GOUfHQCdr5bXMpHA==", "HjJnWaqrr4SaFPjzu8hVkg==" ], "0wIoN0pFyBSc9eVtRdIOWA==": [ "tZCJ3EMmfQYEKmNY0R6pgg==", "WALxwIFXDH8ZvKesDKBFiQ==", "3wnJ6TxCGJITikNK4m6q+g==", "4JIGhO7+fAz+LPTFEuBHUg==", "PHRlWl/iCYco+xAVn6SmKQ==", "JQe3P/odATa/OKbzn309dw==", "SRL0fsSEDtOf7vYyf/BewQ==", "J6GavUf0zh8+C0zHHTDYfw==", "U61IeOaU1v6bOHJxSPbCCw==", "SU1MGh9+Zg3Zuy+khiN0Og==", "XhhNgYgTJmDdYc90YuE8vw==", "bpM7BDVV04atOPduc9mI8Q==", "kRj1Frl5pmWWgd5LR0IPyw==", "FUR7T9AnekkZ5hPUz2WP6Q==", "tDVJVtVXjEp2hZmPcOFM9w==", "IsqBfnAxrh9UbW8oQaSR7w==", "O+NG96g+kK1DtaJEFTfwuA==", "eNUwUuL3W5wSpnxJfClXhg==", "jbS9IFs59O0uPYg9IZeksQ==", "EzveB8rJWscHHRZtJKOdRA==", "Qp7j7oFs4UbVUHVGblDM1w==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "qpRD6NPbAOP7sG5S6hInXg==", "mUXGZjQ6odB/7zYNoJjJRA==", "Bzc4r1UXMoCf7blNLHkQGw==", "8BMA6LbX8vjrr4aUcmHB5w==", "pd2B9G+4ekvOFTzso0NXCw==", "FgTFx5g45j7WzA+bfAHPzQ==", "nNzRt87EkCVymyYuDyEW2w==", "L04cc8NCPjDZYnxYDnO5+A==", "yrkfySEOvQHtbEYpAUNs0Q==", "/+t6edjy50ibBAIw8q+CWg==", "hECLdfUszFQo2UbzQI3BMQ==", "lJah2RfNfRF+vEQdCucT7w==", "84g+WJ21VVZ5YgyE9krInA==", "y0c8SsIbu7kpkqoaDhf8/A==", "S2g7delheJOLf2DxVbw0Hg==", "0Gq5wAUiCXaH50wxZYx9MQ==", "M9nh4Ryt6GwPUlLoItHqnA==", "fMQ6kctftYthbGvZli2/sg==", "4K1RYkumn7qw6Pk7lwpfbA==", "hHQvhYHv8KxCCQMiFpmyWg==", "Y3PSsgfYVK7+nWpNGBO9lQ==" ], "13/XvLtRK2RDQlcsZc1BtQ==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "ohJ0B7EgOJ9MaxYsbvhjIA==" ], "13i0QoQ6Q4yBI5RUf20lXA==": [ "h7m1EaKKCwaqq30R6Q/BlQ==", "Uy8P+1ImBLgh4EjZYlMO1Q==", "7NIMWPjl58dCiuwwIe4bGg==" ], "1GZ5tdSeZY3Wi3x9/AVQ2Q==": [ "rtmfAClgZr+pMIYCffofpQ==", "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "eT0Z6G4b2zSUUUSLlyL8Tg==" ], "1XXuvf69/0I2dNHaU2UndQ==": [ "/wfob5jHHezdiyugtfPWjg==" ], "1dO83wB64hDLki3A4eA/Pg==": [ "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "vy6yzxdusLc9vaaiu2HI2w==", "0MBdby0uigxg//rv2xd7SQ==", "WPitnGSVxSl/y97AJTQIFQ==", "H4boG/V+MB7stA7jG8O6Tw==", "dRNxgKG0w/nM5rSMcvz/kQ==", "cJ4BQpErMW3FIQ2vBfopJw==" ], "1h9uHE0QiXBO/zpJrT0VjA==": [ "DqGYMV65C5QRFD63WuUcpg==", "1lRtJofWFCTkQi0dreTmvg==", "/rVEaWl0l9u8biVEKbZTFg==", "2vr/twKdnITJOKu9ARCAXQ==", "lKniGV6mBq1xFWJ6V0QVvA==" ], "1iUaGpv40BOJQUks5I0iYg==": [ "H4hIo8QsJ8tJeirBCqwHFQ==", "dPlld/v+ZrL/y3NT/M5t9A==" ], "2REYKadw7TKFiuC+OnoHmA==": [ "ijNNBHI8o+gObvRZ97LRdA==", "CH/8kg0DShdiNjzv6+DZnA==", "L3Sq7FQbQmRq1R8Dn0eFww==", "JegoLVJD+r1CNqau++1Vlw==", "2UhjmcPUkGmILpYJPZEiNQ==", "UWR5dcXlfiNMz/BIfTGvfQ==" ], "2fg1ZRYCSPKKOgCxCcA36w==": [ "Jo0GiPh7MZcVuLsVDbp7qg==", "CMGu0bZesU9cyPAc2vK34g==" ], "3688bXyK/nwHthXLLVH24g==": [ "teVzqeXKz5qAL9KrVUsKAA==", "IWplUWF011EXddGnkU5Png==" ], "3DTA/XNFCCDFf6sfX96bGg==": [ "CQY3y5mGXL6FhNg/bhr8Rw==", "rpzV0o5XSSiqAfiLvn+7sw==" ], "3RQKCmep11B4hkfn96QJTA==": [ "WxO9le6q4ACTs4KnSuckDw==", "QNeXj0/uAU3vww6deBbkrw==" ], "3iIPR0bjuCPQ2+48pSdeHg==": [ "+WB02bbxvRVZgJj5gYjJ7w==", "4gO4ls/gy0nmsC3NeXvyVQ==" ], "4Aph2Qer6+KdCecFsU0TXg==": [ "HT4k6+0VwtXXrNi4IFV2ug==", "AsiuN/8gu7sZ0PJCLihjmw==", "0u9BhQlRGnXqmFj5VxmVgw==" ], "4DM2GB9KLL7/xWypPdz7vA==": [ "8QRmG/+fMsQQzP2maaxOag==", "9b3CWaJsQwdqnuBJDBMt8g==", "f6K2rwitLCyOeqkSvuUcFA==", "VgaIsJDFBatjqT1h+RQLFQ==", "m77LjZYd/4k9LSozG2S2mA==", "KJGsgMArislsisVXSZHY4A==", "pr6wo3A29JKUBSVK/BGExw==", "WIbunUW6+W30QKZc5Tmqzw==", "9UTiJlsfYxfa60iynbYgLg==", "VGewdTS02tdqYoORYHK7Rg==", "0PMktbRk+B4fdwvvP1VWUg==", "V9lyeZvue30g1R6RiITjAw==", "qIRy7/v51ILezECGLzLGBw==", "2vidY7qxU0KDMpAzTaXQCw==", "5z9ZOzxJREYn5oM+HAm6dA==", "E90jB6HCh1KjzQXtmHMUUg==", "iSsTR9jTS/494HfIgB9pGQ==", "2VowcBblBj36IfwmFRwcwg==", "3FdyvSRS+ECfT74KYiCcLA==", "peMVLpnT962hXrm4IDBPqg==", "JTwzSHX5xKxgTtyprecVew==", "2k/PqFfUaKNy33VkAbVD6g==", "1oKL9ZSv1M4CmxUhNFjpmg==" ], "4ImdKzJ7uZoaviIayzuoUg==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "1SDdOQM609JpOnF4Vx/qwQ==", "2j4vw/Ef1McLxa/C6FEQvA==", "iL/VOECJBzyFgTCwWDppVw==", "ITIiuf1dzb05+JHj8h65fg==", "gCKIolAPxKn/MwnZqQ5viA==", "ANxFBq/yNQoElX4dsXb0wA==", "562erF6ddCIyzi5oV/IzHQ==", "81Pd3WxGavo8vEw0GcfWBQ==", "iWeHI13pT0mygP25w8npPg==", "gh3MdGIod7lYo7rDnSpHLw==", "49jEi4xCgfg8T8qzhNobIA==", "NfOajNNzWnotxhFpYD5Nfg==", "5ZJ6PuXfgRMCarpNow00ew==", "hMwTXtuK2CPZup51st8vag==", "uJDCv1FWYpz7eywFMZ5WnA==", "VZxWbc2wJwiwTLhillEtpA==", "dhk9SR7XgMlUT1SwbOzs0A==", "ybQbHANLbpeKvvvpnEOh2Q==", "iUURXijANkMZIH/VbXWyYQ==", "vZzq+XzhXQpcGK6x6C81SQ==", "X+rjva7ecn1JedeVO9IX9w==", "7B4LUCjMkCM+NcHtyQXyFA==", "9z2MVdoreqGVJcUFUz72OA==", "am8Nu2Xz4xTgOxf+V74bZg==", "H5vm/YCKZciOb4TXZmGZlg==", "YpjyzhR3jAhlzb479lBoJw==", "bmNjdpodhrAjmmeNv8j2ZA==", "OOCO13z2+atrfqEfCsJ3/w==", "NplyvjxiuekBB/5QKoOJbw==", "cv/HKlhaI7EJMBLIaTimwg==", "L9hbhq3wsZ5QkKEIo/fhYQ==", "iE+bfILM7uszXcxvEd6gYA==", "VcgFEXPgpzLsj5tOjILVtw==", "kBdyi87P4B1cTF5hLS7ByA==", "71rWwrWl22424P8D9sWBZg==", "bb9X6domCAmA+m40PgE/jg==", "ISgjA2mi+Q9vbdNEhDKXOA==", "3a2lYBlaR2GDen/lmTlCyg==", "hzkoKs3QdYyXJMnifzGbxA==", "WLri8p9NfgX8reKybIYziw==", "3wP/Eggf7Bu35MpzNr1Fog==", "ToyZiPOtBFPiNJOZ8QaYng==", "fezwmAwUNAjVNYh+YY0Wrw==", "EBopL1hbi9GBQGXZUVNCAA==", "GJ6//hGiIsio2zBFuudd/Q==", "GVXQ1XPPQkuhZ4SIFGoF+w==", "0LvlxzvH25js4ffWzvLRTQ==", "/U86DUGeHRSAL0GvmlifyA==", "rkpLgzhV90FRHYY3ESWHfw==", "MrRavbeiISRcJtBRJ3ZRsA==", "VdMk4kWMgrdK/5+i3n6XhA==", "fUkL/QrHEZtoCydnxvHQYQ==", "WU+A3QdBd331DcSM3AXFew==", "TQEoFglRNgkSreqoAySz5A==", "9NxQaPp619Bd0qky1dvzZg==", "MVGmB/UrNlB0PqdbI1X5iA==", "nhTPOqyx5Hjq5RaQThVb3A==", "keMF1HAI1OIF8MvJtPZQ+g==", "EXi8j2JWeu5xYuWml6Ellg==", "VQ+eWJsUMBep4PD4xfj8Vw==", "ND8tA1FahvMc/ZIGpyoj3g==", "78Ya60ppwS4OL6ZK9P90Qw==", "ZCWnPSXILcJ9aE646DCmag==", "UH1xPpnVOud+f1gKl26ATQ==", "WNRX1UWo4fDLFOhq9mcbIA==", "JZIEpU7UdEXuAMj6emkt5A==", "nKGJQ32gv73mgVLbPDD8Qg==", "k9Yjqv3ifDP4XwsJSZ8XiQ==", "7TWJhc3cfFgph89dsQ0nBA==", "jyRfRwiUvNWAyNlZmv3MkQ==", "iMwaCmNtKHrK2+scb+hkxw==", "LMcwA00QGnxriAXkZQIhHw==", "tjg7NtH3QatPaaScohSsZg==", "IRgMJoQA4x1xizY2hEw96w==", "9ia70lNV6NYvmzB7WlbYQw==", "LkG+n79mbPHrPl1sC2ee1w==", "r9W84DjqWVoSeRkzoMmOdA==", "Ira5htRPGofy9veGMRD7Vg==", "dgwlwyboh6/BQfJsyoE8Eg==", "UhBP4F/rEtGjZG3U8Wvp2Q==", "YPJKJ4DYdTXL0BJCCS9pgA==", "eh73UwgswuQUUBPGmZNxLg==", "bytYw82gsP7fmiiqIEcGNw==", "O4VudlVyChnCKHP9qhS59g==", "XfjE+J06ONMJAg7vkQ3tbQ==", "esWNnTXfVcQMP31EwLadpw==", "osxk1q2jE3TCrr5JCQRhNA==", "TI1OyePXauC23iR42z7HKg==", "o6arI4B+lOjvgV6k7kauyw==", "0O2I0zrYDyiCiU68WyBLvw==", "lG2c0hNx+Fgq8Zf8B1rJyw==", "FsYbwBEvKH6FW81JU3KSvw==", "m2sL00H9lvJ4xs2UqwHxiQ==" ], "5JeNH+bHiuiK9wwBZqH10A==": [ "sXnCRVNv4i/ZmrJ0YxWonw==", "Uh6QIejNBmYSJ+kLmnZWzw==" ], "5NZNFErDrBiBoorV+igTjg==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "9M1meEoYiMYlmYR7kKfweg==", "ZeLcisCXFaeQKOi8dej/BQ==", "XHSXqyF2rScxnK03VnME5Q==", "QZQvSq0tzcJY8GfiU/aXpg==", "Geg0mw2hzdsfDbJ9adcmWg==", "1QQmDcMkRqvOte/bR8QEuQ==", "w93rRV74Y3Xaae9j4uy2iQ==", "Oaw7/z6QEDwwzKvMQmdriQ==", "N6xCmSIsupN7OsJaYpsl6Q==", "hv1o+8ALinWTDa5cH4j3rA==", "q6x8gUSR0HLnQLHLmB4Htw==", "yz/zQzn72boszb6Cab3Y9w==", "GolUr/klMsQNQ9QFMdcAmw==", "9uaveyIiSEcdU4MrDHbJ2Q==", "X9na4KYJ5u50u+KLDr2iTQ==", "qXBiVfXy4luW+BbyG9z9BQ==", "c3eMx85yv79gfxNsxZXPHQ==", "12PmpsYpKqbguwokcjBXqw==", "wEVnFZ6M5zpBHSw+nqU0rg==", "nD4gdXb8ND61ypX9fYklTQ==", "5vR/2ZAfb0swnLBKDl3Bzg==", "quMgsZt2z8hlQ+HzwzaVJQ==", "70HU3efHkL/3G4Y44qZmGA==", "fUlz8/rwVV2PbflGdFYCdw==", "4K7cGcsZltSw5Ayu8+A5rA==", "ETcQXJZrA6IUPRr4MXFUIw==", "ZZj+FChMvULXnT4QSAEvQQ==", "qLHoaQ/4ax3G7SRd9aV2yg==", "AQa/gDZ0IemFxWbJIsU4yQ==", "ug2Mk8LI1eIN0hRNT0s8JQ==", "O41Bejc6em2i0QjOrjliKQ==", "VJAm4vMolMmA2ytzFknQUA==", "RReWBnQmCp2XJDUh6xioRQ==", "vAAzy4RBfYsNO+V3LlPJ7A==", "2eKcZq74WOmYmPDTZ8L+Jg==", "1PYvw1fdwe6hM2UBdw4Itw==", "qdXDrJ7D0lw6kIY2dy+1KQ==", "jY7qsjEMOfcaNJkgI4dijw==", "K0/KdAmlvzyf53kjXgfoRA==", "LXj+7NB7elh/3U/gcE77cw==" ], "6COiLlB/V7UlOwfuFJy77w==": [ "xQ6R88+x8IssPvOAavmZXw==", "r3RLKNYtYvKarBqnnrlrew==", "Z0bbSkX8e3OUKdJa86CbBw==" ], "6G4wapu2zP6UYfTP+Ip2pA==": [ "jAwMSdGdL8Maby3fRvFUDA==", "BbM0NZsMsZnNUi1ybIzssw==", "RxwFiIUPJYMo6r5lfv+sdQ==", "m5AiZOpiUf+2oOMwsbQnSg==", "FpA1FaTnKUwdPkl0KHAbaw==", "LyQcB6aDtcDf3FmzBVHSKQ==", "4cQAenzXciR7rLlEmdwZsQ==", "y64mIHRpNx52AEpoGbOyzQ==", "IfJyKZ52fwKruf/mbOKmYg==", "IvL651FnAzrxSYOiOuXMlw==", "Sn+Wd5xIJ9cLZDfoyJlgkw==", "F/boCR7kXAGa4+GAELD7Tg==", "y6Uu3YyF1CrzpsmxAF1m9w==", "qhxrSy/lodS857k/RFYSFg==", "TszqopCoskBv4coMA3/peg==", "by+PAyhAcd2LS2O/tZxbRQ==", "XWaBdbEJiHpYXT1f1eBk1Q==", "4vHE1o0sxmJSfgr6AiAtqA==", "7+zZLUPhCOA3BFrcusoKFg==", "ah5gJjq6ntKGHe05l2QLEA==", "RUDcnDBVSmf+/LWMe4Tqgw==" ], "6LVRZKaAJH97OKCXsJMDDw==": [ "JSxIEGIOCwboUDoJZgS9fA==" ], "6VAQWTpZhN9PW7YCmVhxsw==": [ "03F5BM6+dlM9pg6rJMb2UA==", "0P/5eKFuPPXM3bHgeAHWxw==", "JfmoxvDj+qKmecssvuGVyA==", "2bOVXniSdlE0fZB1iot4yQ==", "8gQtKtb/Xr3aGfsLtKyetA==", "bqEGDVpuXY3j7Kr18B5E4w==", "YnyGgq68v/XTMEk0yU1qsA==", "vLDNpmPSXi+t8ebIQHILIw==", "eqZVUGTs5pHRR/tV2jQA/Q==", "sTJKOfHbxppSoExQl7mYpQ==", "PnyZkAM4ZwDECggE7QV89A==", "qI12E1AIG5PjZFUHEhSkgw==", "51jf2IrfzMdepCjAvXkPMw==", "kJ/PUfmUBn2Ep03yRLItuQ==", "1/PWApRfYh/rLEOR0JZLsw==", "wbgbZuReVn7DfcAmqe3XZA==", "Wd+GQ3y21/7kl1XV9m/oiQ==", "fcJXnA1/CqZDeUcxpMPyzg==", "n5bOb2nwIXCE6i6WEpGlzA==", "taWP10HWuyQrPSEFSUjPPw==", "EfJCfNem+1eUwnsxx2dNOg==", "ktNuCXztDAtRpUWlUtIWUg==", "UuV6vmv/pMSyQBUW2Wn3bA==", "f5rDGDIgGLk7iLvtlKjm1w==", "lO89yYeT5Xt1E5KBgR1OXw==", "S3c04CkV3MUFBzUssTpBSg==", "wXA+dwIpPFBMKZHFylJdgg==", "ljT4JJv6XdYorFfJ6zbfog==", "830L36AKCoBHnXPHE6R6uQ==", "4Uca8szOo7gGoVgv+DjeUA==", "knD9e5c9mhfEteHg6iIbAQ==", "BfJzk+M/zKnbrBHcCrvIlA==" ], "7JHS+mBQfJeJoy73lvm4lw==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "jecTmyeay6DKd/7zioYjow==", "XXaDpMG90Mb3fV4QxoLqXA==", "7uj4PEKyThSRh2msjDtceg==", "s9zla+0u22E+Nq1zlK4A0A==", "1aPjlkabj3eUY8WGb+gz+g==", "McBbvTJIAPyP1aOW8M+hzw==", "7ZyXE8z7uZKjHitrjhSWQQ==", "x2hzd4kogrK1x2HyIGmxuw==", "aouER1d5ARUcTEP5rjxlQA==", "gEN3j5KPSWh2c+RarvSBNQ==", "6fJcYsi1gPQNv5g1ujEPdA==", "ktZZSLvjrHrh7DYZ23sMhw==", "0TUqdQNGOvjHNFjkDen1Sg==", "63po8QED6nDungBQEqHIyA==", "NXkuwjwxMseOUUaLQCgnuQ==", "/bIhvJWw2AYMGyJtBaoH6A==", "LUlesLbzv1yf48cLqYDxTg==", "rct+rak3m0uMzU51NldQpg==", "oBl0IuwDdaD9PwMwSDcQpg==", "srkxdJQ82zHIMw9egdZc5w==", "k5LjlV1zmKau2rAIOnay6g==", "edf9qrl//4hhbTQ8nlVN7g==", "ve8kNOScD+vxLjbMehgbRA==", "o+oNdKG9C3ouEb/OQo1GOQ==", "eh1RT9v3ol1cjACTvuohFQ==", "c4b8AyMPp1ls7ClKiTCbAg==", "9C6WGntg4UmJkjiylWVxnw==", "7tWeNpgpS6TZ4aQUo8g9NQ==", "rWYn/Km2lN55sVL7Ui4zmQ==", "QqNagWxBuciWgmqsaHDwZw==", "UV2MuUVVyu0L6wfdUc0Qpg==", "QwkBpizF3mo2JpevPMDeaw==", "fVstMFtDcM3yfjjb8mKxrg==", "qOdN56IOMUot4YWCQPjPvA==", "2wnmmIxGcmTTQ7kdV4Q55Q==", "6bZ4UNaa9jRLVZoZHQgYtQ==", "rXJvA1HAsx+E4rVQeqU3qQ==", "BsGuSaqfP6qrCK8KTTY4qw==", "4eh40PtMaL3JhPlCzb+8jA==", "zdrK/Mitm8rUuLp2HwWnmQ==", "zidvm9MkkP4S62Ofl4+xSQ==", "kXL26w3j4LcAqSQ9tOuWMA==", "o2RzBkbyaO/aJUexQwQheA==", "kVJhm1LYIfhvn92InJZLDQ==", "H7H9wMobv6DOqzUUAdOqGA==", "xVnM1Y5F9hIYQN1//jfY7Q==", "0ZGrJGNNqDLH/sZXsRkfvA==", "VyeYHICkBiXwLbWKsz4//A==", "QX1bQ/CZA5mRbcqjpTc9aA==", "IV554NtP1F9KO4IyBit26g==", "wed5fBK5xYyUEx1EpoQtEg==", "+pWnGgJUL0jrC1yhwq+kNw==", "8/mZoUg5ZlBapu2isiHzqg==", "WnkMM/SD0E+7EEac0/vMVg==", "tboTb+/fwz1O/l+3w5n9ew==", "FMzc9QFitxthf16XR1P0QA==", "9gB7mQN0y1Zy9EiaXIHFew==", "M4/opsM/3qe/3m0zjGkItQ==", "Y7ypeGdtYfJMJApDHYX9tg==", "SnI5fUbXuT/Xt+VkGvddww==", "ftPQfiVA8qRKJwxT2xcXRw==", "/G3xQo8kmNMyu7hycZYF/A==", "06GjiUkv66Ek9Iq8u3SFSA==", "u3VIQ3Bv2EdQNxxr10FAOQ==", "psR1kVsSZz19yYKHsoaoNg==", "T2rcJ7DPtdiGNP7r4L5R2g==", "pmYCdyBPlSpsjaT+VrrmLg==", "9PE6ZiUdIaAWtCsUgesEZA==", "eejojwYHRaSarkdAMLD2OA==", "JZouihQMnG3T6XSUXqYbkA==", "JXQAkdur2asBQ4qeq789Ew==", "pNsmsBM6zioL8gqkR9CNUA==", "bjkXZ4ZTp29EFzF+wMw4xw==", "ZAKrc32qORy4LwsxMQgfrw==", "jh1Mqm3BaTYV6MdA+4D74g==", "7Q0Bus9RTfFy/UrxkfH2sQ==", "D1jz5P28B8rwvnVaChXHiw==", "hx3c9WG+Xum3pwxo0+FyRQ==", "j7HjBQaZ5PNpv7JydPZ8OQ==", "yF/CyvOlKzDmpBu26JCuEg==", "A2YTvJXiGwe7aOSqWlEZhQ==", "W08Ska67/8hV/b3GYflglQ==", "cNsQU/uNFf7PsCWqaKxjAQ==", "98vR1ByhE/Y9cvB+lRN3LA==", "CW81Lp11K0nBc+3dYegY/g==", "hlV8M1lvezTjDMlaNPSTvg==", "OqWPbZZgGqlPCMzbmClfHA==", "9lOT/bRPy9mu1knhwrLw8Q==", "/WghVlKV6eiRYf2iGmk9sQ==", "UsE9/aKvx7HhPwZe6KY1zw==", "1LTKa378StuY8O3o3G26jw==", "r+NuuQcHZ5hOWGRHanlG0w==", "RU6xHn/9SV8lotyX3JW1ZQ==" ], "7ZWYFE98hi9HyU5Q68Jgsw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "q9L+6bHSCCXbReRfXEPeTg==", "29Fo/GOP7MILPepOrnMgjA==", "/E8Khm0ZXy1gRiDom4c+aw==", "yq06et41/lBQ0nsMvLOG/A==" ], "7qAMBOvJ2FYxpK9n05pI7Q==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "84WodsWNE9m9GIrBiKl02g==": [ "XctMW4QJZO0RsDAv/VoABQ==" ], "8Ky53YwzOPM2pkEIVuuuBg==": [ "LCRgl8qKc2VcXP1ILfaS6A==", "T9nCb/lA5TdipGMhtb6HJA==", "FnsKxnhjNS+E4Y6hrazjUQ==", "GoHsuuxRgbGb3lm852rQmg==", "mL/QvlBQrld+4EwXWLYTNQ==", "TUvm6koxiDQRc/8CJ4TCOA==", "v9nWDWoVTUzEu77hVCL+xw==", "c/+IhJOZwrUFnxH/AA8NiA==", "uPUYRQErrH0+5XWkYAjsjw==", "YJkc0fG7G+dwREiIQihS/A==", "KewD59oo2UdDLsWiOrUjzQ==", "n+8zHdzpUdNYaOfjqM+rvQ==", "B1gQIzGtgKR02WiRgVPUgQ==", "QireWdVPs8MzNOJ1scQvdA==", "F2QVfam7Idr3v4Y7g3wf/Q==", "ynnULh1l7jTnQPnMak7suQ==", "HuVZNoL6F1XG6bLXPdhmWQ==", "FlgtpglQEkjGT66EnFUHMg==", "n6Vm6uSXhVeVnZmJCVL4pw==", "t+vHm4kt0AB+tq2CG41TQQ==", "ixlSuy1zsWjDOO7lFuUNAQ==", "+rCn8yfwQj/rMH9c7+J0ww==", "IzDqrZ8Ru35rI4iCSSk/pw==", "HxiMqPnG14UzA9oHqqI6Ng==", "JtCpNcg8egZjbdozD9CAJQ==", "rRfIMqTlNWlpWE9Bi6NGYw==", "/l+w9tCELORzNXZA4/qNsw==", "ENoYJ+9TEzYG+jTQB5meaw==", "V9f8Tc0z/tWsm1egJDudPA==", "vu4nws6mMs6GJYT1BNu9DQ==", "nLbsKQgcqXqFJTjqeQs6Vg==", "CXlZx/1BY/yqrUCuQlON2w==" ], "8Q+4qMpgUhvMDCe2QUBIuQ==": [ "Fi7GXCkkqJvYQw6Co8Nk7A==", "QsR+n6O0ULfYayvahAaltg==" ], "9WzsXAqqRoLidXM4HaB8/w==": [ "oNps3pS/KBKadK++zlgktA==", "TPp/bXEhRpApQLMY2Ppr9g==", "SnYLkLUk0dFIFA/itR5yrA==", "7U+8ffRP7ahu1ot4Zj5Zlw==", "G33a+jVnMZNg6liymp9Lyg==" ], "9hWn3VgLVkzmMJln7S0UCQ==": [ "rFWIZJAOzhCWoZKNelyFsQ==", "a7WPDd2/UqA1rqbo6pjM9Q==", "EZo12eG9Obl1kmhRKBmcvA==", "76ytKtBeQe8L2T7nxeVp/g==", "QjS6b4li9vRMvS2l49iyfw==", "pxuVFZsuUa8YFBkmcjpnxQ==", "DQIgoLb/8+6+HRbr8B6wHw==", "6WQjHZdyTC+aVOSwNc3+BQ==", "pwNeC1oSJCRKeW3NQ1Zwmw==", "Jq9s0m8iiaLnslijc1N/kw==", "oUbBUuaPbKO68xR8hm0EKg==", "dXgWtIQra5a7FOM/lmTQMQ==", "4PXcy6CSX2EaPwYEdLkfbw==", "IGsR1pj6qXRBH+0hYVXsew==", "AI5OCFigX+y57buhAMK1UA==", "J5i8I5ZRQGDUXQI4WkC0FQ==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "oXbtPoAI0xd/D3jVRZ8E8Q==", "M5aJiMv2/MaWINKfor0BrQ==", "oAa5rQ+ettvHgaEihiWA9A==", "sQrexr1vAx+h04KwvoON3w==", "J1SK5zSFZI94azX3jybBbw==", "WVkwWFZlIInzrX99VsKBBQ==", "Ewdn+P1XzA/h+WRvejvm/Q==", "4RaJ63cwUpp+QWj0IKysEw==", "wCl622H8UElXM4AFHot1bA==", "tTdsNcqGarFD7KtMB1ag6Q==", "/+enDTB16pRyR8XOMcf3ug==", "Cbqd4MLPHY6FcToWh7U3IA==", "748UmdVwB73z0xvCImrQmA==", "ItuvzyMGym4CNyVuxWwH3w==", "24Paca4PaySz9eM+VJu4ew==", "DrL6S4TbqHyLJh/Go9vALA==" ], "ARxZCHzD7KB2Pu4aHl7POw==": [ "ntPgpTaOsf+PmS8l/Ba/Gw==", "a7PsXEXsbw8aTCMWFxM9mg==", "qaC6F9Z9j5kAaiDeRwL7nA==", "3BY1OD4rYtX6LEFO6X+/Yw==", "72/cPQH5mNLd1/e3j2Vn+Q==", "2QjZksAOTEJVwk59l2QYOQ==", "plTl3JV8fPj1sUiMh31FmQ==", "Lw4KgrwWujzRmDjtibR3+Q==", "2M5CwoqtCrF9ix+6ghISOg==", "ZMp4FVCkBvOUuQnhgF/KRQ==", "OoUkTYhn9kcAyWK8OpWEvg==", "xF20fK5dvutyLkWcMLVDPw==", "uRGTeRjJyz2NEeH/TpkK8Q==", "Gn9qNy1ITVhOKz+nUviaSg==", "W9Pcn9xdPg78KgFAK5oOyQ==", "N6/VXIOitxRZPgnZMgm+4A==", "MvPzfqdptyOBxzxR1iCL3g==", "GbZa+XIQtfFHtHWs5gm0wg==", "HmZXdUV/ycFcRK+m71pC+w==", "f9AAdWBkmOO1/+acrJji3Q==", "JLdsQ9mzV76+v5Ttq5j2hA==", "X3NBOrSivf9I926V0a2/oQ==", "RxiYxX3H5lL8cc7k0ac/mQ==", "GW37uYQxwwgJBIDtA/dT2g==", "fdA0Wp/waErtsQk4sTTbPQ==", "fh2y5aivazupTx0EZ+2Cag==", "MrpKafmPiKoIdSrqC/r3Sg==", "VDdxJUjxgL4zXvGWC/1xnw==", "gZKcOjx7BKTLxDMH6ZvfGw==", "9fvqDo3ARbJLIgwR1oX6QQ==", "+do0gu6vrF3ZT5my5V6+CQ==", "+Q1v3N9+IP1xQOJnmQWDyQ==", "Wv5rERdynoJ/gHM2CtgXiw==", "uDUK/vmP915z5uyCv2VhVg==", "9oQBIjmHHZP7ZEjuqVHO7Q==", "6miUB07ljV2HaYX/rZ1yjg==", "JiPLnE3IM4/yPxZ8earXLg==", "U31VkPC5v6K7XIsRFDo19w==", "DZWopkvTJiWmVsAADTNOUw==", "bOMmd0jIpY2e7Cl4owS24g==", "kVjUyjaMJ0bXnwb03Ksw3A==", "3CUrg7YVjtx0L5aX+iMRxA==", "Q9syyD8a/4l/mc50UAvBnQ==", "WCZXmTnbo+2lbMuZdpH8NA==", "qV/TxipuOJ9b9a/x4IT2cw==", "6q1zANz+NJU+U0TPL1Xa2g==", "xUBSdDBs0fiKOh6BCZPXOA==" ], "AdRs6lk9yzTM3HvjeEThKA==": [ "AsiuN/8gu7sZ0PJCLihjmw==", "4JsZIRvQ+13IMgBIUPH0jA==", "P2LAyAbSFxWVwlNB9c/A2g==" ], "AxTxyAHzdLVnUL9t8+ZYmg==": [ "3D/COcmVFbxgINNliqKHgw==", "M1Z06nydk707qbRpFiKmaA==", "QHS4gwmQURKolJEnj/ZMHw==", "p2D36zAi5tbYfUPJhBVLhg==", "7T9qiwKBE1swIXuW9Zvewg==", "WGccGAwrqbQSNjycPuaPsA==", "L2l/2cM7p8mbRx8/RerNPg==", "uvaZxZFE7cKBjyjVQ/t6lg==", "RPlldG/r8WWd2UCSZ1vzsg==", "HS96brYtpBiaYpW7OxT5Wg==", "kkBeA26IUhnokem2LDfx1A==", "aR+DKIj7GETMsDtNSfYXNA==", "urOIF+inUTTF1gL7DeWkzg==", "fEW9HCDGh5vauL1jhvKpFQ==", "HfjDJmml2JYJ9YjdaPe+zQ==", "pT+67u2xHyxzA5Cl+Ui55Q==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "ff3woW6bpDBZXooXnBPlNQ==", "NJhwMDbt0IMvlSLLB4cUVA==", "++J1c+9mFiyHFShlJEQFeA==", "H+x0VPepDcitQiESaSwIwQ==", "KXzUsn7IGL3ZRMjBL3QOng==", "NNyvMdW5UTPp1jGH161XDQ==", "1nX4t0Z3G1H45fqJox3f4Q==", "67Q/SCDsFWutXyKWQ9JQdQ==", "PdGhfwK5tePs8ngzFuopoA==", "dqYoyBWLAQszVE/IX85oqg==", "EYkM0DDu8tbFKzGysEiO0Q==", "be+F+Fkt9wYh4z6YwfNqdw==", "ETjF+btf4DIblmTTbHaZSA==", "gR+h15dyWueqbKII4cPOWg==", "qMnTnRnGw88RiTP1PFxynA==", "0LMSjLLjEqlpe4LAE1rWJA==" ], "C7VGVckK0YZj4RiVmStEsA==": [ "Mgu68G03r/7Tj/zMomkJZw==", "Ok4YXGXw7Ua7qgtxqZcqhg==", "aFDenLkUq0L68+/zzTfPpQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "8Efa1m3XsyOFY5vSd2fHNQ==", "fv3/0oUmGvxLyxCaIIt3kg==", "dTT2owdN4FTG/LqoICFf+w==" ], "CjFzfz4zBZj7fcwIrVHCRA==": [ "GtECMHzRoeZKh1TLvpCt+A==", "FjB9AnugxBHu7Kwf86C67w==" ], "Ct/46Ed7Asmqt98kLc0FLw==": [ "kQq8hvN2yLWiupMaLbRduA==", "vgP3FAR9tXjiqUc0mFlRrg==" ], "D/XNnExpupd1bO9ZIJIE9w==": [ "0W0/E/g2cPvxNF42LmIwRg==", "JsF5ac8+OAOWxsV80iUiIw==" ], "D0GGDit/UxegO+/A5R03SA==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "E2+Fh4utKcr7Wyiwzh2bYw==": [ "W3qe9/KhW5BUF2s+kXxVcA==", "5073UNZPtR+lsy1kIMhUEA==", "GoHez0BYftW2Wj3h0K6Zxw==", "wL88v46Y3XlOQ8xtlmBugA==", "15uVNLTcXPHEO0XVoOOwZw==", "BCe3MuKRzryFB5SraMhsPw==", "PMaPI3hRDt0vFaerryvY/g==", "nSAqYkKsqi7arKT9mgba5w==", "5EPGtk7Hqn2hqOaxgmNiSQ==", "EE23Ay78OLUGxmoM3vXPbA==", "s4mktw9S/tOEdbFRu8ZxjA==", "V+7K8Rg1uux3xnVmyH12/A==", "OxOc7/P4x7mjEZNhGnABDA==", "hazOAbpBSQ6ZcoEMkq6UhQ==", "WorXACje3vTXq/wv3RUODg==", "E7v1LWpr+8KCE/5szHqf2Q==", "mpDlR2Lk6PsJrTVRdAvAng==", "+ieGB56AL1fLbXEZaHIRig==", "PTaioV6jy0S7VQV20A7R+A==", "O0ZHj1wCkn8EgvHd15dYqA==", "hgtI79dU1WVsnkd0nzqqTg==", "OleRcJ5uCI7wOsxOqMjRlg==", "HnNhAdInEg3yPEHYo7Hl+Q==", "R6drGbgnzqKGDiX/RNUdqw==", "nRYrn2tFn8hdV0x+2YRPYQ==", "5j7D/WXFLHsZYUeUrskpMA==" ], "E7ikPxWehuEw+6yIZODYlQ==": [ "b/JoMKSdjTg9hoFgyAsYGg==", "Us6zMNu9gwaRC0UH2SSoQw==", "vn/18J5TIuzcd8MxdMgYlw==", "HeemEcWe2JVMYkjGWbuiFA==", "FtF7hWwlQYu4clVsrpBd0Q==", "1ICypZP/7UrDVdoDevopUA==", "SIPkCsjtWsrsJnfVRjxnKA==", "NpKL2jmktUTvYJUFA1mjww==", "KBpYoBBh5AFRsvma/sImeA==", "rpwsfSDtxz8KgCjcE5LUgg==", "0kDaqIpbO93XpnbaK6KFUg==", "zjZHjKf2l5+qY9/XYdFMQQ==", "ves1GfNCYjdCXJceNwT2Lw==", "6K5O0xmJnJtZcGmUaZ+P/w==", "0MVVcjDKfdLbs80csEfrOw==", "RA9ILX3H27ou2ro1GzHq8Q==", "miA8N3aOifbt6s11v8VS/A==", "QBD2bakyMRLlWNUWb7c8Ng==", "Mhh/p16eoRFTSGC5EJRZEw==", "BzOgc4nzX2HHoodQY6X6vQ==", "wVu6Drfzxh1KT5UxKndpTQ==", "IERk9xwccKWSGr20Hb5U6g==", "pIJllB0DitFR4biXCLWlfQ==", "r8kk8OjPGZXkalD/ogI9TQ==", "29JfppZedoclZHW2coehcQ==", "c3ac46MKEwGXSYV8lTnQoA==", "x4dqDafgKW8Zo/is+xcVZQ==", "mAh/ixYuQOgKvSoO2gk7SQ==", "OuZBWnWNFHYdTgntdOB15Q==", "mypK4Oz3YEbjmcF//Lb3ug==", "X9G3TF69Pz3xUY5yIPno7w==", "JrT9jqBaZlLgPCS0RLnpPQ==", "mk/9oG3VlXeyR83vbnlC7g==", "LyEH4RIrJnMwmS9bxL322w==", "ipjYj7xm8hx7kmgjjp0cpg==", "6VA82zmenvpHf3qd7c6BQg==", "N6yyVyHeduwThpSSvA2dVQ==", "SS38Q6SbT7pMry4emWgqdg==", "SsNZleqCp7tmOqFZQ6ZaBA==", "pwSWzlcJAuR/J5zikGUxiw==", "WOmMgxwwjpbn/RLQX8HPBg==", "+Q9jA+OXah1xDhJvsj+1OQ==", "GwJvkFMzYrKrZEvvNMbc6A==", "2/I3PyWTnfJdMedKAemp8Q==", "svdlbVzNwZE9P/M3GvQ7Xw==", "qhl/5MtAFFjdvINFEhyFsg==", "PAVfrfQyg9ezKUDPbI/Nmw==", "2y2LXrQ+Jdr+fioSazFF4w==", "q29SxeDdhfgnRkudvf3mdA==", "UPjX59r3QHIaBVa54cqtzA==", "09S7nCU8PMWz5tWquOFCaQ==", "n2MoI6iOOGKJg6CiwpZkxg==", "QDYJ95dZNazClKtqoRJQeQ==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "EgjLGZKjPtqIaFVLlFAAPg==": [ "gchW+O287jwZk0Cnma5sKw==", "tVvgs8QNtuRqLgnWoPIWbw==", "7QBYsSaCu8T87GZR3WHxyw==", "BBNgt41sCJ+dkDLhh8RM2Q==", "87p97+dH2sU2JVQ8vQ+Xuw==", "hK/f5zoJDHjYWcidbJwYsg==", "p8XKlr7C/uFXLykQP2132Q==", "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "0wh4c9Z6sNxM5NAXtzaMNg==", "khaGOQZwNAF+Kql1EAlBfw==", "8ZrkaQ6B1f36PC2cIg9i6A==", "T5/Q0DOZypWV6o3x9ziKqw==", "MOUExK9O9qzIs9ukHaS2ew==", "ikYp9FVR/trdSFxeYpqAcA==", "BceQQXlChHEbiy2YYN7FvA==" ], "EuqqL3yIFMd5VRAfuufJgg==": [ "jdtzUluiOvXnFmwaOX/6KQ==", "CBxUpiwpFiagAj3ihqf+vQ==", "tLfvNXQJ1ryG1oIjuKoLPQ==", "1KxLqY5vPHnDfUxdviejiw==", "7SutUCP3yRd4o5ryN/dDZA==", "6JXvoql3pzMfkGQb7H+Jqg==", "o1V8hGX+jv19u/R1lSOgXA==", "m4A081U6rE2WLJ4u/pMkqg==", "DtCtyEFA0WRhx44S/aRChA==", "7Q4dYBj4wFa2768mWculSQ==", "yU3Lpv2jlcYSr1/M/dL33A==", "oDGZCaWnkiaSQdz+QhIr5Q==", "EEsEsfQRh24NPMdhg4HPHw==", "DE3GDsNl2faTwlhxzYBbYw==", "B+xaJOiguNTw6xGmTB+mZw==", "DFOoWHynQeFD6fZDvPyKMg==", "5hOM1HtOhjQV1yizNCgxBg==", "P8ATyyToJgziJaUXIjyPvA==", "ecYseAb1rFmqPx4kHRWeQQ==", "ruok+KtL5TC6jhvqLAZEzw==", "kgCv9K1pgDK48LdFtpFN9Q==", "4CRDu/yV+Tfg3mSUobPIUg==", "Cxqp3OmZ1TuIow2bpolrUA==", "oQ3Lediq93z2xbrIoJUi7Q==", "z52r/0OKaWAkLWR5L4SEkQ==", "Lex02lwAwiaMkFn9DV9FuA==", "VMyDbkft4E3T+1eXNk/i7A==", "yK3vcSC4PlKQSa9IQKCw1w==", "bmyf3V3WjS7kQmiAcGoBiQ==", "YZq+CTlAXva/aUDDEFdZNQ==", "YjXf6yY9feRqNoLqPt5iEQ==", "4QiWtYafAt/cFOvYpyJONw==" ], "FMrR4PbDeEhmMEh2juuVnw==": [ "89XrIFUuuXy08LkDR6XMOw==", "g8hJlpBfWMarbfdU+OkQdw==", "SaWdJL5a+HL0ZieRiKpgNA==" ], "FVL6ljas6Mq4jYoOr1b6Hw==": [ "iSzOvPxPGZr2PfJTBTQBCQ==", "z/LMTnJeia+du5LSYhMD2w==" ], "Fy3bplraTnRnJlV5RewauA==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "aJcuD8I2FFtYOQG27x05WQ==", "qhSIFNwi876BQWyJqx7TXw==", "Sfn7NNniMfKKkrbS2KIlnA==" ], "GVmxmNcJqT3ovg+RwjJg1A==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "7BER6omsA92tkjpEqGZJLA==", "szMAuHDpCq8KehOnG/58kg==", "SRtj8i4HsQkjCyC1YPMDYw==", "bmwYxyT6fmHIa8FODhI70w==", "ztlVnn1P+W74ZN9vh2BisQ==", "vQedZoMzqBElfCAKIwQo5w==", "c+walK0V+dA1g3qnPME4Ow==", "v/LL4YgDGZJlkF77eUtvPw==", "5ro53BoC7BlAtEu1loQCSw==", "sosNUrsbT764ZsBIEQm5Tw==", "VUNwpBj4hvcLARxqxrvCCg==", "XSCYGr+cvuvD+k3V0XhWSw==", "MJtIM09Jw6pIepBEcf4LwQ==", "4Utc/6C5f6+A3gsr9KU/IA==", "8kPW6EH9br7BQBK1DHvQsA==", "pp3PQor2CpTCVnKZusQgwg==", "Mx7K+5VJ9q5MSCq5wzzrvA==", "hIP4iOnrw2sfStgfnTKJKw==", "mfYVQsCdSPyqR1UobqhEIw==", "NGHtfO55iqBhbAmqujAqHA==", "E6F4Bsc58fK+0x+N9LY6gA==", "UC0U9/zd+klwBmGR1YYVPg==", "ZMCWgxkMJ4LjF/nj5/+01g==", "fdpDWwmwFLyFeyU+CnbxxQ==", "pFXK+S/0lzfxv0ToVY49hA==", "Pd5fn59ga3nlH8XsDKvDWA==", "03WJApqdfWbzHtZHpqBt1Q==", "d2mdhZ97rWRfD+pslcl6uw==", "RLGDcCcECNxfaKqTkhDvew==", "5BXX9+pRVay9wrZAORfhhQ==", "/0WOR5Jn6BKoC/9+5dlz1Q==", "ekipReKDch8nQkv6wLHVww==", "GjK0gO1QmNQJ/ZsCakqCdA==", "jYmxPZjDM/CNw9uJ4rnMHQ==", "Ox1tNe9huq3q2onFJsX0QA==", "TN9ZqAQo2vEW/Tx62EpRcg==", "tQmmf4j1ZMloac9gv7yd7w==", "5ua6yduRd8slR+XckPuEJw==", "POSFLQ5mtdC9jMcn5UF8FA==", "PB44uTo7NGwmA/fjSEQPBA==", "5TfU8//dfsOlT82byi0lug==", "tNFH1YUHHwU3vwUWrO3mLQ==", "KtIlAO0V0/KiMbIbmHHMGw==", "TK/tQUH9MhuStrQUTQS1ZQ==", "PEaU9hApxjdZ1D4R2OUZpw==", "uGPuYR0b3uiHdpdRa97mfw==", "sHu0Ihy6+HrKJvDoll9f5g==", "ThUekCEizKQbaM9qGtWShw==", "6Qa2KBduT2HgJC4kctpUnw==", "vnBlYA/0lXrfCSSYxgwhSQ==", "9Ck8qx7KCeVOhknvjhQwsA==", "B0ZJnlI3io/AXTPjqyoADA==", "XIb0YQoMG8k0zzVWHpmvAA==", "Hk/EnuFgs+4rtDh2D0OPZg==", "FPJOQAbsBSaId8RmD/1j8g==", "F54ap+bUe0qceQi67ZX30w==", "yIgeDQgyoDXR+INQbK5bbA==", "LFiejdPb02ZvCk9/k6M2OA==", "4xxaXkxeYvxr8HgxLSDyHw==", "ANawluW+m7SrGs8Q9Odgow==", "KWqotAAFzFGFp1GIUjXi0g==", "L+KHKrPvSxZVeDMiWq92vw==", "I362Vwh1x92yigOP2ZDpKA==", "0gEzVf04N4WWI36MnLXr1w==", "SFiwTqc+C9HkxslIGbfU0g==", "SBAWrxfXaQ2Ka48xajW62A==", "Bp4O+K+hM5aEmCc59xUWdA==", "Nsd5wG+dBhUvVktxuz/adg==", "HFchxDnUHv0YgEfYisGA6A==", "95p6rGNUFNsCWfXMBirOLg==", "e2U3+rnCE0yJbEhq/B49zQ==", "EGDBCdh3xodxfhx6SFGa1w==", "9XbremjCd0rS6zu/GB+mjA==", "rTV9bjfy2M3+eJBkP+611w==", "fM+r7qYMTXMx81IJhr45YA==", "W9IdHW1dLxMcDTawlof8yw==", "cLetPtVgm731iRPvGEIeyw==", "S01BJ2Ht59Iq71LsHWKLzg==", "DyteGYzEcNMaIwU0U8gq/w==", "u0MfT/CHY1AhIYRRjCtdhw==", "b3gcqhWrOMtSFjkTMyyWQw==", "AJgpOdbNJblqS+xC52p8RA==", "dpCbBO9jgzvekz9nKJpSRA==", "70+Z8jFk8NJbHxPCoxDRng==", "8BsUEMjLB96UtpRd1ludrg==", "xcQReVPnPEIim0iMTZWDwA==", "ZoK4/bCJQ036BMFIy2mG8g==", "5lHEu4ueMJgetLv/GfKHtg==", "vagSYtfX2ayPhseLZe8kAA==", "guovo7cvog/lYbVq887U/w==", "1eXmoeT5Qd9M0GiSJ3z2mg==", "+63s7h05SP1xmH1EyLoL/Q==", "sGBviOATX07Y4438NYu+Aw==" ], "HRtVOTg/Y7Pvd6wqcX24fA==": [ "WV6CLob4bxW/eDgXBTJfxA==", "cwXdqs9AFOcThYn4e8y3yw==", "oGVW07Zdco+t8LxGqPbEUA==", "oCDLcNdeKQmSOcg6w237gw==", "9b3hAQW/ubh4v6zyl2M5Ig==", "M0WxNlBrWr1WR0ACcsFS3w==" ], "HbglDdnV9yne0i8jQL30HA==": [ "VMOHtQeyAtpNyzG6HE0XhQ==", "fDvGbDNJpsxaSncFLSlH5Q==" ], "J0HrVYoM3raELvTfJ82QMA==": [ "+nrMi8U389zlK2TEsOUGbw==", "cD+9p+2eb4ubWbn/ynDqrQ==" ], "JHQdC8JdSGipvO0sCig0cQ==": [ "UVRy+pWnw+7xa7f2U2B15Q==", "AsiuN/8gu7sZ0PJCLihjmw==", "74B4VkBJHkNvj2AsRU4uTw==" ], "JaDqP2PIekJ4FuDfyPDUKA==": [ "vekzBecfH1YN/Zd4MHsZmA==" ], "Jt5/Qd9oxegZwQjsNbUyYA==": [ "C0udSo+foVK8TphEaJ9u7g==", "RLfmH4oizoEHB59VpAV6Kg==", "2A2BjgErU1GldRQi2g+XQg==", "Jek37tQeVdKEwtu+6a9/CA==", "9Yjf3Ev3R8wbqlhNdfwPQQ==", "2Z/NA7sGgadio/qisfiC3Q==", "CoMZiX0VsWNhKSQo1NCYkg==", "9vaAmbFDwko+7w/wBDHWvg==", "wlPwpwE94ExdZ/N5EaE3ow==", "7v+kCrIi/mMmyn+o9Uh+oA==", "ZPTYG1GW4N8khhdO0sFXlQ==", "atAnLiOuVhy8qyEUVNzM2w==", "BQivQt20Anl3mLgiJoMKAA==", "noUIfMZn5dUZdEKTi/GsOA==" ], "KlSRCTMecbL63Kg+FZjUdQ==": [ "dO3yYWRHtCsx6+NRjjAIsg==", "8vc1CEh/sS08VpWYipw3xA==" ], "L1wl5gEz2lzyNJbirzPmpQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "L4diUjusARli24fy/u9lAw==": [ "FkUafBj1ekysZyPIbZi5fg==", "l8driNMmALQs2/V7+uCq+w==" ], "LD9yEwGtdZJl2S96EO58PQ==": [ "RgBI11FezD5/LF6u61IQtw==", "yrD0ecVnK2Y23POHVpCwiA==" ], "LR+S3JloJQ5YEViBpmcLkA==": [ "ydg80VAiaAwfrueUhGEKNA==", "toXp/ZwNqXAUsdXRb/4DVg==", "ApGWymi9r75ZlVZNkjnd4w==", "b0xlBSDO/qp5khqjIfXlSQ==", "pp7NHxA1qAOUnsy/IRCLbw==", "iQtqv3HeCGvWBf2ImnFK1w==", "PhzQEpAkCFfaNfVzGQzMgg==", "J4ecrOEw69avIhhOznG+2w==", "dhv7M9LLYIyyRsKi71f6Ew==", "lnhGLE2iCT1nizqrTioMEA==", "ummv/ARHzS4IbQ59dpGtvQ==", "3S91ZYwiienVlUnFeIzkRw==" ], "MJmw8vClC4VAn/J4MfhK2Q==": [ "DWl94vpEWRXsnNv1XWboVA==" ], "MXR26wvfFq4/JiRamdOfsA==": [ "tJJUE3O+B2dj0YzqLSTtDA==" ], "MxYp6jmrNGPG4EUMxgtsIw==": [ "ydN/9qW+IO/7qUsy09APhw==", "Av6IvPz8z+8JAyypXmkbTA==", "hGz8R5Dny4UCIDPZzXbK3g==", "SPxMxLW2DZ8IvP04UR/H6g==", "kUo4IyXRh1XFppRDAqTNnw==", "WKEI7EQhRkCAgIF18HZjKg==", "gvOYexCvSFjRc1ovPwHsww==" ], "N4dB55YYjGYeXRj+vLBatg==": [ "14EBaSYBL4fLL4zgayhBkg==", "lQ+CMunyB1B/r/pkv6U72w==" ], "On+NX4Yr+KIGVwagqPDWcQ==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "PHkBez1UE90U9LJepncOKQ==": [ "Jx8Savf4pVqPTLt8HsgoXA==", "842T09LMtibo6aQ7X6A47A==" ], "Q+exKQZH61PI/8YfpN472w==": [ "j9SRMWigV/U3u/1hsi7gLA==", "Ih4ScPgmvAttJN/czzciaQ==", "Mo4ARlLui4P8nHgMUyYhSw==", "99Q540ZW70Bq59gE8MRNHA==", "DzB2GvXN7uyOKTXPPshLvg==", "70rtBro0k4gOrF1v9b0LPQ==", "4zvDuRN18ZTgEdA+auow3w==", "pv5Nm8Lwfq3X5Sm3cuoD1g==", "RXSYUreBGXQz5Vll3C130A==", "XM09w+ZScTz4IEN6LeAUgg==", "MJ6xN5o4V2wpv4hjMTwHAA==", "jmCYpsGWnnwiehZQL2tyGg==", "cKtHM3xMrk1VjV0S8Zl4qQ==", "L0O+Qmwnpkk+Rg/VqN7QWA==", "eZDuJI6jaohxUM7fcdYEYA==", "LBK9PqJKfCEUpttQCyryqw==", "LzfcsSJMzHmJVjI8xrynCA==", "rJHkC74NrobNudSijB/y4A==", "F6i42vx+GvZ/9LpnToKHcw==", "8ML0IVFlCjXlypnsSOqB1Q==", "vwUe6Dpe5Fb7V8GdyGEhjA==", "bzewxC8waOXL414yMxKcqQ==", "KhBWOViCuCZdWqrkDlYvOA==", "Po+GLdyrucAyVatfOmZxGg==", "sEY+u8JcXEvFyPiUDTNKow==", "wMpTUDltgKPDv4b44/0Spg==", "k+Eb8x9IQ/IHa5nSq7kcSQ==", "/kFHc0+JKhJmQT3bM6TpTQ==", "rpqh6K+YqMAxf172QUbycQ==", "Y+LzorqDQD2Povh+kyYSqw==", "XjQpmqOxrg5I1zgVKxswFw==", "6Za/T764+Wnq0wfxFjEvGw==" ], "QwKK6TG/JtcCly9jntVf+w==": [ "y9E+Lh5SpPDKe0DW19HLjA==", "AYOaUiAITXfmzrid+CR2Og==", "kCqPC9VTuWeNYsZfiAbN4g==", "YuJLEitJYK/0Cuux1rRK+Q==", "UBV+Z4vQ/HB9/cVGq/+u3w==", "dMO4fX/IkQ2bi0ds65uBZA==", "HOYwG5Rw5KtCLqSTp9IaXQ==", "de6Wm8GcUOvZ/vqX7ogEtQ==", "CAcAzU3FmPfcBEK+BF1wiQ==", "sY8NON9Vp1LES9AwtY+jzA==", "0w7yDxNwDisUMkIdlkUTZw==", "lgYZVj6kPc0Poy1meDiyZQ==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==" ], "R7K6A/Ve75xrYpD+6H0Z8w==": [ "rIk/NHa428tmc6oDgqypQw==", "1q7YjyB3mR25zvqxJ6Zk3w==" ], "RRIjgvJwJW9jZT+h6lhzrQ==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "UbJne6U4WRZmmyYLeEtt4w==", "cBmZwV0l/QLSSsoNwTuUWA==", "MYhgpNDg22nk0/HCSwm/gw==", "wO2dcFx5JhDjz2K4QDYydw==", "e37CxvNgywelF2ouwzqL2Q==", "6thTxik/0CDWjirwYbVkYw==", "hwn8HSXSxoAi1TYe+ACqPA==", "jb1tyEUU0h95jkJRbmTeVg==", "eGYBZQZGb7FuYNSi9wuFzg==", "oybDfBRpKC7mq0IkNE/WbA==", "Kcd+UQxBw37KfFkRbn1QXw==", "gl5O329psI82Wn7F+BP/pw==", "0ahYjiLWT0VE+MRcEm8yAQ==", "pl0eAtev2igDstYhHd6sxw==", "5XT+5ghtfmJFJSJCERGwhQ==", "kFbIkTDdc0p9e6ndPrAnHA==", "5N/eQ/DLmsm7yS6+3apC5A==", "owALVsfUiwMtDqenpdt7Zg==", "AuT5DLBrUT23i8Fkzi5nrA==", "0ZniYEExf5hn6bWx9CxbmA==", "HBDLPf0FBMppxrTwW+gqlA==", "Y08Ni7+TSPQ/xSSRr851zQ==", "1CDGyH/KaS7DctjOTuk4Gg==", "IL9yoqEJiA7P9oRxQrj7SQ==", "kxjEyJZKMrQwjAj12bH0Ag==", "5ejk3bhFpvIIABy9EwjwqQ==", "WzMeKgvORq7XF2Xr4q+JaQ==", "6pPl5aD/FZ2M/6Yaa588Aw==", "qYLCfB1EzRWGloOr+Ke8RA==", "QL7KLbo+Ri9Q4aoq0+/c2w==", "Oi+2EF5+FNNGg+4WyowonQ==", "XC3MXlpMb9D+YigNspsXlA==", "NFJR7P8KL9HNF/dsA5opTw==", "HiF486OoQCfE4Hwc8DTxrQ==", "/YIHlhDwc0XvwYDDbGEIMg==", "SFoELvc6okNKWKi7mExikA==", "r9qwoudvbxrKUZqCmUc7NA==", "anPJmbS134IB2gfGIWKJ0Q==", "wc5lIWGg0A45t1Tgl/aghw==", "X2wqIFGbKlJQpE/DojrwxA==", "qr6Jra3xQBxvbIQJAqILNQ==", "z6u9MfxJ5450gPIBXVMBZg==", "kRGVc4s/SuXPOfCHc7Q9ug==", "Dlv776lHnCBm01HWpf1zZQ==", "6/Rn1WFxVO6aopyr8psGfQ==", "UEgRngB2KVq3bhFU/6+13Q==", "SXF95Q57bdA0qf3iy/XSPw==", "qEQEeZkI3fZm1RmMiKeYYg==", "1/xm1gDhSpcAv1vbsLnNhA==", "+1zjTJXhgIQ5uwrI0Po3UA==", "Eptc9iAtWcHP72eK8tBCkA==", "XWfDomoStj3uOui0AGO+Tg==", "0DVnsi7oVeiCakd5LIvqig==", "DjTY6HUnX+COP0+KJxD8lg==", "pWQV0Z8XQHYl5n7sHUZBqA==", "4N3POA/rTFsL9RdGINkq1A==", "gs7k9o3a1jAc/zZ5AEytpQ==", "NPJh6PwkJYtfpkFMxFCfIA==", "HlmfsCkhcIqBoptvS1F7pQ==", "KM/iKSazFyPeIBezQXviSQ==", "F4g8Bboy9/sMyy+EusFlpA==", "zBm31RctqcDF3ITqeA/9oA==", "pfNYlxG8sY9hFt3528zJoA==", "7oEe6HdmVrscCmplGQsEeQ==", "POO0JR6PIxa5cAikhYHhiQ==", "o7U6pbXnKgxDi4OXl/ryRA==", "oQ8YhXsWl1bwUCG1x+HzDQ==", "L5u3G3ilU8/0RtMpJ7kdKQ==", "u/b1G56mYgMO4E+lYxSxjA==", "w/NMuS0o9hChTkNvZhIOtg==", "jYkhobM1mHtLOwQie8WeWA==", "m/d6QTwNzEzxGSR3T2263Q==", "eZ2tz3j+u7GWuS6rb2RB7g==", "ZZEVbWhAYTXw9FIX3zIAtw==", "F0PQEZy2PTlCGjp9J75Btw==", "9kpPzhUEkQr6h/4fDNnSuA==", "yCrfh+WfD/7UJatf+Ek6jA==", "Ht/FCT7E55SLIJNr/AHy9A==", "vBXrhxnu9HxQSmN5xWhZaQ==", "Ee2apAGC0PFcPNtPjyeqbg==", "JS6LnmY1PZfE5YxJsCWPPQ==", "mbMEAQXpYoMKq7Io1LfrJA==", "ByykkIf8cqMarBUwgOjK0g==", "AcbVYbhZ/tTIOm89OCy5kQ==", "43uaBOp3I4s6BbwM75Dtcg==", "6qJXB6OTmGgjS8WJVVTxvQ==", "ujzNJ5kQVFINisRmEnkrzA==", "kTasTqgA/HsT2H85z8VDPw==", "DAwq8wwWp0GN/p0AvtHE9Q==", "V0awGVhndNVps/Yhh/P2GQ==", "psr6EfqmKkDu2s/af+27mw==", "jcBNjU0VQp8W5rs9GaZnrw==", "kdSSzkEHTOGF0fpTfXjzcg==" ], "RhNJQyxUHoA1z70UtgAC4Q==": [ "kwBmjCC7+d5xUliMZJPNWA==", "vb7DdaxZjPV5NEcCqN9EkQ==" ], "RjsHhFfoWvmQBIu8lxYZjw==": [ "iK/w4oP0ry88Fhi1iG/FpA==", "ycihN0043OihPtrAPlFZyA==" ], "SSFXEK4vNCR4s9ImWtXtgA==": [ "GAn7gWUe2pFr7PbwechqxA==", "AUiFITCnRjRxctzqqbDeeA==" ], "SV9uo4F9Li9vAHBKYcAlZA==": [ "DtWvIa+898xLj3Yf8kKjtA==", "oIBUxFCAPk4vRXBwpcmtFw==", "sAlO/t+jkkm59mLcdOgB9w==", "gNGv6C2nj/tHk2ntVJUOWw==", "EjPl60c/5Xt+2Awh7Lu5jw==", "DJqdVbXk9Oqvq0nS8VYv5Q==", "hUC86VV8kD262xFcev0ZiA==", "uEn9qA67O/SoYHOtH/EL2w==", "mmFI4mA7exd6BfbwTUwJfQ==", "Mqs34KD77Q9uZxNX/8mz0Q==", "TiGGrcjH9zkR+9PywLxD8Q==", "RoQvxPrgcpXyTej834bT2Q==", "e/bnYsWq3UNe4TO8qzzb8A==", "oZ/2a9w+ysaJ6Y0prrNk0g==", "tbkEtEs3aa+p2/YQaD8BfQ==", "Bu9dxnhmsLXDd3x0oRPHfA==", "I3+uP7bb+nPtzRYHH2UUgw==", "oGhsPyoyEtiEHT7/0qF+CQ==", "qZqMILFWCv2+sfRyc+XFfg==", "Ar1hBHxUcHiCnqL+avGJRg==", "4LZWGm07jnOHHBGX2FzAwg==", "/MgFHW097IAGIZkNc/Fltw==", "lJ8RTw7m+AgAnWW6upSntA==", "MMLwOzBcCET4jaa3dPuTwQ==", "IeTK1HBLKpS1+gfVSPrpvg==", "CQPV/OxtJ+DwYc6C4gniNQ==", "Ve1jg9SxTDjeNdfGHjxP2g==", "uO3OOEY6W3k9QH/tNVK0LQ==", "lWdVDKK0NI1ECjrQyrQZhA==", "2IUiS8eDJ2evZHzBkLGqPw==", "UeuwcxsDMDrcMU7c13lXsQ==" ], "TANtf1h6RhI5yVQQhHFTbg==": [ "QxQ47SEMl+UFCOv8XVwx9A==", "XPUXyp+BOEJyEGOgXafi8Q==", "6rBlrHxkkFbqVRbyfq+scg==" ], "THoW7icQ9Ts4hZAkh5A/WQ==": [ "rd7C8AD7IYUHYPSfAYtKrQ==", "0hxAfeI84l0pzeedcqmGpQ==" ], "Tl6ebomp9GQLN9svWzKp+w==": [ "H003kvHQyN0gsWRXOrXzxA==", "QgyYiUqrv2nc1+RqO1bM4A==", "FyNQxVBbour86huhtgTOzA==", "qnfP2y61ycFKlR/SBnZ5sw==" ], "Tob5YtKxleVTQzw2GCmwGg==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "+SOMbfLFiy8gAeP6YTZQLA==", "7HuMMq7XSYKaQG/oWdxnyg==" ], "TzNyp6yTJ3m0O8xeeDKC3A==": [ "fbRJLkkKyAqhMbdbbcLwwg==", "Gzt3Aov08YmfW0b/CN7tHw==", "d8O/Pp2nkWZxFhUyXQucZg==" ], "TzT9ayOh2hZShfYtipxZEw==": [ "z1wZ8EsA73QQBAtKsHeNNA==", "1XwPa50Si6EKs+Oms8SLUA==" ], "U0P0dNPn1iUcw6b33AAKUg==": [ "pX9giWYBuTR0yK974RC2ng==", "qj3kMXpJzib/tg7NOcmtdQ==", "5Dh9IlEeZc9EPevqDNDlAQ==", "RdY/UQx2FGTtVn1x7G1KkA==", "HxI42iSjURjRki+uV6q/9w==", "T1160/hke2bN2YNtHQGAVQ==", "gwO7tO+7wG4yYN77KHpJIg==", "pGvoS/decJ8g3YpAYIFmmw==" ], "Uui1iXuECCOB7NgLQMsJpg==": [ "ao8l/bKVk/yRH6auM4IE9g==", "2pofu/QdlV4xoXosgfKRNw==", "zNwhU1to6ohdg5Ws/JmM/Q==", "lM6Cai1zYvH4FYQ8nb6tQg==", "MtExg9vrmkuo/+/XELnvpA==", "0QqnWQey4QRkB1tBadW1jg==", "WoF8HAs7BhQT5cycNGL9tw==", "PLT6ItGnGibNqyU7ikhmRA==", "ewA3f3GyFBJhwPX+CvDYtg==", "Nl5OfrnQ/SPbLIWCvdxEHw==", "ybg9o/djfKR8D2l5wfz/6g==", "UApauQbQz6UZdsAuW9miOQ==", "nRlBpDuWR9J0Ttd/BugkSQ==", "70Ajh2QFCXmrQTWVljWbIg==", "U7q9649W3+OXGS9kMwowkw==", "0wSMVHwI5T4EgYqkub8RhA==", "g63+znub5tyxpqqmyP8Tjg==", "B7rM39vvdeIIjmDnRAuTIQ==", "bVLJeNp3UltT+T1xu6C55A==", "e+8uKOviBSOTR4ltKl/Y5Q==", "Pdc4LabMMVIl3+kSdEepMw==", "brTmpkOORx2yJvCnkPzYRw==", "T4bxk7MHk24P39KEeRKoig==", "WNA27LqRIql90O1m/PSAgQ==", "C9NKmmH/EbcYxVOEg1uY9g==", "ZpoRIduwcda+XFGXyoaDAA==", "7XM4eB5q+q78IrA8abl57g==", "JWrwO52d5SNbcmJ2KpFaJQ==", "EUzfiOQu+qZDEDuD1AbDtA==", "9lOiMN/e99o1oI1dhS9S2Q==", "fxc/de3PyQgiwjyykMQ4ow==", "XVnPYCI1ck0zTs/Cz6Yl5A==" ], "VFldiAD+rTFuce+kutFUuA==": [ "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "qNhEJopIC+OWvXbrkilAfQ==", "+YsItiFwLsY/quEIP17M6A==", "3cVM/UH6o+8G2FMQ1Gl/Ww==", "O24do/xbIwz1BfQU4lBl5A==", "zi+zTCtHwI+xWITxpaOJBw==", "69HZBPjw2QR8kIdKeSUwQg==", "24Ysg4Ma/AJz8Z93D2PzNQ==", "tZSfr7Q1QfQP2u7Sjxqmrw==", "iACEEOg8p4u2oul22eTv+Q==", "55nFlly0ydgYROdIHNoLjg==", "sJOXRbCL0QuUC1P4v8JTZA==", "CebQRpRZjOcKyG6X/Hyb9g==", "W5birtu1clZwp55QDPxkAA==", "FUeASYCa2REKwmC0CFlz2g==", "iRvSvKSGVLHqIXREJ4Ht/w==", "ABh4yTmrbQSCnnP4F8iX5A==", "mX276ORRxpj/FeNL+3OrXg==", "aqaaxa85Ibw3RSMRWLL7yg==", "rBDj6tuhee896qgiVA2peA==", "khwtIlYEcWkkzJP1rg7BNg==", "zLUPO/DSeItPLWNqYd2DSQ==", "mXfTdwl2racpbSHHHKO6EA==", "UoBD3GwEne6Zwl54oZgCCg==", "Zg/5yy5ojZu/q0X+9MCQQA==", "GXVxiDj3UnyxgXg2cz7u0Q==", "xIqTu52elcgV5FuN0Fuj4Q==", "m+ltkfB6bwuyxpSjgAFr9w==", "5pFK2pddNfoGuwrNwC3BlQ==", "rDeZ9YqARbQ/8OcOA5Tn4g==", "s0BW8R7FNYnFn+nWkJnUqQ==", "gZW7OlWAfe3YqvPh9YUqJA==", "I1n6/nf1BmKoqYe/GXCV3A==", "b93ucKpooFuvf5DZpkuQ4Q==", "pfZcHRowGRRifIIMXAg+9w==", "Z9vlvDewcgZxmJe4Kp3wxA==", "BCUOacmvjky6+oK/3U158Q==", "Y9X/nbUFq4l8+xowG5hDkg==", "xzz0v3ajpuFhN3HDJCDDYg==", "3A+d+ITPUBtAGX1jTlLhKg==", "+xzMjgQ/BhN1jTBlVwQfIA==", "akEF6NF80R9wfgwbXmOEDA==", "iA/QQjWhvxyNLUaetWDlcQ==" ], "VKbklzwNVEem7m1iQRERDg==": [ "C7v5oMuGS9CuS5bfckNF/w==", "Mds6YkAImABVZfFVPdan5w==", "tlbehmhIbT1WwXt6llfQYw==", "grZJQsj3BT+fQns8dkci1g==", "pTT7g2z3OsAYgdVqJMZOLQ==", "JwRn6LaXs4DLH+aotGHcIQ==", "RFeq5rwe+sxgyWgUXeEitA==", "sEXYrXIRghEOX+5cKfh4HA==", "HMytRAMTGJlQRfqVbIzzVg==", "xKgvhqTYvQwR5QWUkRuf6Q==", "pvm4gwkuqzgisbgZu1oTlQ==", "w/qPRfgu7T1MbY4EuhkWZw==", "8bMBj5vTG1tOpQ1wuVD1bQ==", "g29pa0L/tOFblhQQDFeJbA==", "7aOJwf1br9gIaC1RH6UwDQ==", "8m+MeF1Vk+YvSROjY2pN5Q==", "oYEyIJ07SURdsg7rK6qrYw==", "U2e7dgKDqk0OlJ2oJw2iuw==", "jL7k69KOM8ZjTH+gwznwQg==", "TTh9HGJJgt1I4lhDqtPBIA==", "k/RAvY71xpuUVrSpsGkYlA==", "nOD1OtMP4aGP/bT3iktDEQ==", "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "W+js148eF9SSUbrTSIRvOQ==": [ "EHdSTtZdfwUmOpf3vIeLWQ==", "5EJ0MC7TgiGIlilbbiOvfQ==", "dN3ZkuuHRauklH+tfqwFYA==", "Ry6vRm+cs1w4rnhTcw+4ww==", "yV3QixxBrXQjuo0c4OIL/w==", "kCgZMoKRMbRx90oiE7jJ+w==", "PYQ8GtvInfQ411U5gwbErQ==", "Vbqm1jpiIiIM2rxq++FdoQ==", "8ez1JQpqUyVUQaplF/dpog==", "2n2n++65Q4X6kZeNZUZXMw==", "GpJjElMhBMa2ZIh0g/0hAQ==", "lWKRi6BgpanbsQgeIct91A==", "Ws0fZZUTvLi37jSEx1MM5g==", "IH0yoiWyuDmG+HH8h9dKLw==", "NdlKBrj70+HY4gSgv+wTmA==", "1ylYMOLaPUA6xIkqwKBb9w==", "a9FllBAJiFi5FeYl0KG4aQ==", "aDJK/oIxfKTdGBwKif3CBA==", "Pza9Y2xtH9MChVMkZwgw2A==", "oqSc7q4k6wTno/u9knscCQ==", "G1biuc7MPjr1XA/l1R5EPQ==", "JLZyRakMGnyMKNtD6nnqpQ==", "8lLGaMUZk8kOHbicsIjPjw==", "lh/EYac7XXFvwJr7gkU1TA==", "RnzVpoLf3gQvIDiBFFXm6w==", "ZZLfaN7MH3nRy8BlgA10kg==", "Stfm7ne4Ofst02xkZn9K1w==", "P1K1eUbqwgam0P6f7iB/IA==", "wjPVtpb8yNf3j3pc1wfy6A==", "kRa60N9SRvgjl+iiwZ9fZg==", "zFG8iDklz8FcuYliYZGkqA==", "d9qJI4TyihrqXixZ+S73jg==", "/m4KubgMsY+Uf3GqqbY5Og==", "82S4cf8ecOlHYb8LNQQn+w==", "I44fXMfux3yPYaBHaNxgsg==", "UsTHWG7fBbgk8T9K0i79Ww==", "WwkM3aNBW0LnenEr6xDxWQ==" ], "W4amAY83CsyR7zQ0GM7zsg==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "WCNTEGU4JEqQUNwdkKkP0Q==": [ "3O4R28kD2w0Acw7XQvAZ3Q==", "gmo+iv72N8R3ZKjUbp9DXg==" ], "WIBkwuKReD+vnev0WY88mA==": [ "Mo/R2a7u4vWlPy8O1jH7HQ==", "//NR3gdAYSoDJ/e4qJeTJg==" ], "WN9YKonIBKVWuMNAg76vrA==": [ "4MoaZecth+9t4X3jdykhZg==", "0U0p6zwok5l6rbIxjBRN7w==" ], "WXfnWfq5UvDl4B0hS+0enw==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "WgTBt6b85L1bF7WXV5bQRA==": [ "LMrJ8zW3vxlqJrvFMbbCGA==", "YgwLp863ho/Lz7XdBK6IXw==" ], "WuHt6bav9qTQn9+qCLLu3w==": [ "ZmOheSIAULld8cF9POTj/w==", "ulsMCA3bm5VANCxYIf54Zw==", "TRd8qEGSmZkjG+mmOfTmTg==", "vLgELeoIueNM9KX5ZIMtjg==", "ssYEt3aOFwnaqoufFlsCAw==", "ZUoGCxFJ/+PUPUdg60izwg==" ], "XD0JiZBKTweysL9d3sIzpw==": [ "eERb0a2u5NJoo8XHmwI23A==", "LULa++Og4kM4JJrQxnZj0w==" ], "XMPq7+46c92RSax5sZ9PZw==": [ "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "4rkDoNFFNCrcnkPj+GN2vA==", "fvxiOpnl4vL2UcobmeaYnA==", "1NnjgULlQBpIVsNocYb9uw==", "QNVm3dpa9lFJUb6FBjjc1g==", "vbUGycVGGL83rd1I5CfHuQ==", "NoEVAwQMgkCr1UvAm6iQBQ==", "RfXeDDRCykmZZMDXVfaGtg==", "VgTIKWxJpYFkd788UcqT3A==", "cex7jEfdv/MaWi3px1ZgxQ==", "ozbcadljjD/zIm3hj6kVaw==", "P0aqIEFHW71uwsNt2kNw4A==", "xoMyxEWbrnIOZWHnwVuShQ==", "by4qEj8r2+yQ8xw2ZHB4/Q==", "4YMcCEsfWO5KpctoAqwrFQ==", "uioq0s2+upthXeIfuu8dpA==", "zmJCk6ssM8yXKzXcDFtbsA==", "4hX2FW/Yj9HDbKRBqrhgdg==", "A98JJ8FAQWnMhx8Nb3TYXA==", "kQEcZDAS6Ka6J710VZUH9w==", "9rfGlkZ9WMAUo942FMnq5A==", "TU6sUeJdvbpf1Uxt7QBVXQ==", "hYg6jGCQ5Nuq7UsitAzuiw==", "vwdkC2aeXSkn642Di7lXbw==", "r35oOcTyVY7X2QLaChkjdw==", "ZrKcftBnwBVZKQlRJoJcLw==", "lBoi08D0xA11v+agRADO8A==" ], "XX1gx35T8rMzed7p4qESdA==": [ "cSPoRTB3BjDaa16wszdN3g==", "rKpZxH2tXrNLthuse32FWg==" ], "Xs0UZDLX+3bz2vT+iSJz7Q==": [ "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "5xW5MMwESxiksXgaLrFCnQ==", "GaZVgTbcdJiJMvdUeofqTA==", "8Zz8gP9QPTYBttUQXDeNpg==", "e8Ba4iAzVtDvrookiM9XAg==", "nNNVXLjFvnegTKkITfCBuA==", "FdtzK6tyT53moDNlzBGPBQ==", "sHvGKpRovk0D6WznAeRDaw==", "iveVedfC78Qk/6ltHJ21kQ==", "9SrODyBGF+py5BfKYxVllg==", "x+E+r7arkKvVcXf/ay8rdg==", "oVI7j6msaWseNIkn6m/3+A==", "5/L+eT1BzZSWVW4ZLUXszw==" ], "Y2WVn7YbALZNiKrMVF83bA==": [ "Rm7aeXEOy4+PSaaC/AfGyw==", "O8btQzgzPf/pU7XfP3wqPw==", "9lxLFgIezXSh1WnSsRhwNQ==", "GJy8g/4zoy4CPDvWLZr9kQ==", "34lrKmSrRttv8Ef8QZo+Cw==", "uGxAJHfmN99PtsQCJqV/nQ==", "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==" ], "YRfO+WACNVQDTEO1DaRoPw==": [ "Rs2w9Uui+dW2Lg48Ml6jpw==", "fwfAtjf5gVRneidAp93edQ==", "2SApI7oHpcm9Z48+2Hj11w==", "Kqq2xlybjD/tOLmQWu2xPw==", "h08ca9AawAYymWtiO1A44A==", "VWEbeFnFOHy1IkG21b5a5g==", "xxrOMZzPk7ETmnvrIjBo0A==", "KEWGfOVGYNjr6kNjpQx0qg==", "D4iEHIlb8qk7qBBIBLV2WA==", "fcEhBEQT+7+nxaOwZEIInQ==", "9CmH5Y/MDHXGbta8UBA5HQ==", "NLs2bAzfO2YzrBTddmvvkQ==", "9ca/WR2Db6VUKD0h31yyGw==" ], "ZEh/5caJmj5WMgoK5/jyfw==": [ "KTLyj41W+cHfjH/HBrA7BQ==", "fHxgcXxpn2MkgE/aUd2Vkw==" ], "a0GQ0ecdg5PXNSF9I+cGHw==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "Lcg+9plLPEAo58BHKBlIGw==", "QznSXY89jmEtP62PhxgH1g==", "JBIWl7TA4AzjcNVfFPjHaw==", "vc3i6DfzTVpLFX6x0zKE4A==" ], "aW0vfCmvp3ku6dMkvaoZGw==": [ "FAES1XlWFCETbKQytoq57Q==", "2oTX17kDUCTK4lHB98r0SQ==" ], "ao0mLJHwgqEhua26lzg6gQ==": [ "helnYsRUBV0VLNZe0kvTiA==", "L/8naYULbNo7VCB5WzvpDw==", "4L3dk768qs7Sg3jWyr+5Ug==", "hEt6vsfHYq4kHELEO5xWxA==", "mIzvIMMUHDBMdt3eAx+4Rw==", "okW8xf+CinO7BWuM9dEk4Q==", "KwXuJ1mZuqgv14dKI+DdIw==", "l3j9C20yHr6ZHIXLApzl0A==", "9Bnr48B1Gkm5b1u7nixqng==", "wBC264S906jsJ9EHip/24A==", "DGtUYJS9TDm0sI7Gw7jCuA==", "alSeOMnzCu4eh8h4VjVrpA==", "ZQsszFOlqLuLyfXZGfRKxQ==", "1sD6TJmtoMKm89Mo2ka5lA==", "0bsVwLbC3DjqoPdFlpHGrA==", "USroe8+XCxLDwAOkjWfs+Q==", "FrIXKuepXZdWVsQ8gu1YHA==", "mjV/DAgymXlZYSj9rj04pg==", "lc0ErrFagkcQxsv9AGKTjw==", "eKvGCJDf1Iytf5g2d8kaFQ==", "5MGCN705vR5eWycZyFuYJQ==", "H04yzALMJAjmclexKFeS2w==", "qQxzRYdLEwZ+uwtq33H+Uw==", "8qeM99NPNtS3R0CIVDnqTw==", "DjpSix06K6wkPOmaLpbGWg==", "c9kKQdmqE31JfE8hW1jBfg==", "wSNG00q+az+IW0NBCU7MPQ==", "OvvtykNCZtfooZWGyghXfg==", "EB6fg0YbdpF3FjycPEVN/Q==", "g3/sX4CO9sGFGMvToQ+how==", "AyHFH4N7lNUZlwVfgigcMA==", "FV18DPtJsW6qZZIHDbkGJA==" ], "arzS3GnLPLKzM8xRPFnUzw==": [ "/rVEaWl0l9u8biVEKbZTFg==", "ymBGTBftPxHJSbwAfx3uNA==", "1VKGbptJGVhPmMaic8aidg==", "dkB2JDRx/pLwN9EbsYh6UA==", "xhnxsdmWc6+n3gUj6yqBpw==" ], "ax5YZqtoTsGSLh5YAOUDAA==": [ "J/vqYu1qTz7dsS8oVaCTTw==", "vJceii8mKrpQPBtlAKleGQ==" ], "bbOmNWQZu2GtbHRNTT5LbA==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "bp0rUgZ5FkIYAX2aEVd/VA==": [ "YmjsPDVfe7xyjGwOgJunGw==", "QXekSyzWiuaI8YTxDgngHw==", "H5HU/YMXz+3wwSlUv2hOEg==", "WKC52So9Haaq0Y0pkIeTJg==", "qsn7RE1KMH045/wAyIDw7A==", "ZtlPcxFiuXhGia0ZM6cNBg==", "8efBqSZ3OYqd+nT8a21FNA==", "OXr+UvfSDAQbLGP4xOBSMw==", "Rd2hVVbUws+mcvoC7DaoiQ==", "TIcWaTRsDD52irGN4xUQyA==", "GXMpRf2go/wGEbwpp9BPPQ==", "T5Nghm4crNWWnUrYvZZItg==", "BfDjqoaYrd0NKCGGxtokTg==", "tiOci2zd4htCAwtqrJPUhA==", "w8af/LTYrBLWhYkZBSi2Lg==", "Ah03jmj/7fQOqUbg05PtZg==", "rJljaCTiTdw1uI1lvfy+hw==", "2I/0B+uXhxpPJWXGwNGlLw==", "6o8ui0RxMttDzkyqTDO5tg==", "LkJjju2s50oKpBRyBT8s0A==", "Qe1reyLPtQVZ5wKqKa9jQA==", "s2uSNGuV+OyVW2eHDGWWKw==", "cMY+6QfPqyOZE380Mf5rIQ==", "9avTgsTrB6zaN8UjZ37Wow==", "kTyfGInwWoCVv7gGPYCF5g==", "1WQ/LJu/kefEuHRv58l0Lw==", "MLyBE3p9/9+LMOMl2JBi6w==", "e7h3lwyDkLbzwbeza9/TWw==", "2sm08sXcjWtT2Gtu3CdSug==", "2RZ3u6UmceVG9iB/xb73SA==", "QbgvVzhz2dr5BDvAUM6wFQ==", "rR226S9SV4WbmIVotM0CsQ==", "GfPY5zBbHJQI4ZGaDcJj2A==", "cjoCrbQlAeGxtTPUlcMPuA==", "rO5a9fYyaqaIZ4bH0M8fdA==", "bh7RRRlNP555+LOFASdB0w==", "Ob+LJ5zYHnbjt14Yf8W7UA==", "Q0D37bmhhLGtYILIAMgFXg==", "gGrGej/Pj6/poAgebFb+dg==", "QX9gQ7esz1e73iQHmwojXA==", "GnBCRP9H+R6do428z3nOkQ==", "NeZAaBfGrzLvaMKrJL7WlA==", "0YVxD0vSH+0MhijemP/Jmg==", "SvhQ7tNvl6ANrVnaJ4cBNw==", "zx97OaxgXH8j+mFWesQySQ==", "3Lvdmj//2sze9S8I3n8yrw==", "aQGx6Am8fU9TZmcyiMNL4A==", "JD0llI0bGUOG/VBz+9LeVQ==", "kaUbMItvWrS1leJMEsAk9A==", "19Kvl4LS7MCiBo2cRD5fxQ==", "b2xf65/2S45gOxG8Grxy0g==", "YUwZZ9Cg1FloxBZV60vOCg==", "cxMZ2TEnkk6RdtuU9fDThg==", "7AoZZiCMmvqX9d9WD62FnQ==", "eekbTUpqIafepE8Hfmhn6g==", "00cDk2w3qfvdzMbO27c/+w==", "BS5Qx6nN3HmM64VVoKmayw==", "lz6O0nYiDpis8SScmTUuSg==", "g6spFzT6DoopzuQCE0pjRg==", "X3WuoMxfqKQH/0bF7PkAAQ==", "3WRC4Vl08/leTJ1MFHuCEg==", "DNd0sdbW83acQbIl3FDaPw==", "Y/6FiFNJ+h2jXNTlPOzrnQ==", "5D5WFK01Su4Lrj4hhwDYGQ==", "zAQhwfD+1kpXY0CwZC6HxA==", "2UHqEqfMIIn53NkDlDEppQ==", "ylg3k+AtgUcIl3hJiXNMlw==", "dO/rj/SVo/ZlfJAB2ajOEQ==", "I3vwwgMxzxWo15otCOgvAw==", "o8O4Ttqnv0lQfm1yyfyVsw==", "+hBhqk1qKnkU+nqn6a96qg==", "tLSR0X6hQ7hvyPbBXZslBQ==", "oVgcRSL89qnSRkMXpV8N8A==", "HlOu0EmTxHkjzmJeJEuJmw==", "93O9BjbBwz1jYmTNCzgkUw==", "h+nOQU6khNxAH7kkGqVqkQ==", "6asSIEJz7ggo9QEXpbSOYg==", "AIlN8RmMOvhBveVuVAyHQQ==", "w1094TrprBpG+5TZJus6FA==", "XuMP4XKeqFlYH9jgvFKXXw==", "6dwQWrojfQ/1hgTT2PQckg==", "u1caIbS4Tk6y8c7sz8Hvhw==", "qWK7H7gz7e8gS19GJSeIIg==", "W0TAw6aTfwXOMlJwloDkZA==", "oyvtOIVUDqm1ruQx8vhRhA==", "+PjI2yN4wCMPyf1oygeT5Q==", "bACUKZThWu3kcO82NfO4eg==", "8ge47rqVvHaefMV4OlZnlQ==", "XL1Nv8y45q8aiA92A99YyA==", "0v5F4x1W0RxkklLvRs6NKQ==", "JtGggrfMckWn0xvfWBMJJQ==", "KsboTEAsiwsdLEKIDivkyA==", "0bK7Vo3x9SXQYvDvMmgzXA==", "qEhRdzGH44SGjJIcqcIv/g==", "zDmU3WG0c3AQYw7NFebUCQ==", "UBzPfwycyyJOBETwdSTG/w==", "JmKf//IQj2eMVJFTB1Feyw==", "zoCeQAIu1TFmWIYHnlYddg==", "Y6TEBwH0+CoZ50j5sQV23w==", "QgRg8usqYLpC2SzTmhUKsQ==", "KYv6PwzjV6/5I33cZ9LUmQ==", "/YcdipQjiqJUDpddwhDiIw==", "hxluEp8Si16NQcfaJDWcLg==", "+uMSPU5jbqI0+jsP/eX6PA==", "6MW1lRUdNNc4s+6uD2JNvw==", "uDfc8ZaPfrhTGcFwVaIvAA==", "r410Z5X0yojDsVg9YVcNqQ==", "X10PEbhI2yv6KYFUPacecg==", "lHLNxD93t7uUJfmDhNwvCQ==", "HHBOKYlzeD2Busv7btyBAA==", "2luu38jiVQvy6qOXHFgpAg==", "RATpPhLUqjEbe+XxyYxOOw==", "qug1advw8m4TjVAUPEUPiA==", "qYORp6v9x0Jy6S8OKerZvw==", "s6kt2DqKLHgzYSGciPtGtQ==", "WACsy7vAhq3GJRyxAuj7NA==", "wn4STzMt4ytbVHyERUyNoA==", "1Iwd54Uz+8MDWoeCI9f7Iw==", "ThjoilITJToSra2xx7nmXA==", "ltryu+P4IG4b3EAJKjyGHQ==", "75kzXqx/LGJU9hkFlgdGGA==" ], "byfHs8LLvbAc+YzK8+QmXA==": [ "0EBjG0eDRuUxNmTKolYVYQ==", "VdavXNeRp4EjkXxldYSiUw==", "EXWaDNivW550gBh9Dm6gCQ==", "gJ/fF2D4AXb0sjRGNWgixw==", "GVOb0whjVXBMMGVZhZjH0g==", "8OhIIjb+vwm01NjtGgcnDw==", "SWMi5UoagLshKWAW26MJTw==", "SsFE9yHqow9BNx1O4nMcCg==", "eoZiXVXIYF5HZwY9O+NvfQ==", "5zg9huqgOp8E89z3dxtcHg==", "1XBQq3flp6UCNWfTuRjE6g==", "kMB61Eclf1Qb2Suk3JRmXw==", "8eY8PV83CN3R/MV2hK7XHA==", "V2C0OnbFKs9wiV3IrUOPew==", "gqWTMUdDL1db9YSLA4qpRQ==", "wqIGHEm21/U4VCTr0VeLVw==", "FKuvvzZuxFLoDaTeoDMGIQ==", "OUOPFj6v5qm/F5KSXf7dVw==", "yubezWiwTBzlJyfKBBah5A==", "qbsbXExNvRlblIMDPNkFzA==", "juRvPdedfeoW/YVn4PBM8Q==", "k4dDUqBohIhzwbUS8fZiCA==", "4IznDha57aCNWoI0Hc828Q==", "1BGBx+ICmx9ndSR1J6c9Rw==", "DDPdyyhkyoDS2Vq0O3We0w==", "SKyAPnATFclliIE0mjtq+w==", "ukBMje282PDzxzC8wCZoJA==", "cm/gvI0AVbEJW8SbZVw6fw==", "vHIEJpBGkCNiUPmahPyLqQ==", "C+2GxqMTQEZYKlJYDQE1Pg==", "ZBDjl4GlHR5BEu3WvRQHHQ==", "y5N73UEFT/BHwjJkVAx22A==" ], "c+W6x4Mcea6sasJQFpayfg==": [ "ryPu/punYtMOzifbFWj3Xg==", "cr4RGJYSJM2QUssm6cAQ4w==", "XH8pWtqEhhBDhQuq+NWhvQ==" ], "c4cAHnbL6QvzxTWvSxwSUQ==": [ "/KRhrFyFO2WBBj1/Wnbnrg==", "4iFNln+X4k0SeUiw/ueLUA==", "sQzygdvKruRINz20KeXUpg==", "0DSgRHOq1OLwMX3biKMcbA==", "UcI2WjL14mHQYOfXIkpuzA==", "e91QDoc1m7i0h9Urg1XIuQ==", "UTm7DZVRUmqWWBx0Js7vCA==", "HW1HxtJFrKBktMKHARGGeQ==", "9lAt/24IrVKtsskC+grSQQ==", "sa5mIA5TIgDDEs7v0PwTjQ==", "5sY/WncZRmQ7FUzZZ4kBfQ==", "b8cX6Z3ptet250uYs1XjIQ==", "h/OVEZRz5ndHYLHsNXXXMg==", "d1j+WeBwgxUY2DD8tjQwMA==", "Ec/FYvTTz4riEqnQe1G+Fw==", "7SyD51cUTMP7ddBSGNw3Iw==", "LKHvKuMU+ZaZN+c9jQoc8A==", "Dp0x43cNy9IQTCa5Vb7Uyw==", "9U8BTRqVPM+WCls5RolwuQ==", "c/TMKje5Txl9grWesV+S0A==", "Ayn8XyGcXwYPR+J1PSWdHQ==", "O7l2OQQ3NRM4VNrd4YvEaA==", "SqKI5VB6698Nen4zsScUuw==", "pHq3XsQe5Y157BuUHMufyg==", "CuWE9qOLaSI+JhOsCiY03Q==", "nzSVb3AtyNNflDi2DJAqSg==", "DI7HeHo8A/itZHGTOHOQIg==", "RKG7TR5VLN5EK2rg7nfjuQ==", "flC/+W9ll6TqBKBRm/YUiA==", "U86hsRMcoSpvWp72aUJNFQ==", "h5U/sk69K9TcWs3P9TuKxQ==", "8ImlkqI0B9hvKdKXJLla/w==", "lH27Z8PmZeo/EM/AegpCTA==", "W01A5sOetTjsV/4bYawPgA==", "DlS6uDYchj9S2LQucQuZxw==", "xxrk6qwvf/BkNdal8rz/jA==", "x+9X6oSMihxrE4Tni3a4Zw==", "hjzu3I+m68mPWogOfZscVg==", "WOIdi+BEnCeSEkfRBmj1AA==", "nfRozYKxaq/cbStnERagAQ==", "+DDOZxWQYsdNCtZZs4LB2w==", "Fys7cTDgnkqkKy/A1tAWPQ==", "Bua36N02B8W4H7+P8yixkw==", "nVEuAeNYaydUTqNE5GOm/w==", "96QbNqFHhG4RmHyIqvnk+w==", "0ZQtBpkFjRCvM3RNGGREDQ==", "UjXmsuFAyS2A1LN7d6S/5w==", "yOFL3ef2F8Ux3GMySAVXxg==", "5RT9+X+8xx3rC02gOnVsjQ==", "Km0Kj8/PT21DcOVckLYRyA==", "DrIpfcclD2b0iXSNtu+I6Q==", "Z5H14Z81HW+BVvKWtV5kDQ==", "hIHRMVndQh85jnW2uCawbw==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ], "cGWkJkC9Qm+QCP4f8vmD+Q==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "OJ5Ok6CMeJ8/3txCizz4cg==", "x5MnAXJPkWBC+zd+i08Svw==", "vdokiHWKHEv0aYbydeDs5Q==", "opnb226IH8+SU+iAVOx8hw==" ], "caF9WsICRhpk2jJBTv5OsQ==": [ "x4y353xwTKkgu0582Qh5wg==", "m94VQcvA5qigjAcL/i2L2Q==" ], "cj0M8yBzJA8j5tTGHOqDIw==": [ "5AQXXWGtKGeqoPkMqmVzTg==", "FAoi5hf12Vg9h7NFehHyBg==" ], "clGQ5Kq/RKZZziBln/4BLA==": [ "R9lgi90skf6A+gEQ2Lu8dg==", "koaJtTt9+fGxG4OSw5hxFA==" ], "dMY7Qly4vcBOdARECvhzxQ==": [ "M6ssHrt9pKPpEPr7O0Tc/A==", "ac4lX1PsJ8EE0cPV3DeA7Q==", "/rVEaWl0l9u8biVEKbZTFg==", "EcsVvJ09ys7NpdNzv0A9zA==", "IbhdAqkTe4EMzAhoNvBoZw==" ], "dt/eA+h8BqXPeZvbQ4xjlQ==": [ "BEXy4ijrTQIkl+xEVZQ61w==", "RPWIFXazUxYQ5Q1rBYTqdg==", "bpwdCug2xQZhmaazCqwIew==", "bf41zTvm6HAv6xdiXpwGWQ==", "pvtiIO9KHqFscFbvNo86Dw==", "iAZzrtYDqIG5uluq/FjhDA==", "q7IyWv1MOsi/PXOLUGKElQ==", "zH/R3mCgsX+vslxcP7p4cg==", "cS8BJbrTN4Z2MOJCTGMR8w==", "rcUIg6JYVsZx379+fVhSVg==", "uWvHibmfs86jbjyb5h+qpg==", "sXReFixXG4Bn4+eq/AJDBA==", "XEhX6upCFgCYuF9SSk9Iyg==", "HrQTGWot7zXPyYbisnzShg==", "SKOD3G/MxX5t9s/HjT+ehg==", "jvIOr2cGPChl6X44xwkz2w==", "gIt1VKjk5s7zkgD1H7aLmQ==", "nPl1VYR04nooFy6e74yZlg==" ], "eJ5VkZHE2z3KyF5sFEKj8g==": [ "sFUeaSTxmIP9ksmZtDFy/w==" ], "eUjbBBk9e6ukjdxq7Ysc5Q==": [ "bDvGK7B1/5BJREOCtiSQyw==", "BwQexIGmUvV9ONa+9gpe2w==", "xmhlBgW9Qhx+a2k3SdfUzA==", "lv4eSxX+AEAW88phUmOolQ==", "L7bRdQbudZhoHiefk8z45A==", "14Etv/7765FAI8QbzsokBQ==", "0Tr3QMpqaFB6S//rbJ/Onw==", "GeI10LHPuNgyyt295MOmIQ==", "wj5w4kQEe9iH2tb9jj1wEA==", "9RLVzTylr5Ocdbql97n+1Q==", "C2ejCCBwa9n29Fq9gpW/sw==", "ZC2BsE3IgWbuyuu1cz3YMQ==", "y1VRnBNNx34t1XvqjEl7IQ==", "qB1uVwi5ydv4et+JpGcenw==", "s6zRbI6E6xMFwOoLRjlPfw==", "fwXkQZwZsVuPtoAZBIG06w==", "fjsXh+vV+qSWYTJhGoqerg==", "+pLPiYWkQ9M+8Zi7lKlOZA==", "RDlpzaleAPnYWwZyjvoRug==", "dkvelc7KXIcNmlVEKWwOSg==", "NUj8ykIgUTA27ShVMCBysA==", "MwRbFLckfwf7ZXLrr6KBUQ==" ], "eckWZv7IBjaLZNS/vZ1gWg==": [ "h8RB92Gx2aWFJ7WtAQ4wDA==" ], "ey7Cn3NmMZ6qorZvUccGqA==": [ "c95Jb/MAeM4/Wnq2jSIopg==", "GDAkupnsjiTl71rwzH5RJg==", "A3ZYVQ8Z63tDAx8FSltQHw==", "3skSbDjTQ02+eNiFJz716g==", "X4CDljJQJsftQ2RA57ftuw==", "7jE4UN8ZNzWXfNDZ8BZq3Q==", "ws4rNVATNtezkRTpFfdzmA==", "GR80zW702W+xho6dTSNlyw==", "Aet749oXCwhRnnY9gEGYGw==", "JvC/rVWSiuNeMXzeTDRZHQ==", "1I7VtxkB33ashDX0kB4Teg==", "Ji6OY1u39nJByKzCNwfpIw==", "JVuTqfPwohmj6ucokgM2sQ==", "J1cvee8xy6oZDEdA21dqEg==", "viJWUTYaczSUI8knrOEDyQ==", "AYXw2VaylssI+NkH09HL4Q==", "Fg8qijPO2mYzPczZJG7NiQ==", "bqKZTtfId9l8zdFZE/mZZg==", "PRErogcN/aXkh7DLlBPLlw==", "uOeAKP5ZyZtLLU7CjOuFcw==", "mqxlcVJc3F4dPOTEtUve1Q==", "0E3jDwz9OiQ7ty2SI9zDYQ==", "scmQI6T6oitCtZW5973ovw==", "mQKKxdEERDHEVyOMhYExEw==", "0RLigWktH24pjgFtIwRH2A==", "4vS3iu8lvGukFpBFqYCdVg==", "ra+5M5K0yyS4TNorJBFVYw==", "LBzBPjCNeeSOWXyc2o2hnQ==", "xvZ+aaak6OxbCE7Nu46XhA==", "roGA0nQUzXWg+M1vb3jr3g==", "5pINgBOJXOluBJi9rQyioQ==", "39KBEdrZX0FwGoQxYgkupQ==", "cje1a6rWyE5Ko85v8goPNQ==", "7FDf95fwOcyZ1YXNVDIx0A==", "IqAfwTRGJO3I/HkfDNLMoQ==", "9HkrQyk+mvh4YcyBYw6eQg==", "kiHPM08GilYyFXQYDbdefw==", "pGkOHCsusTyFHJ/G9JGXiA==", "xDXpto7iDgv1dyFWeDEVcQ==", "IaNq7BGSUI5KW7kcB5RXdQ==", "wfyGNkRP1AKTpRqTPf0oQQ==", "HT2SNCYX7dkF36jwcJ6tBg==", "3wYf+EaP3IAW5wHFWATuaw==", "wN+C2Zg1myHVbcMR/36bqA==", "QZ7uKIt3KkZJfzRLCLWsIg==", "ECzeIHiPGDDmiEUQjBzFxg==", "wgjZroGG2ECX8FlIRRqZmw==" ], "fTz/BbdjDg+PD+HvcMlQ3A==": [ "EhgsZTFIUAr2YMmtGzoFMQ==", "EhcxS6FJz0RDq0+uuwuiEA==", "fyE+IA6J77V4hC6QL4QCJQ==", "gg092DB69lXLcZyDPZ/RtQ==", "nS4rhARAcjvkSY8dJUFdOA==", "g2+VTeiFdddqhRpToXK2Vw==", "9/6RhDAFXPVo7L6QeEsy9w==", "Zv+LSqi94387CYLrb5PiCw==", "ltoIfsso65jjPxRqV9UMRw==", "UcSRaJxHOHBFxbLpeEwTSA==", "Zc9mVAa+SgrDGA78Zo8GIg==", "S2kC/8+NtHD0EdQuoPqXlg==", "Vl7X+IopOqzOWh1MyUOYCw==", "LczpEojKeJQxs4tAiPNubw==", "sVTwqtGyRA8GgZdyQgXnqw==", "l8z3hCmcLYlZgxzha0zw+g==", "nVgNlf1p1N8UKAkTllJrCA==", "AR31u5jCzWyawCxRWBepmw==", "7bYXVEfvDWEIL53s8ARxGg==", "3SaNoRivMP21uU5flMCqrg==", "YPUY4Y/POEizUQSOdGH26g==", "du8AOXnNlQgdqsSZceyiaQ==", "7czTMSwqOjLz2LigIYHAeg==", "vceRrCjaQs4/Tb9s36m+gQ==", "p5Ki7Z96ChbT07EZ4WnnKg==", "ERpg5QsiyVdbxyySZngvaA==", "U06t0kkLaLeKpn0QxtZUSg==", "YHdZ6rml8dKQg9XmpjCrnw==", "AfEBBMV7R48kk4frVmVcAg==", "cgUuYY1sKP0jeDPr/wEn4w==", "+dqw6lT9TwTTzMp6O2vf1w==", "sx5ziSZauoyjmcMB827V/Q==", "7df4FOgRU0BSF6P5QJkjaQ==", "DG5z7r6LqnKlVNwHAxeXgA==", "rwX0WRiXvDcxdTv5pslgxw==", "+YVz742I3o3v3ix+O1wb3g==", "peuiWx2cfvlg0ej3db5p4Q==", "qcGz8bluItM475eimPK89w==", "7MUqmqmB2hEWys43ktPpcQ==", "xsiKeHcIwwzMLDEPFdNSFQ==", "NWqPMtB06drZmdGhOgqvEA==", "7cqLG7sQEqqh9WoHfpekpw==", "EFfUhTiwNATI8s7BT2T3xA==", "hJqH5PsFQ03HT/LzTwaCXA==", "Yp6L2DOgQNnvp2uXVvH8NA==", "l7gfVyLrNH9qcWdXdRt9Kg==", "UykJtPxmRiaRteAhKYbbOQ==", "BLPjiJKh0zrGI5mH+bPIGw==", "Sw8bDdvvxQW2LmbjS6B1hg==", "obTTrP5oWTTgSGItpJqyKg==", "OlhZuHzjnGJlFRoEEZLvZw==", "B6kRennXxnam4nW6s2O9mQ==", "je5QkI9XlXAaLqMv+l8ztQ==", "3hB+Mhm9+7AXsO3nGoz+Pg==", "XEJhztOC2qEngMnVDsmKtA==", "NObEgWpn6tAdrn33X3GoKw==", "/SEhubz8W4ZKbKg2+yh86Q==", "Bp0jmZLVDqekxjq/Mq7PPA==" ], "hGxLNL3q3tYYzz2uKfKB4A==": [ "y1Qpo5IDwj5DRizBbMgltw==", "DKQ/Jfye0O77T1m4bCFM9A==", "0EZfEnxlowgJ1Et69rh7Fg==", "5xY3IHUogqpqvbFwiQURyA==", "MAL36hvDgZ40KRvk279OJA==", "Xrz5/LPkSDdzEfbSbOXzZA==", "Aspz79uO5bKpApwSqMsL8A==", "TrfUjn7Hi6JPe4l/9tuyAQ==", "te0mQBJAxCZ9Xzg2xrzQcg==", "f6muqKqBGKMbn75htgvMLQ==", "/F62/Gd7cIE4aLRbxVnfCA==", "wTqPXpGv5suIYx7xVHwxzw==", "iRRK+UGfH5YqM+4LOHExpQ==", "4Ue6KfIGD2Yqlg6OG87Bzw==", "u+eDY1Q5WfNp0Krtzvv+AQ==", "RJziShukaon2ShF1sKdneQ==", "PDkkYuYRnbObAyDWKDapig==", "ldTn/Q3i3BpKZ95U4mfrcQ==", "J3RGaCFhZHnCvtta/VAJIw==" ], "hHL/OokyETnopazrev0shg==": [ "OtUtUn02ewCzaijseyEVUA==", "u6PjuomLq+nVKrTw/0Jyeg==" ], "hYEisV19Dxn4PvCvxJFm5A==": [ "Ygj77GRBaQkoNVODBO6xEQ==" ], "hasHd85qN7fkJeIIqjjDow==": [ "XPUXyp+BOEJyEGOgXafi8Q==", "92O2+eS3W5hGvsWPMPwTRQ==", "FecDYUjbiWlU3PuXl5vs5w==" ], "hvKbzRSMjrg1f3y/PRzGwg==": [ "7y5jXLyua18Srex9lNrfkQ==", "CYkHBvLQQf6RYY/2Qkr5gw==", "Rz0KcMyzx8GC2p+YUZpHPQ==", "oPNobp4gxHQj7UMaryNaHw==", "VVUozaap6uAAqX8QCLFGyg==", "gC8lb/CZmVxLK6PkYWC9cw==", "mwpgk/i3GXoSJDpblt44zg==", "WFXV6zzHKCX8JuqtokClVw==", "pEwkPeffucbY50JSGQdERQ==", "NQ+dtAZLrUPoMA29mi1Odg==", "Zn86UzCNWJIJ8FVaY91JYg==", "b+wJbUYHuGJqeuEtodqG3A==", "z1fiDjJjV7T+4MZClzquUA==", "vLLr24Ej4L78gTG08XYkRg==", "HqbYURF/7TaXoQPMqtdsIA==", "IDDFCE+x3YM7koS2SvW5fA==", "WVPPqMDSvwuthc5RexsDjg==", "LAdEFhGjw+B+5uRqObeXiQ==", "+hNDIOxLd94c7zDMEtwHAQ==", "FwvyPIBVlE1fAIgwJ1H6Sw==", "Zk3m2J10w4VuwKsJJMXB2Q==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "DIXgPb+QqAbL75dH7f2Zww==", "CQXGvG5qF0LSGK3lgLUXJg==", "gaDJ+6UMi8jegvsDECsoeg==", "nW07GBIUhWrN6iKB9MBAkg==", "NW78+g0sKpejEre7I2lCOA==", "6XzckJlhvkdWwkN1ERVdzg==", "j/6W06GHqfn2irJJ7LDKTQ==", "ueWEd2PE6kwBx153FL1eIA==", "Qr2/3ufYTxjXiJuEKM7I7w==", "J+a2wc6cR5fLyNj39ghgVg==", "T38zlL6BTag6EVZfMAMcaw==", "hOaq2CFtnMvxmr4bZOUh6A==", "f+wdQFOhBCEFYs6UTbgVcw==", "Z707rrfU/uxs1xujVpKMRA==", "UiO8eKIdcPJIKIj94tK4ug==", "hnVuaDEhxbGffMCkOiTy1A==", "fu2viInfwA1Zq9LmALUkzg==", "V8n5VKFkjNZwkLq+W6E59g==", "jlm8MnE+Ua07hmnpXd564A==", "JVp8gcuEEeRLeKprUvrBUg==", "oEKqq2GIVwWjorWJihmJiw==" ], "i1yNGcAdCbK2SnebCgMUqQ==": [ "I9Xc2JiRiPWfOFS5AHY1Ww==", "AsiuN/8gu7sZ0PJCLihjmw==", "pN9L6/wRgu21CuY/FfnkIA==" ], "iBA/JBMmSIEGbBZDQlcuUQ==": [ "xNJWUdryH0nBQB/93HRNuw==", "hfVFht+buqTExOEVhwr1xQ==" ], "iQnKl0+RxymKc9bhVdyuyQ==": [ "FM2lHn17qlO5uIZtM+Ehmg==", "zFZE1hLph4hR8T7aNvRt0w==" ], "jADxtb7PiatU9dihVhjp/Q==": [ "XW4X9/W6MfETfE/VICA4Jw==", "n39YhRffL6tFFAy/S18A8Q==", "fSeU4QTAs+fY+ihLpgdM9A==", "R1x4adkbkgVhxc9hzgUZcA==" ], "jSOT/FBECA7xUY+Zv/Ps+Q==": [ "dwNH2KaulTKNFX+9quNpvw==", "sxxGu02J6Xp0UskX/yPO4w==", "R7XEe59RfqPZwHJmDbOyww==", "6PfMuZGMOADiSo4Ifx0/Qw==", "eTM7aUBt48fzJjd2YY1Kaw==", "+Hel9A1WiSK+ZclItesXnQ==" ], "kAc8BYCjeCgQR9YdLeGx9w==": [ "kEe4Kuw3hXrzhJ/JDjR7wg==", "LiT2UIJJCX7RQxuKZd5BaQ==", "i1iqh+iGOleBv5v21I50xw==" ], "kMrprdB/TspYL2Dyt9hBfw==": [ "nbtTb8L4YMUxpajoNaatQg==", "XPUXyp+BOEJyEGOgXafi8Q==", "qdWe9wwJNQD9uM1J1li1Vg==" ], "ki6pd/LsWsx2BY6b+Np6dQ==": [ "CacO7saUr+KLTbynVQRYzg==", "XPUXyp+BOEJyEGOgXafi8Q==", "I3Zso12Z+9mUcVEvUKWJ8w==" ], "ktHjHCegyaFGFLaqVjqkVA==": [ "arPTXFJYsCT564EgyQClGA==", "TEg+H5IUFEuL8/4VudXtEg==", "cbNKZbfbJhPfPLHi6va27w==", "todSxpG0ADSu6dX8ZW+q4A==", "/rGrv6ID1FHztWkSNUU0Yw==", "ugk8bc5JAs//Hgj923HTXA==", "B/+SfhbeumQponnHheNEVg==" ], "kzHnWWgcRX/Do32aQ8TMBQ==": [ "8QRmG/+fMsQQzP2maaxOag==", "O+a4984RTSUBIVVJsZTw1A==", "cA4I0UWWtzTwMIMUTfN+Sg==", "vPDXRcEg4abq9PCqTBFkAg==", "Ojd6gfhf5HOGBRFGRWmKOg==", "QTcHwvmTXpVKkHS0xdfb9g==", "SmczXqxeZRCcJykxG3Abrg==", "+wnQC0tYj+uyZzMNgN2bcw==", "kkxgUCDqJw1GL8dK+Je2RA==", "Mv7iQu0SgLhcoLH3nS/HZw==", "KXAIwMyIqS4MKyyyosxjhw==", "H8XwHNDIkW12mW+y74dsdQ==", "vnQE6sVVricZrrWA9Xv5RQ==", "I2w7mAdeccRvDV/HeaBOoA==", "ZNESegZx5Vgpkv3OXwE5Cw==", "MGoFQMcsriBEPanvv9LYcQ==", "uILMvGS6obqeMj18FLYSbg==", "6tML+4g9GkMhdrrSDsX4Zw==", "noShzkxXeZ6xaXHAA8su4g==", "Q2EySKz2roj2mYOhGJQA3A==", "AdhtRMEnBdpFFyeSlUP6fA==", "4comqU/5SRuDKC1qqBMlGQ==", "dWdVOD7SorvI9CNble8XGw==" ], "lITnNJqHTfcVQiCGHjWozA==": [ "gpPTgXxcA95Uk2vaf3/2dw==", "TsVNXuAeF3PhiRZhIOjjtQ==", "DtkRUkQTzcJrj8ZsC36kqQ==", "o16kBwzDyL2DXuhbCPWX9Q==" ], "lwkb5oxxrG7ZgPYzSyvcZQ==": [ "CYbzKTdqzfhVDluEF23Dxg==", "TGe682MVp+b3S1lDl9HTLw==", "D2PoAhXlfTjf0jSkt9i3qA==", "n78TtR5pw5YtOwMk7gVGmg==", "yNIngFjcdt+ETIv0YvW+4Q==", "jDj44frt+6TCj0cwExt14w==", "BXlYoXrAW947O+Adruh7Zw==", "uW/TgHSIKlO53BnXG1YZSA==", "Daj39cn0p5rpBblQYRpPNw==", "PJ/Blkuxb9rGhjSw0f3NrA==", "IxsDQKwy6X02Ak7TSjZKpA==", "9uo4qIbgVv97/yzslhE6/g==", "uFR2NXYHCgkD0jUkHBTh3g==", "AwYRRq6SmgfJLn2NZxQUdw==", "jiVVTQmOtKqVixv7agF/Hg==", "FE/mnRiATGHgivPxG+13dw==", "xKFSWwGN4NIDnytC6SdEvg==", "8kndQj/aRn+NNJdGVP9v4g==", "dr+z30s3mVMvpF2iMBJ7YA==", "n0AAvWWXPdMdY6hEXZez1A==", "uTjjTMH3twVH5hmw0Wmskw==", "eKKwwoH894W3Vae5kYCKtA==", "tKVE3VH+DixxL49Cbeit6Q==", "S9GgHs7lpMPNDjvswObhPg==", "J1MkSCEBivWCQoYUEvHXOw==", "qPGxfT+FyuMifHo1C/aY6w==", "pg+SRV3v3Mv4Yg+0x76+jg==", "32PT0J5usgv3laBJ37g1fA==", "bdJdbp3pWxo6biBmwKijBQ==", "YfE+7ocdRscmJ75uekg0tA==", "6E1YTgmxENPqo7FirtVNvw==" ], "lxyER9sFQyH/cLua8fAlfw==": [ "/MWzwBJlhhNbF+zp0zgq+A==", "p2+Y5XRhYt7mgZ7H+35S0w==" ], "ly9SmBBH7WsYXh1oG69XaQ==": [ "G/EKAYKB/V29JLdsy1wFCA==" ], "mLZQEF4KLS62c+8BB/jz0Q==": [ "0ISEnYRRDkbJFXBP9XvdpA==", "Q1F3DVZZ3gpMNQT3yhbiSg==", "7S6xxC9g1Ybp0dqQ63V8tg==", "8dqpgv7n5GVlIYVt/hP0Gg==", "v+qPraJNH1peMhjiTk1OgA==", "fBIyxzoMf4PtxmiD953WFg==" ], "mLtyJkgiain09bfdUDF0tA==": [ "4aR9t5J6YwMk5D9wZ0BV7w==" ], "mS/mU0XqXurt5b2cC0G2wA==": [ "tW4ew6Bpf68YpYbdwMyYGA==", "sgKxepKQb+uxgfzzrcWS7w==" ], "me8N6gnEhOLccvD/431aCw==": [ "sna4IH0E1Ui1jpzpKgnFOg==", "XPUXyp+BOEJyEGOgXafi8Q==", "bDMsFO9+dr7IgrwHxKJ/2g==" ], "mqd6XOc7hJ7OKe7FI62YlA==": [ "a5tv38r7RoeoKCznzGbyPQ==" ], "n2BikwI3Mg2dIr4kYK8New==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "nRx5HCyZ2M4L1LvJSclibw==": [ "Ft+9wGiX7gFQHYNS5do1oA==", "jZXEa4mdIQd85t4aOIhsfA==", "TAntNn3gBlGhX3mRHNXfWw==", "fKSzg5ZVW35n1QRKSQYbUA==", "6GILJqctNxTbZFPR6fLtoA==", "d1fus7ZZWC8VndZJIxm7pQ==", "D5TjVz7ghGYgdoVa5+N8bw==", "Mrux1XY1LZVvkWuUp2MCHQ==", "nF1VC5iJhTtrDBwL8mfOiw==", "2vdCDySzHer9qKv7EOUGqQ==" ], "nUBBsXgA+QSl6Tx9eXi6Mw==": [ "DqajPgSmNnfF5+bVSuLXZQ==", "NVw9L7wf5CkACfCMTn/ArA==" ], "noZz3cbDBX3Q1ohSWIKe1g==": [ "uglqkYqbcsDd4SCu9NI2Ww==", "uFXEnN9gepJ4+HtQWdLrOg==", "GuM8+Ku1VtBzfPk3/FCgzw==", "TNb7OrRxFn2Bis7zp2oi8A==", "FAgeMhGaGcH9QOhQHw5rhQ==", "6J86dffyd+kQEKbjTTbD2Q==", "sSpyMuxbh/+/Nula2ikXPw==", "Ub9JoNToSyT09hD5MOIlGA==", "Ihq7mkhGM9sf/8QM05o7gw==", "0u2Zo3eZYFAXhVSIZh+vXQ==", "+o9j0Llb6+ISl2S6vmkRkQ==", "q4W6wpO2YbOLS87LUXPVBw==", "KC4H6WRPkYrWvXb9OC+odg==", "PwX0RLPO5W1w6VDjSgcV8A==", "RxmnlWamNxvphCIuarducQ==", "EVXEAewBnzdtEIOYHBpZfA==", "eeetX6Vv3iXNMfmjNIPkQg==", "NAN7p79skZ+eBA0xQMnnqw==", "hinEteXkZ2xZbWF5lSQDEw==", "cw4W3PskPKPJZy+QzFk5bA==", "/U8Jx7SKI9t4H3q4Xm/KEQ==", "TCtup4kp9cBGgmnLMbI+rw==", "AOVkipVLZLxGjwVCB/7mwg==", "NDTeUbmjAj/XEHx68pTD9A==", "rm3fF4UjNztR1JpYwTPaVg==", "i+IfpRQo89HWL/sPRoOFsw==", "CCQ15lzJdM5OqfQf0dLnJQ==", "GwdBWjTMLLj14UbkCrmh/A==", "k/2DvTn2KLL28Yuh/WFLmw==", "kRqkfuoNHXgeW9vp8iyzQw==", "tEG4S6zEddB/Fl32LgLV+A==", "4K4SQ2PlDqXihbvwEXiB/w==", "DPcSz1MBKzyaMMMhJWVyEA==", "EpmDyksRTsldGi5rxDcMlA==", "iJ/65EjB0RUIoiFFN5HgAw==", "vz18/+7m2wxxY2NMQUQ6Yg==", "eaW+XnaOzUpP/JmOZv+wCg==", "0nQVynV3NMmwash6dBc+8Q==", "vWwpCPVTGndMb9IraxXgGg==", "o94cfzaEslnrzBtYm19DkA==", "I5CKvoKqBhFd1vY7fxFKtQ==", "2t1KBK7sA8rKgVHavF6SZA==", "aUFq3vh1h0/30jIMgLEGbg==", "3f5N5l71YgnMV/U9whrIuA==", "obSzOBXxlQxURPk04eb+8Q==", "xjE2Ua1GOmdwVi+xIIGVeQ==", "CrxvMdhOPgYpnOjfUKfH3Q==", "XTLakHdORg480i8g31JU6A==", "zwpNi+NBoVUfQ5Ed4vkNug==", "cbSiFirRdrVkpUeOLy/CjA==", "YVYIQ/H++AefhUYldlykPg==", "AEXyQvL2wFfW+v4I9XmTaQ==", "SduSwzmffGiGJfqQDrSyEA==" ], "nwgNWiqPWTP9jQpHdB8CFA==": [ "c/EuG5G0xeL87UQs3yxxqQ==" ], "o0sNxhdrQvn3LtgSlydcdw==": [ "S5Dzz9cigoJDCj8s5UcT0g==" ], "o3loazzxvm2hQ5N1QRaYvg==": [ "eXNCnm2O3ulyDBrjgqgngA==", "U2w6LmoqKmaGSd6IxLZGKg==", "FTUrLe1XMNYvUzaxMdsWeQ==", "VDqplxSZcK9CHQ9RjGiEqQ==", "TFku8MBahkkWbmKYS7dbIQ==", "c0R7sQMFyTIRhp8ZTCTmlw==", "ixc06f0H9vqMfsbwQSwwvA==", "e0VfCD1REapdkagkByCnXQ==", "DtYmtBkxVMK6KVHn4U+2Yw==", "B3tKTgCVG9JSLHIgfbUFmw==", "U47k8+SGMpP7nHNJFxv5oA==", "2GOqqUt4mwKng/FA0FV67w==", "mPAC5fvINjFbBEv6qTd6tQ==", "LDhDJjeJTHD14xx6vYgQUQ==" ], "oCbJhi6fmGrlKcF1SlNuYw==": [ "8QRmG/+fMsQQzP2maaxOag==", "XXYPGOxEabdavz27Qo+rWQ==", "VJggyJ1jjyIM3XdMGzsDrg==", "1378JmiuKDjVj7PZAMUvLg==", "HNWibMRA8AF0jyyBYQthdA==", "OIcx4C9IsgtrAE0nDs9GdA==", "13fIhbDHRYF0KXmxmJIfiA==", "qFhnV7djagzTbJn2rH4ndA==", "qb5Q/H2wcR/YimCQn+AUYw==", "OhQ6agVzWuY02NakmnlJmw==", "p4PSGpZ+FENmdQZ22vQ2FQ==", "/eIvRWSFFmU3q3Ki3j/gKA==", "nxT/hl64jXfWptNxWhmDuA==", "ygPqOnRCEHz9NjTVM+wIZA==", "4Gs7xCHPPMrNepkQNCPnkg==", "ZiZuAbc4Tq3tBRSI53FjWg==", "YgD8tCzB10z/Jq6XOfCfgQ==", "/pWkiqt8QgDCUksSSa24UQ==", "JMuZ2WXBBx9rW6/jTPLu0A==", "bfa/XbakkA2/5GrUyvwSyw==", "Oz/6eC07LwyvcoelwlI47w==", "Wy87cIX7luFb8A/riFwUyw==", "WqlqRQL17MeMqdTx+SuEyw==" ], "oGWSEEsLb6ToIwJ1tUBkwg==": [ "l2+nQ26t0lYvVluseJErUQ==", "0UxirvKJMj5gY8fbrSf6sA==" ], "og/hyn7iqbsNsfIv/8VHFg==": [ "ugAB401UYtKGrqztlPOlZA==", "LlIx9R1y9EWEYmMjr1l1rw==" ], "om/hnbn42itSjLCSeL6+2A==": [ "JmAt+4wqaQRWn+7jyy1oCQ==", "QBNxNqNCcUL/GHKqOh7Fyw==" ], "p9BcHmUiqsfiDX2HpNFM5g==": [ "4Oz54fEBFyAJBdTJ/p2wxA==", "OlzUZywb212kcLte3jiS3g==" ], "pc8TmjOHnExT3yvCQuGR7Q==": [ "dKzgwwkG/spsYd8PVvrk6A==", "iPCZH9YqKm3Qb2Qeqw32sA==" ], "peDze6790+ubKa/8hacS+w==": [ "VNA7ljkMyeRq9SDNO9drHQ==", "DhiTSAV5nEGdAk1xkbjRsw==", "SbrfelK/hRkg8QJAv7881A==", "KhtP1/ZJ9jcZ6Whijt7vkw==", "081ZZUa7+goThe2JzRBcxw==", "r0yngP+sUJvKraMLgaaWww==", "n9h0mZrBntcdO8rut9mZew==", "lIzMhy2E3/kAp+LsQCQyCA==", "s+/PgMrbczH4dntN+Uku4A==", "walyEMfvPvVh3KXxCNA/pQ==", "Bd+yU6xHUdyyaw65uiacIw==", "oGKMWwqd8g23cJbO7k5MNA==", "Cr4I2Hcgcf8xO3Bc2/KIfA==", "4evfzAbeD7HXRBHHbDpAwA==", "8Ug8/LJbCT7/mzHPjLi21A==", "F1KNP85q9V8sONVWKuOzrw==", "Qimhraux3dZtFrPRbNJqyw==", "FcmkgsiNKCrDAJ6OFK/Y8g==", "NkAsviHzXhNrys9cILlYeQ==", "EX/jsJKUxl+Y92LbkHwIVg==", "xP/kV8YDeJxssrXaMcjXUg==", "KM3euWq+O2CS0VP936TjVg==", "vpkqaxRDIkUCRIT3f2sk6Q==", "BofAiVtqC38hX5ZAkBLTpA==", "J9wD9ZF9kAJd1nu03TllBQ==", "kHC7JlgJ1gpjDIHxKgXZuQ==", "IkLJJWoz7DjiEwkwHd9+Bw==", "v+VZolEvt4HU4yiZTpFx+Q==", "A/za5QfQmT4HYcIQ4RyCzA==", "naO+9RNjE/hIMaezFHe7IA==", "//2gjbgNV4aF0qefir+7Ng==", "CFRtSPlXDJlgi28bdADXZg==", "1qsA4RvCYZB2uDwgIo8TuQ==", "6GzxFtf19XU1Y6ySz6SgYQ==", "bklfMYFV2WKM17hKPU+5BA==", "cWbhx4ozV3Pkh4rK/phNRA==", "4PW1pGs0HJlG6XNR1xk0ZA==", "IDAwc/hZzIcM4IBkaUT9YA==", "fZX9tMkRg8Ij95v2HLw9Ew==", "TGjVfFW0jWP1/Slr8hCo8Q==", "o52gvb+djtuOAe8fWpXboQ==", "Ga3lVfExNl500JGwW345sQ==", "rPWZNH+en7vYfObneQGeUA==", "8dARvXsFfslEQUJNpOVqyQ==", "EahYBNc6RsapXfHOvUMG/A==", "4jKXN+o/0vyACgd6hmLCbw==", "KlFwXzVoVlebAInsnw41Qw==", "mOQ3hJyzcYBnd65M1VVdFA==", "FjluGqmW83eEOEvyKIkrSA==", "KxS2ZtWgZx0lQavGmel4Wg==", "x80ydqeeoahPQLNiV1VXvQ==", "U86r1ELAOJanBnxwrapY0g==" ], "pff1wMeg2U6ebqlGIkRlMg==": [ "8QRmG/+fMsQQzP2maaxOag==", "DK1x7B/vzgaKlXynN3g1KA==", "5fSQkV1bu4GJUiaWjO+PNQ==", "U/ITon4/vjzN/EsZEGI38Q==", "m02T5S9rBezyv/+a/R6Fkw==", "goLAuNZUT0caQTKiv7m0Fg==", "s/wLIAA4VDi9HrbyrnYgbg==", "R1Akf7BYKFH+Usf+3IS0Cg==", "fI1ruEtJ325PbGUQKXuiVA==", "+0Id+AHw3V8pYW+ywWnP+g==", "IENtFrOwfEqYX/lp+0u2Gw==", "Y2pXpR4HKVIWAZ1sDtjo8A==", "WLpGLJSV+lV8a0xggVfA3A==", "a+77t9fGz9BxOnJlGe2W1Q==", "9feM+1JJIYgC5OZCglyV3w==", "JZVeRC2oy93Tv6vLZpVqJQ==", "9Ad5Q6DJD1JusuIjCNfUvQ==", "mBrf1Yfgr5icNwG8S0edeA==", "B1THb18jP+rSUaY77CvPng==", "8oKavHMm8C7p1QC+rNA0zA==", "CD0KTiCn+kQ9+lGQdzy4Lw==", "fD8Z9mQCc8h27ZwElVMLmA==", "u0i6Tc2zpzW8/pMdj7AH4w==" ], "ptT0YL/h24MTjTTVlPAZVg==": [ "FOhuL+ZLaAMigc1crKc/uA==", "ryv0HUHLJe8DIxGNl9VAgQ==" ], "qIHoKDOcFEbVk0+xQvglbQ==": [ "K5fLrkou5COixf2q2qhQ5Q==", "K/Jzpgc6xwHh47HFu+S8BQ==", "FkxoK2aSVfPglVllnxzplw==", "kyjbj2qojW5SnPuCG4+T3A==", "B1FsL93s2G1YxIvrdDvTfg==", "QSEpEyTM9A7rsX/qx644wQ==", "JS9NNql9cJTDkzzfXyJzDQ==", "m0VRm0XEm9FSwttsQ8QLaQ==", "3E/EPC1OcoKQToPb+efdaQ==", "QqK1O3FCNB9QbClJ7bZ6YA==", "VDQb6roo+zwBamxPu+hGeQ==", "YvRDVCmqISFAkWCu7WaKkQ==", "wG1iwTc5HBr1VKWUstaeHw==", "piA8HykwHgm/u3haFYSPzw==", "YCFy9R5BUcPVuUEYQkJQ4w==", "gxC5QcXnizTYqfkIqc6zTA==", "wh8UL6jE02MHJgululn0nA==", "sTWSbUm1UHqZR0zHxPPV1A==", "ca+BSCGp5tEYAgJqvm8GFw==", "Sal0GJMIh5Nqb3U4N6ro0g==", "g9gU2/SbcO/F9X65zpT4Uw==", "6hAQW3vY9ZA/8datv1rY4g==", "2TDjlt2gAEWsLyBBPigFYw==", "7cHovEEcBoQ92zXTfFigow==", "PgPRtFXcN+6zuIY77w+muQ==", "xsP7BCzVmEb3+qivw8mFIQ==", "l2fXal/tlhZFSzN3bmiLSg==", "D0qSEDt7Rns05A3ywUZLtw==", "/+0dqY3HS0Vwp8Izm3R04Q==", "K12v1aAHn6bz+NiEB1W7GA==", "M3xoPIiF+fvDRyYkizrMWQ==", "5IIoRCBMIgus62mGlE3F9A==", "ZhxWQvKqBGgL77fuUQ4Ghg==", "lsfrxxENmZMCtV8uOKkr8Q==", "26JRymquUeoxtDSKcKSDSg==", "0KjhdYYIURWUfsbpzAdnPQ==", "8Ldq46rf2Z9JTBjkrtfV0g==", "EhVqWSecC9djAkoW+k/+hQ==", "Lc7NiV76Y8Ubl6+6Vgd+sw==", "dkGOl+YKkRksmyjmvQ3FsA==", "PdNX5RN9keIsqOloxy7mkg==", "uXRgwaipa8s2OMXjAf1Thg==", "HHpOVRDbzmY2UhydU+uwcg==", "6pBzw2YiS9JmVvplQUxl2Q==", "T507T5wFbtPlOW9lG7LxIA==" ], "qTTyL80F/2JUAy85WSpobg==": [ "AD3UsMwxeXvBzVWIm5l5yw==" ], "rY/kE/V4JnxYoqV+lmc9mg==": [ "DDxCHnX+kCqcRQj9b90/cg==" ], "rkUaC636uKZYge61PN1dew==": [ "lCd4ciOqH+xVdJTAK6erDg==", "nFaODSvvA4RrGIiPJ9FjRA==" ], "ryPyL0/oZK1jJ8umBZkZBA==": [ "ky4IJ5u2Ib7CaDmE7xOysg==", "7+mdkcJcBwtv88RB9AcmHQ==" ], "szNvvFbgC3+nu7+FkWHQxA==": [ "QQ1upjXEDW7OiB4aR8O/8A==", "QhESIu1eoXqoSNW7jNhlZg==" ], "tOoZIHzytN01BRAw3es1Yg==": [ "HMF5qYGPMt4Fb5i6RtdwRA==", "tC2r7U8qVBEhU9NaT3fMVg==" ], "tsX00aIcJlVDdnN8EABj3g==": [ "SSAJUNd+iNG0Dh0JEHjSXA==", "EEMnwT7ARQJ+dbVETnKljw==" ], "uXpj8krYkomg5XDZ83F2kg==": [ "936XDvlfcwVB/34fQscf7w==", "qtpMNZ+V4szO/Tox+eT3Cg==" ], "uwkXfq5VvKEldZwWOwGq4w==": [ "i3BrKsmhYf5wZYkQCBxUGw==", "/EvgSih2YVXl7ohENLMJIQ==" ], "vaBZgtoGX6VZtIwrD9w+EQ==": [ "Mukn5ixgUb/zb+mcMFd16Q==" ], "vtNcuXyRth8r8K/W3sfqrQ==": [ "a8lEoliaJpwjl9bCwQSdLA==" ], "wXu3MDegq/TfLSbBy6aoBQ==": [ "3k2lNJd2kR3VB6gGhj547g==", "XPUXyp+BOEJyEGOgXafi8Q==", "Kqi7XT4SGpqJzglrXFbYsQ==" ], "wsc0mBnyNwrXYdpo0V+0aw==": [ "YSdK7PYtLQ7JLXu7W4mdRQ==", "TteHTvD/qC9z9/bg4D+o8w==" ], "xC2PhiBOHiQbniVjaMltjw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "xSR/sMJIXbuFPYhZS2ZN2Q==": [ "5MqCycBYSRDsdNOzvOandQ==", "XPUXyp+BOEJyEGOgXafi8Q==", "WhaoYkvfheR7Tz30m0/IKA==" ], "xdunfqVk+0spTcWoJA7wPw==": [ "s20Tn7zOYHvK/n/K8/hWrA==", "+0pi5+jw8FdwHp5pZIVTBg==", "hRSnphgIhBaU8a2RyBPsuA==" ], "yLdg/zIMr1LMvkW9tAZlGw==": [ "0tfYnYhAiMREOXyqf/1Urw==", "fT2bR3Pvvu+yOGDatxsWcw==", "h8nlVtUPrGKdJF9xyffy7g==", "ggJq5z8YW0kySCUAGUYdXg==", "skjryijgaN9YVeVVq8xZmA==", "j8vL1GycOevI00+qC9aKmw==" ], "z/d/zUXK6aF2L4H7dfeSZw==": [ "j7yoSCks+i8LevHtgFwCwQ==" ], "zPYyryKVwACz98/WbfSW6w==": [ "jlQB8YKpspXbBoHQT0JY7A==", "hWXaFNGw43ZC0VkI4/s2Pw==", "YlN21JbaOAqORXBYjgJOYA==", "CaVsGPkqzxcrIauiEFdPpw==", "o/JG334q9R0nTyZD1vNw7w==", "GXObP88ZOLkWQuVeVgHh/g==" ], "zpqzIc9TY4hiXJG024jdBQ==": [ "dT4TBdsMnRpAlGfPboRcFg==", "okRzJuZWda3BPI4wHU6OSg==", "rPXe6sMC/46EZbom2R58Iw==", "GKtgrnguQJIeMtP51nnNZQ==", "jweM09oSTMKt4t5s2Lpg9g==", "2tFr9TQJkcgsTrNAQX0kdw==", "rDx7RcnC1Ce961LxuRo53Q==", "6W4lt5SjUgXnbxNap1O0Cg==", "JMtxzN1jgVs2Gwo2QsOKnQ==", "BgLn2RypgHsjIVj0SLunZg==", "/HT2WOXIuvVNrzT1Wp3ntw==", "iKVtZrDNXfISjmDp1xYKBQ==", "JeqcZQqZ6re77qRb9vpAHQ==", "v6t7qJCF3xL8IO0nPwJX1g==", "10T7L0U8GuP9Qhz3unCqvw==", "DlzGGXSItv6fZobEGaNWCA==", "IoeuDKI/vu/XCDGoDKzX3g==", "6otwEH3RP+2A14zXLvGXpg==", "xEtBJoALTqnQBn0TOsRe9w==", "sWPZolO+x42N83xPk/byrw==", "o2Jv7s2Wil4Jz6qK6599ww==", "CVNFdSU8eHIr3mZk7+SX/Q==", "G1ju8KSMzz6zOg31bF5lRw==", "h7rVfEQf7/yrRLndyq6HvA==", "NeoXfJYSR9hqSpA4BJOyWQ==", "a1E+QseojoZ2Q73j8WWCLg==", "3E5wmOETiTx03Y24iDJEUg==", "yRV28i/MrM7mz4Vw1MzWxA==", "Kp6vEAyTjVJyCperHJ2MsQ==", "9lqG2xu+85HJHcn8UQyZ2A==", "nM+XWkmaG537tz4PDM13+w==", "zRaIctSo0IHgkpOD2xBvHw==", "UEW14H6J4RBSZEjpG6p4bw==", "bj9lurrpBxE/q4lRd2Wp7A==", "sYa4l6veBD/KmL7osWW7fQ==", "dxRzT6G0UObuWf8SWujnng==", "izYg2kL7sTEI8ASmlxRCdA==", "6Q0Sg/Y1lskU2n7rbcxAIw==", "r3htJBqpa1VO27wdQgcGyw==", "ibGOv13N1m/577Kb32wGxw==", "Lsd0oY+cRz3Y5y3+G6CYMA==", "00MQS+g+VNjKvRbuFWsWbQ==", "htRPPeb7P9MNS47zhEuuaw==", "NfM08djkMgc3ukqHI37OMg==", "gjn1JHWHaWtPNhKrrRINWw==", "IUI8ka2AYA1twZAQi4gL5Q==", "IIfJmT1yzMqBOVKMy3nlyQ==", "5gK/V8vtqDYoHf1LFdtSbA==", "DI5ofU0JT+/wsYx2AeXNiA==", "YQVoCJX8BLl6S5wPwmTGtg==", "6ysC6D7BSkYQ7y8vZ1O7HA==", "xqLSmaq+0/3ps+9zoCEL9g==", "VxNINARrmRd6QnZ2htNesA==", "pLMgO5RHEs1yrujEkb226g==", "mjI/WzMYY52AQdc1No8ugQ==", "zEKtVLhCQn3xgvKNhFo2bg==", "WlLXHoXR9O8Ph+uSZ6aDCg==", "L309n8CXvBj9wPx3UR7JGQ==", "13Dkon5caDMIMuKn79Qskg==", "uFRb2siFSROrNSaSMqsvqQ==", "1xdBxKyIRMGUr99Qk2jvHw==", "XAIf2EIgyFF5+OA6csVS5w==", "9QNdmlIziBB9zOcB4elT6A==" ] }, "enrichments": {} } pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: go-component-urfrln-on-pull-request-j4rb2-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 3, "warnings": [ { "msg": "Found packages with high vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: rsync-3.2.3-18.el9 (CVE-2024-12085), sqlite-3.34.1-6.el9_1 (CVE-2025-6965), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-6965), git-core-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), golang-src-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libtiff-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-12797), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), libtiff-devel-4.4.0-5.el9_1 (CVE-2025-8176, CVE-2025-9900), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-6965), openssl-1:3.0.1-47.el9_1 (CVE-2024-12797), libwebp-devel-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), openssh-clients-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-12797), golang-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libxml2-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425), libwebp-1.2.0-3.el9 (CVE-2023-1999, CVE-2023-4863), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), delve-1.8.3-1.el9 (CVE-2024-34156), pam-1.5.1-12.el9 (CVE-2024-10963, CVE-2025-6020, CVE-2025-8941), python3-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), libarchive-3.5.3-3.el9 (CVE-2025-5914), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libxslt-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), go-toolset-1.18.9-1.el9_1 (CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), krb5-libs-1.19.1-24.el9_1 (CVE-2023-39975, CVE-2024-3596), glibc-common-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), freetype-2.10.4-9.el9 (CVE-2025-27363), emacs-filesystem-1:27.2-6.el9 (CVE-2023-2491, CVE-2023-28617, CVE-2025-1244), freetype-devel-2.10.4-9.el9 (CVE-2025-27363), openssh-8.7p1-24.el9_1 (CVE-2023-38408, CVE-2024-6387), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), libxslt-devel-1.1.34-9.el9 (CVE-2024-55549, CVE-2025-24855), less-590-1.el9_0 (CVE-2024-32487), libeconf-0.4.1-2.el9 (CVE-2023-30079), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), python3-setuptools-wheel-53.0.0-10.el9_1.1 (CVE-2024-6345), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-38545), python3-cloud-what-1.29.30.1-1.el9_1 (CVE-2023-3899), libnghttp2-1.43.0-5.el9 (CVE-2023-44487), golang-bin-1.18.9-1.el9_1 (CVE-2023-24540, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-39325, CVE-2023-44487, CVE-2023-45288, CVE-2024-1394, CVE-2024-34156, CVE-2025-22874, CVE-2025-4674), libdnf-plugin-subscription-manager-1.29.30.1-1.el9_1 (CVE-2023-3899), python3-subscription-manager-rhsm-1.29.30.1-1.el9_1 (CVE-2023-3899), nodejs-1:16.18.1-3.el9_1 (CVE-2023-30581, CVE-2023-32002, CVE-2023-32006, CVE-2023-32067, CVE-2023-44487, CVE-2024-21892, CVE-2024-21896, CVE-2024-22017, CVE-2024-22019, CVE-2024-27983, CVE-2025-23083, CVE-2025-23166, CVE-2025-3277, CVE-2025-6965), python3-setuptools-53.0.0-10.el9_1.1 (CVE-2024-6345), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-38545), glibc-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), libpq-devel-13.5-1.el9 (CVE-2025-1094), libpq-13.5-1.el9 (CVE-2025-1094), bsdtar-3.5.3-3.el9 (CVE-2025-5914), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-24329, CVE-2023-40217, CVE-2023-6597, CVE-2024-12718, CVE-2025-4138, CVE-2025-4517), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4911, CVE-2024-2961, CVE-2024-33599), perl-Git-2.31.1-3.el9_1 (CVE-2023-25652, CVE-2023-29007, CVE-2024-32002, CVE-2024-32004, CVE-2025-48384, CVE-2025-48385), libxml2-devel-2.9.13-3.el9_1 (CVE-2024-56171, CVE-2025-24928, CVE-2025-49794, CVE-2025-49796, CVE-2025-7425)", "name": "clair_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 228 } }, { "msg": "Found packages with unpatched high vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: expat-2.4.9-1.el9_1.1 (CVE-2025-59375)", "name": "clair_unpatched_high_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 1 } }, { "msg": "Found packages with medium vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: rpm-build-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), systemd-pam-250-12.el9_1.3 (CVE-2023-7008), rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), rsync-3.2.3-18.el9 (CVE-2024-12087, CVE-2024-12088, CVE-2024-12747), perl-File-Find-1.37-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-overload-1.31-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-libs-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), sqlite-3.34.1-6.el9_1 (CVE-2023-7104), perl-AutoLoader-5.74-479.el9 (CVE-2023-47038, CVE-2025-40909), harfbuzz-2.7.4-8.el9 (CVE-2023-25193), sqlite-devel-3.34.1-6.el9_1 (CVE-2023-7104), perl-interpreter-4:5.32.1-479.el9 (CVE-2023-47038, CVE-2025-40909), python3-urllib3-1.26.5-3.el9 (CVE-2023-43804, CVE-2023-45803, CVE-2024-37891), git-core-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), golang-src-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), libX11-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), perl-mro-1.23-479.el9 (CVE-2023-47038, CVE-2025-40909), libgomp-11.3.1-2.1.el9 (CVE-2020-11023), libtiff-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), openssl-devel-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), perl-Getopt-Std-1.12-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-POSIX-1.94-479.el9 (CVE-2023-47038, CVE-2025-40909), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), bzip2-devel-1.0.8-8.el9 (CVE-2019-12900), perl-HTTP-Tiny-0.076-460.el9 (CVE-2023-31486), python3-idna-2.10-7.el9 (CVE-2024-3651), perl-Errno-1.30-479.el9 (CVE-2023-47038, CVE-2025-40909), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17095, CVE-2022-3570, CVE-2022-3597, CVE-2022-3598, CVE-2022-3599, CVE-2022-3626, CVE-2022-3627, CVE-2022-3970, CVE-2022-40090, CVE-2022-4645, CVE-2022-48281, CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798, CVE-2023-0799, CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803, CVE-2023-0804, CVE-2023-26965, CVE-2023-26966, CVE-2023-2731, CVE-2023-30086, CVE-2023-30774, CVE-2023-30775, CVE-2023-3316, CVE-2023-3576, CVE-2023-3618, CVE-2023-40745, CVE-2023-41175, CVE-2023-52355, CVE-2023-52356, CVE-2024-7006), sqlite-libs-3.34.1-6.el9_1 (CVE-2023-7104), openssl-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), gmp-1:6.2.0-10.el9 (CVE-2021-43618), systemd-rpm-macros-250-12.el9_1.3 (CVE-2023-7008), perl-lib-0.65-479.el9 (CVE-2023-47038, CVE-2025-40909), libicu-67.1-9.el9 (CVE-2025-5222), openssh-clients-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), openssl-libs-1:3.0.1-47.el9_1 (CVE-2023-0466, CVE-2023-2650, CVE-2023-5363, CVE-2024-6119, CVE-2025-9230), systemd-250-12.el9_1.3 (CVE-2023-7008), python3-requests-2.25.1-6.el9 (CVE-2023-32681, CVE-2024-35195, CVE-2024-47081), harfbuzz-devel-2.7.4-8.el9 (CVE-2023-25193), libgcc-11.3.1-2.1.el9 (CVE-2020-11023), golang-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), libxml2-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-33285, CVE-2023-34410), systemd-libs-250-12.el9_1.3 (CVE-2023-7008), perl-if-0.60.800-479.el9 (CVE-2023-47038, CVE-2025-40909), rpm-sign-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), ncurses-base-6.2-8.20210508.el9 (CVE-2023-29491), glibc-headers-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), delve-1.8.3-1.el9 (CVE-2024-45336, CVE-2025-22866, CVE-2025-58183), pam-1.5.1-12.el9 (CVE-2024-10041, CVE-2024-22365), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-29491), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), libXpm-devel-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), gnutls-3.7.6-12.el9_0 (CVE-2023-0361, CVE-2023-5981, CVE-2024-0553, CVE-2024-0567, CVE-2024-12243, CVE-2024-28834, CVE-2024-28835, CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395), cpp-11.3.1-2.1.el9 (CVE-2020-11023), libXpm-3.5.13-8.el9_1 (CVE-2023-43788, CVE-2023-43789), libstdc++-11.3.1-2.1.el9 (CVE-2020-11023), perl-File-stat-1.09-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-File-Compare-1.100.600-479.el9 (CVE-2023-47038, CVE-2025-40909), dbus-libs-1:1.12.20-7.el9_1 (CVE-2023-34969), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-53905, CVE-2025-53906), python3-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), libarchive-3.5.3-3.el9 (CVE-2025-25724), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), dbus-common-1:1.12.20-7.el9_1 (CVE-2023-34969), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), perl-DynaLoader-1.47-479.el9 (CVE-2023-47038, CVE-2025-40909), libgcrypt-1.10.0-8.el9_0 (CVE-2024-2236), git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), ncurses-6.2-8.20210508.el9 (CVE-2023-29491), go-toolset-1.18.9-1.el9_1 (CVE-2023-29402, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), perl-subs-1.03-479.el9 (CVE-2023-47038, CVE-2025-40909), libX11-xcb-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), krb5-libs-1.19.1-24.el9_1 (CVE-2020-17049, CVE-2023-36054, CVE-2024-26462, CVE-2024-37370, CVE-2024-37371, CVE-2025-24528, CVE-2025-3576), perl-B-1.80-479.el9 (CVE-2023-47038, CVE-2025-40909), bzip2-1.0.8-8.el9 (CVE-2019-12900), perl-FileHandle-2.03-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-common-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-SelectSaver-1.02-479.el9 (CVE-2023-47038, CVE-2025-40909), go-srpm-macros-3.0.9-9.el9 (CVE-2025-47906), emacs-filesystem-1:27.2-6.el9 (CVE-2022-45939, CVE-2022-48337, CVE-2022-48338, CVE-2022-48339, CVE-2024-30203, CVE-2024-30204, CVE-2024-30205, CVE-2024-39331, CVE-2024-53920), bzip2-libs-1.0.8-8.el9 (CVE-2019-12900), harfbuzz-icu-2.7.4-8.el9 (CVE-2023-25193), glib2-devel-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), gcc-c++-11.3.1-2.1.el9 (CVE-2020-11023), perl-IPC-Open3-1.21-479.el9 (CVE-2023-47038, CVE-2025-40909), openssh-8.7p1-24.el9_1 (CVE-2023-25136, CVE-2023-48795, CVE-2023-51385, CVE-2024-6409, CVE-2025-26465), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-4904, CVE-2023-23918, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2025-22150, CVE-2025-23085, CVE-2025-31498), git-core-doc-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), python3-rpm-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), binutils-gold-2.35.2-24.el9 (CVE-2022-4285), libjpeg-turbo-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), gcc-11.3.1-2.1.el9 (CVE-2020-11023), libX11-common-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), less-590-1.el9_0 (CVE-2022-46663, CVE-2022-48624), perl-Symbol-1.08-479.el9 (CVE-2023-47038, CVE-2025-40909), libtasn1-4.16.0-8.el9_1 (CVE-2024-12133), libeconf-0.4.1-2.el9 (CVE-2023-22652), libX11-devel-1.7.0-7.el9 (CVE-2023-3138, CVE-2023-43785, CVE-2023-43786, CVE-2023-43787), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), perl-NDBM_File-1.15-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-devel-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), tpm2-tss-3.0.3-8.el9 (CVE-2023-22745), perl-base-2.27-479.el9 (CVE-2023-47038, CVE-2025-40909), curl-minimal-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), libstdc++-devel-11.3.1-2.1.el9 (CVE-2020-11023), perl-Fcntl-1.13-479.el9 (CVE-2023-47038, CVE-2025-40909), expat-2.4.9-1.el9_1.1 (CVE-2023-52425, CVE-2024-28757, CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-8176), dbus-1:1.12.20-7.el9_1 (CVE-2023-34969), perl-Class-Struct-0.66-479.el9 (CVE-2023-47038, CVE-2025-40909), perl-overloading-0.02-479.el9 (CVE-2023-47038, CVE-2025-40909), libnghttp2-1.43.0-5.el9 (CVE-2024-28182), golang-bin-1.18.9-1.el9_1 (CVE-2023-24532, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538, CVE-2023-24539, CVE-2023-29400, CVE-2023-29402, CVE-2023-29406, CVE-2023-29409, CVE-2023-39326, CVE-2023-45285, CVE-2023-45289, CVE-2023-45290, CVE-2024-24783, CVE-2024-24784, CVE-2024-24785, CVE-2024-24789, CVE-2024-24790, CVE-2024-24791, CVE-2024-34155, CVE-2024-34158, CVE-2024-45336, CVE-2024-9355, CVE-2025-22866, CVE-2025-22871, CVE-2025-4673, CVE-2025-47906, CVE-2025-47907, CVE-2025-58183), dmidecode-1:3.3-7.el9 (CVE-2023-30630), binutils-2.35.2-24.el9 (CVE-2022-4285), perl-File-Copy-2.34-479.el9 (CVE-2023-47038, CVE-2025-40909), libicu-devel-67.1-9.el9 (CVE-2025-5222), nodejs-1:16.18.1-3.el9_1 (CVE-2021-35065, CVE-2022-25881, CVE-2022-25883, CVE-2022-3517, CVE-2022-43548, CVE-2022-4904, CVE-2023-23918, CVE-2023-23919, CVE-2023-23936, CVE-2023-30588, CVE-2023-30589, CVE-2023-30590, CVE-2023-31130, CVE-2023-31147, CVE-2023-32559, CVE-2023-38552, CVE-2023-46809, CVE-2024-21890, CVE-2024-21891, CVE-2024-22020, CVE-2024-22025, CVE-2024-27982, CVE-2024-28182, CVE-2024-28863, CVE-2025-22150, CVE-2025-23085, CVE-2025-23167, CVE-2025-31498), rpm-libs-4.16.1.3-19.el9_1 (CVE-2021-35937, CVE-2021-35938, CVE-2021-35939), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2023-23916, CVE-2023-27535, CVE-2023-27536, CVE-2023-27538, CVE-2023-28321, CVE-2023-46218, CVE-2024-2398), libcap-2.48-8.el9 (CVE-2023-2603), glibc-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), libjpeg-turbo-devel-2.0.90-5.el9 (CVE-2021-29390, CVE-2021-46822), wget-1.21.1-7.el9 (CVE-2024-38428), bsdtar-3.5.3-3.el9 (CVE-2025-25724), python3-libs-3.9.14-1.el9_1.2 (CVE-2023-27043, CVE-2024-0450, CVE-2024-11168, CVE-2024-6232, CVE-2024-6923, CVE-2024-8088, CVE-2024-9287, CVE-2025-0938, CVE-2025-4330, CVE-2025-4435), perl-vars-1.05-479.el9 (CVE-2023-47038, CVE-2025-40909), pixman-0.40.0-5.el9 (CVE-2022-44638), glib2-2.68.4-5.el9 (CVE-2024-34397, CVE-2024-52533, CVE-2025-4373), perl-File-Basename-2.85-479.el9 (CVE-2023-47038, CVE-2025-40909), glibc-locale-source-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2023-4527, CVE-2023-4806, CVE-2023-4813, CVE-2024-33600, CVE-2025-0395, CVE-2025-4802, CVE-2025-5702, CVE-2025-8058), perl-Git-2.31.1-3.el9_1 (CVE-2022-24765, CVE-2022-29187, CVE-2022-39253, CVE-2022-39260, CVE-2023-22490, CVE-2023-23946, CVE-2024-32465, CVE-2024-52005, CVE-2025-27613, CVE-2025-27614), perl-IO-1.43-479.el9 (CVE-2023-47038, CVE-2025-40909), libxml2-devel-2.9.13-3.el9_1 (CVE-2022-49043, CVE-2023-28484, CVE-2023-29469, CVE-2023-39615, CVE-2024-25062, CVE-2025-32414, CVE-2025-32415, CVE-2025-6021), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2020-11023)", "name": "clair_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 701 } }, { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: systemd-pam-250-12.el9_1.3 (CVE-2025-4598), rsync-3.2.3-18.el9 (CVE-2024-12086, CVE-2025-10158), sqlite-3.34.1-6.el9_1 (CVE-2025-52099), sqlite-devel-3.34.1-6.el9_1 (CVE-2025-52099), python3-pip-wheel-21.2.3-6.el9 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), git-core-2.31.1-3.el9_1 (CVE-2025-48386), golang-src-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libX11-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libtiff-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), gdb-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-17973, CVE-2023-25433, CVE-2023-25434, CVE-2023-25435, CVE-2023-3164, CVE-2023-6277, CVE-2025-8851), sqlite-libs-3.34.1-6.el9_1 (CVE-2025-52099), systemd-rpm-macros-250-12.el9_1.3 (CVE-2025-4598), openssh-clients-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), systemd-250-12.el9_1.3 (CVE-2025-4598), golang-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libxml2-2.9.13-3.el9_1 (CVE-2025-9714), qt5-srpm-macros-5.15.3-1.el9 (CVE-2021-38593, CVE-2023-24607, CVE-2025-5683), systemd-libs-250-12.el9_1.3 (CVE-2025-4598), lz4-libs-1.9.3-5.el9 (CVE-2025-62813), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), coreutils-single-8.32-32.el9 (CVE-2025-5278), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2025-29768, CVE-2025-9390), python3-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libarchive-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), git-2.31.1-3.el9_1 (CVE-2025-48386), libxslt-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), go-toolset-1.18.9-1.el9_1 (CVE-2020-28362, CVE-2021-3115, CVE-2021-42574, CVE-2022-1705, CVE-2022-1962, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-30635, CVE-2022-32148, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), libX11-xcb-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), gdb-gdbserver-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), gdb-headless-10.2-10.el9 (CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245), go-srpm-macros-3.0.9-9.el9 (CVE-2024-8244), openssh-8.7p1-24.el9_1 (CVE-2023-51767, CVE-2025-32728, CVE-2025-61984, CVE-2025-61985), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), git-core-doc-2.31.1-3.el9_1 (CVE-2025-48386), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), tar-2:1.34-6.el9_1 (CVE-2025-45582), binutils-gold-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), libxslt-devel-1.1.34-9.el9 (CVE-2023-40403, CVE-2025-10911), libX11-common-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libX11-devel-1.7.0-7.el9 (CVE-2021-31535, CVE-2022-3554), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), tpm2-tss-3.0.3-8.el9 (CVE-2024-29040), curl-minimal-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), golang-bin-1.18.9-1.el9_1 (CVE-2021-3115, CVE-2021-42574, CVE-2023-39323, CVE-2025-22870, CVE-2025-47910, CVE-2025-47912, CVE-2025-58185, CVE-2025-58189, CVE-2025-61723, CVE-2025-61724), binutils-2.35.2-24.el9 (CVE-2021-20197, CVE-2021-45078, CVE-2025-11081, CVE-2025-11082, CVE-2025-11083, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546), nodejs-1:16.18.1-3.el9_1 (CVE-2021-27290, CVE-2021-3807, CVE-2022-25883, CVE-2023-38552, CVE-2023-46809, CVE-2024-24806, CVE-2025-29087, CVE-2025-52099, CVE-2025-7458), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2025-10966, CVE-2025-9086), libpq-devel-13.5-1.el9 (CVE-2025-4207), libpq-13.5-1.el9 (CVE-2025-4207), wget-1.21.1-7.el9 (CVE-2021-31879, CVE-2024-10524), bsdtar-3.5.3-3.el9 (CVE-2023-30571, CVE-2025-60753), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), perl-Git-2.31.1-3.el9_1 (CVE-2025-48386), libxml2-devel-2.9.13-3.el9_1 (CVE-2025-9714)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 207 } }, { "msg": "Found packages with low/negligible vulnerabilities associated with RHSA fixes. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: git-core-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), golang-src-1.18.9-1.el9_1 (CVE-2024-45341), libtiff-4.4.0-5.el9_1 (CVE-2023-6228), openssl-devel-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), gdb-10.2-10.el9 (CVE-2021-3826), libtiff-devel-4.4.0-5.el9_1 (CVE-2023-6228), openssl-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), openssl-libs-1:3.0.1-47.el9_1 (CVE-2022-3358, CVE-2023-0464, CVE-2023-0465, CVE-2023-1255, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727, CVE-2024-2511, CVE-2024-4603, CVE-2024-4741, CVE-2024-5535), golang-1.18.9-1.el9_1 (CVE-2024-45341), qt5-srpm-macros-5.15.3-1.el9 (CVE-2023-32573), ncurses-base-6.2-8.20210508.el9 (CVE-2022-29458), glibc-headers-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), delve-1.8.3-1.el9 (CVE-2024-45341), ncurses-libs-6.2-8.20210508.el9 (CVE-2022-29458), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), file-5.39-10.el9 (CVE-2022-48554), shadow-utils-2:4.9-5.el9 (CVE-2023-4641, CVE-2024-56433), procps-ng-3.3.17-8.el9 (CVE-2023-4016), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3903, CVE-2023-4752), python3-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), libarchive-3.5.3-3.el9 (CVE-2022-36227), glibc-minimal-langpack-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), glibc-langpack-en-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), ncurses-6.2-8.20210508.el9 (CVE-2022-29458), go-toolset-1.18.9-1.el9_1 (CVE-2024-45341), krb5-libs-1.19.1-24.el9_1 (CVE-2024-26458, CVE-2024-26461), glibc-common-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), gdb-gdbserver-10.2-10.el9 (CVE-2021-3826), gdb-headless-10.2-10.el9 (CVE-2021-3826), lua-libs-5.4.4-2.el9_1 (CVE-2022-28805), glib2-devel-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2024-25629, CVE-2025-23165), git-core-doc-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), glibc-devel-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), curl-minimal-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), golang-bin-1.18.9-1.el9_1 (CVE-2024-45341), nodejs-1:16.18.1-3.el9_1 (CVE-2023-23920, CVE-2023-24807, CVE-2023-31124, CVE-2023-39333, CVE-2023-45143, CVE-2024-22018, CVE-2024-25629, CVE-2024-36137, CVE-2025-23165), file-libs-5.39-10.el9 (CVE-2022-48554), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2022-35252, CVE-2022-43552, CVE-2023-27533, CVE-2023-27534, CVE-2023-28322, CVE-2023-38546), libcap-2.48-8.el9 (CVE-2023-2602), glibc-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), libpq-devel-13.5-1.el9 (CVE-2022-41862), libpq-13.5-1.el9 (CVE-2022-41862), bsdtar-3.5.3-3.el9 (CVE-2022-36227), python3-libs-3.9.14-1.el9_1.2 (CVE-2024-0397, CVE-2024-4032, CVE-2024-7592), glib2-2.68.4-5.el9 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32665), glibc-locale-source-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), glibc-gconv-extra-2.34-40.el9_1.1 (CVE-2024-33601, CVE-2024-33602), perl-Git-2.31.1-3.el9_1 (CVE-2023-25815, CVE-2024-32020, CVE-2024-32021, CVE-2024-50349, CVE-2024-52006, CVE-2025-46835)", "name": "clair_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 187 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: sqlite-3.34.1-6.el9_1 (CVE-2024-0232), libpkgconf-1.7.3-9.el9 (CVE-2023-24056), sqlite-devel-3.34.1-6.el9_1 (CVE-2024-0232), python3-pip-wheel-21.2.3-6.el9 (CVE-2021-3572), libX11-1.7.0-7.el9 (CVE-2022-3555), libgomp-11.3.1-2.1.el9 (CVE-2022-27943), libtiff-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), openssl-devel-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), npm-1:8.19.2-1.16.18.1.3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), gdb-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libtiff-devel-4.4.0-5.el9_1 (CVE-2017-16232, CVE-2022-1056, CVE-2023-1916, CVE-2024-13978, CVE-2025-8961, CVE-2025-9165), sqlite-libs-3.34.1-6.el9_1 (CVE-2024-0232), pcre2-utf16-10.40-2.el9 (CVE-2022-41409), openssl-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), openssl-libs-1:3.0.1-47.el9_1 (CVE-2024-13176, CVE-2024-41996, CVE-2025-9232), libgcc-11.3.1-2.1.el9 (CVE-2022-27943), libxml2-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), qt5-srpm-macros-5.15.3-1.el9 (CVE-2025-23050), pcre2-10.40-2.el9 (CVE-2022-41409), gawk-5.1.0-6.el9 (CVE-2023-4156), unzip-6.0-56.el9 (CVE-2021-4217, CVE-2022-0529, CVE-2022-0530), libpng-2:1.6.37-12.el9 (CVE-2022-3857), ncurses-base-6.2-8.20210508.el9 (CVE-2023-50495), pcre2-utf32-10.40-2.el9 (CVE-2022-41409), ncurses-libs-6.2-8.20210508.el9 (CVE-2023-50495), vim-filesystem-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), cpp-11.3.1-2.1.el9 (CVE-2022-27943), libstdc++-11.3.1-2.1.el9 (CVE-2022-27943), pkgconf-pkg-config-1.7.3-9.el9 (CVE-2023-24056), vim-minimal-2:8.2.2637-20.el9_1 (CVE-2021-3927, CVE-2021-3928, CVE-2021-3968, CVE-2021-3973, CVE-2021-3974, CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2022-0213, CVE-2022-0351, CVE-2022-1616, CVE-2022-1619, CVE-2022-1620, CVE-2022-1674, CVE-2022-1720, CVE-2022-1725, CVE-2022-2042, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2182, CVE-2022-2183, CVE-2022-2206, CVE-2022-2207, CVE-2022-2208, CVE-2022-2210, CVE-2022-2257, CVE-2022-2284, CVE-2022-2285, CVE-2022-2286, CVE-2022-2287, CVE-2022-2304, CVE-2022-2343, CVE-2022-2344, CVE-2022-2345, CVE-2022-2522, CVE-2022-2817, CVE-2022-2819, CVE-2022-2845, CVE-2022-2849, CVE-2022-2862, CVE-2022-2874, CVE-2022-2889, CVE-2022-2923, CVE-2022-2946, CVE-2022-2980, CVE-2022-2982, CVE-2022-3016, CVE-2022-3037, CVE-2022-3099, CVE-2022-3134, CVE-2022-3153, CVE-2022-3234, CVE-2022-3235, CVE-2022-3256, CVE-2022-3278, CVE-2022-3296, CVE-2022-3297, CVE-2022-3324, CVE-2022-3352, CVE-2022-3705, CVE-2022-4141, CVE-2022-4292, CVE-2022-4293, CVE-2023-0049, CVE-2023-0051, CVE-2023-0054, CVE-2023-0288, CVE-2023-0433, CVE-2023-0512, CVE-2023-1127, CVE-2023-1170, CVE-2023-1175, CVE-2023-1264, CVE-2023-2609, CVE-2023-2610, CVE-2023-46246, CVE-2023-4734, CVE-2023-4735, CVE-2023-4738, CVE-2023-4751, CVE-2023-4781, CVE-2023-48231, CVE-2023-48232, CVE-2023-48233, CVE-2023-48234, CVE-2023-48235, CVE-2023-48236, CVE-2023-48237, CVE-2023-48706, CVE-2023-5344, CVE-2023-5441, CVE-2023-5535, CVE-2024-22667, CVE-2024-41957, CVE-2024-41965, CVE-2024-43374, CVE-2024-43802, CVE-2024-45306, CVE-2024-47814, CVE-2025-1215, CVE-2025-22134, CVE-2025-24014, CVE-2025-26603), python3-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), libarchive-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), nodejs-full-i18n-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libxslt-1.1.34-9.el9 (CVE-2025-11731), ncurses-6.2-8.20210508.el9 (CVE-2023-50495), libX11-xcb-1.7.0-7.el9 (CVE-2022-3555), gdb-gdbserver-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), gdb-headless-10.2-10.el9 (CVE-2022-47007, CVE-2022-47010, CVE-2022-47011, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), emacs-filesystem-1:27.2-6.el9 (CVE-2017-1000383), glib2-devel-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), gcc-c++-11.3.1-2.1.el9 (CVE-2022-27943), elfutils-debuginfod-client-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), nodejs-libs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), pkgconf-1.7.3-9.el9 (CVE-2023-24056), nodejs-docs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), tar-2:1.34-6.el9_1 (CVE-2023-39804), binutils-gold-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), libxslt-devel-1.1.34-9.el9 (CVE-2025-11731), gcc-11.3.1-2.1.el9 (CVE-2022-27943), libX11-common-1.7.0-7.el9 (CVE-2022-3555), pkgconf-m4-1.7.3-9.el9 (CVE-2023-24056), libX11-devel-1.7.0-7.el9 (CVE-2022-3555), libcurl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), cmake-filesystem-3.20.2-7.el9 (CVE-2025-9301), curl-minimal-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), libstdc++-devel-11.3.1-2.1.el9 (CVE-2022-27943), gnupg2-2.3.3-2.el9_0 (CVE-2022-3219, CVE-2025-30258), pcre2-devel-10.40-2.el9 (CVE-2022-41409), binutils-2.35.2-24.el9 (CVE-2021-3826, CVE-2022-38533, CVE-2022-44840, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011, CVE-2023-1972, CVE-2024-57360, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-11839, CVE-2025-11840, CVE-2025-3198), elfutils-default-yama-scope-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), nodejs-1:16.18.1-3.el9_1 (CVE-2023-39333, CVE-2023-45143, CVE-2024-21538, CVE-2025-47279, CVE-2025-5889), libcurl-devel-7.76.1-19.el9_1.1 (CVE-2024-11053, CVE-2024-7264, CVE-2024-9681), pcre2-syntax-10.40-2.el9 (CVE-2022-41409), elfutils-libelf-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), elfutils-libs-0.187-5.el9 (CVE-2024-25260, CVE-2025-1371, CVE-2025-1376, CVE-2025-1377), bsdtar-3.5.3-3.el9 (CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), libpng-devel-2:1.6.37-12.el9 (CVE-2022-3857), python3-libs-3.9.14-1.el9_1.2 (CVE-2025-1795, CVE-2025-6075), glib2-2.68.4-5.el9 (CVE-2023-32636, CVE-2025-3360), patch-2.7.6-16.el9 (CVE-2021-45261), libxml2-devel-2.9.13-3.el9_1 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), gcc-plugin-annobin-11.3.1-2.1.el9 (CVE-2022-27943)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 444 } }, { "msg": "Found packages with unknown vulnerabilities. Consider updating to a newer version of those packages, they may no longer be affected by the reported CVEs.", "metadata": { "details": { "description": "Vulnerabilities found: libwebp-devel-1.2.0-3.el9 (CVE-2023-5129), libwebp-1.2.0-3.el9 (CVE-2023-5129)", "name": "clair_unknown_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 2 } } ] } ] {"vulnerabilities":{"critical":0,"high":228,"medium":701,"low":187,"unknown":2},"unpatched_vulnerabilities":{"critical":0,"high":1,"medium":207,"low":444,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "digests": ["sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:19:38+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | init container: place-scripts 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-0-sp6mw 2026/02/10 22:18:24 Decoded script /tekton/scripts/script-1-ppxb4 pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 33.269 sec (0 m 33 s) Start Date: 2026:02:10 22:18:48 End Date: 2026:02:10 22:19:21 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761961","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "digests": ["sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f"]}} pod: go-component-urfrln-on-pull-request-j4rb2-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading df118636bfac clamscan-result-amd64.log Uploading 5426cc528b5a clamscan-ec-test-amd64.json Uploaded df118636bfac clamscan-result-amd64.log Uploaded 5426cc528b5a clamscan-ec-test-amd64.json Uploading ecbfcc68b3bc application/vnd.oci.image.manifest.v1+json Uploaded ecbfcc68b3bc application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:ecbfcc68b3bc5e508a9c8a48248197f3f1a5f57a52c2e8981a2915a837319199 pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | init container: prepare 2026/02/10 22:16:46 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | init container: place-scripts 2026/02/10 22:16:46 Decoded script /tekton/scripts/script-0-2c6vb 2026/02/10 22:16:46 Decoded script /tekton/scripts/script-1-vbfn4 pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761810.7409165,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761810.932223,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/group-snapshot-multi-component @ 27c8fd00029d26c81cc79ce57fa942af87688b50 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1770761810.9322724,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761810.9608169,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 27c8fd00029d26c81cc79ce57fa942af87688b50 directly. pod: go-component-urfrln-on-pull-request-j4rb2-clone-repository-pod | container step-symlink-check: Running symlink check pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | init container: prepare 2026/02/10 22:16:32 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | init container: place-scripts 2026/02/10 22:16:33 Decoded script /tekton/scripts/script-0-sck9r pod: go-component-urfrln-on-pull-request-j4rb2-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-m5bqj pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-push-dockerfile-pod | container step-push: [2026-02-10T22:18:32,553826208+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.qWcUMGbNLh --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:sha256-ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f.dockerfile Dockerfile pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-mzv7w 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-hxfjz pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-118.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-123.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:33+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull-request-j4rb2-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 3b606a9dd3a1 shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading c2ce31f509ee application/vnd.oci.image.manifest.v1+json Uploaded c2ce31f509ee application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:c2ce31f509ee781f8f6fe525190464042122a78749c4b4d8bda6d7c26900286d No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-kczxc 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-6w67x pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: go-component-urfrln INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: go-component-urfrln-on-pull-request-j4rb2-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: prepare 2026/02/10 22:18:27 Entrypoint initialization pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: place-scripts 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-0-g7bbj 2026/02/10 22:18:28 Decoded script /tekton/scripts/script-1-svf6q pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | init container: working-dir-initializer pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=go-component-urfrln + echo 'INFO: The PROJECT_NAME used is: go-component-urfrln' INFO: The PROJECT_NAME used is: go-component-urfrln + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /workspace/workspace/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/workspace/workspace/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:33+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:33+00:00","note":"Task sast-unicode-check success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: go-component-urfrln-on-pull1f1b6dcb79212fb11b6aabf3c40dc97e-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Attaching to quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 901f6753eae2 application/vnd.oci.image.manifest.v1+json Uploaded 901f6753eae2 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50@sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f Digest: sha256:901f6753eae213758438b26a67853eca1d041ab28255303c1c74fc0577b96386 No excluded-findings.json exists. Skipping upload. pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | init container: prepare 2026/02/10 22:16:54 Entrypoint initialization pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | init container: place-scripts 2026/02/10 22:16:54 Decoded script /tekton/scripts/script-0-mk4bd 2026/02/10 22:16:54 Decoded script /tekton/scripts/script-1-vkkxx pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | container step-sanitize-config-file-with-yq: pod: go-component-urfrln-on-pull71ec1bde19d8010f2244db6f98bc0a23-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | init container: prepare 2026/02/10 22:18:24 Entrypoint initialization pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | init container: place-scripts 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-0-d6zrd 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-1-xhrsx 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-2-px55g 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-3-qvnh5 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-4-cdqbc 2026/02/10 22:18:25 Decoded script /tekton/scripts/script-5-tqbmr pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 Using token for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln Auth json written to "/auth/auth.json". pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-set-skip-for-bundles: 2026/02/10 22:18:30 INFO Step was skipped due to when expressions were evaluated to false. pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-app-check: time="2026-02-10T22:18:30Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:18:30Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 for platform amd64" time="2026-02-10T22:18:30Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50" time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:19:08Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:19:08Z" level=info msg="USER 1001 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:19:08Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:19:36Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:19:36Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:19:36Z" level=info msg="This image's tag on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 will be paired with digest sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 117, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 27901, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 226, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:19:37Z" level=info msg="Preflight result: FAILED" pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761977","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50 pod: go-component-urfrln-on-pullb036d4b7c265eef3f921b3848dfce3c4-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761977","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} { s: "\n pod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | init container: prepare\n2026/02/10 22:18:24 Entrypoint initialization\n\npod: go-component-urfrln-on-pull-request-j4rb2-apply-tags-pod | container step-apply-additional-tags: \ntime=\"2026-02-10T22:18:26Z\" level=info msg=\"[param] Image URL: quay.io/redhat-appstudio-qe/group-vyjn/go-component-urfrln:on-pr-27c8fd00029d26c81cc79ce57fa942af87688b50\"\ntime=\"2026-02-10T22:18:26Z\" level=info msg=\"[param] Image digest: sha256:ea4430af58d3a40c9a241ed09c7096c66d56a00b1fc8ddaff66a6553fce7b11f\"\ntime=\"2026-02-10T22:18:26Z\" level=info msg=\"[param] image label: konflux.additional-tags\"\ntime=\"2026-02-10T22:18:26Z\" level=warning msg=\"No tags given in 'konflux.additional-tags' image label\"\n{\"tags\":[]}\n pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: prepare\n2026/02/10 22:17:01 Entrypoint initialization\n\n pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: place-scripts\n2026/02/10 22:17:01 Decoded script /tekton/scripts/script-0-f8ndg\n2026/02/10 22:17:01 Decoded script /tekton/scripts/script-1-5gnxr\n2026/02/10 22:17:01 Decoded script /tekton/scripts/script-2-qnsmj\n2026/02/10 22:17:01 Decoded script /tekton/scripts/script-3-9r4cv\n2026/02/10 22:17:01 Decoded script /tekton/scripts/script-4-6thh6\n\n pod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | init container: working-dir-initializer\n\npod: go-component-urfrln-on-pull-request-j4rb2-build-container-pod | container step-build: \n[2026-02-10T22:17:05,864584967+00:00] Validate context path\n[2026-02-10T22:17:05,867867077+00:00] Update CA trust\n[2026-02-10T22:17:05,868901787+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'\n[2026-02-10T22:17:07,839308060+00:00] Prepare Dockerfile\nChecking if /var/workdir/cachi2/output/bom.json exists.\nCould not find prefetched sbom. No content_sets found for ICM\n[2026-02-10T22:17:07,845030262+00:00] Prepare system (architecture: x86_64)\n[2026-02-10T22:17:07,964595453+00:00] Setup prefetched\nTrying to pull registry.access.redhat.com/ubi9/go-toolset:1.18.9-14...\nGetting image source signatures\nChecking if image destination supports signatures\nCopying blob sha256:e76793d6902ad1adb19ede3d720024cf0cd8427b3ff606554a4bcafba03dddf4\nCopying blob sha256:2a625e4afab51b49edb0e5f4ff37d8afbb20ec644ed1e68641358a6305557de3\nCopying blob sha256:4a13c0e9217d70e608f2d5f5d3c5ffa6d9cd16908b3f83a7a97492d355d25a09\nCopying blob sha256:0ab0ba77295aca9b12f463cb7198f0b8b6990b41151dbbd4e1b224fe85244b83\nCopying config sha256:391a2eac28d98dc72726df1faa77db28f6899a77c91ad40f2bdad62baf041301\nWriting manifest to image destination\nStoring signatures\n[2026-02-10T22:17:20,354326246+00:00] Unsetting proxy\n{\n \"architecture\": \"x86_64\",\n \"build-date\": \"2026-02-10T22:17:07Z\",\n \"com.redhat.component\": \"go-toolset-container\",\n \"com.redhat.license_terms\": \"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\",\n \"description\": \"Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.\",\n \"distribution-scope\": \"public\",\n \"io.buildah.version\": \"1.42.2\",\n \"io.k8s.description\": \"Go Toolset available as a container is a base platform for building and running various Go applications and frameworks. Go is an easy to learn, powerful, statically typed language in the C/C++ tradition with garbage collection, concurrent programming support, and memory safety features.\",\n \"io.k8s.display-name\": \"Go 1.18.9\",\n \"io.openshift.expose-services\": \"\",\n \"io.openshift.s2i.scripts-url\": \"image:///usr/libexec/s2i\",... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.EaIZ2fdreL/tests/integration-service/group-snapshots-tests.go:161 @ 02/10/26 22:19:47.506 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS ------------------------------ • [FAILED] [1417.580 seconds] [konflux-demo-suite] Maven project - Default build when Build PipelineRun is created [It] should eventually complete successfully [konflux, upstream-konflux] /tmp/tmp.EaIZ2fdreL/tests/konflux-demo/konflux-demo.go:280 Timeline >> PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: ResolvingTaskRef PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Running PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-slph4 reason: Failed attempt 1/6: PipelineRun "konflux-demo-component-tfry-on-push-slph4" failed: pod: konflux-demo-component-tfry-on-push-slph4-apply-tags-pod | init container: prepare 2026/02/10 22:09:39 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:09:42Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71" time="2026-02-10T22:09:42Z" level=info msg="[param] Image digest: sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c" time="2026-02-10T22:09:42Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:09:43Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | init container: prepare 2026/02/10 22:05:31 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | init container: place-scripts 2026/02/10 22:05:31 Decoded script /tekton/scripts/script-1-x45sn 2026/02/10 22:05:31 Decoded script /tekton/scripts/script-2-fcwhx 2026/02/10 22:05:31 Decoded script /tekton/scripts/script-3-5g65z 2026/02/10 22:05:31 Decoded script /tekton/scripts/script-4-lzskb 2026/02/10 22:05:31 Decoded script /tekton/scripts/script-5-nkqws pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.HihUOn/auth-qNwUlm.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-build: [2026-02-10T22:06:16,677112625+00:00] Validate context path [2026-02-10T22:06:16,680188458+00:00] Update CA trust [2026-02-10T22:06:16,681213733+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:06:18,696128729+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:06:18,701930935+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:06:49,743415886+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:06:57,167320723+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:06:49Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:06:49Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "2faa465d3060e1882317353f3b2796812d216a71", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "2faa465d3060e1882317353f3b2796812d216a71", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:06:57,214252967+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:06:57,217524999+00:00] Add secrets [2026-02-10T22:06:57,225031491+00:00] Run buildah build [2026-02-10T22:06:57,226080287+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=2faa465d3060e1882317353f3b2796812d216a71 --label org.opencontainers.image.revision=2faa465d3060e1882317353f3b2796812d216a71 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:06:49Z --label org.opencontainers.image.created=2026-02-10T22:06:49Z --annotation org.opencontainers.image.revision=2faa465d3060e1882317353f3b2796812d216a71 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:06:49Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.XcUlS9 -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 702 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 241 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 507 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 260 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 503 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 480 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 260 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 579 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 603 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 279 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 954 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 293 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 544 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 202 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 830 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 433 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 607 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 78 kB/s) Progress (1): 2.0 kB Progress (2): 2.0 kB | 2.3/7.1 kB Progress (2): 2.0 kB | 5.0/7.1 kB Progress (2): 2.0 kB | 7.1 kB Progress (3): 2.0 kB | 7.1 kB | 2.3/3.6 kB Progress (3): 2.0 kB | 7.1 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 33 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 104 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 45 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 224 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/13 kB Progress (1): 5.0/13 kB Progress (1): 7.8/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 2.3/226 kB Progress (2): 13 kB | 5.0/226 kB Progress (2): 13 kB | 7.8/226 kB Progress (2): 13 kB | 11/226 kB Progress (2): 13 kB | 13/226 kB Progress (2): 13 kB | 16/226 kB Progress (2): 13 kB | 19/226 kB Progress (2): 13 kB | 21/226 kB Progress (2): 13 kB | 24/226 kB Progress (2): 13 kB | 27/226 kB Progress (2): 13 kB | 30/226 kB Progress (2): 13 kB | 33/226 kB Progress (2): 13 kB | 36/226 kB Progress (2): 13 kB | 38/226 kB Progress (2): 13 kB | 41/226 kB Progress (2): 13 kB | 44/226 kB Progress (2): 13 kB | 48/226 kB Progress (2): 13 kB | 52/226 kB Progress (2): 13 kB | 56/226 kB Progress (2): 13 kB | 60/226 kB Progress (2): 13 kB | 64/226 kB Progress (2): 13 kB | 68/226 kB Progress (2): 13 kB | 72/226 kB Progress (2): 13 kB | 77/226 kB Progress (2): 13 kB | 81/226 kB Progress (2): 13 kB | 85/226 kB Progress (2): 13 kB | 89/226 kB Progress (2): 13 kB | 93/226 kB Progress (2): 13 kB | 97/226 kB Progress (2): 13 kB | 101/226 kB Progress (2): 13 kB | 105/226 kB Progress (2): 13 kB | 109/226 kB Progress (2): 13 kB | 111/226 kB Progress (2): 13 kB | 116/226 kB Progress (2): 13 kB | 120/226 kB Progress (2): 13 kB | 124/226 kB Progress (2): 13 kB | 128/226 kB Progress (2): 13 kB | 132/226 kB Progress (2): 13 kB | 136/226 kB Progress (2): 13 kB | 140/226 kB Progress (2): 13 kB | 144/226 kB Progress (2): 13 kB | 148/226 kB Progress (2): 13 kB | 152/226 kB Progress (2): 13 kB | 156/226 kB Progress (2): 13 kB | 160/226 kB Progress (2): 13 kB | 164/226 kB Progress (2): 13 kB | 168/226 kB Progress (2): 13 kB | 172/226 kB Progress (2): 13 kB | 176/226 kB Progress (2): 13 kB | 180/226 kB Progress (2): 13 kB | 184/226 kB Progress (2): 13 kB | 188/226 kB Progress (2): 13 kB | 193/226 kB Progress (2): 13 kB | 197/226 kB Progress (2): 13 kB | 201/226 kB Progress (2): 13 kB | 205/226 kB Progress (2): 13 kB | 209/226 kB Progress (2): 13 kB | 213/226 kB Progress (2): 13 kB | 217/226 kB Progress (2): 13 kB | 221/226 kB Progress (2): 13 kB | 225/226 kB Progress (2): 13 kB | 226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 226 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 2.7 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 136 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 8.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 8.3 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 373 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 232 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 276 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.3/35 kB Progress (1): 5.0/35 kB Progress (1): 7.8/35 kB Progress (1): 11/35 kB Progress (1): 13/35 kB Progress (1): 16/35 kB Progress (1): 19/35 kB Progress (1): 21/35 kB Progress (1): 24/35 kB Progress (1): 27/35 kB Progress (1): 30/35 kB Progress (1): 32/35 kB Progress (1): 35/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/152 kB Progress (2): 35 kB | 7.7/152 kB Progress (2): 35 kB | 12/152 kB Progress (3): 35 kB | 12/152 kB | 4.1/116 kB Progress (3): 35 kB | 16/152 kB | 4.1/116 kB Progress (3): 35 kB | 16/152 kB | 7.7/116 kB Progress (3): 35 kB | 16/152 kB | 12/116 kB Progress (3): 35 kB | 16/152 kB | 16/116 kB Progress (3): 35 kB | 20/152 kB | 16/116 kB Progress (3): 35 kB | 24/152 kB | 16/116 kB Progress (3): 35 kB | 28/152 kB | 16/116 kB Progress (3): 35 kB | 28/152 kB | 20/116 kB Progress (3): 35 kB | 28/152 kB | 24/116 kB Progress (3): 35 kB | 28/152 kB | 28/116 kB Progress (3): 35 kB | 32/152 kB | 28/116 kB Progress (3): 35 kB | 32/152 kB | 32/116 kB Progress (3): 35 kB | 36/152 kB | 32/116 kB Progress (3): 35 kB | 40/152 kB | 32/116 kB Progress (3): 35 kB | 44/152 kB | 32/116 kB Progress (3): 35 kB | 44/152 kB | 36/116 kB Progress (3): 35 kB | 44/152 kB | 41/116 kB Progress (3): 35 kB | 44/152 kB | 45/116 kB Progress (3): 35 kB | 48/152 kB | 45/116 kB Progress (3): 35 kB | 48/152 kB | 49/116 kB Progress (3): 35 kB | 53/152 kB | 49/116 kB Progress (3): 35 kB | 57/152 kB | 49/116 kB Progress (3): 35 kB | 61/152 kB | 49/116 kB Progress (3): 35 kB | 61/152 kB | 53/116 kB Progress (3): 35 kB | 61/152 kB | 57/116 kB Progress (3): 35 kB | 65/152 kB | 57/116 kB Progress (3): 35 kB | 65/152 kB | 61/116 kB Progress (3): 35 kB | 69/152 kB | 61/116 kB Progress (3): 35 kB | 69/152 kB | 65/116 kB Progress (3): 35 kB | 73/152 kB | 65/116 kB Progress (3): 35 kB | 77/152 kB | 65/116 kB Progress (3): 35 kB | 77/152 kB | 69/116 kB Progress (3): 35 kB | 81/152 kB | 69/116 kB Progress (3): 35 kB | 81/152 kB | 73/116 kB Progress (3): 35 kB | 85/152 kB | 73/116 kB Progress (3): 35 kB | 85/152 kB | 77/116 kB Progress (3): 35 kB | 89/152 kB | 77/116 kB Progress (3): 35 kB | 89/152 kB | 81/116 kB Progress (3): 35 kB | 94/152 kB | 81/116 kB Progress (3): 35 kB | 94/152 kB | 86/116 kB Progress (3): 35 kB | 98/152 kB | 86/116 kB Progress (3): 35 kB | 98/152 kB | 90/116 kB Progress (3): 35 kB | 102/152 kB | 90/116 kB Progress (3): 35 kB | 102/152 kB | 94/116 kB Progress (3): 35 kB | 106/152 kB | 94/116 kB Progress (3): 35 kB | 106/152 kB | 98/116 kB Progress (3): 35 kB | 110/152 kB | 98/116 kB Progress (3): 35 kB | 110/152 kB | 102/116 kB Progress (3): 35 kB | 114/152 kB | 102/116 kB Progress (3): 35 kB | 114/152 kB | 106/116 kB Progress (3): 35 kB | 118/152 kB | 106/116 kB Progress (3): 35 kB | 118/152 kB | 110/116 kB Progress (3): 35 kB | 122/152 kB | 110/116 kB Progress (3): 35 kB | 122/152 kB | 114/116 kB Progress (3): 35 kB | 126/152 kB | 114/116 kB Progress (3): 35 kB | 126/152 kB | 116 kB Progress (3): 35 kB | 130/152 kB | 116 kB Progress (3): 35 kB | 134/152 kB | 116 kB Progress (3): 35 kB | 139/152 kB | 116 kB Progress (3): 35 kB | 143/152 kB | 116 kB Progress (3): 35 kB | 147/152 kB | 116 kB Progress (4): 35 kB | 147/152 kB | 116 kB | 3.8/57 kB Progress (4): 35 kB | 151/152 kB | 116 kB | 3.8/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 3.8/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 7.9/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 12/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 16/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 20/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 24/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 28/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 32/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 36/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 40/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 44/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 48/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 53/57 kB Progress (4): 35 kB | 152 kB | 116 kB | 57 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 2.3/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 5.0/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 7.8/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 11/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 13/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 16/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 19/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 21/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 24/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 27/29 kB Progress (5): 35 kB | 152 kB | 116 kB | 57 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 904 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 942 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 474 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 2.3/21 kB Progress (1): 5.0/21 kB Progress (1): 7.8/21 kB Progress (1): 11/21 kB Progress (1): 15/21 kB Progress (1): 19/21 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (1): 4.1/9.9 kB Progress (1): 7.7/9.9 kB Progress (1): 9.9 kB Progress (2): 9.9 kB | 3.4/5.9 kB Progress (2): 9.9 kB | 5.9 kB Progress (3): 9.9 kB | 5.9 kB | 2.3/24 kB Progress (3): 9.9 kB | 5.9 kB | 5.0/24 kB Progress (3): 9.9 kB | 5.9 kB | 7.8/24 kB Progress (3): 9.9 kB | 5.9 kB | 11/24 kB Progress (3): 9.9 kB | 5.9 kB | 13/24 kB Progress (3): 9.9 kB | 5.9 kB | 16/24 kB Progress (3): 9.9 kB | 5.9 kB | 18/24 kB Progress (3): 9.9 kB | 5.9 kB | 21/24 kB Progress (3): 9.9 kB | 5.9 kB | 24/24 kB Progress (3): 9.9 kB | 5.9 kB | 24 kB Progress (4): 9.9 kB | 5.9 kB | 24 kB | 3.8/14 kB Progress (4): 9.9 kB | 5.9 kB | 24 kB | 7.9/14 kB Progress (4): 9.9 kB | 5.9 kB | 24 kB | 12/14 kB Progress (4): 9.9 kB | 5.9 kB | 24 kB | 14 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 3.8/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 7.9/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 12/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 16/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 20/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 24/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 28/30 kB Progress (5): 9.9 kB | 5.9 kB | 24 kB | 14 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 245 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (1): 3.8/37 kB Progress (1): 7.9/37 kB Progress (1): 12/37 kB Progress (1): 16/37 kB Progress (1): 20/37 kB Progress (1): 24/37 kB Progress (1): 28/37 kB Progress (1): 32/37 kB Progress (1): 37/37 kB Progress (1): 37 kB Progress (2): 37 kB | 4.1/13 kB Progress (2): 37 kB | 7.5/13 kB Progress (2): 37 kB | 12/13 kB Progress (2): 37 kB | 13 kB Progress (3): 37 kB | 13 kB | 3.8/49 kB Progress (3): 37 kB | 13 kB | 7.9/49 kB Progress (3): 37 kB | 13 kB | 12/49 kB Progress (4): 37 kB | 13 kB | 12/49 kB | 4.1/38 kB Progress (4): 37 kB | 13 kB | 16/49 kB | 4.1/38 kB Progress (4): 37 kB | 13 kB | 16/49 kB | 7.7/38 kB Progress (4): 37 kB | 13 kB | 16/49 kB | 12/38 kB Progress (4): 37 kB | 13 kB | 20/49 kB | 12/38 kB Progress (4): 37 kB | 13 kB | 20/49 kB | 16/38 kB Progress (4): 37 kB | 13 kB | 24/49 kB | 16/38 kB Progress (4): 37 kB | 13 kB | 28/49 kB | 16/38 kB Progress (4): 37 kB | 13 kB | 32/49 kB | 16/38 kB Progress (4): 37 kB | 13 kB | 32/49 kB | 20/38 kB Progress (4): 37 kB | 13 kB | 32/49 kB | 24/38 kB Progress (4): 37 kB | 13 kB | 37/49 kB | 24/38 kB Progress (4): 37 kB | 13 kB | 37/49 kB | 28/38 kB Progress (4): 37 kB | 13 kB | 37/49 kB | 32/38 kB Progress (4): 37 kB | 13 kB | 41/49 kB | 32/38 kB Progress (4): 37 kB | 13 kB | 41/49 kB | 36/38 kB Progress (4): 37 kB | 13 kB | 45/49 kB | 36/38 kB Progress (4): 37 kB | 13 kB | 45/49 kB | 38 kB Progress (4): 37 kB | 13 kB | 49/49 kB | 38 kB Progress (4): 37 kB | 13 kB | 49 kB | 38 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 3.8/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 7.9/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 12/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 16/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 20/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 24/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 28/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 32/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 37/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 41/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 45/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 49/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 53/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 57/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 61/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 65/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 69/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 73/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 78/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 82/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 86/87 kB Progress (5): 37 kB | 13 kB | 49 kB | 38 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 508 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (1): 3.8/10 kB Progress (1): 7.5/10 kB Progress (1): 10 kB Progress (2): 10 kB | 3.8/194 kB Progress (2): 10 kB | 7.9/194 kB Progress (2): 10 kB | 12/194 kB Progress (2): 10 kB | 16/194 kB Progress (2): 10 kB | 20/194 kB Progress (2): 10 kB | 24/194 kB Progress (2): 10 kB | 28/194 kB Progress (2): 10 kB | 32/194 kB Progress (2): 10 kB | 37/194 kB Progress (2): 10 kB | 41/194 kB Progress (2): 10 kB | 45/194 kB Progress (2): 10 kB | 49/194 kB Progress (2): 10 kB | 53/194 kB Progress (2): 10 kB | 57/194 kB Progress (2): 10 kB | 61/194 kB Progress (2): 10 kB | 65/194 kB Progress (2): 10 kB | 69/194 kB Progress (2): 10 kB | 73/194 kB Progress (2): 10 kB | 78/194 kB Progress (2): 10 kB | 82/194 kB Progress (2): 10 kB | 86/194 kB Progress (2): 10 kB | 90/194 kB Progress (2): 10 kB | 94/194 kB Progress (2): 10 kB | 98/194 kB Progress (2): 10 kB | 102/194 kB Progress (2): 10 kB | 106/194 kB Progress (2): 10 kB | 110/194 kB Progress (2): 10 kB | 114/194 kB Progress (2): 10 kB | 118/194 kB Progress (2): 10 kB | 123/194 kB Progress (2): 10 kB | 127/194 kB Progress (2): 10 kB | 131/194 kB Progress (2): 10 kB | 135/194 kB Progress (2): 10 kB | 139/194 kB Progress (2): 10 kB | 143/194 kB Progress (2): 10 kB | 147/194 kB Progress (2): 10 kB | 151/194 kB Progress (2): 10 kB | 155/194 kB Progress (2): 10 kB | 159/194 kB Progress (2): 10 kB | 164/194 kB Progress (2): 10 kB | 168/194 kB Progress (2): 10 kB | 172/194 kB Progress (2): 10 kB | 176/194 kB Progress (2): 10 kB | 180/194 kB Progress (2): 10 kB | 184/194 kB Progress (2): 10 kB | 188/194 kB Progress (2): 10 kB | 192/194 kB Progress (2): 10 kB | 194 kB Progress (3): 10 kB | 194 kB | 4.1/86 kB Progress (3): 10 kB | 194 kB | 7.7/86 kB Progress (3): 10 kB | 194 kB | 12/86 kB Progress (3): 10 kB | 194 kB | 16/86 kB Progress (3): 10 kB | 194 kB | 20/86 kB Progress (3): 10 kB | 194 kB | 24/86 kB Progress (3): 10 kB | 194 kB | 28/86 kB Progress (3): 10 kB | 194 kB | 32/86 kB Progress (3): 10 kB | 194 kB | 36/86 kB Progress (3): 10 kB | 194 kB | 40/86 kB Progress (3): 10 kB | 194 kB | 44/86 kB Progress (3): 10 kB | 194 kB | 48/86 kB Progress (3): 10 kB | 194 kB | 53/86 kB Progress (3): 10 kB | 194 kB | 57/86 kB Progress (3): 10 kB | 194 kB | 61/86 kB Progress (4): 10 kB | 194 kB | 61/86 kB | 4.1/121 kB Progress (4): 10 kB | 194 kB | 61/86 kB | 7.7/121 kB Progress (4): 10 kB | 194 kB | 61/86 kB | 12/121 kB Progress (4): 10 kB | 194 kB | 65/86 kB | 12/121 kB Progress (4): 10 kB | 194 kB | 65/86 kB | 16/121 kB Progress (4): 10 kB | 194 kB | 69/86 kB | 16/121 kB Progress (4): 10 kB | 194 kB | 73/86 kB | 16/121 kB Progress (4): 10 kB | 194 kB | 77/86 kB | 16/121 kB Progress (4): 10 kB | 194 kB | 77/86 kB | 20/121 kB Progress (4): 10 kB | 194 kB | 77/86 kB | 24/121 kB Progress (4): 10 kB | 194 kB | 77/86 kB | 28/121 kB Progress (4): 10 kB | 194 kB | 81/86 kB | 28/121 kB Progress (4): 10 kB | 194 kB | 85/86 kB | 28/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 28/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 32/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 36/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 40/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 44/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 48/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 53/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 57/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 61/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 65/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 69/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 73/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 77/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 81/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 85/121 kB Progress (4): 10 kB | 194 kB | 86 kB | 89/121 kB Progress (5): 10 kB | 194 kB | 86 kB | 89/121 kB | 4.1/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 93/121 kB | 4.1/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 93/121 kB | 7.7/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 93/121 kB | 12/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 93/121 kB | 16/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 98/121 kB | 16/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 98/121 kB | 20/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 102/121 kB | 20/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 102/121 kB | 24/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 106/121 kB | 24/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 106/121 kB | 28/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 110/121 kB | 28/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 110/121 kB | 32/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 114/121 kB | 32/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 114/121 kB | 36/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 118/121 kB | 36/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 118/121 kB | 41/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 41/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 45/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 49/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 53/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 57/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 61/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 65/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 69/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 73/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 77/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 81/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 86/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 90/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 94/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 98/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 102/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 106/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 110/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 114/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 118/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 122/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 127/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 131/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 135/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 139/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 143/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 147/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 151/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 155/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 159/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 163/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 167/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 172/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 176/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 180/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 184/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 188/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 192/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 196/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 200/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 204/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 208/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 213/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 217/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 221/223 kB Progress (5): 10 kB | 194 kB | 86 kB | 121 kB | 223 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 903 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 538 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 381 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 954 kB/s) Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Progress (2): 43 kB | 4.1/61 kB Progress (2): 43 kB | 7.7/61 kB Progress (2): 43 kB | 12/61 kB Progress (2): 43 kB | 16/61 kB Progress (2): 43 kB | 20/61 kB Progress (2): 43 kB | 24/61 kB Progress (2): 43 kB | 28/61 kB Progress (2): 43 kB | 32/61 kB Progress (2): 43 kB | 36/61 kB Progress (2): 43 kB | 41/61 kB Progress (2): 43 kB | 45/61 kB Progress (2): 43 kB | 49/61 kB Progress (2): 43 kB | 53/61 kB Progress (2): 43 kB | 57/61 kB Progress (2): 43 kB | 61/61 kB Progress (2): 43 kB | 61 kB Progress (3): 43 kB | 61 kB | 4.1/6.8 kB Progress (3): 43 kB | 61 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 163 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 226 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 25 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 364 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 467 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 579 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 145 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 360 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 409 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 247 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 417 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 378 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.8 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.7/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 4.1/89 kB Progress (2): 13 kB | 7.7/89 kB Progress (2): 13 kB | 12/89 kB Progress (2): 13 kB | 16/89 kB Progress (2): 13 kB | 20/89 kB Progress (2): 13 kB | 24/89 kB Progress (2): 13 kB | 28/89 kB Progress (2): 13 kB | 32/89 kB Progress (2): 13 kB | 36/89 kB Progress (2): 13 kB | 41/89 kB Progress (2): 13 kB | 45/89 kB Progress (2): 13 kB | 49/89 kB Progress (3): 13 kB | 49/89 kB | 4.1/211 kB Progress (3): 13 kB | 53/89 kB | 4.1/211 kB Progress (3): 13 kB | 57/89 kB | 4.1/211 kB Progress (3): 13 kB | 57/89 kB | 7.7/211 kB Progress (3): 13 kB | 61/89 kB | 7.7/211 kB Progress (3): 13 kB | 61/89 kB | 12/211 kB Progress (3): 13 kB | 65/89 kB | 12/211 kB Progress (3): 13 kB | 69/89 kB | 12/211 kB Progress (3): 13 kB | 69/89 kB | 16/211 kB Progress (3): 13 kB | 73/89 kB | 16/211 kB Progress (3): 13 kB | 73/89 kB | 20/211 kB Progress (3): 13 kB | 77/89 kB | 20/211 kB Progress (3): 13 kB | 77/89 kB | 24/211 kB Progress (3): 13 kB | 81/89 kB | 24/211 kB Progress (3): 13 kB | 81/89 kB | 28/211 kB Progress (3): 13 kB | 86/89 kB | 28/211 kB Progress (3): 13 kB | 89 kB | 28/211 kB Progress (3): 13 kB | 89 kB | 32/211 kB Progress (4): 13 kB | 89 kB | 32/211 kB | 4.1/160 kB Progress (4): 13 kB | 89 kB | 36/211 kB | 4.1/160 kB Progress (4): 13 kB | 89 kB | 41/211 kB | 4.1/160 kB Progress (4): 13 kB | 89 kB | 41/211 kB | 7.7/160 kB Progress (4): 13 kB | 89 kB | 45/211 kB | 7.7/160 kB Progress (4): 13 kB | 89 kB | 45/211 kB | 12/160 kB Progress (4): 13 kB | 89 kB | 45/211 kB | 16/160 kB Progress (4): 13 kB | 89 kB | 49/211 kB | 16/160 kB Progress (4): 13 kB | 89 kB | 53/211 kB | 16/160 kB Progress (4): 13 kB | 89 kB | 53/211 kB | 20/160 kB Progress (4): 13 kB | 89 kB | 57/211 kB | 20/160 kB Progress (4): 13 kB | 89 kB | 57/211 kB | 24/160 kB Progress (4): 13 kB | 89 kB | 61/211 kB | 24/160 kB Progress (4): 13 kB | 89 kB | 61/211 kB | 28/160 kB Progress (4): 13 kB | 89 kB | 65/211 kB | 28/160 kB Progress (4): 13 kB | 89 kB | 65/211 kB | 32/160 kB Progress (4): 13 kB | 89 kB | 69/211 kB | 32/160 kB Progress (4): 13 kB | 89 kB | 69/211 kB | 36/160 kB Progress (4): 13 kB | 89 kB | 73/211 kB | 36/160 kB Progress (4): 13 kB | 89 kB | 73/211 kB | 41/160 kB Progress (4): 13 kB | 89 kB | 77/211 kB | 41/160 kB Progress (4): 13 kB | 89 kB | 77/211 kB | 45/160 kB Progress (4): 13 kB | 89 kB | 81/211 kB | 45/160 kB Progress (4): 13 kB | 89 kB | 81/211 kB | 49/160 kB Progress (4): 13 kB | 89 kB | 86/211 kB | 49/160 kB Progress (4): 13 kB | 89 kB | 86/211 kB | 53/160 kB Progress (4): 13 kB | 89 kB | 90/211 kB | 53/160 kB Progress (4): 13 kB | 89 kB | 90/211 kB | 57/160 kB Progress (4): 13 kB | 89 kB | 94/211 kB | 57/160 kB Progress (4): 13 kB | 89 kB | 94/211 kB | 61/160 kB Progress (4): 13 kB | 89 kB | 98/211 kB | 61/160 kB Progress (4): 13 kB | 89 kB | 98/211 kB | 65/160 kB Progress (4): 13 kB | 89 kB | 102/211 kB | 65/160 kB Progress (4): 13 kB | 89 kB | 102/211 kB | 69/160 kB Progress (4): 13 kB | 89 kB | 106/211 kB | 69/160 kB Progress (4): 13 kB | 89 kB | 106/211 kB | 73/160 kB Progress (4): 13 kB | 89 kB | 110/211 kB | 73/160 kB Progress (4): 13 kB | 89 kB | 110/211 kB | 77/160 kB Progress (4): 13 kB | 89 kB | 114/211 kB | 77/160 kB Progress (4): 13 kB | 89 kB | 114/211 kB | 81/160 kB Progress (4): 13 kB | 89 kB | 118/211 kB | 81/160 kB Progress (4): 13 kB | 89 kB | 118/211 kB | 86/160 kB Progress (4): 13 kB | 89 kB | 122/211 kB | 86/160 kB Progress (4): 13 kB | 89 kB | 122/211 kB | 90/160 kB Progress (4): 13 kB | 89 kB | 127/211 kB | 90/160 kB Progress (4): 13 kB | 89 kB | 127/211 kB | 94/160 kB Progress (4): 13 kB | 89 kB | 127/211 kB | 98/160 kB Progress (4): 13 kB | 89 kB | 131/211 kB | 98/160 kB Progress (4): 13 kB | 89 kB | 131/211 kB | 102/160 kB Progress (4): 13 kB | 89 kB | 135/211 kB | 102/160 kB Progress (4): 13 kB | 89 kB | 135/211 kB | 106/160 kB Progress (4): 13 kB | 89 kB | 135/211 kB | 110/160 kB Progress (4): 13 kB | 89 kB | 135/211 kB | 114/160 kB Progress (4): 13 kB | 89 kB | 139/211 kB | 114/160 kB Progress (4): 13 kB | 89 kB | 139/211 kB | 118/160 kB Progress (4): 13 kB | 89 kB | 143/211 kB | 118/160 kB Progress (4): 13 kB | 89 kB | 143/211 kB | 122/160 kB Progress (4): 13 kB | 89 kB | 147/211 kB | 122/160 kB Progress (4): 13 kB | 89 kB | 151/211 kB | 122/160 kB Progress (4): 13 kB | 89 kB | 151/211 kB | 127/160 kB Progress (4): 13 kB | 89 kB | 155/211 kB | 127/160 kB Progress (4): 13 kB | 89 kB | 155/211 kB | 131/160 kB Progress (4): 13 kB | 89 kB | 159/211 kB | 131/160 kB Progress (4): 13 kB | 89 kB | 159/211 kB | 135/160 kB Progress (4): 13 kB | 89 kB | 159/211 kB | 139/160 kB Progress (4): 13 kB | 89 kB | 163/211 kB | 139/160 kB Progress (4): 13 kB | 89 kB | 167/211 kB | 139/160 kB Progress (4): 13 kB | 89 kB | 167/211 kB | 143/160 kB Progress (4): 13 kB | 89 kB | 172/211 kB | 143/160 kB Progress (4): 13 kB | 89 kB | 172/211 kB | 147/160 kB Progress (4): 13 kB | 89 kB | 176/211 kB | 147/160 kB Progress (4): 13 kB | 89 kB | 176/211 kB | 151/160 kB Progress (4): 13 kB | 89 kB | 176/211 kB | 155/160 kB Progress (4): 13 kB | 89 kB | 180/211 kB | 155/160 kB Progress (4): 13 kB | 89 kB | 180/211 kB | 159/160 kB Progress (4): 13 kB | 89 kB | 184/211 kB | 159/160 kB Progress (4): 13 kB | 89 kB | 184/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 188/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 192/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 196/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 200/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 204/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 208/211 kB | 160 kB Progress (4): 13 kB | 89 kB | 211 kB | 160 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 3.8/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 7.9/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 12/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 16/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 20/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 24/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 28/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 32/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 37/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 41/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 45/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 49/49 kB Progress (5): 13 kB | 89 kB | 211 kB | 160 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 805 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/21 kB Progress (1): 7.7/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/35 kB Progress (2): 21 kB | 7.7/35 kB Progress (2): 21 kB | 12/35 kB Progress (2): 21 kB | 16/35 kB Progress (2): 21 kB | 20/35 kB Progress (2): 21 kB | 24/35 kB Progress (2): 21 kB | 28/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Progress (3): 21 kB | 35 kB | 4.1/87 kB Progress (3): 21 kB | 35 kB | 7.7/87 kB Progress (3): 21 kB | 35 kB | 12/87 kB Progress (3): 21 kB | 35 kB | 16/87 kB Progress (3): 21 kB | 35 kB | 20/87 kB Progress (3): 21 kB | 35 kB | 24/87 kB Progress (3): 21 kB | 35 kB | 28/87 kB Progress (3): 21 kB | 35 kB | 32/87 kB Progress (3): 21 kB | 35 kB | 36/87 kB Progress (3): 21 kB | 35 kB | 40/87 kB Progress (3): 21 kB | 35 kB | 44/87 kB Progress (3): 21 kB | 35 kB | 48/87 kB Progress (3): 21 kB | 35 kB | 53/87 kB Progress (3): 21 kB | 35 kB | 57/87 kB Progress (3): 21 kB | 35 kB | 61/87 kB Progress (3): 21 kB | 35 kB | 65/87 kB Progress (3): 21 kB | 35 kB | 69/87 kB Progress (3): 21 kB | 35 kB | 73/87 kB Progress (3): 21 kB | 35 kB | 77/87 kB Progress (3): 21 kB | 35 kB | 81/87 kB Progress (3): 21 kB | 35 kB | 85/87 kB Progress (3): 21 kB | 35 kB | 87 kB Progress (4): 21 kB | 35 kB | 87 kB | 4.1/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 7.7/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 12/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 16/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 20/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 24/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 246 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (4): 35 kB | 87 kB | 25 kB | 3.8/14 kB Progress (4): 35 kB | 87 kB | 25 kB | 7.5/14 kB Progress (4): 35 kB | 87 kB | 25 kB | 12/14 kB Progress (4): 35 kB | 87 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 380 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 891 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (3): 25 kB | 14 kB | 4.1/122 kB Progress (3): 25 kB | 14 kB | 7.7/122 kB Progress (3): 25 kB | 14 kB | 12/122 kB Progress (3): 25 kB | 14 kB | 16/122 kB Progress (3): 25 kB | 14 kB | 20/122 kB Progress (3): 25 kB | 14 kB | 24/122 kB Progress (3): 25 kB | 14 kB | 28/122 kB Progress (3): 25 kB | 14 kB | 32/122 kB Progress (3): 25 kB | 14 kB | 36/122 kB Progress (3): 25 kB | 14 kB | 41/122 kB Progress (3): 25 kB | 14 kB | 45/122 kB Progress (3): 25 kB | 14 kB | 49/122 kB Progress (3): 25 kB | 14 kB | 53/122 kB Progress (3): 25 kB | 14 kB | 57/122 kB Progress (3): 25 kB | 14 kB | 61/122 kB Progress (3): 25 kB | 14 kB | 65/122 kB Progress (3): 25 kB | 14 kB | 69/122 kB Progress (3): 25 kB | 14 kB | 73/122 kB Progress (3): 25 kB | 14 kB | 77/122 kB Progress (3): 25 kB | 14 kB | 81/122 kB Progress (3): 25 kB | 14 kB | 86/122 kB Progress (3): 25 kB | 14 kB | 90/122 kB Progress (3): 25 kB | 14 kB | 94/122 kB Progress (3): 25 kB | 14 kB | 98/122 kB Progress (3): 25 kB | 14 kB | 102/122 kB Progress (3): 25 kB | 14 kB | 106/122 kB Progress (3): 25 kB | 14 kB | 110/122 kB Progress (3): 25 kB | 14 kB | 114/122 kB Progress (3): 25 kB | 14 kB | 118/122 kB Progress (3): 25 kB | 14 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 217 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (2): 122 kB | 4.1/29 kB Progress (2): 122 kB | 7.7/29 kB Progress (2): 122 kB | 12/29 kB Progress (2): 122 kB | 16/29 kB Progress (2): 122 kB | 20/29 kB Progress (2): 122 kB | 24/29 kB Progress (2): 122 kB | 28/29 kB Progress (2): 122 kB | 29 kB Progress (3): 122 kB | 29 kB | 4.1/37 kB Progress (3): 122 kB | 29 kB | 7.7/37 kB Progress (3): 122 kB | 29 kB | 12/37 kB Progress (3): 122 kB | 29 kB | 16/37 kB Progress (3): 122 kB | 29 kB | 20/37 kB Progress (3): 122 kB | 29 kB | 24/37 kB Progress (3): 122 kB | 29 kB | 28/37 kB Progress (3): 122 kB | 29 kB | 32/37 kB Progress (3): 122 kB | 29 kB | 36/37 kB Progress (3): 122 kB | 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 990 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (2): 37 kB | 4.1/10 kB Progress (2): 37 kB | 7.7/10 kB Progress (2): 37 kB | 10 kB Progress (3): 37 kB | 10 kB | 4.1/33 kB Progress (3): 37 kB | 10 kB | 7.7/33 kB Progress (3): 37 kB | 10 kB | 12/33 kB Progress (3): 37 kB | 10 kB | 16/33 kB Progress (3): 37 kB | 10 kB | 20/33 kB Progress (3): 37 kB | 10 kB | 24/33 kB Progress (3): 37 kB | 10 kB | 28/33 kB Progress (3): 37 kB | 10 kB | 32/33 kB Progress (3): 37 kB | 10 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 10 kB | 33 kB | 3.8/58 kB Progress (3): 10 kB | 33 kB | 7.8/58 kB Progress (3): 10 kB | 33 kB | 12/58 kB Progress (3): 10 kB | 33 kB | 16/58 kB Progress (3): 10 kB | 33 kB | 20/58 kB Progress (3): 10 kB | 33 kB | 24/58 kB Progress (3): 10 kB | 33 kB | 28/58 kB Progress (3): 10 kB | 33 kB | 32/58 kB Progress (3): 10 kB | 33 kB | 36/58 kB Progress (3): 10 kB | 33 kB | 41/58 kB Progress (3): 10 kB | 33 kB | 45/58 kB Progress (3): 10 kB | 33 kB | 49/58 kB Progress (3): 10 kB | 33 kB | 53/58 kB Progress (3): 10 kB | 33 kB | 57/58 kB Progress (3): 10 kB | 33 kB | 58 kB Progress (4): 10 kB | 33 kB | 58 kB | 4.1/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 8.2/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 12/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 16/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 20/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 25/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 29/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 33/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 37/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 41/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 45/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 49/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 53/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 57/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 61/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 66/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 70/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 74/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 78/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 82/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 86/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 90/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 94/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 98/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 102/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 106/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 111/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 115/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 119/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 123/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 127/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 131/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 135/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 139/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 143/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 147/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 152/155 kB Progress (4): 10 kB | 33 kB | 58 kB | 155 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (3): 58 kB | 155 kB | 4.1/32 kB Progress (3): 58 kB | 155 kB | 7.7/32 kB Progress (3): 58 kB | 155 kB | 12/32 kB Progress (3): 58 kB | 155 kB | 16/32 kB Progress (3): 58 kB | 155 kB | 20/32 kB Progress (3): 58 kB | 155 kB | 24/32 kB Progress (3): 58 kB | 155 kB | 28/32 kB Progress (3): 58 kB | 155 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 336 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 854 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 32 kB | 4.1/14 kB Progress (2): 32 kB | 7.7/14 kB Progress (2): 32 kB | 12/14 kB Progress (2): 32 kB | 14 kB Progress (3): 32 kB | 14 kB | 4.1/4.2 kB Progress (3): 32 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (3): 14 kB | 4.2 kB | 4.1/25 kB Progress (3): 14 kB | 4.2 kB | 7.7/25 kB Progress (3): 14 kB | 4.2 kB | 12/25 kB Progress (3): 14 kB | 4.2 kB | 16/25 kB Progress (3): 14 kB | 4.2 kB | 20/25 kB Progress (3): 14 kB | 4.2 kB | 24/25 kB Progress (3): 14 kB | 4.2 kB | 25 kB Progress (4): 14 kB | 4.2 kB | 25 kB | 4.1/4.6 kB Progress (4): 14 kB | 4.2 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Progress (3): 25 kB | 4.6 kB | 4.1/19 kB Progress (3): 25 kB | 4.6 kB | 7.7/19 kB Progress (3): 25 kB | 4.6 kB | 12/19 kB Progress (3): 25 kB | 4.6 kB | 16/19 kB Progress (3): 25 kB | 4.6 kB | 19 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 4.1/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 7.7/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 12/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 16/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 20/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 24/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 28/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 32/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 36/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 41/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 45/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 49/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 53/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 57/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 61/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 65/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 69/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 73/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 77/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 81/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 86/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 90/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 94/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 98/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 102/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 106/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 110/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 114/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 118/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 122/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 127/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 131/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 135/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 139/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 143/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 147/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 151/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 155/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 159/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 163/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 167/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 172/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 176/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 180/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 184/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 188/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 192/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 196/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 200/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 204/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 208/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 213/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 217/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (3): 19 kB | 217 kB | 4.1/46 kB Progress (3): 19 kB | 217 kB | 7.7/46 kB Progress (3): 19 kB | 217 kB | 12/46 kB Progress (3): 19 kB | 217 kB | 16/46 kB Progress (3): 19 kB | 217 kB | 20/46 kB Progress (3): 19 kB | 217 kB | 24/46 kB Progress (3): 19 kB | 217 kB | 28/46 kB Progress (3): 19 kB | 217 kB | 32/46 kB Progress (3): 19 kB | 217 kB | 36/46 kB Progress (3): 19 kB | 217 kB | 41/46 kB Progress (3): 19 kB | 217 kB | 45/46 kB Progress (3): 19 kB | 217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (3): 217 kB | 46 kB | 4.1/134 kB Progress (3): 217 kB | 46 kB | 7.7/134 kB Progress (3): 217 kB | 46 kB | 12/134 kB Progress (3): 217 kB | 46 kB | 16/134 kB Progress (3): 217 kB | 46 kB | 20/134 kB Progress (3): 217 kB | 46 kB | 24/134 kB Progress (3): 217 kB | 46 kB | 28/134 kB Progress (3): 217 kB | 46 kB | 32/134 kB Progress (3): 217 kB | 46 kB | 36/134 kB Progress (3): 217 kB | 46 kB | 40/134 kB Progress (3): 217 kB | 46 kB | 44/134 kB Progress (3): 217 kB | 46 kB | 48/134 kB Progress (3): 217 kB | 46 kB | 53/134 kB Progress (3): 217 kB | 46 kB | 57/134 kB Progress (3): 217 kB | 46 kB | 61/134 kB Progress (3): 217 kB | 46 kB | 65/134 kB Progress (3): 217 kB | 46 kB | 69/134 kB Progress (3): 217 kB | 46 kB | 73/134 kB Progress (3): 217 kB | 46 kB | 77/134 kB Progress (3): 217 kB | 46 kB | 81/134 kB Progress (3): 217 kB | 46 kB | 85/134 kB Progress (3): 217 kB | 46 kB | 89/134 kB Progress (3): 217 kB | 46 kB | 93/134 kB Progress (3): 217 kB | 46 kB | 98/134 kB Progress (3): 217 kB | 46 kB | 102/134 kB Progress (3): 217 kB | 46 kB | 106/134 kB Progress (3): 217 kB | 46 kB | 110/134 kB Progress (3): 217 kB | 46 kB | 114/134 kB Progress (3): 217 kB | 46 kB | 118/134 kB Progress (3): 217 kB | 46 kB | 122/134 kB Progress (3): 217 kB | 46 kB | 126/134 kB Progress (3): 217 kB | 46 kB | 130/134 kB Progress (3): 217 kB | 46 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 856 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 46 kB | 134 kB | 4.1/45 kB Progress (3): 46 kB | 134 kB | 7.7/45 kB Progress (3): 46 kB | 134 kB | 12/45 kB Progress (3): 46 kB | 134 kB | 16/45 kB Progress (3): 46 kB | 134 kB | 20/45 kB Progress (3): 46 kB | 134 kB | 24/45 kB Progress (3): 46 kB | 134 kB | 28/45 kB Progress (3): 46 kB | 134 kB | 32/45 kB Progress (3): 46 kB | 134 kB | 36/45 kB Progress (3): 46 kB | 134 kB | 41/45 kB Progress (3): 46 kB | 134 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 178 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 509 kB/s) Progress (2): 45 kB | 4.1/358 kB Progress (2): 45 kB | 7.7/358 kB Progress (2): 45 kB | 12/358 kB Progress (2): 45 kB | 16/358 kB Progress (2): 45 kB | 20/358 kB Progress (2): 45 kB | 24/358 kB Progress (2): 45 kB | 28/358 kB Progress (2): 45 kB | 32/358 kB Progress (2): 45 kB | 36/358 kB Progress (2): 45 kB | 41/358 kB Progress (2): 45 kB | 45/358 kB Progress (2): 45 kB | 49/358 kB Progress (2): 45 kB | 53/358 kB Progress (2): 45 kB | 57/358 kB Progress (2): 45 kB | 61/358 kB Progress (2): 45 kB | 65/358 kB Progress (2): 45 kB | 69/358 kB Progress (2): 45 kB | 73/358 kB Progress (2): 45 kB | 77/358 kB Progress (2): 45 kB | 81/358 kB Progress (2): 45 kB | 86/358 kB Progress (2): 45 kB | 90/358 kB Progress (2): 45 kB | 94/358 kB Progress (2): 45 kB | 98/358 kB Progress (2): 45 kB | 102/358 kB Progress (2): 45 kB | 106/358 kB Progress (2): 45 kB | 110/358 kB Progress (2): 45 kB | 114/358 kB Progress (2): 45 kB | 118/358 kB Progress (2): 45 kB | 122/358 kB Progress (2): 45 kB | 127/358 kB Progress (2): 45 kB | 131/358 kB Progress (2): 45 kB | 135/358 kB Progress (2): 45 kB | 139/358 kB Progress (2): 45 kB | 143/358 kB Progress (2): 45 kB | 147/358 kB Progress (2): 45 kB | 151/358 kB Progress (2): 45 kB | 155/358 kB Progress (2): 45 kB | 159/358 kB Progress (2): 45 kB | 163/358 kB Progress (2): 45 kB | 167/358 kB Progress (2): 45 kB | 172/358 kB Progress (2): 45 kB | 176/358 kB Progress (2): 45 kB | 180/358 kB Progress (2): 45 kB | 184/358 kB Progress (2): 45 kB | 188/358 kB Progress (2): 45 kB | 192/358 kB Progress (2): 45 kB | 196/358 kB Progress (2): 45 kB | 200/358 kB Progress (2): 45 kB | 204/358 kB Progress (2): 45 kB | 208/358 kB Progress (2): 45 kB | 213/358 kB Progress (2): 45 kB | 217/358 kB Progress (2): 45 kB | 221/358 kB Progress (2): 45 kB | 225/358 kB Progress (2): 45 kB | 229/358 kB Progress (2): 45 kB | 233/358 kB Progress (2): 45 kB | 237/358 kB Progress (2): 45 kB | 241/358 kB Progress (2): 45 kB | 245/358 kB Progress (2): 45 kB | 249/358 kB Progress (2): 45 kB | 254/358 kB Progress (2): 45 kB | 258/358 kB Progress (2): 45 kB | 262/358 kB Progress (2): 45 kB | 266/358 kB Progress (2): 45 kB | 270/358 kB Progress (2): 45 kB | 274/358 kB Progress (2): 45 kB | 278/358 kB Progress (2): 45 kB | 282/358 kB Progress (2): 45 kB | 286/358 kB Progress (2): 45 kB | 290/358 kB Progress (2): 45 kB | 294/358 kB Progress (2): 45 kB | 299/358 kB Progress (2): 45 kB | 303/358 kB Progress (2): 45 kB | 307/358 kB Progress (2): 45 kB | 311/358 kB Progress (2): 45 kB | 315/358 kB Progress (2): 45 kB | 319/358 kB Progress (2): 45 kB | 323/358 kB Progress (2): 45 kB | 327/358 kB Progress (2): 45 kB | 331/358 kB Progress (2): 45 kB | 335/358 kB Progress (2): 45 kB | 340/358 kB Progress (2): 45 kB | 344/358 kB Progress (2): 45 kB | 348/358 kB Progress (2): 45 kB | 352/358 kB Progress (2): 45 kB | 356/358 kB Progress (2): 45 kB | 358 kB Progress (3): 45 kB | 358 kB | 4.1/640 kB Progress (3): 45 kB | 358 kB | 7.7/640 kB Progress (3): 45 kB | 358 kB | 12/640 kB Progress (3): 45 kB | 358 kB | 16/640 kB Progress (3): 45 kB | 358 kB | 20/640 kB Progress (3): 45 kB | 358 kB | 24/640 kB Progress (3): 45 kB | 358 kB | 28/640 kB Progress (3): 45 kB | 358 kB | 32/640 kB Progress (3): 45 kB | 358 kB | 36/640 kB Progress (3): 45 kB | 358 kB | 40/640 kB Progress (3): 45 kB | 358 kB | 44/640 kB Progress (3): 45 kB | 358 kB | 48/640 kB Progress (3): 45 kB | 358 kB | 53/640 kB Progress (3): 45 kB | 358 kB | 57/640 kB Progress (3): 45 kB | 358 kB | 61/640 kB Progress (3): 45 kB | 358 kB | 65/640 kB Progress (3): 45 kB | 358 kB | 69/640 kB Progress (3): 45 kB | 358 kB | 73/640 kB Progress (3): 45 kB | 358 kB | 77/640 kB Progress (3): 45 kB | 358 kB | 81/640 kB Progress (3): 45 kB | 358 kB | 85/640 kB Progress (3): 45 kB | 358 kB | 89/640 kB Progress (3): 45 kB | 358 kB | 94/640 kB Progress (3): 45 kB | 358 kB | 97/640 kB Progress (3): 45 kB | 358 kB | 101/640 kB Progress (3): 45 kB | 358 kB | 105/640 kB Progress (3): 45 kB | 358 kB | 110/640 kB Progress (3): 45 kB | 358 kB | 114/640 kB Progress (3): 45 kB | 358 kB | 118/640 kB Progress (3): 45 kB | 358 kB | 122/640 kB Progress (3): 45 kB | 358 kB | 126/640 kB Progress (3): 45 kB | 358 kB | 130/640 kB Progress (3): 45 kB | 358 kB | 134/640 kB Progress (3): 45 kB | 358 kB | 138/640 kB Progress (3): 45 kB | 358 kB | 142/640 kB Progress (3): 45 kB | 358 kB | 146/640 kB Progress (3): 45 kB | 358 kB | 151/640 kB Progress (3): 45 kB | 358 kB | 155/640 kB Progress (3): 45 kB | 358 kB | 159/640 kB Progress (3): 45 kB | 358 kB | 163/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 160 kB/s) Progress (2): 358 kB | 167/640 kB Progress (2): 358 kB | 171/640 kB Progress (2): 358 kB | 175/640 kB Progress (2): 358 kB | 179/640 kB Progress (2): 358 kB | 183/640 kB Progress (2): 358 kB | 187/640 kB Progress (2): 358 kB | 191/640 kB Progress (2): 358 kB | 196/640 kB Progress (2): 358 kB | 200/640 kB Progress (2): 358 kB | 204/640 kB Progress (2): 358 kB | 208/640 kB Progress (2): 358 kB | 212/640 kB Progress (2): 358 kB | 216/640 kB Progress (2): 358 kB | 220/640 kB Progress (2): 358 kB | 224/640 kB Progress (2): 358 kB | 228/640 kB Progress (2): 358 kB | 232/640 kB Progress (2): 358 kB | 237/640 kB Progress (2): 358 kB | 241/640 kB Progress (2): 358 kB | 245/640 kB Progress (2): 358 kB | 249/640 kB Progress (2): 358 kB | 253/640 kB Progress (2): 358 kB | 257/640 kB Progress (2): 358 kB | 261/640 kB Progress (2): 358 kB | 265/640 kB Progress (2): 358 kB | 269/640 kB Progress (2): 358 kB | 273/640 kB Progress (2): 358 kB | 278/640 kB Progress (2): 358 kB | 282/640 kB Progress (2): 358 kB | 286/640 kB Progress (2): 358 kB | 290/640 kB Progress (2): 358 kB | 294/640 kB Progress (2): 358 kB | 298/640 kB Progress (2): 358 kB | 302/640 kB Progress (2): 358 kB | 306/640 kB Progress (2): 358 kB | 310/640 kB Progress (2): 358 kB | 314/640 kB Progress (2): 358 kB | 318/640 kB Progress (2): 358 kB | 323/640 kB Progress (2): 358 kB | 327/640 kB Progress (2): 358 kB | 331/640 kB Progress (2): 358 kB | 335/640 kB Progress (2): 358 kB | 339/640 kB Progress (2): 358 kB | 343/640 kB Progress (2): 358 kB | 347/640 kB Progress (2): 358 kB | 351/640 kB Progress (2): 358 kB | 355/640 kB Progress (2): 358 kB | 359/640 kB Progress (2): 358 kB | 364/640 kB Progress (2): 358 kB | 368/640 kB Progress (2): 358 kB | 372/640 kB Progress (2): 358 kB | 376/640 kB Progress (2): 358 kB | 380/640 kB Progress (2): 358 kB | 384/640 kB Progress (2): 358 kB | 388/640 kB Progress (2): 358 kB | 392/640 kB Progress (2): 358 kB | 396/640 kB Progress (2): 358 kB | 400/640 kB Progress (2): 358 kB | 404/640 kB Progress (2): 358 kB | 409/640 kB Progress (2): 358 kB | 413/640 kB Progress (2): 358 kB | 417/640 kB Progress (2): 358 kB | 421/640 kB Progress (2): 358 kB | 425/640 kB Progress (2): 358 kB | 429/640 kB Progress (2): 358 kB | 433/640 kB Progress (2): 358 kB | 437/640 kB Progress (2): 358 kB | 441/640 kB Progress (2): 358 kB | 445/640 kB Progress (2): 358 kB | 450/640 kB Progress (2): 358 kB | 454/640 kB Progress (2): 358 kB | 458/640 kB Progress (2): 358 kB | 462/640 kB Progress (2): 358 kB | 466/640 kB Progress (2): 358 kB | 470/640 kB Progress (2): 358 kB | 474/640 kB Progress (2): 358 kB | 478/640 kB Progress (2): 358 kB | 482/640 kB Progress (2): 358 kB | 486/640 kB Progress (2): 358 kB | 491/640 kB Progress (2): 358 kB | 495/640 kB Progress (2): 358 kB | 499/640 kB Progress (2): 358 kB | 503/640 kB Progress (2): 358 kB | 507/640 kB Progress (2): 358 kB | 511/640 kB Progress (2): 358 kB | 515/640 kB Progress (2): 358 kB | 519/640 kB Progress (2): 358 kB | 523/640 kB Progress (2): 358 kB | 527/640 kB Progress (2): 358 kB | 531/640 kB Progress (2): 358 kB | 536/640 kB Progress (2): 358 kB | 540/640 kB Progress (2): 358 kB | 544/640 kB Progress (2): 358 kB | 548/640 kB Progress (2): 358 kB | 552/640 kB Progress (2): 358 kB | 556/640 kB Progress (2): 358 kB | 560/640 kB Progress (2): 358 kB | 564/640 kB Progress (2): 358 kB | 568/640 kB Progress (2): 358 kB | 572/640 kB Progress (2): 358 kB | 577/640 kB Progress (2): 358 kB | 581/640 kB Progress (2): 358 kB | 585/640 kB Progress (2): 358 kB | 589/640 kB Progress (2): 358 kB | 593/640 kB Progress (2): 358 kB | 597/640 kB Progress (2): 358 kB | 601/640 kB Progress (2): 358 kB | 605/640 kB Progress (2): 358 kB | 609/640 kB Progress (2): 358 kB | 613/640 kB Progress (2): 358 kB | 617/640 kB Progress (2): 358 kB | 622/640 kB Progress (2): 358 kB | 626/640 kB Progress (2): 358 kB | 630/640 kB Progress (2): 358 kB | 634/640 kB Progress (2): 358 kB | 638/640 kB Progress (2): 358 kB | 640 kB Progress (3): 358 kB | 640 kB | 4.1/121 kB Progress (3): 358 kB | 640 kB | 7.7/121 kB Progress (3): 358 kB | 640 kB | 12/121 kB Progress (3): 358 kB | 640 kB | 16/121 kB Progress (3): 358 kB | 640 kB | 20/121 kB Progress (3): 358 kB | 640 kB | 24/121 kB Progress (3): 358 kB | 640 kB | 28/121 kB Progress (3): 358 kB | 640 kB | 32/121 kB Progress (3): 358 kB | 640 kB | 36/121 kB Progress (3): 358 kB | 640 kB | 41/121 kB Progress (3): 358 kB | 640 kB | 45/121 kB Progress (3): 358 kB | 640 kB | 49/121 kB Progress (3): 358 kB | 640 kB | 53/121 kB Progress (3): 358 kB | 640 kB | 57/121 kB Progress (3): 358 kB | 640 kB | 61/121 kB Progress (3): 358 kB | 640 kB | 65/121 kB Progress (3): 358 kB | 640 kB | 69/121 kB Progress (3): 358 kB | 640 kB | 73/121 kB Progress (3): 358 kB | 640 kB | 77/121 kB Progress (3): 358 kB | 640 kB | 81/121 kB Progress (3): 358 kB | 640 kB | 86/121 kB Progress (3): 358 kB | 640 kB | 90/121 kB Progress (3): 358 kB | 640 kB | 94/121 kB Progress (3): 358 kB | 640 kB | 98/121 kB Progress (3): 358 kB | 640 kB | 102/121 kB Progress (3): 358 kB | 640 kB | 106/121 kB Progress (3): 358 kB | 640 kB | 110/121 kB Progress (3): 358 kB | 640 kB | 114/121 kB Progress (3): 358 kB | 640 kB | 118/121 kB Progress (3): 358 kB | 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.2 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 382 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 544 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 354 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 160 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/31 kB Progress (1): 7.7/31 kB Progress (1): 12/31 kB Progress (1): 16/31 kB Progress (1): 20/31 kB Progress (1): 24/31 kB Progress (1): 28/31 kB Progress (1): 31 kB Progress (2): 31 kB | 4.1/316 kB Progress (2): 31 kB | 7.7/316 kB Progress (2): 31 kB | 12/316 kB Progress (2): 31 kB | 16/316 kB Progress (3): 31 kB | 16/316 kB | 4.1/118 kB Progress (3): 31 kB | 20/316 kB | 4.1/118 kB Progress (3): 31 kB | 24/316 kB | 4.1/118 kB Progress (3): 31 kB | 24/316 kB | 7.7/118 kB Progress (3): 31 kB | 28/316 kB | 7.7/118 kB Progress (3): 31 kB | 28/316 kB | 12/118 kB Progress (3): 31 kB | 32/316 kB | 12/118 kB Progress (3): 31 kB | 32/316 kB | 16/118 kB Progress (3): 31 kB | 36/316 kB | 16/118 kB Progress (3): 31 kB | 41/316 kB | 16/118 kB Progress (3): 31 kB | 45/316 kB | 16/118 kB Progress (3): 31 kB | 45/316 kB | 20/118 kB Progress (3): 31 kB | 49/316 kB | 20/118 kB Progress (3): 31 kB | 49/316 kB | 24/118 kB Progress (3): 31 kB | 49/316 kB | 28/118 kB Progress (3): 31 kB | 53/316 kB | 28/118 kB Progress (3): 31 kB | 53/316 kB | 32/118 kB Progress (3): 31 kB | 57/316 kB | 32/118 kB Progress (3): 31 kB | 61/316 kB | 32/118 kB Progress (3): 31 kB | 61/316 kB | 36/118 kB Progress (3): 31 kB | 65/316 kB | 36/118 kB Progress (3): 31 kB | 65/316 kB | 41/118 kB Progress (3): 31 kB | 69/316 kB | 41/118 kB Progress (3): 31 kB | 69/316 kB | 45/118 kB Progress (3): 31 kB | 73/316 kB | 45/118 kB Progress (3): 31 kB | 77/316 kB | 45/118 kB Progress (3): 31 kB | 77/316 kB | 49/118 kB Progress (3): 31 kB | 81/316 kB | 49/118 kB Progress (3): 31 kB | 85/316 kB | 49/118 kB Progress (3): 31 kB | 89/316 kB | 49/118 kB Progress (3): 31 kB | 94/316 kB | 49/118 kB Progress (3): 31 kB | 94/316 kB | 53/118 kB Progress (3): 31 kB | 98/316 kB | 53/118 kB Progress (3): 31 kB | 98/316 kB | 57/118 kB Progress (3): 31 kB | 102/316 kB | 57/118 kB Progress (3): 31 kB | 102/316 kB | 61/118 kB Progress (3): 31 kB | 106/316 kB | 61/118 kB Progress (3): 31 kB | 106/316 kB | 65/118 kB Progress (3): 31 kB | 110/316 kB | 65/118 kB Progress (3): 31 kB | 114/316 kB | 65/118 kB Progress (3): 31 kB | 118/316 kB | 65/118 kB Progress (3): 31 kB | 118/316 kB | 69/118 kB Progress (3): 31 kB | 118/316 kB | 73/118 kB Progress (3): 31 kB | 118/316 kB | 77/118 kB Progress (3): 31 kB | 122/316 kB | 77/118 kB Progress (3): 31 kB | 122/316 kB | 81/118 kB Progress (3): 31 kB | 126/316 kB | 81/118 kB Progress (3): 31 kB | 126/316 kB | 86/118 kB Progress (3): 31 kB | 130/316 kB | 86/118 kB Progress (4): 31 kB | 130/316 kB | 86/118 kB | 4.1/35 kB Progress (4): 31 kB | 130/316 kB | 90/118 kB | 4.1/35 kB Progress (4): 31 kB | 130/316 kB | 90/118 kB | 7.7/35 kB Progress (4): 31 kB | 134/316 kB | 90/118 kB | 7.7/35 kB Progress (4): 31 kB | 134/316 kB | 90/118 kB | 12/35 kB Progress (4): 31 kB | 134/316 kB | 94/118 kB | 12/35 kB Progress (4): 31 kB | 134/316 kB | 94/118 kB | 16/35 kB Progress (4): 31 kB | 134/316 kB | 98/118 kB | 16/35 kB Progress (4): 31 kB | 134/316 kB | 98/118 kB | 20/35 kB Progress (4): 31 kB | 134/316 kB | 102/118 kB | 20/35 kB Progress (4): 31 kB | 134/316 kB | 102/118 kB | 24/35 kB Progress (4): 31 kB | 134/316 kB | 106/118 kB | 24/35 kB Progress (4): 31 kB | 139/316 kB | 106/118 kB | 24/35 kB Progress (4): 31 kB | 139/316 kB | 110/118 kB | 24/35 kB Progress (4): 31 kB | 139/316 kB | 110/118 kB | 28/35 kB Progress (4): 31 kB | 139/316 kB | 114/118 kB | 28/35 kB Progress (4): 31 kB | 143/316 kB | 114/118 kB | 28/35 kB Progress (4): 31 kB | 143/316 kB | 114/118 kB | 32/35 kB Progress (4): 31 kB | 143/316 kB | 118 kB | 32/35 kB Progress (4): 31 kB | 143/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 147/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 151/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 155/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 159/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 163/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 167/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 171/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 175/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 180/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 184/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 188/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 192/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 196/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 200/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 204/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 208/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 212/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 216/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 220/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 225/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 229/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 233/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 237/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 241/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 245/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 249/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 253/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 257/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 261/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 266/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 270/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 274/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 278/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 282/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 286/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 290/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 294/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 298/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 302/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 307/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 311/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 315/316 kB | 118 kB | 35 kB Progress (4): 31 kB | 316 kB | 118 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 839 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 316 kB | 118 kB | 35 kB | 4.1/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 7.7/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 12/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 16/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 20/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 24/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 28/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 32/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 36/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 41/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 45/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 49/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 53/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 57/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 61/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 65/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 69/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 73/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 77/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 81/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 86/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 90/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 94/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 98/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 102/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 106/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 110/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 114/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 118/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 122/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 127/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 131/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 135/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 139/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 143/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 147/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 151/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 155/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 159/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 163/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 167/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 172/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 176/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 180/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 184/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 188/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 192/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 196/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 200/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 204/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 208/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 213/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 217/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 221/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 225/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 229/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 233/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 237/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 241/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 245/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 249/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 254/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 258/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 262/263 kB Progress (4): 316 kB | 118 kB | 35 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 631 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (3): 316 kB | 263 kB | 4.1/232 kB Progress (3): 316 kB | 263 kB | 7.7/232 kB Progress (3): 316 kB | 263 kB | 12/232 kB Progress (3): 316 kB | 263 kB | 16/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Progress (3): 316 kB | 263 kB | 20/232 kB Progress (3): 316 kB | 263 kB | 24/232 kB Progress (3): 316 kB | 263 kB | 28/232 kB Progress (3): 316 kB | 263 kB | 32/232 kB Progress (3): 316 kB | 263 kB | 36/232 kB Progress (3): 316 kB | 263 kB | 41/232 kB Progress (3): 316 kB | 263 kB | 45/232 kB Progress (3): 316 kB | 263 kB | 49/232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 4.9 MB/s) Progress (2): 263 kB | 53/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 263 kB | 57/232 kB Progress (2): 263 kB | 61/232 kB Progress (2): 263 kB | 65/232 kB Progress (2): 263 kB | 69/232 kB Progress (2): 263 kB | 73/232 kB Progress (2): 263 kB | 77/232 kB Progress (2): 263 kB | 81/232 kB Progress (2): 263 kB | 86/232 kB Progress (2): 263 kB | 90/232 kB Progress (2): 263 kB | 94/232 kB Progress (2): 263 kB | 98/232 kB Progress (2): 263 kB | 102/232 kB Progress (2): 263 kB | 106/232 kB Progress (2): 263 kB | 110/232 kB Progress (2): 263 kB | 114/232 kB Progress (2): 263 kB | 118/232 kB Progress (2): 263 kB | 122/232 kB Progress (2): 263 kB | 127/232 kB Progress (2): 263 kB | 131/232 kB Progress (2): 263 kB | 135/232 kB Progress (2): 263 kB | 139/232 kB Progress (2): 263 kB | 143/232 kB Progress (2): 263 kB | 147/232 kB Progress (2): 263 kB | 151/232 kB Progress (2): 263 kB | 155/232 kB Progress (2): 263 kB | 159/232 kB Progress (2): 263 kB | 163/232 kB Progress (2): 263 kB | 167/232 kB Progress (2): 263 kB | 172/232 kB Progress (2): 263 kB | 176/232 kB Progress (2): 263 kB | 180/232 kB Progress (2): 263 kB | 184/232 kB Progress (2): 263 kB | 188/232 kB Progress (2): 263 kB | 192/232 kB Progress (2): 263 kB | 196/232 kB Progress (2): 263 kB | 200/232 kB Progress (2): 263 kB | 204/232 kB Progress (2): 263 kB | 208/232 kB Progress (2): 263 kB | 213/232 kB Progress (2): 263 kB | 217/232 kB Progress (2): 263 kB | 221/232 kB Progress (2): 263 kB | 225/232 kB Progress (2): 263 kB | 229/232 kB Progress (2): 263 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 3.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.8 MB/s) Progress (1): 4.1/10 kB Progress (1): 7.7/10 kB Progress (1): 10 kB Progress (2): 10 kB | 4.1/38 kB Progress (2): 10 kB | 7.7/38 kB Progress (2): 10 kB | 12/38 kB Progress (2): 10 kB | 16/38 kB Progress (2): 10 kB | 20/38 kB Progress (2): 10 kB | 24/38 kB Progress (2): 10 kB | 28/38 kB Progress (2): 10 kB | 32/38 kB Progress (2): 10 kB | 36/38 kB Progress (2): 10 kB | 38 kB Progress (3): 10 kB | 38 kB | 4.1/14 kB Progress (3): 10 kB | 38 kB | 7.7/14 kB Progress (3): 10 kB | 38 kB | 12/14 kB Progress (3): 10 kB | 38 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 91 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 119 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 299 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 812 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 210 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 329 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 933 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 334 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 297 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 530 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/26 kB Progress (1): 7.7/26 kB Progress (1): 12/26 kB Progress (1): 16/26 kB Progress (1): 20/26 kB Progress (1): 24/26 kB Progress (1): 26 kB Progress (2): 26 kB | 4.1/36 kB Progress (2): 26 kB | 7.7/36 kB Progress (2): 26 kB | 12/36 kB Progress (2): 26 kB | 16/36 kB Progress (2): 26 kB | 20/36 kB Progress (2): 26 kB | 24/36 kB Progress (2): 26 kB | 28/36 kB Progress (2): 26 kB | 32/36 kB Progress (2): 26 kB | 36 kB Progress (3): 26 kB | 36 kB | 4.1/79 kB Progress (3): 26 kB | 36 kB | 7.7/79 kB Progress (3): 26 kB | 36 kB | 12/79 kB Progress (3): 26 kB | 36 kB | 16/79 kB Progress (3): 26 kB | 36 kB | 20/79 kB Progress (3): 26 kB | 36 kB | 24/79 kB Progress (3): 26 kB | 36 kB | 28/79 kB Progress (3): 26 kB | 36 kB | 32/79 kB Progress (3): 26 kB | 36 kB | 36/79 kB Progress (3): 26 kB | 36 kB | 40/79 kB Progress (3): 26 kB | 36 kB | 44/79 kB Progress (3): 26 kB | 36 kB | 48/79 kB Progress (3): 26 kB | 36 kB | 53/79 kB Progress (3): 26 kB | 36 kB | 57/79 kB Progress (3): 26 kB | 36 kB | 61/79 kB Progress (3): 26 kB | 36 kB | 65/79 kB Progress (3): 26 kB | 36 kB | 69/79 kB Progress (3): 26 kB | 36 kB | 73/79 kB Progress (3): 26 kB | 36 kB | 77/79 kB Progress (3): 26 kB | 36 kB | 79 kB Progress (4): 26 kB | 36 kB | 79 kB | 4.1/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 7.7/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 12/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 16/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 20/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 24/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 28/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 32/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 36/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 41/41 kB Progress (4): 26 kB | 36 kB | 79 kB | 41 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 4.1/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 7.7/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 12/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 16/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 20/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 24/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 28/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 32/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 36/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 41/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 45/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 49/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 53/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 57/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 61/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 65/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 69/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 73/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 77/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 81/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 86/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 90/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 94/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 98/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 102/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 106/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 110/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 114/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 118/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 122/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 127/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 131/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 135/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 139/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 143/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 147/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 151/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 155/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 159/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 163/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 167/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 172/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 176/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 180/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 184/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 188/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 192/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 196/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 200/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 204/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 208/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 213/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 217/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 221/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 225/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 229/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 233/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 237/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 241/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 245/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 249/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 254/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 258/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 262/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 266/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 270/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 274/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 278/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 282/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 286/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 290/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 294/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 299/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 303/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 307/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 311/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 315/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 319/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 323/327 kB Progress (5): 26 kB | 36 kB | 79 kB | 41 kB | 327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 640 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 649 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 685 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 5.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.1/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.2/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (2): 0.4/1.0 MB | 4.1/211 kB Progress (2): 0.4/1.0 MB | 4.1/211 kB Progress (2): 0.4/1.0 MB | 7.7/211 kB Progress (2): 0.4/1.0 MB | 12/211 kB Progress (2): 0.4/1.0 MB | 16/211 kB Progress (2): 0.5/1.0 MB | 16/211 kB Progress (2): 0.5/1.0 MB | 16/211 kB Progress (2): 0.5/1.0 MB | 20/211 kB Progress (2): 0.5/1.0 MB | 24/211 kB Progress (2): 0.5/1.0 MB | 28/211 kB Progress (2): 0.5/1.0 MB | 32/211 kB Progress (2): 0.5/1.0 MB | 32/211 kB Progress (2): 0.5/1.0 MB | 32/211 kB Progress (2): 0.5/1.0 MB | 36/211 kB Progress (2): 0.5/1.0 MB | 41/211 kB Progress (2): 0.5/1.0 MB | 45/211 kB Progress (2): 0.5/1.0 MB | 49/211 kB Progress (2): 0.5/1.0 MB | 49/211 kB Progress (2): 0.5/1.0 MB | 53/211 kB Progress (2): 0.5/1.0 MB | 53/211 kB Progress (2): 0.5/1.0 MB | 57/211 kB Progress (2): 0.5/1.0 MB | 61/211 kB Progress (2): 0.5/1.0 MB | 61/211 kB Progress (2): 0.5/1.0 MB | 65/211 kB Progress (2): 0.5/1.0 MB | 65/211 kB Progress (2): 0.5/1.0 MB | 69/211 kB Progress (2): 0.5/1.0 MB | 73/211 kB Progress (2): 0.5/1.0 MB | 77/211 kB Progress (2): 0.5/1.0 MB | 77/211 kB Progress (2): 0.5/1.0 MB | 81/211 kB Progress (2): 0.5/1.0 MB | 81/211 kB Progress (2): 0.5/1.0 MB | 85/211 kB Progress (2): 0.5/1.0 MB | 89/211 kB Progress (2): 0.5/1.0 MB | 94/211 kB Progress (2): 0.5/1.0 MB | 94/211 kB Progress (2): 0.5/1.0 MB | 94/211 kB Progress (2): 0.5/1.0 MB | 98/211 kB Progress (2): 0.5/1.0 MB | 102/211 kB Progress (2): 0.5/1.0 MB | 106/211 kB Progress (2): 0.5/1.0 MB | 106/211 kB Progress (2): 0.5/1.0 MB | 110/211 kB Progress (2): 0.6/1.0 MB | 110/211 kB Progress (2): 0.6/1.0 MB | 114/211 kB Progress (2): 0.6/1.0 MB | 118/211 kB Progress (2): 0.6/1.0 MB | 118/211 kB Progress (2): 0.6/1.0 MB | 122/211 kB Progress (2): 0.6/1.0 MB | 122/211 kB Progress (2): 0.6/1.0 MB | 126/211 kB Progress (3): 0.6/1.0 MB | 126/211 kB | 4.1/116 kB Progress (3): 0.6/1.0 MB | 126/211 kB | 7.7/116 kB Progress (3): 0.6/1.0 MB | 126/211 kB | 7.7/116 kB Progress (3): 0.6/1.0 MB | 130/211 kB | 7.7/116 kB Progress (3): 0.6/1.0 MB | 130/211 kB | 7.7/116 kB Progress (3): 0.6/1.0 MB | 130/211 kB | 12/116 kB Progress (3): 0.6/1.0 MB | 134/211 kB | 12/116 kB Progress (3): 0.6/1.0 MB | 134/211 kB | 16/116 kB Progress (3): 0.6/1.0 MB | 139/211 kB | 16/116 kB Progress (3): 0.6/1.0 MB | 143/211 kB | 16/116 kB Progress (3): 0.6/1.0 MB | 143/211 kB | 16/116 kB Progress (3): 0.6/1.0 MB | 143/211 kB | 20/116 kB Progress (3): 0.6/1.0 MB | 147/211 kB | 20/116 kB Progress (3): 0.6/1.0 MB | 147/211 kB | 20/116 kB Progress (3): 0.6/1.0 MB | 151/211 kB | 20/116 kB Progress (3): 0.6/1.0 MB | 151/211 kB | 24/116 kB Progress (3): 0.6/1.0 MB | 155/211 kB | 24/116 kB Progress (3): 0.6/1.0 MB | 155/211 kB | 28/116 kB Progress (3): 0.6/1.0 MB | 159/211 kB | 28/116 kB Progress (3): 0.6/1.0 MB | 159/211 kB | 32/116 kB Progress (3): 0.6/1.0 MB | 159/211 kB | 32/116 kB Progress (3): 0.6/1.0 MB | 159/211 kB | 32/116 kB Progress (3): 0.6/1.0 MB | 163/211 kB | 32/116 kB Progress (3): 0.6/1.0 MB | 163/211 kB | 36/116 kB Progress (3): 0.6/1.0 MB | 167/211 kB | 36/116 kB Progress (3): 0.6/1.0 MB | 167/211 kB | 41/116 kB Progress (3): 0.6/1.0 MB | 171/211 kB | 41/116 kB Progress (3): 0.6/1.0 MB | 171/211 kB | 41/116 kB Progress (3): 0.6/1.0 MB | 171/211 kB | 45/116 kB Progress (3): 0.6/1.0 MB | 175/211 kB | 45/116 kB Progress (3): 0.6/1.0 MB | 175/211 kB | 49/116 kB Progress (3): 0.6/1.0 MB | 175/211 kB | 49/116 kB Progress (3): 0.6/1.0 MB | 180/211 kB | 49/116 kB Progress (3): 0.6/1.0 MB | 184/211 kB | 49/116 kB Progress (3): 0.6/1.0 MB | 184/211 kB | 53/116 kB Progress (3): 0.6/1.0 MB | 188/211 kB | 53/116 kB Progress (3): 0.6/1.0 MB | 188/211 kB | 57/116 kB Progress (3): 0.6/1.0 MB | 188/211 kB | 57/116 kB Progress (3): 0.6/1.0 MB | 188/211 kB | 61/116 kB Progress (3): 0.6/1.0 MB | 192/211 kB | 61/116 kB Progress (3): 0.6/1.0 MB | 192/211 kB | 65/116 kB Progress (3): 0.7/1.0 MB | 192/211 kB | 65/116 kB Progress (3): 0.7/1.0 MB | 196/211 kB | 65/116 kB Progress (3): 0.7/1.0 MB | 196/211 kB | 69/116 kB Progress (3): 0.7/1.0 MB | 200/211 kB | 69/116 kB Progress (3): 0.7/1.0 MB | 200/211 kB | 73/116 kB Progress (3): 0.7/1.0 MB | 200/211 kB | 73/116 kB Progress (3): 0.7/1.0 MB | 204/211 kB | 73/116 kB Progress (3): 0.7/1.0 MB | 204/211 kB | 73/116 kB Progress (3): 0.7/1.0 MB | 204/211 kB | 77/116 kB Progress (3): 0.7/1.0 MB | 208/211 kB | 77/116 kB Progress (3): 0.7/1.0 MB | 208/211 kB | 81/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 81/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 81/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 86/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 86/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 90/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 94/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 98/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 98/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 102/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 102/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 106/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 110/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 114/116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.7/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.8/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (3): 0.9/1.0 MB | 211 kB | 116 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 4.1/58 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 4.1/58 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 7.7/58 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 7.7/58 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 12/58 kB Progress (4): 0.9/1.0 MB | 211 kB | 116 kB | 16/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 16/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 20/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 20/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 24/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 28/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 32/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 32/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 32/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 36/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 41/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 45/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 49/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 49/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 53/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 53/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 57/58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 211 kB | 116 kB | 58 kB Progress (4): 1.0 MB | 211 kB | 116 kB | 58 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 4.1/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 7.7/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 12/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 16/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 20/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 24/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 28/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 32/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 36/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 41/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 45/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 49/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 53/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 57/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 61/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 65/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 69/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 73/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 77/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 81/85 kB Progress (5): 1.0 MB | 211 kB | 116 kB | 58 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 723 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 487 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 1.7 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 8.3 MB/s) Progress (1): 4.1/267 kB Progress (1): 7.7/267 kB Progress (1): 12/267 kB Progress (1): 16/267 kB Progress (1): 20/267 kB Progress (1): 24/267 kB Progress (1): 28/267 kB Progress (1): 32/267 kB Progress (1): 36/267 kB Progress (1): 41/267 kB Progress (1): 45/267 kB Progress (1): 49/267 kB Progress (1): 53/267 kB Progress (1): 57/267 kB Progress (1): 61/267 kB Progress (1): 65/267 kB Progress (1): 69/267 kB Progress (1): 73/267 kB Progress (1): 77/267 kB Progress (1): 81/267 kB Progress (1): 86/267 kB Progress (1): 90/267 kB Progress (1): 94/267 kB Progress (1): 98/267 kB Progress (1): 102/267 kB Progress (1): 106/267 kB Progress (1): 110/267 kB Progress (1): 114/267 kB Progress (1): 118/267 kB Progress (1): 122/267 kB Progress (1): 127/267 kB Progress (1): 131/267 kB Progress (1): 135/267 kB Progress (1): 139/267 kB Progress (1): 143/267 kB Progress (1): 147/267 kB Progress (1): 151/267 kB Progress (1): 155/267 kB Progress (1): 159/267 kB Progress (1): 163/267 kB Progress (1): 167/267 kB Progress (1): 172/267 kB Progress (1): 176/267 kB Progress (1): 180/267 kB Progress (1): 184/267 kB Progress (1): 188/267 kB Progress (1): 192/267 kB Progress (1): 196/267 kB Progress (1): 200/267 kB Progress (1): 204/267 kB Progress (1): 208/267 kB Progress (1): 213/267 kB Progress (1): 217/267 kB Progress (1): 221/267 kB Progress (1): 225/267 kB Progress (1): 229/267 kB Progress (1): 233/267 kB Progress (1): 237/267 kB Progress (1): 241/267 kB Progress (1): 245/267 kB Progress (1): 249/267 kB Progress (1): 254/267 kB Progress (1): 258/267 kB Progress (1): 262/267 kB Progress (1): 266/267 kB Progress (1): 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.6 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 377 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 436 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 883 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 323 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 795 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 321 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 430 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 325 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 593 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 308 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 293 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 217 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 626 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 44/49 kB Progress (1): 48/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/165 kB Progress (2): 49 kB | 7.7/165 kB Progress (2): 49 kB | 12/165 kB Progress (2): 49 kB | 16/165 kB Progress (2): 49 kB | 20/165 kB Progress (2): 49 kB | 24/165 kB Progress (2): 49 kB | 28/165 kB Progress (2): 49 kB | 32/165 kB Progress (2): 49 kB | 36/165 kB Progress (2): 49 kB | 40/165 kB Progress (2): 49 kB | 44/165 kB Progress (2): 49 kB | 48/165 kB Progress (2): 49 kB | 53/165 kB Progress (2): 49 kB | 57/165 kB Progress (2): 49 kB | 61/165 kB Progress (2): 49 kB | 65/165 kB Progress (2): 49 kB | 69/165 kB Progress (2): 49 kB | 73/165 kB Progress (2): 49 kB | 77/165 kB Progress (2): 49 kB | 81/165 kB Progress (2): 49 kB | 85/165 kB Progress (2): 49 kB | 89/165 kB Progress (2): 49 kB | 93/165 kB Progress (2): 49 kB | 98/165 kB Progress (2): 49 kB | 102/165 kB Progress (2): 49 kB | 106/165 kB Progress (2): 49 kB | 110/165 kB Progress (2): 49 kB | 114/165 kB Progress (2): 49 kB | 118/165 kB Progress (2): 49 kB | 122/165 kB Progress (2): 49 kB | 126/165 kB Progress (2): 49 kB | 130/165 kB Progress (2): 49 kB | 134/165 kB Progress (2): 49 kB | 139/165 kB Progress (2): 49 kB | 143/165 kB Progress (2): 49 kB | 147/165 kB Progress (2): 49 kB | 151/165 kB Progress (2): 49 kB | 155/165 kB Progress (2): 49 kB | 159/165 kB Progress (2): 49 kB | 163/165 kB Progress (2): 49 kB | 165 kB Progress (3): 49 kB | 165 kB | 4.1/472 kB Progress (3): 49 kB | 165 kB | 7.7/472 kB Progress (3): 49 kB | 165 kB | 12/472 kB Progress (3): 49 kB | 165 kB | 16/472 kB Progress (3): 49 kB | 165 kB | 20/472 kB Progress (3): 49 kB | 165 kB | 24/472 kB Progress (3): 49 kB | 165 kB | 28/472 kB Progress (3): 49 kB | 165 kB | 32/472 kB Progress (3): 49 kB | 165 kB | 36/472 kB Progress (3): 49 kB | 165 kB | 41/472 kB Progress (3): 49 kB | 165 kB | 45/472 kB Progress (3): 49 kB | 165 kB | 49/472 kB Progress (3): 49 kB | 165 kB | 53/472 kB Progress (3): 49 kB | 165 kB | 57/472 kB Progress (3): 49 kB | 165 kB | 61/472 kB Progress (3): 49 kB | 165 kB | 65/472 kB Progress (3): 49 kB | 165 kB | 69/472 kB Progress (3): 49 kB | 165 kB | 73/472 kB Progress (3): 49 kB | 165 kB | 77/472 kB Progress (3): 49 kB | 165 kB | 81/472 kB Progress (3): 49 kB | 165 kB | 86/472 kB Progress (3): 49 kB | 165 kB | 90/472 kB Progress (3): 49 kB | 165 kB | 94/472 kB Progress (3): 49 kB | 165 kB | 98/472 kB Progress (3): 49 kB | 165 kB | 102/472 kB Progress (3): 49 kB | 165 kB | 106/472 kB Progress (3): 49 kB | 165 kB | 110/472 kB Progress (3): 49 kB | 165 kB | 114/472 kB Progress (3): 49 kB | 165 kB | 118/472 kB Progress (3): 49 kB | 165 kB | 122/472 kB Progress (3): 49 kB | 165 kB | 127/472 kB Progress (3): 49 kB | 165 kB | 131/472 kB Progress (3): 49 kB | 165 kB | 135/472 kB Progress (3): 49 kB | 165 kB | 139/472 kB Progress (3): 49 kB | 165 kB | 143/472 kB Progress (3): 49 kB | 165 kB | 147/472 kB Progress (3): 49 kB | 165 kB | 151/472 kB Progress (3): 49 kB | 165 kB | 155/472 kB Progress (3): 49 kB | 165 kB | 159/472 kB Progress (3): 49 kB | 165 kB | 163/472 kB Progress (3): 49 kB | 165 kB | 167/472 kB Progress (3): 49 kB | 165 kB | 172/472 kB Progress (3): 49 kB | 165 kB | 176/472 kB Progress (3): 49 kB | 165 kB | 180/472 kB Progress (3): 49 kB | 165 kB | 184/472 kB Progress (3): 49 kB | 165 kB | 188/472 kB Progress (3): 49 kB | 165 kB | 192/472 kB Progress (3): 49 kB | 165 kB | 196/472 kB Progress (3): 49 kB | 165 kB | 200/472 kB Progress (4): 49 kB | 165 kB | 200/472 kB | 4.1/153 kB Progress (4): 49 kB | 165 kB | 204/472 kB | 4.1/153 kB Progress (4): 49 kB | 165 kB | 204/472 kB | 7.5/153 kB Progress (4): 49 kB | 165 kB | 208/472 kB | 7.5/153 kB Progress (4): 49 kB | 165 kB | 213/472 kB | 7.5/153 kB Progress (4): 49 kB | 165 kB | 213/472 kB | 12/153 kB Progress (4): 49 kB | 165 kB | 213/472 kB | 16/153 kB Progress (4): 49 kB | 165 kB | 217/472 kB | 16/153 kB Progress (4): 49 kB | 165 kB | 217/472 kB | 20/153 kB Progress (4): 49 kB | 165 kB | 221/472 kB | 20/153 kB Progress (4): 49 kB | 165 kB | 221/472 kB | 24/153 kB Progress (4): 49 kB | 165 kB | 225/472 kB | 24/153 kB Progress (4): 49 kB | 165 kB | 225/472 kB | 28/153 kB Progress (4): 49 kB | 165 kB | 229/472 kB | 28/153 kB Progress (4): 49 kB | 165 kB | 229/472 kB | 32/153 kB Progress (4): 49 kB | 165 kB | 233/472 kB | 32/153 kB Progress (4): 49 kB | 165 kB | 237/472 kB | 32/153 kB Progress (4): 49 kB | 165 kB | 237/472 kB | 36/153 kB Progress (4): 49 kB | 165 kB | 241/472 kB | 36/153 kB Progress (4): 49 kB | 165 kB | 241/472 kB | 40/153 kB Progress (4): 49 kB | 165 kB | 245/472 kB | 40/153 kB Progress (4): 49 kB | 165 kB | 245/472 kB | 44/153 kB Progress (4): 49 kB | 165 kB | 245/472 kB | 48/153 kB Progress (4): 49 kB | 165 kB | 249/472 kB | 48/153 kB Progress (4): 49 kB | 165 kB | 249/472 kB | 53/153 kB Progress (4): 49 kB | 165 kB | 253/472 kB | 53/153 kB Progress (4): 49 kB | 165 kB | 253/472 kB | 57/153 kB Progress (4): 49 kB | 165 kB | 258/472 kB | 57/153 kB Progress (4): 49 kB | 165 kB | 258/472 kB | 61/153 kB Progress (4): 49 kB | 165 kB | 262/472 kB | 61/153 kB Progress (4): 49 kB | 165 kB | 262/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 266/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 266/472 kB | 69/153 kB Progress (4): 49 kB | 165 kB | 270/472 kB | 69/153 kB Progress (4): 49 kB | 165 kB | 270/472 kB | 73/153 kB Progress (4): 49 kB | 165 kB | 274/472 kB | 73/153 kB Progress (4): 49 kB | 165 kB | 274/472 kB | 77/153 kB Progress (4): 49 kB | 165 kB | 278/472 kB | 77/153 kB Progress (4): 49 kB | 165 kB | 278/472 kB | 81/153 kB Progress (4): 49 kB | 165 kB | 282/472 kB | 81/153 kB Progress (4): 49 kB | 165 kB | 282/472 kB | 85/153 kB Progress (4): 49 kB | 165 kB | 286/472 kB | 85/153 kB Progress (4): 49 kB | 165 kB | 286/472 kB | 89/153 kB Progress (4): 49 kB | 165 kB | 290/472 kB | 89/153 kB Progress (4): 49 kB | 165 kB | 290/472 kB | 94/153 kB Progress (4): 49 kB | 165 kB | 294/472 kB | 94/153 kB Progress (4): 49 kB | 165 kB | 294/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 299/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 299/472 kB | 102/153 kB Progress (4): 49 kB | 165 kB | 303/472 kB | 102/153 kB Progress (4): 49 kB | 165 kB | 303/472 kB | 106/153 kB Progress (4): 49 kB | 165 kB | 307/472 kB | 106/153 kB Progress (4): 49 kB | 165 kB | 307/472 kB | 110/153 kB Progress (4): 49 kB | 165 kB | 311/472 kB | 110/153 kB Progress (4): 49 kB | 165 kB | 311/472 kB | 114/153 kB Progress (4): 49 kB | 165 kB | 315/472 kB | 114/153 kB Progress (4): 49 kB | 165 kB | 315/472 kB | 118/153 kB Progress (4): 49 kB | 165 kB | 319/472 kB | 118/153 kB Progress (4): 49 kB | 165 kB | 319/472 kB | 122/153 kB Progress (4): 49 kB | 165 kB | 323/472 kB | 122/153 kB Progress (4): 49 kB | 165 kB | 323/472 kB | 126/153 kB Progress (4): 49 kB | 165 kB | 327/472 kB | 126/153 kB Progress (4): 49 kB | 165 kB | 327/472 kB | 130/153 kB Progress (4): 49 kB | 165 kB | 331/472 kB | 130/153 kB Progress (4): 49 kB | 165 kB | 331/472 kB | 134/153 kB Progress (4): 49 kB | 165 kB | 335/472 kB | 134/153 kB Progress (4): 49 kB | 165 kB | 339/472 kB | 134/153 kB Progress (4): 49 kB | 165 kB | 339/472 kB | 139/153 kB Progress (4): 49 kB | 165 kB | 344/472 kB | 139/153 kB Progress (4): 49 kB | 165 kB | 344/472 kB | 143/153 kB Progress (4): 49 kB | 165 kB | 344/472 kB | 147/153 kB Progress (4): 49 kB | 165 kB | 348/472 kB | 147/153 kB Progress (4): 49 kB | 165 kB | 348/472 kB | 151/153 kB Progress (4): 49 kB | 165 kB | 352/472 kB | 151/153 kB Progress (4): 49 kB | 165 kB | 352/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 356/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 360/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 364/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 368/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 372/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 376/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 380/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 385/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 389/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 393/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 397/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 401/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 405/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 409/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 413/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 417/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 421/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 425/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 430/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 434/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 438/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 442/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 446/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 450/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 454/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 458/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 462/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 466/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 471/472 kB | 153 kB Progress (4): 49 kB | 165 kB | 472 kB | 153 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 4.1/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 7.7/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 12/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 16/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 20/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 24/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 28/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 32/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 36/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 41/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 45/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 49/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 53/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 57/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 61/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 65/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 69/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 73/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 77/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 81/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 86/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 90/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 94/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 98/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 102/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 106/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 110/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 114/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 118/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 122/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 127/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 131/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 135/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 139/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 143/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 147/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 151/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 155/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 159/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 163/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 167/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 172/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 176/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 180/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 184/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 188/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 192/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 196/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 200/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 7.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 2.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 202 kB | 4.1/527 kB Progress (2): 202 kB | 7.7/527 kB Progress (2): 202 kB | 12/527 kB Progress (2): 202 kB | 16/527 kB Progress (2): 202 kB | 20/527 kB Progress (2): 202 kB | 24/527 kB Progress (2): 202 kB | 28/527 kB Progress (2): 202 kB | 32/527 kB Progress (2): 202 kB | 36/527 kB Progress (2): 202 kB | 41/527 kB Progress (2): 202 kB | 45/527 kB Progress (2): 202 kB | 49/527 kB Progress (2): 202 kB | 53/527 kB Progress (2): 202 kB | 57/527 kB Progress (2): 202 kB | 61/527 kB Progress (2): 202 kB | 65/527 kB Progress (2): 202 kB | 69/527 kB Progress (2): 202 kB | 73/527 kB Progress (2): 202 kB | 77/527 kB Progress (2): 202 kB | 81/527 kB Progress (2): 202 kB | 86/527 kB Progress (2): 202 kB | 90/527 kB Progress (2): 202 kB | 94/527 kB Progress (2): 202 kB | 98/527 kB Progress (2): 202 kB | 102/527 kB Progress (2): 202 kB | 106/527 kB Progress (2): 202 kB | 110/527 kB Progress (2): 202 kB | 114/527 kB Progress (2): 202 kB | 118/527 kB Progress (2): 202 kB | 122/527 kB Progress (2): 202 kB | 127/527 kB Progress (2): 202 kB | 131/527 kB Progress (2): 202 kB | 135/527 kB Progress (2): 202 kB | 139/527 kB Progress (2): 202 kB | 143/527 kB Progress (2): 202 kB | 147/527 kB Progress (2): 202 kB | 151/527 kB Progress (2): 202 kB | 155/527 kB Progress (2): 202 kB | 159/527 kB Progress (2): 202 kB | 163/527 kB Progress (2): 202 kB | 167/527 kB Progress (2): 202 kB | 172/527 kB Progress (2): 202 kB | 176/527 kB Progress (2): 202 kB | 180/527 kB Progress (2): 202 kB | 184/527 kB Progress (2): 202 kB | 188/527 kB Progress (2): 202 kB | 192/527 kB Progress (2): 202 kB | 196/527 kB Progress (2): 202 kB | 200/527 kB Progress (2): 202 kB | 204/527 kB Progress (2): 202 kB | 208/527 kB Progress (2): 202 kB | 213/527 kB Progress (2): 202 kB | 217/527 kB Progress (2): 202 kB | 221/527 kB Progress (2): 202 kB | 225/527 kB Progress (2): 202 kB | 229/527 kB Progress (2): 202 kB | 233/527 kB Progress (2): 202 kB | 237/527 kB Progress (2): 202 kB | 241/527 kB Progress (2): 202 kB | 245/527 kB Progress (2): 202 kB | 249/527 kB Progress (2): 202 kB | 254/527 kB Progress (2): 202 kB | 258/527 kB Progress (2): 202 kB | 262/527 kB Progress (2): 202 kB | 266/527 kB Progress (2): 202 kB | 270/527 kB Progress (2): 202 kB | 274/527 kB Progress (2): 202 kB | 278/527 kB Progress (2): 202 kB | 282/527 kB Progress (2): 202 kB | 286/527 kB Progress (2): 202 kB | 290/527 kB Progress (2): 202 kB | 294/527 kB Progress (2): 202 kB | 299/527 kB Progress (2): 202 kB | 303/527 kB Progress (2): 202 kB | 307/527 kB Progress (2): 202 kB | 311/527 kB Progress (2): 202 kB | 315/527 kB Progress (2): 202 kB | 319/527 kB Progress (2): 202 kB | 323/527 kB Progress (2): 202 kB | 327/527 kB Progress (2): 202 kB | 331/527 kB Progress (2): 202 kB | 335/527 kB Progress (2): 202 kB | 340/527 kB Progress (2): 202 kB | 344/527 kB Progress (2): 202 kB | 348/527 kB Progress (2): 202 kB | 352/527 kB Progress (2): 202 kB | 356/527 kB Progress (2): 202 kB | 360/527 kB Progress (2): 202 kB | 364/527 kB Progress (2): 202 kB | 368/527 kB Progress (2): 202 kB | 372/527 kB Progress (2): 202 kB | 376/527 kB Progress (2): 202 kB | 380/527 kB Progress (2): 202 kB | 385/527 kB Progress (2): 202 kB | 389/527 kB Progress (2): 202 kB | 393/527 kB Progress (2): 202 kB | 397/527 kB Progress (2): 202 kB | 401/527 kB Progress (2): 202 kB | 405/527 kB Progress (2): 202 kB | 409/527 kB Progress (2): 202 kB | 413/527 kB Progress (2): 202 kB | 417/527 kB Progress (2): 202 kB | 421/527 kB Progress (2): 202 kB | 426/527 kB Progress (2): 202 kB | 430/527 kB Progress (2): 202 kB | 434/527 kB Progress (2): 202 kB | 438/527 kB Progress (2): 202 kB | 442/527 kB Progress (2): 202 kB | 446/527 kB Progress (2): 202 kB | 450/527 kB Progress (2): 202 kB | 454/527 kB Progress (2): 202 kB | 458/527 kB Progress (2): 202 kB | 462/527 kB Progress (2): 202 kB | 466/527 kB Progress (2): 202 kB | 471/527 kB Progress (2): 202 kB | 475/527 kB Progress (2): 202 kB | 479/527 kB Progress (2): 202 kB | 483/527 kB Progress (2): 202 kB | 487/527 kB Progress (2): 202 kB | 491/527 kB Progress (2): 202 kB | 495/527 kB Progress (2): 202 kB | 499/527 kB Progress (2): 202 kB | 503/527 kB Progress (2): 202 kB | 507/527 kB Progress (2): 202 kB | 512/527 kB Progress (2): 202 kB | 516/527 kB Progress (2): 202 kB | 520/527 kB Progress (2): 202 kB | 524/527 kB Progress (2): 202 kB | 527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (2): 527 kB | 4.1/30 kB Progress (2): 527 kB | 7.7/30 kB Progress (2): 527 kB | 12/30 kB Progress (2): 527 kB | 16/30 kB Progress (2): 527 kB | 20/30 kB Progress (2): 527 kB | 24/30 kB Progress (2): 527 kB | 28/30 kB Progress (2): 527 kB | 30 kB Progress (3): 527 kB | 30 kB | 4.1/47 kB Progress (3): 527 kB | 30 kB | 7.7/47 kB Progress (3): 527 kB | 30 kB | 12/47 kB Progress (3): 527 kB | 30 kB | 16/47 kB Progress (3): 527 kB | 30 kB | 20/47 kB Progress (3): 527 kB | 30 kB | 24/47 kB Progress (3): 527 kB | 30 kB | 28/47 kB Progress (3): 527 kB | 30 kB | 32/47 kB Progress (3): 527 kB | 30 kB | 36/47 kB Progress (3): 527 kB | 30 kB | 40/47 kB Progress (3): 527 kB | 30 kB | 44/47 kB Progress (3): 527 kB | 30 kB | 47 kB Progress (4): 527 kB | 30 kB | 47 kB | 4.1/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 7.7/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 12/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 16/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 20/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 24/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 28/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 32/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 36/38 kB Progress (4): 527 kB | 30 kB | 47 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 5.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (3): 47 kB | 38 kB | 4.1/148 kB Progress (3): 47 kB | 38 kB | 7.7/148 kB Progress (3): 47 kB | 38 kB | 12/148 kB Progress (3): 47 kB | 38 kB | 16/148 kB Progress (3): 47 kB | 38 kB | 20/148 kB Progress (3): 47 kB | 38 kB | 24/148 kB Progress (3): 47 kB | 38 kB | 28/148 kB Progress (3): 47 kB | 38 kB | 32/148 kB Progress (3): 47 kB | 38 kB | 36/148 kB Progress (3): 47 kB | 38 kB | 40/148 kB Progress (3): 47 kB | 38 kB | 44/148 kB Progress (3): 47 kB | 38 kB | 48/148 kB Progress (3): 47 kB | 38 kB | 53/148 kB Progress (3): 47 kB | 38 kB | 57/148 kB Progress (3): 47 kB | 38 kB | 61/148 kB Progress (3): 47 kB | 38 kB | 65/148 kB Progress (3): 47 kB | 38 kB | 69/148 kB Progress (3): 47 kB | 38 kB | 73/148 kB Progress (3): 47 kB | 38 kB | 77/148 kB Progress (3): 47 kB | 38 kB | 81/148 kB Progress (3): 47 kB | 38 kB | 85/148 kB Progress (3): 47 kB | 38 kB | 89/148 kB Progress (3): 47 kB | 38 kB | 94/148 kB Progress (3): 47 kB | 38 kB | 98/148 kB Progress (3): 47 kB | 38 kB | 102/148 kB Progress (3): 47 kB | 38 kB | 106/148 kB Progress (3): 47 kB | 38 kB | 110/148 kB Progress (3): 47 kB | 38 kB | 114/148 kB Progress (3): 47 kB | 38 kB | 118/148 kB Progress (3): 47 kB | 38 kB | 122/148 kB Progress (3): 47 kB | 38 kB | 126/148 kB Progress (3): 47 kB | 38 kB | 130/148 kB Progress (3): 47 kB | 38 kB | 134/148 kB Progress (3): 47 kB | 38 kB | 139/148 kB Progress (3): 47 kB | 38 kB | 143/148 kB Progress (3): 47 kB | 38 kB | 147/148 kB Progress (3): 47 kB | 38 kB | 148 kB Progress (4): 47 kB | 38 kB | 148 kB | 4.1/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 7.7/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 12/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 16/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 20/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 24/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 28/51 kB Progress (4): 47 kB | 38 kB | 148 kB | 32/51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 409 kB/s) Progress (3): 38 kB | 148 kB | 36/51 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (3): 38 kB | 148 kB | 41/51 kB Progress (3): 38 kB | 148 kB | 45/51 kB Progress (3): 38 kB | 148 kB | 49/51 kB Progress (3): 38 kB | 148 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 329 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (3): 148 kB | 51 kB | 4.1/106 kB Progress (3): 148 kB | 51 kB | 7.7/106 kB Progress (3): 148 kB | 51 kB | 12/106 kB Progress (3): 148 kB | 51 kB | 16/106 kB Progress (3): 148 kB | 51 kB | 20/106 kB Progress (3): 148 kB | 51 kB | 24/106 kB Progress (3): 148 kB | 51 kB | 28/106 kB Progress (3): 148 kB | 51 kB | 32/106 kB Progress (3): 148 kB | 51 kB | 36/106 kB Progress (3): 148 kB | 51 kB | 41/106 kB Progress (3): 148 kB | 51 kB | 45/106 kB Progress (3): 148 kB | 51 kB | 49/106 kB Progress (3): 148 kB | 51 kB | 53/106 kB Progress (3): 148 kB | 51 kB | 57/106 kB Progress (3): 148 kB | 51 kB | 61/106 kB Progress (3): 148 kB | 51 kB | 65/106 kB Progress (3): 148 kB | 51 kB | 69/106 kB Progress (3): 148 kB | 51 kB | 73/106 kB Progress (3): 148 kB | 51 kB | 77/106 kB Progress (3): 148 kB | 51 kB | 81/106 kB Progress (3): 148 kB | 51 kB | 86/106 kB Progress (3): 148 kB | 51 kB | 90/106 kB Progress (3): 148 kB | 51 kB | 94/106 kB Progress (3): 148 kB | 51 kB | 98/106 kB Progress (3): 148 kB | 51 kB | 102/106 kB Progress (3): 148 kB | 51 kB | 106/106 kB Progress (3): 148 kB | 51 kB | 106 kB Progress (4): 148 kB | 51 kB | 106 kB | 4.1/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 7.7/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 12/14 kB Progress (4): 148 kB | 51 kB | 106 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 781 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 363 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (2): 14 kB | 4.1/74 kB Progress (2): 14 kB | 7.7/74 kB Progress (2): 14 kB | 12/74 kB Progress (2): 14 kB | 16/74 kB Progress (2): 14 kB | 20/74 kB Progress (2): 14 kB | 24/74 kB Progress (2): 14 kB | 28/74 kB Progress (2): 14 kB | 32/74 kB Progress (2): 14 kB | 36/74 kB Progress (2): 14 kB | 41/74 kB Progress (2): 14 kB | 45/74 kB Progress (2): 14 kB | 49/74 kB Progress (2): 14 kB | 53/74 kB Progress (2): 14 kB | 57/74 kB Progress (2): 14 kB | 61/74 kB Progress (2): 14 kB | 65/74 kB Progress (2): 14 kB | 69/74 kB Progress (2): 14 kB | 73/74 kB Progress (2): 14 kB | 74 kB Progress (3): 14 kB | 74 kB | 4.1/108 kB Progress (3): 14 kB | 74 kB | 7.7/108 kB Progress (3): 14 kB | 74 kB | 12/108 kB Progress (3): 14 kB | 74 kB | 16/108 kB Progress (3): 14 kB | 74 kB | 20/108 kB Progress (3): 14 kB | 74 kB | 24/108 kB Progress (3): 14 kB | 74 kB | 28/108 kB Progress (3): 14 kB | 74 kB | 32/108 kB Progress (3): 14 kB | 74 kB | 36/108 kB Progress (3): 14 kB | 74 kB | 41/108 kB Progress (3): 14 kB | 74 kB | 45/108 kB Progress (3): 14 kB | 74 kB | 49/108 kB Progress (3): 14 kB | 74 kB | 53/108 kB Progress (3): 14 kB | 74 kB | 57/108 kB Progress (3): 14 kB | 74 kB | 61/108 kB Progress (3): 14 kB | 74 kB | 65/108 kB Progress (3): 14 kB | 74 kB | 69/108 kB Progress (3): 14 kB | 74 kB | 73/108 kB Progress (3): 14 kB | 74 kB | 77/108 kB Progress (3): 14 kB | 74 kB | 81/108 kB Progress (3): 14 kB | 74 kB | 86/108 kB Progress (3): 14 kB | 74 kB | 90/108 kB Progress (3): 14 kB | 74 kB | 94/108 kB Progress (3): 14 kB | 74 kB | 98/108 kB Progress (3): 14 kB | 74 kB | 102/108 kB Progress (3): 14 kB | 74 kB | 106/108 kB Progress (3): 14 kB | 74 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (3): 74 kB | 108 kB | 4.1/61 kB Progress (3): 74 kB | 108 kB | 7.7/61 kB Progress (3): 74 kB | 108 kB | 12/61 kB Progress (3): 74 kB | 108 kB | 16/61 kB Progress (3): 74 kB | 108 kB | 20/61 kB Progress (3): 74 kB | 108 kB | 24/61 kB Progress (3): 74 kB | 108 kB | 28/61 kB Progress (3): 74 kB | 108 kB | 32/61 kB Progress (3): 74 kB | 108 kB | 36/61 kB Progress (3): 74 kB | 108 kB | 41/61 kB Progress (3): 74 kB | 108 kB | 45/61 kB Progress (3): 74 kB | 108 kB | 49/61 kB Progress (3): 74 kB | 108 kB | 53/61 kB Progress (3): 74 kB | 108 kB | 57/61 kB Progress (3): 74 kB | 108 kB | 61/61 kB Progress (3): 74 kB | 108 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 431 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (3): 108 kB | 61 kB | 4.1/46 kB Progress (3): 108 kB | 61 kB | 7.7/46 kB Progress (3): 108 kB | 61 kB | 12/46 kB Progress (3): 108 kB | 61 kB | 16/46 kB Progress (3): 108 kB | 61 kB | 20/46 kB Progress (3): 108 kB | 61 kB | 24/46 kB Progress (3): 108 kB | 61 kB | 28/46 kB Progress (3): 108 kB | 61 kB | 32/46 kB Progress (3): 108 kB | 61 kB | 36/46 kB Progress (3): 108 kB | 61 kB | 41/46 kB Progress (3): 108 kB | 61 kB | 45/46 kB Progress (3): 108 kB | 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 620 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (3): 61 kB | 46 kB | 4.1/4.2 kB Progress (3): 61 kB | 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 323 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (3): 46 kB | 4.2 kB | 4.1/29 kB Progress (3): 46 kB | 4.2 kB | 7.7/29 kB Progress (3): 46 kB | 4.2 kB | 12/29 kB Progress (3): 46 kB | 4.2 kB | 16/29 kB Progress (3): 46 kB | 4.2 kB | 20/29 kB Progress (3): 46 kB | 4.2 kB | 24/29 kB Progress (3): 46 kB | 4.2 kB | 28/29 kB Progress (3): 46 kB | 4.2 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (2): 29 kB | 4.1/13 kB Progress (2): 29 kB | 7.7/13 kB Progress (2): 29 kB | 12/13 kB Progress (2): 29 kB | 13 kB Progress (3): 29 kB | 13 kB | 4.1/52 kB Progress (3): 29 kB | 13 kB | 7.7/52 kB Progress (3): 29 kB | 13 kB | 12/52 kB Progress (3): 29 kB | 13 kB | 16/52 kB Progress (3): 29 kB | 13 kB | 20/52 kB Progress (3): 29 kB | 13 kB | 24/52 kB Progress (3): 29 kB | 13 kB | 28/52 kB Progress (3): 29 kB | 13 kB | 32/52 kB Progress (3): 29 kB | 13 kB | 36/52 kB Progress (3): 29 kB | 13 kB | 41/52 kB Progress (3): 29 kB | 13 kB | 45/52 kB Progress (3): 29 kB | 13 kB | 49/52 kB Progress (3): 29 kB | 13 kB | 52 kB Progress (4): 29 kB | 13 kB | 52 kB | 4.1/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 7.7/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 12/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 16/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 20/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 24/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 28/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 32/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 36/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 41/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 45/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 49/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 53/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 57/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 61/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 65/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 69/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 73/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 77/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 81/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 86/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 90/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 94/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 98/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 102/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 106/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 110/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 114/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 118/120 kB Progress (4): 29 kB | 13 kB | 52 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Progress (4): 13 kB | 52 kB | 120 kB | 4.1/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 7.7/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 12/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 16/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 20/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 24/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 28/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 32/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 36/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 40/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 44/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 48/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 53/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 57/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 61/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 65/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 69/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 73/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 77/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 81/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 85/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 89/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 94/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 98/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 102/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 106/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 110/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 114/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 118/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 122/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 126/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 130/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 134/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 139/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 143/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 147/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 151/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 155/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 159/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 163/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 167/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 171/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 175/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 180/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 184/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 188/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 192/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 196/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 200/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 204/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 208/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 212/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 216/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 220/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 225/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 229/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 233/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 237/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 241/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 245/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 249/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 253/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 257/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 261/263 kB Progress (4): 13 kB | 52 kB | 120 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 220 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (3): 120 kB | 263 kB | 4.1/61 kB Progress (3): 120 kB | 263 kB | 7.7/61 kB Progress (3): 120 kB | 263 kB | 12/61 kB Progress (3): 120 kB | 263 kB | 16/61 kB Progress (3): 120 kB | 263 kB | 20/61 kB Progress (3): 120 kB | 263 kB | 24/61 kB Progress (3): 120 kB | 263 kB | 28/61 kB Progress (3): 120 kB | 263 kB | 32/61 kB Progress (3): 120 kB | 263 kB | 36/61 kB Progress (3): 120 kB | 263 kB | 41/61 kB Progress (3): 120 kB | 263 kB | 45/61 kB Progress (3): 120 kB | 263 kB | 49/61 kB Progress (3): 120 kB | 263 kB | 53/61 kB Progress (3): 120 kB | 263 kB | 57/61 kB Progress (3): 120 kB | 263 kB | 61/61 kB Progress (3): 120 kB | 263 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 474 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/164 kB Progress (2): 61 kB | 7.7/164 kB Progress (2): 61 kB | 12/164 kB Progress (2): 61 kB | 16/164 kB Progress (2): 61 kB | 20/164 kB Progress (2): 61 kB | 24/164 kB Progress (2): 61 kB | 28/164 kB Progress (2): 61 kB | 32/164 kB Progress (2): 61 kB | 36/164 kB Progress (2): 61 kB | 40/164 kB Progress (2): 61 kB | 44/164 kB Progress (2): 61 kB | 48/164 kB Progress (2): 61 kB | 53/164 kB Progress (2): 61 kB | 57/164 kB Progress (2): 61 kB | 61/164 kB Progress (2): 61 kB | 65/164 kB Progress (2): 61 kB | 69/164 kB Progress (2): 61 kB | 73/164 kB Progress (2): 61 kB | 77/164 kB Progress (2): 61 kB | 81/164 kB Progress (2): 61 kB | 85/164 kB Progress (2): 61 kB | 89/164 kB Progress (2): 61 kB | 94/164 kB Progress (2): 61 kB | 98/164 kB Progress (2): 61 kB | 102/164 kB Progress (2): 61 kB | 106/164 kB Progress (2): 61 kB | 110/164 kB Progress (2): 61 kB | 114/164 kB Progress (2): 61 kB | 118/164 kB Progress (2): 61 kB | 122/164 kB Progress (2): 61 kB | 126/164 kB Progress (2): 61 kB | 130/164 kB Progress (2): 61 kB | 134/164 kB Progress (2): 61 kB | 139/164 kB Progress (2): 61 kB | 143/164 kB Progress (2): 61 kB | 147/164 kB Progress (2): 61 kB | 151/164 kB Progress (2): 61 kB | 155/164 kB Progress (2): 61 kB | 159/164 kB Progress (2): 61 kB | 163/164 kB Progress (2): 61 kB | 164 kB Progress (3): 61 kB | 164 kB | 4.1/335 kB Progress (3): 61 kB | 164 kB | 7.7/335 kB Progress (3): 61 kB | 164 kB | 12/335 kB Progress (3): 61 kB | 164 kB | 16/335 kB Progress (3): 61 kB | 164 kB | 20/335 kB Progress (3): 61 kB | 164 kB | 24/335 kB Progress (3): 61 kB | 164 kB | 28/335 kB Progress (3): 61 kB | 164 kB | 32/335 kB Progress (3): 61 kB | 164 kB | 36/335 kB Progress (3): 61 kB | 164 kB | 41/335 kB Progress (3): 61 kB | 164 kB | 45/335 kB Progress (3): 61 kB | 164 kB | 49/335 kB Progress (3): 61 kB | 164 kB | 53/335 kB Progress (3): 61 kB | 164 kB | 57/335 kB Progress (3): 61 kB | 164 kB | 61/335 kB Progress (3): 61 kB | 164 kB | 65/335 kB Progress (3): 61 kB | 164 kB | 69/335 kB Progress (3): 61 kB | 164 kB | 73/335 kB Progress (3): 61 kB | 164 kB | 77/335 kB Progress (3): 61 kB | 164 kB | 81/335 kB Progress (3): 61 kB | 164 kB | 86/335 kB Progress (3): 61 kB | 164 kB | 90/335 kB Progress (3): 61 kB | 164 kB | 94/335 kB Progress (3): 61 kB | 164 kB | 98/335 kB Progress (3): 61 kB | 164 kB | 102/335 kB Progress (3): 61 kB | 164 kB | 106/335 kB Progress (3): 61 kB | 164 kB | 110/335 kB Progress (3): 61 kB | 164 kB | 114/335 kB Progress (3): 61 kB | 164 kB | 118/335 kB Progress (3): 61 kB | 164 kB | 122/335 kB Progress (3): 61 kB | 164 kB | 127/335 kB Progress (3): 61 kB | 164 kB | 131/335 kB Progress (3): 61 kB | 164 kB | 135/335 kB Progress (3): 61 kB | 164 kB | 139/335 kB Progress (3): 61 kB | 164 kB | 143/335 kB Progress (3): 61 kB | 164 kB | 147/335 kB Progress (3): 61 kB | 164 kB | 151/335 kB Progress (3): 61 kB | 164 kB | 155/335 kB Progress (3): 61 kB | 164 kB | 159/335 kB Progress (3): 61 kB | 164 kB | 163/335 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 233 kB/s) Progress (2): 164 kB | 167/335 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 172/335 kB Progress (2): 164 kB | 176/335 kB Progress (2): 164 kB | 180/335 kB Progress (2): 164 kB | 184/335 kB Progress (2): 164 kB | 188/335 kB Progress (2): 164 kB | 192/335 kB Progress (2): 164 kB | 196/335 kB Progress (2): 164 kB | 200/335 kB Progress (2): 164 kB | 204/335 kB Progress (2): 164 kB | 208/335 kB Progress (2): 164 kB | 213/335 kB Progress (2): 164 kB | 217/335 kB Progress (2): 164 kB | 221/335 kB Progress (2): 164 kB | 225/335 kB Progress (2): 164 kB | 229/335 kB Progress (2): 164 kB | 233/335 kB Progress (2): 164 kB | 237/335 kB Progress (2): 164 kB | 241/335 kB Progress (2): 164 kB | 245/335 kB Progress (2): 164 kB | 249/335 kB Progress (2): 164 kB | 254/335 kB Progress (2): 164 kB | 258/335 kB Progress (2): 164 kB | 262/335 kB Progress (2): 164 kB | 266/335 kB Progress (2): 164 kB | 270/335 kB Progress (2): 164 kB | 274/335 kB Progress (2): 164 kB | 278/335 kB Progress (2): 164 kB | 282/335 kB Progress (2): 164 kB | 286/335 kB Progress (2): 164 kB | 290/335 kB Progress (2): 164 kB | 294/335 kB Progress (2): 164 kB | 299/335 kB Progress (2): 164 kB | 303/335 kB Progress (2): 164 kB | 307/335 kB Progress (2): 164 kB | 311/335 kB Progress (2): 164 kB | 315/335 kB Progress (2): 164 kB | 319/335 kB Progress (2): 164 kB | 323/335 kB Progress (2): 164 kB | 327/335 kB Progress (2): 164 kB | 331/335 kB Progress (2): 164 kB | 335 kB Progress (3): 164 kB | 335 kB | 4.1/26 kB Progress (3): 164 kB | 335 kB | 7.7/26 kB Progress (3): 164 kB | 335 kB | 12/26 kB Progress (3): 164 kB | 335 kB | 16/26 kB Progress (3): 164 kB | 335 kB | 20/26 kB Progress (3): 164 kB | 335 kB | 24/26 kB Progress (3): 164 kB | 335 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 593 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (3): 335 kB | 26 kB | 4.1/122 kB Progress (3): 335 kB | 26 kB | 7.7/122 kB Progress (3): 335 kB | 26 kB | 12/122 kB Progress (3): 335 kB | 26 kB | 16/122 kB Progress (3): 335 kB | 26 kB | 20/122 kB Progress (3): 335 kB | 26 kB | 24/122 kB Progress (3): 335 kB | 26 kB | 28/122 kB Progress (3): 335 kB | 26 kB | 32/122 kB Progress (3): 335 kB | 26 kB | 36/122 kB Progress (3): 335 kB | 26 kB | 40/122 kB Progress (3): 335 kB | 26 kB | 44/122 kB Progress (3): 335 kB | 26 kB | 48/122 kB Progress (3): 335 kB | 26 kB | 53/122 kB Progress (3): 335 kB | 26 kB | 57/122 kB Progress (3): 335 kB | 26 kB | 61/122 kB Progress (3): 335 kB | 26 kB | 65/122 kB Progress (3): 335 kB | 26 kB | 69/122 kB Progress (3): 335 kB | 26 kB | 73/122 kB Progress (3): 335 kB | 26 kB | 77/122 kB Progress (3): 335 kB | 26 kB | 81/122 kB Progress (3): 335 kB | 26 kB | 85/122 kB Progress (3): 335 kB | 26 kB | 89/122 kB Progress (3): 335 kB | 26 kB | 94/122 kB Progress (3): 335 kB | 26 kB | 98/122 kB Progress (3): 335 kB | 26 kB | 102/122 kB Progress (3): 335 kB | 26 kB | 106/122 kB Progress (3): 335 kB | 26 kB | 110/122 kB Progress (3): 335 kB | 26 kB | 114/122 kB Progress (3): 335 kB | 26 kB | 118/122 kB Progress (3): 335 kB | 26 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Progress (3): 26 kB | 122 kB | 4.1/72 kB Progress (3): 26 kB | 122 kB | 7.7/72 kB Progress (3): 26 kB | 122 kB | 12/72 kB Progress (3): 26 kB | 122 kB | 16/72 kB Progress (3): 26 kB | 122 kB | 20/72 kB Progress (3): 26 kB | 122 kB | 24/72 kB Progress (3): 26 kB | 122 kB | 28/72 kB Progress (3): 26 kB | 122 kB | 32/72 kB Progress (3): 26 kB | 122 kB | 36/72 kB Progress (3): 26 kB | 122 kB | 41/72 kB Progress (3): 26 kB | 122 kB | 45/72 kB Progress (3): 26 kB | 122 kB | 49/72 kB Progress (3): 26 kB | 122 kB | 53/72 kB Progress (3): 26 kB | 122 kB | 57/72 kB Progress (3): 26 kB | 122 kB | 61/72 kB Progress (3): 26 kB | 122 kB | 65/72 kB Progress (3): 26 kB | 122 kB | 69/72 kB Progress (3): 26 kB | 122 kB | 72 kB Progress (4): 26 kB | 122 kB | 72 kB | 4.1/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 7.7/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 12/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 16/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 20/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 24/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 28/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 32/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 36/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 41/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 45/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 49/53 kB Progress (4): 26 kB | 122 kB | 72 kB | 53 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Progress (4): 122 kB | 72 kB | 53 kB | 4.1/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 7.7/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 12/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 16/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 20/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 24/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 28/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 32/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 393 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (2): 33 kB | 4.1/305 kB Progress (3): 33 kB | 4.1/305 kB | 4.1/215 kB Progress (3): 33 kB | 7.7/305 kB | 4.1/215 kB Progress (3): 33 kB | 7.7/305 kB | 7.7/215 kB Progress (3): 33 kB | 12/305 kB | 7.7/215 kB Progress (3): 33 kB | 12/305 kB | 12/215 kB Progress (3): 33 kB | 16/305 kB | 12/215 kB Progress (3): 33 kB | 16/305 kB | 16/215 kB Progress (3): 33 kB | 20/305 kB | 16/215 kB Progress (3): 33 kB | 20/305 kB | 20/215 kB Progress (3): 33 kB | 24/305 kB | 20/215 kB Progress (3): 33 kB | 24/305 kB | 24/215 kB Progress (3): 33 kB | 28/305 kB | 24/215 kB Progress (3): 33 kB | 28/305 kB | 28/215 kB Progress (3): 33 kB | 32/305 kB | 28/215 kB Progress (3): 33 kB | 32/305 kB | 32/215 kB Progress (3): 33 kB | 36/305 kB | 32/215 kB Progress (3): 33 kB | 36/305 kB | 36/215 kB Progress (3): 33 kB | 41/305 kB | 36/215 kB Progress (3): 33 kB | 41/305 kB | 41/215 kB Progress (3): 33 kB | 45/305 kB | 41/215 kB Progress (3): 33 kB | 45/305 kB | 45/215 kB Progress (3): 33 kB | 49/305 kB | 45/215 kB Progress (3): 33 kB | 49/305 kB | 49/215 kB Progress (3): 33 kB | 53/305 kB | 49/215 kB Progress (3): 33 kB | 53/305 kB | 53/215 kB Progress (3): 33 kB | 57/305 kB | 53/215 kB Progress (3): 33 kB | 57/305 kB | 57/215 kB Progress (3): 33 kB | 61/305 kB | 57/215 kB Progress (4): 33 kB | 61/305 kB | 57/215 kB | 4.1/134 kB Progress (4): 33 kB | 65/305 kB | 57/215 kB | 4.1/134 kB Progress (4): 33 kB | 65/305 kB | 61/215 kB | 4.1/134 kB Progress (4): 33 kB | 65/305 kB | 61/215 kB | 7.7/134 kB Progress (4): 33 kB | 69/305 kB | 61/215 kB | 7.7/134 kB Progress (4): 33 kB | 69/305 kB | 65/215 kB | 7.7/134 kB Progress (4): 33 kB | 73/305 kB | 65/215 kB | 7.7/134 kB Progress (4): 33 kB | 73/305 kB | 65/215 kB | 12/134 kB Progress (4): 33 kB | 77/305 kB | 65/215 kB | 12/134 kB Progress (4): 33 kB | 77/305 kB | 69/215 kB | 12/134 kB Progress (4): 33 kB | 81/305 kB | 69/215 kB | 12/134 kB Progress (4): 33 kB | 81/305 kB | 69/215 kB | 16/134 kB Progress (4): 33 kB | 81/305 kB | 73/215 kB | 16/134 kB Progress (4): 33 kB | 86/305 kB | 73/215 kB | 16/134 kB Progress (4): 33 kB | 86/305 kB | 77/215 kB | 16/134 kB Progress (4): 33 kB | 90/305 kB | 77/215 kB | 16/134 kB Progress (4): 33 kB | 90/305 kB | 77/215 kB | 20/134 kB Progress (4): 33 kB | 94/305 kB | 77/215 kB | 20/134 kB Progress (4): 33 kB | 94/305 kB | 81/215 kB | 20/134 kB Progress (4): 33 kB | 98/305 kB | 81/215 kB | 20/134 kB Progress (4): 33 kB | 98/305 kB | 86/215 kB | 20/134 kB Progress (4): 33 kB | 98/305 kB | 86/215 kB | 24/134 kB Progress (4): 33 kB | 102/305 kB | 86/215 kB | 24/134 kB Progress (4): 33 kB | 102/305 kB | 90/215 kB | 24/134 kB Progress (4): 33 kB | 106/305 kB | 90/215 kB | 24/134 kB Progress (4): 33 kB | 106/305 kB | 90/215 kB | 28/134 kB Progress (4): 33 kB | 110/305 kB | 90/215 kB | 28/134 kB Progress (4): 33 kB | 110/305 kB | 94/215 kB | 28/134 kB Progress (4): 33 kB | 114/305 kB | 94/215 kB | 28/134 kB Progress (4): 33 kB | 114/305 kB | 94/215 kB | 32/134 kB Progress (4): 33 kB | 114/305 kB | 98/215 kB | 32/134 kB Progress (4): 33 kB | 118/305 kB | 98/215 kB | 32/134 kB Progress (4): 33 kB | 118/305 kB | 102/215 kB | 32/134 kB Progress (4): 33 kB | 118/305 kB | 102/215 kB | 36/134 kB Progress (4): 33 kB | 118/305 kB | 106/215 kB | 36/134 kB Progress (4): 33 kB | 122/305 kB | 106/215 kB | 36/134 kB Progress (4): 33 kB | 122/305 kB | 110/215 kB | 36/134 kB Progress (4): 33 kB | 122/305 kB | 110/215 kB | 41/134 kB Progress (4): 33 kB | 122/305 kB | 114/215 kB | 41/134 kB Progress (4): 33 kB | 122/305 kB | 114/215 kB | 45/134 kB Progress (4): 33 kB | 122/305 kB | 118/215 kB | 45/134 kB Progress (4): 33 kB | 122/305 kB | 118/215 kB | 49/134 kB Progress (4): 33 kB | 127/305 kB | 118/215 kB | 49/134 kB Progress (4): 33 kB | 127/305 kB | 122/215 kB | 49/134 kB Progress (4): 33 kB | 131/305 kB | 122/215 kB | 49/134 kB Progress (4): 33 kB | 131/305 kB | 127/215 kB | 49/134 kB Progress (4): 33 kB | 131/305 kB | 127/215 kB | 53/134 kB Progress (4): 33 kB | 135/305 kB | 127/215 kB | 53/134 kB Progress (4): 33 kB | 135/305 kB | 131/215 kB | 53/134 kB Progress (4): 33 kB | 139/305 kB | 131/215 kB | 53/134 kB Progress (4): 33 kB | 139/305 kB | 131/215 kB | 57/134 kB Progress (4): 33 kB | 143/305 kB | 131/215 kB | 57/134 kB Progress (4): 33 kB | 143/305 kB | 135/215 kB | 57/134 kB Progress (4): 33 kB | 147/305 kB | 135/215 kB | 57/134 kB Progress (4): 33 kB | 147/305 kB | 135/215 kB | 61/134 kB Progress (4): 33 kB | 151/305 kB | 135/215 kB | 61/134 kB Progress (4): 33 kB | 151/305 kB | 139/215 kB | 61/134 kB Progress (4): 33 kB | 155/305 kB | 139/215 kB | 61/134 kB Progress (4): 33 kB | 155/305 kB | 139/215 kB | 65/134 kB Progress (4): 33 kB | 159/305 kB | 139/215 kB | 65/134 kB Progress (4): 33 kB | 159/305 kB | 143/215 kB | 65/134 kB Progress (4): 33 kB | 159/305 kB | 143/215 kB | 69/134 kB Progress (4): 33 kB | 163/305 kB | 143/215 kB | 69/134 kB Progress (4): 33 kB | 163/305 kB | 143/215 kB | 73/134 kB Progress (4): 33 kB | 167/305 kB | 143/215 kB | 73/134 kB Progress (4): 33 kB | 167/305 kB | 147/215 kB | 73/134 kB Progress (4): 33 kB | 172/305 kB | 147/215 kB | 73/134 kB Progress (4): 33 kB | 172/305 kB | 147/215 kB | 77/134 kB Progress (4): 33 kB | 176/305 kB | 147/215 kB | 77/134 kB Progress (4): 33 kB | 176/305 kB | 151/215 kB | 77/134 kB Progress (4): 33 kB | 180/305 kB | 151/215 kB | 77/134 kB Progress (4): 33 kB | 180/305 kB | 151/215 kB | 81/134 kB Progress (4): 33 kB | 180/305 kB | 155/215 kB | 81/134 kB Progress (4): 33 kB | 184/305 kB | 155/215 kB | 81/134 kB Progress (4): 33 kB | 184/305 kB | 155/215 kB | 86/134 kB Progress (4): 33 kB | 184/305 kB | 159/215 kB | 86/134 kB Progress (4): 33 kB | 184/305 kB | 159/215 kB | 90/134 kB Progress (4): 33 kB | 188/305 kB | 159/215 kB | 90/134 kB Progress (4): 33 kB | 188/305 kB | 159/215 kB | 94/134 kB Progress (4): 33 kB | 188/305 kB | 163/215 kB | 94/134 kB Progress (4): 33 kB | 188/305 kB | 163/215 kB | 98/134 kB Progress (4): 33 kB | 188/305 kB | 167/215 kB | 98/134 kB Progress (4): 33 kB | 192/305 kB | 167/215 kB | 98/134 kB Progress (4): 33 kB | 192/305 kB | 167/215 kB | 102/134 kB Progress (4): 33 kB | 192/305 kB | 172/215 kB | 102/134 kB Progress (4): 33 kB | 192/305 kB | 172/215 kB | 106/134 kB Progress (4): 33 kB | 196/305 kB | 172/215 kB | 106/134 kB Progress (4): 33 kB | 196/305 kB | 172/215 kB | 110/134 kB Progress (4): 33 kB | 200/305 kB | 172/215 kB | 110/134 kB Progress (4): 33 kB | 200/305 kB | 176/215 kB | 110/134 kB Progress (4): 33 kB | 204/305 kB | 176/215 kB | 110/134 kB Progress (4): 33 kB | 204/305 kB | 176/215 kB | 114/134 kB Progress (4): 33 kB | 208/305 kB | 176/215 kB | 114/134 kB Progress (4): 33 kB | 208/305 kB | 180/215 kB | 114/134 kB Progress (4): 33 kB | 208/305 kB | 180/215 kB | 118/134 kB Progress (4): 33 kB | 213/305 kB | 180/215 kB | 118/134 kB Progress (4): 33 kB | 213/305 kB | 180/215 kB | 122/134 kB Progress (4): 33 kB | 217/305 kB | 180/215 kB | 122/134 kB Progress (4): 33 kB | 217/305 kB | 184/215 kB | 122/134 kB Progress (4): 33 kB | 221/305 kB | 184/215 kB | 122/134 kB Progress (4): 33 kB | 221/305 kB | 184/215 kB | 127/134 kB Progress (4): 33 kB | 225/305 kB | 184/215 kB | 127/134 kB Progress (4): 33 kB | 225/305 kB | 188/215 kB | 127/134 kB Progress (4): 33 kB | 229/305 kB | 188/215 kB | 127/134 kB Progress (4): 33 kB | 229/305 kB | 188/215 kB | 131/134 kB Progress (4): 33 kB | 233/305 kB | 188/215 kB | 131/134 kB Progress (4): 33 kB | 233/305 kB | 192/215 kB | 131/134 kB Progress (4): 33 kB | 233/305 kB | 192/215 kB | 134 kB Progress (4): 33 kB | 237/305 kB | 192/215 kB | 134 kB Progress (4): 33 kB | 237/305 kB | 196/215 kB | 134 kB Progress (4): 33 kB | 241/305 kB | 196/215 kB | 134 kB Progress (4): 33 kB | 241/305 kB | 200/215 kB | 134 kB Progress (4): 33 kB | 245/305 kB | 200/215 kB | 134 kB Progress (4): 33 kB | 245/305 kB | 204/215 kB | 134 kB Progress (4): 33 kB | 245/305 kB | 208/215 kB | 134 kB Progress (4): 33 kB | 249/305 kB | 208/215 kB | 134 kB Progress (4): 33 kB | 249/305 kB | 213/215 kB | 134 kB Progress (4): 33 kB | 254/305 kB | 213/215 kB | 134 kB Progress (4): 33 kB | 254/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 258/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 262/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 266/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 270/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 274/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 278/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 282/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 286/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 290/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 294/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 299/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 303/305 kB | 215 kB | 134 kB Progress (4): 33 kB | 305 kB | 215 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (4): 305 kB | 215 kB | 134 kB | 4.1/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 7.7/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 12/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 16/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 20/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 24/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 28/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 32/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 36/37 kB Progress (4): 305 kB | 215 kB | 134 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 378 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 600 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (3): 305 kB | 37 kB | 4.1/180 kB Progress (3): 305 kB | 37 kB | 7.7/180 kB Progress (3): 305 kB | 37 kB | 12/180 kB Progress (3): 305 kB | 37 kB | 16/180 kB Progress (3): 305 kB | 37 kB | 20/180 kB Progress (3): 305 kB | 37 kB | 24/180 kB Progress (3): 305 kB | 37 kB | 28/180 kB Progress (3): 305 kB | 37 kB | 32/180 kB Progress (3): 305 kB | 37 kB | 36/180 kB Progress (3): 305 kB | 37 kB | 41/180 kB Progress (3): 305 kB | 37 kB | 45/180 kB Progress (3): 305 kB | 37 kB | 49/180 kB Progress (3): 305 kB | 37 kB | 53/180 kB Progress (3): 305 kB | 37 kB | 57/180 kB Progress (3): 305 kB | 37 kB | 61/180 kB Progress (3): 305 kB | 37 kB | 65/180 kB Progress (3): 305 kB | 37 kB | 69/180 kB Progress (3): 305 kB | 37 kB | 73/180 kB Progress (3): 305 kB | 37 kB | 77/180 kB Progress (3): 305 kB | 37 kB | 81/180 kB Progress (3): 305 kB | 37 kB | 86/180 kB Progress (3): 305 kB | 37 kB | 90/180 kB Progress (3): 305 kB | 37 kB | 94/180 kB Progress (3): 305 kB | 37 kB | 98/180 kB Progress (3): 305 kB | 37 kB | 102/180 kB Progress (3): 305 kB | 37 kB | 106/180 kB Progress (3): 305 kB | 37 kB | 110/180 kB Progress (3): 305 kB | 37 kB | 114/180 kB Progress (3): 305 kB | 37 kB | 118/180 kB Progress (3): 305 kB | 37 kB | 122/180 kB Progress (3): 305 kB | 37 kB | 127/180 kB Progress (3): 305 kB | 37 kB | 131/180 kB Progress (3): 305 kB | 37 kB | 135/180 kB Progress (3): 305 kB | 37 kB | 139/180 kB Progress (3): 305 kB | 37 kB | 143/180 kB Progress (3): 305 kB | 37 kB | 147/180 kB Progress (3): 305 kB | 37 kB | 151/180 kB Progress (3): 305 kB | 37 kB | 155/180 kB Progress (3): 305 kB | 37 kB | 159/180 kB Progress (3): 305 kB | 37 kB | 163/180 kB Progress (3): 305 kB | 37 kB | 167/180 kB Progress (3): 305 kB | 37 kB | 172/180 kB Progress (3): 305 kB | 37 kB | 176/180 kB Progress (3): 305 kB | 37 kB | 180/180 kB Progress (3): 305 kB | 37 kB | 180 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 833 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (2): 180 kB | 4.1/85 kB Progress (2): 180 kB | 7.7/85 kB Progress (2): 180 kB | 12/85 kB Progress (2): 180 kB | 16/85 kB Progress (2): 180 kB | 20/85 kB Progress (2): 180 kB | 24/85 kB Progress (2): 180 kB | 28/85 kB Progress (2): 180 kB | 32/85 kB Progress (2): 180 kB | 36/85 kB Progress (2): 180 kB | 41/85 kB Progress (2): 180 kB | 45/85 kB Progress (2): 180 kB | 49/85 kB Progress (2): 180 kB | 53/85 kB Progress (2): 180 kB | 57/85 kB Progress (2): 180 kB | 61/85 kB Progress (2): 180 kB | 65/85 kB Progress (2): 180 kB | 69/85 kB Progress (2): 180 kB | 73/85 kB Progress (2): 180 kB | 77/85 kB Progress (2): 180 kB | 81/85 kB Progress (2): 180 kB | 85 kB Progress (3): 180 kB | 85 kB | 0/2.6 MB Progress (3): 180 kB | 85 kB | 0/2.6 MB Progress (3): 180 kB | 85 kB | 0/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.1/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.2/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.3/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.4/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.5/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.6/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.7/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.8/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 0.9/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Progress (3): 180 kB | 85 kB | 1.0/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 464 kB/s) Progress (2): 85 kB | 1.0/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.1/2.6 MB Progress (2): 85 kB | 1.2/2.6 MB Progress (2): 85 kB | 1.2/2.6 MB Progress (2): 85 kB | 1.2/2.6 MB Progress (3): 85 kB | 1.2/2.6 MB | 4.1/4.6 kB Progress (3): 85 kB | 1.2/2.6 MB | 4.1/4.6 kB Progress (3): 85 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.2/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.3/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.4/2.6 MB | 4.6 kB Progress (3): 85 kB | 1.5/2.6 MB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 217 kB/s) Progress (2): 1.5/2.6 MB | 4.6 kB Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.5/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.6/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.7/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.8/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 1.9/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.0/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.1/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.2/2.6 MB | 4.6 kB Progress (2): 2.3/2.6 MB | 4.6 kB Progress (2): 2.3/2.6 MB | 4.6 kB Progress (2): 2.3/2.6 MB | 4.6 kB Progress (2): 2.3/2.6 MB | 4.6 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.3/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.4/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.5/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6/2.6 MB | 4.6 kB | 2.2 kB Progress (3): 2.6 MB | 4.6 kB | 2.2 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 4.1/5.9 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (4): 2.6 MB | 2.2 kB | 5.9 kB | 4.1/20 kB Progress (4): 2.6 MB | 2.2 kB | 5.9 kB | 7.7/20 kB Progress (4): 2.6 MB | 2.2 kB | 5.9 kB | 12/20 kB Progress (4): 2.6 MB | 2.2 kB | 5.9 kB | 16/20 kB Progress (4): 2.6 MB | 2.2 kB | 5.9 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.3 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 46 kB/s) Progress (1): 4.1/8.8 kB Progress (2): 4.1/8.8 kB | 4.1/14 kB Progress (2): 7.7/8.8 kB | 4.1/14 kB Progress (2): 7.7/8.8 kB | 7.7/14 kB Progress (2): 8.8 kB | 7.7/14 kB Progress (2): 8.8 kB | 12/14 kB Progress (2): 8.8 kB | 14 kB Progress (3): 8.8 kB | 14 kB | 4.1/500 kB Progress (3): 8.8 kB | 14 kB | 7.7/500 kB Progress (3): 8.8 kB | 14 kB | 12/500 kB Progress (3): 8.8 kB | 14 kB | 16/500 kB Progress (3): 8.8 kB | 14 kB | 20/500 kB Progress (3): 8.8 kB | 14 kB | 24/500 kB Progress (3): 8.8 kB | 14 kB | 28/500 kB Progress (3): 8.8 kB | 14 kB | 32/500 kB Progress (3): 8.8 kB | 14 kB | 36/500 kB Progress (3): 8.8 kB | 14 kB | 41/500 kB Progress (3): 8.8 kB | 14 kB | 45/500 kB Progress (3): 8.8 kB | 14 kB | 49/500 kB Progress (3): 8.8 kB | 14 kB | 53/500 kB Progress (3): 8.8 kB | 14 kB | 57/500 kB Progress (3): 8.8 kB | 14 kB | 61/500 kB Progress (3): 8.8 kB | 14 kB | 65/500 kB Progress (3): 8.8 kB | 14 kB | 69/500 kB Progress (3): 8.8 kB | 14 kB | 73/500 kB Progress (3): 8.8 kB | 14 kB | 77/500 kB Progress (3): 8.8 kB | 14 kB | 81/500 kB Progress (3): 8.8 kB | 14 kB | 86/500 kB Progress (3): 8.8 kB | 14 kB | 90/500 kB Progress (3): 8.8 kB | 14 kB | 94/500 kB Progress (3): 8.8 kB | 14 kB | 98/500 kB Progress (3): 8.8 kB | 14 kB | 102/500 kB Progress (3): 8.8 kB | 14 kB | 106/500 kB Progress (3): 8.8 kB | 14 kB | 110/500 kB Progress (3): 8.8 kB | 14 kB | 114/500 kB Progress (3): 8.8 kB | 14 kB | 118/500 kB Progress (3): 8.8 kB | 14 kB | 122/500 kB Progress (3): 8.8 kB | 14 kB | 127/500 kB Progress (3): 8.8 kB | 14 kB | 131/500 kB Progress (3): 8.8 kB | 14 kB | 135/500 kB Progress (3): 8.8 kB | 14 kB | 139/500 kB Progress (3): 8.8 kB | 14 kB | 143/500 kB Progress (3): 8.8 kB | 14 kB | 147/500 kB Progress (3): 8.8 kB | 14 kB | 151/500 kB Progress (3): 8.8 kB | 14 kB | 155/500 kB Progress (3): 8.8 kB | 14 kB | 159/500 kB Progress (3): 8.8 kB | 14 kB | 163/500 kB Progress (3): 8.8 kB | 14 kB | 167/500 kB Progress (3): 8.8 kB | 14 kB | 172/500 kB Progress (3): 8.8 kB | 14 kB | 176/500 kB Progress (3): 8.8 kB | 14 kB | 180/500 kB Progress (3): 8.8 kB | 14 kB | 184/500 kB Progress (3): 8.8 kB | 14 kB | 188/500 kB Progress (3): 8.8 kB | 14 kB | 192/500 kB Progress (3): 8.8 kB | 14 kB | 196/500 kB Progress (3): 8.8 kB | 14 kB | 200/500 kB Progress (3): 8.8 kB | 14 kB | 204/500 kB Progress (3): 8.8 kB | 14 kB | 208/500 kB Progress (3): 8.8 kB | 14 kB | 213/500 kB Progress (3): 8.8 kB | 14 kB | 217/500 kB Progress (3): 8.8 kB | 14 kB | 221/500 kB Progress (3): 8.8 kB | 14 kB | 225/500 kB Progress (3): 8.8 kB | 14 kB | 229/500 kB Progress (3): 8.8 kB | 14 kB | 233/500 kB Progress (3): 8.8 kB | 14 kB | 237/500 kB Progress (3): 8.8 kB | 14 kB | 241/500 kB Progress (3): 8.8 kB | 14 kB | 245/500 kB Progress (3): 8.8 kB | 14 kB | 249/500 kB Progress (3): 8.8 kB | 14 kB | 254/500 kB Progress (3): 8.8 kB | 14 kB | 258/500 kB Progress (3): 8.8 kB | 14 kB | 262/500 kB Progress (3): 8.8 kB | 14 kB | 266/500 kB Progress (3): 8.8 kB | 14 kB | 270/500 kB Progress (3): 8.8 kB | 14 kB | 274/500 kB Progress (3): 8.8 kB | 14 kB | 278/500 kB Progress (3): 8.8 kB | 14 kB | 282/500 kB Progress (3): 8.8 kB | 14 kB | 286/500 kB Progress (3): 8.8 kB | 14 kB | 290/500 kB Progress (3): 8.8 kB | 14 kB | 294/500 kB Progress (3): 8.8 kB | 14 kB | 299/500 kB Progress (3): 8.8 kB | 14 kB | 303/500 kB Progress (3): 8.8 kB | 14 kB | 307/500 kB Progress (3): 8.8 kB | 14 kB | 311/500 kB Progress (3): 8.8 kB | 14 kB | 315/500 kB Progress (3): 8.8 kB | 14 kB | 319/500 kB Progress (3): 8.8 kB | 14 kB | 323/500 kB Progress (3): 8.8 kB | 14 kB | 327/500 kB Progress (3): 8.8 kB | 14 kB | 331/500 kB Progress (3): 8.8 kB | 14 kB | 335/500 kB Progress (3): 8.8 kB | 14 kB | 340/500 kB Progress (3): 8.8 kB | 14 kB | 344/500 kB Progress (3): 8.8 kB | 14 kB | 348/500 kB Progress (3): 8.8 kB | 14 kB | 352/500 kB Progress (3): 8.8 kB | 14 kB | 356/500 kB Progress (3): 8.8 kB | 14 kB | 360/500 kB Progress (3): 8.8 kB | 14 kB | 364/500 kB Progress (3): 8.8 kB | 14 kB | 368/500 kB Progress (3): 8.8 kB | 14 kB | 372/500 kB Progress (3): 8.8 kB | 14 kB | 376/500 kB Progress (3): 8.8 kB | 14 kB | 380/500 kB Progress (3): 8.8 kB | 14 kB | 385/500 kB Progress (3): 8.8 kB | 14 kB | 389/500 kB Progress (3): 8.8 kB | 14 kB | 393/500 kB Progress (3): 8.8 kB | 14 kB | 397/500 kB Progress (3): 8.8 kB | 14 kB | 401/500 kB Progress (3): 8.8 kB | 14 kB | 405/500 kB Progress (3): 8.8 kB | 14 kB | 409/500 kB Progress (3): 8.8 kB | 14 kB | 413/500 kB Progress (3): 8.8 kB | 14 kB | 417/500 kB Progress (3): 8.8 kB | 14 kB | 421/500 kB Progress (3): 8.8 kB | 14 kB | 426/500 kB Progress (3): 8.8 kB | 14 kB | 430/500 kB Progress (3): 8.8 kB | 14 kB | 434/500 kB Progress (3): 8.8 kB | 14 kB | 438/500 kB Progress (3): 8.8 kB | 14 kB | 442/500 kB Progress (3): 8.8 kB | 14 kB | 446/500 kB Progress (3): 8.8 kB | 14 kB | 450/500 kB Progress (3): 8.8 kB | 14 kB | 454/500 kB Progress (3): 8.8 kB | 14 kB | 458/500 kB Progress (3): 8.8 kB | 14 kB | 462/500 kB Progress (3): 8.8 kB | 14 kB | 466/500 kB Progress (3): 8.8 kB | 14 kB | 471/500 kB Progress (3): 8.8 kB | 14 kB | 475/500 kB Progress (3): 8.8 kB | 14 kB | 479/500 kB Progress (3): 8.8 kB | 14 kB | 483/500 kB Progress (3): 8.8 kB | 14 kB | 487/500 kB Progress (3): 8.8 kB | 14 kB | 491/500 kB Progress (3): 8.8 kB | 14 kB | 495/500 kB Progress (3): 8.8 kB | 14 kB | 499/500 kB Progress (3): 8.8 kB | 14 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 19 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 30 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 19.299 s [INFO] Finished at: 2026-02-10T22:07:35Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="2faa465d3060e1882317353f3b2796812d216a71" "org.opencontainers.image.revision"="2faa465d3060e1882317353f3b2796812d216a71" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:06:49Z" "org.opencontainers.image.created"="2026-02-10T22:06:49Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 --> 3d53048c5a1b Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 3d53048c5a1bb411e2f5d6aa9fb95c35c4dd38d73846dd29e83833802563c6ff [2026-02-10T22:07:36,071488534+00:00] Unsetting proxy [2026-02-10T22:07:36,072705328+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:79e90562b488eb5051c07958fbd25437e137100e2393ffd470efd5d7b5bdd19c Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:3d53048c5a1bb411e2f5d6aa9fb95c35c4dd38d73846dd29e83833802563c6ff Writing manifest to image destination [2026-02-10T22:07:38,836088613+00:00] End build pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-push: [2026-02-10T22:07:39,811547014+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:07:43,235935790+00:00] Convert image [2026-02-10T22:07:43,237024363+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-slph4-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-slph4-build-container Getting image source signatures Copying blob sha256:79e90562b488eb5051c07958fbd25437e137100e2393ffd470efd5d7b5bdd19c Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:3d53048c5a1bb411e2f5d6aa9fb95c35c4dd38d73846dd29e83833802563c6ff Writing manifest to image destination [2026-02-10T22:08:05,105589072+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Getting image source signatures Copying blob sha256:79e90562b488eb5051c07958fbd25437e137100e2393ffd470efd5d7b5bdd19c Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:3d53048c5a1bb411e2f5d6aa9fb95c35c4dd38d73846dd29e83833802563c6ff Writing manifest to image destination sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547cquay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 [2026-02-10T22:08:06,061726219+00:00] End push pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:08:06,964513210+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:08:17,978501475+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-prepare-sboms: [2026-02-10T22:08:18,433939590+00:00] Prepare SBOM [2026-02-10T22:08:18,437699249+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:08:31,625 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:08:33,027 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:08:36,357 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:08:36,357 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:08:36,358 [INFO] mobster.log: Contextual workflow completed in 3.53s 2026-02-10 22:08:36,625 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:08:37,531453137+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-slph4-build-container-pod | container step-upload-sbom: [2026-02-10T22:08:38,242246825+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:2b948cc1046fb56a8b866ee95efcafcecae7aa34234da2fe2103a8f9591366cb [2026-02-10T22:08:49,724051704+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-slph4-build-image-index-pod | init container: prepare 2026/02/10 22:09:27 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-build-image-index-pod | init container: place-scripts 2026/02/10 22:09:28 Decoded script /tekton/scripts/script-0-kvjss 2026/02/10 22:09:28 Decoded script /tekton/scripts/script-1-k5g2q 2026/02/10 22:09:28 Decoded script /tekton/scripts/script-2-8g828 pod: konflux-demo-component-tfry-on-push-slph4-build-image-index-pod | container step-build: [2026-02-10T22:09:33,372495577+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 8d9017d2add89b58a45fc23c15ad546839471d2cfb9d91c3152a26a12311114b Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c. pod: konflux-demo-component-tfry-on-push-slph4-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-slph4-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:09:35,994942870+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | init container: prepare 2026/02/10 22:09:57 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | init container: place-scripts 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-0-75nvf 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-1-xl94k 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-2-tf6qh 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-3-lmxsd pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c. pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:11:28Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"}] 2026-02-10T22:11:28Z INF libvuln initialized component=libvuln/New 2026-02-10T22:11:28Z INF registered configured scanners component=libindex/New 2026-02-10T22:11:28Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:11:29Z INF index request start component=libindex/Libindex.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c 2026-02-10T22:11:29Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c 2026-02-10T22:11:29Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=CheckManifest 2026-02-10T22:11:29Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=FetchLayers 2026-02-10T22:11:32Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=FetchLayers 2026-02-10T22:11:32Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=FetchLayers 2026-02-10T22:11:32Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=ScanLayers 2026-02-10T22:11:32Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:11:32Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:11:33Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=ScanLayers 2026-02-10T22:11:33Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=IndexManifest 2026-02-10T22:11:33Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=IndexFinished 2026-02-10T22:11:33Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c state=IndexFinished 2026-02-10T22:11:33Z INF index request done component=libindex/Libindex.Index manifest=sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c { "manifest_hash": "sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "224ffeae-7fe5-4615-8a7d-a60e186f82bc": { "id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "24e1cc55-855a-4684-8726-13ce99c7aa32": { "id": "24e1cc55-855a-4684-8726-13ce99c7aa32", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "704d3a67-4150-4c4b-8bbb-73108db312bc": { "id": "704d3a67-4150-4c4b-8bbb-73108db312bc", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9": { "id": "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "e00d5938-ca67-4968-aa1e-b420bdc2357a": { "id": "e00d5938-ca67-4968-aa1e-b420bdc2357a", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "e44f6e0b-b2f7-4780-abe3-160e46c283e6": { "id": "e44f6e0b-b2f7-4780-abe3-160e46c283e6", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7": { "id": "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:175b9f323adf86199f11659b75235f41fcda91e96e587e349aae606b860c8852", "distribution_id": "", "repository_ids": [ "704d3a67-4150-4c4b-8bbb-73108db312bc" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:175b9f323adf86199f11659b75235f41fcda91e96e587e349aae606b860c8852", "distribution_id": "", "repository_ids": [ "704d3a67-4150-4c4b-8bbb-73108db312bc" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "e00d5938-ca67-4968-aa1e-b420bdc2357a", "e00d5938-ca67-4968-aa1e-b420bdc2357a" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:175b9f323adf86199f11659b75235f41fcda91e96e587e349aae606b860c8852", "distribution_id": "", "repository_ids": [ "704d3a67-4150-4c4b-8bbb-73108db312bc" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "e00d5938-ca67-4968-aa1e-b420bdc2357a", "e00d5938-ca67-4968-aa1e-b420bdc2357a" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:175b9f323adf86199f11659b75235f41fcda91e96e587e349aae606b860c8852", "distribution_id": "", "repository_ids": [ "704d3a67-4150-4c4b-8bbb-73108db312bc" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "24e1cc55-855a-4684-8726-13ce99c7aa32", "e44f6e0b-b2f7-4780-abe3-160e46c283e6" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "224ffeae-7fe5-4615-8a7d-a60e186f82bc", "repository_ids": [ "bbeb6d35-2fce-4a39-bb32-e6cbcfac10b9", "fec6f65e-ebc6-4163-8eb6-402e8cbac9f7" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-slph4-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), libzstd-1.4.4-1.el8 (CVE-2022-4899), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), expat-2.5.0-1.el8_10 (CVE-2024-28757), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), file-libs-5.33-27.el8_10 (CVE-2019-8905), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), tar-2:1.30-11.el8_10 (CVE-2025-45582), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), pcre2-10.32-3.el8_6 (CVE-2022-41409), libzstd-1.4.4-1.el8 (CVE-2021-24032), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), file-libs-5.33-27.el8_10 (CVE-2019-8906), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), gawk-4.2.1-4.el8 (CVE-2023-4156), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71", "digests": ["sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:11:52+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-slph4-clamav-scan-pod | init container: prepare 2026/02/10 22:09:57 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-clamav-scan-pod | init container: place-scripts 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-0-zqn9s 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-1-84kxl pod: konflux-demo-component-tfry-on-push-slph4-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 16.863 sec (0 m 16 s) Start Date: 2026:02:10 22:10:16 End Date: 2026:02:10 22:10:33 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761433","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761433","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761433","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71", "digests": ["sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c"]}} pod: konflux-demo-component-tfry-on-push-slph4-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading aab88decd92c clamscan-result-amd64.log Uploading a45297469ac6 clamscan-ec-test-amd64.json Uploaded a45297469ac6 clamscan-ec-test-amd64.json Uploaded aab88decd92c clamscan-result-amd64.log Uploading c11cde080abd application/vnd.oci.image.manifest.v1+json Uploaded c11cde080abd application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c Digest: sha256:c11cde080abd380ddb33af1ac1872dfc25331a019bdd46666aacf2b30e5d2ad5 pod: konflux-demo-component-tfry-on-push-slph4-clone-repository-pod | init container: prepare 2026/02/10 22:05:03 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-clone-repository-pod | init container: place-scripts 2026/02/10 22:05:07 Decoded script /tekton/scripts/script-0-5j2kv 2026/02/10 22:05:07 Decoded script /tekton/scripts/script-1-9l49x pod: konflux-demo-component-tfry-on-push-slph4-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761113.3984838,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761113.604715,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ 2faa465d3060e1882317353f3b2796812d216a71 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770761113.6047606,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761113.6284814,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 2faa465d3060e1882317353f3b2796812d216a71 directly. pod: konflux-demo-component-tfry-on-push-slph4-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-slph4-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.lsWzTy/auth-KqoI3m.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71.git SOURCE_ARTIFACT Uploading b66de92430a2 SOURCE_ARTIFACT Uploaded b66de92430a2 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:9522820abd2e07273641580b0fcdfbbb6be00599e7b8be65e0e70de68eb05388 Artifacts created pod: konflux-demo-component-tfry-on-push-slph4-init-pod | init container: prepare 2026/02/10 22:04:53 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-init-pod | init container: place-scripts 2026/02/10 22:04:54 Decoded script /tekton/scripts/script-0-pw6bh pod: konflux-demo-component-tfry-on-push-slph4-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-slph4-push-dockerfile-pod | init container: prepare 2026/02/10 22:09:39 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-1-jj5ff pod: konflux-demo-component-tfry-on-push-slph4-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.WeWoUP/auth-Ae5PLX.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 to /var/workdir/source pod: konflux-demo-component-tfry-on-push-slph4-push-dockerfile-pod | container step-push: [2026-02-10T22:09:44,019192194+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.khtf8cqVyh --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-slph4-sast-shell-check-pod | init container: prepare 2026/02/10 22:09:40 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-1-vl8bs 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-2-cqd6l pod: konflux-demo-component-tfry-on-push-slph4-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.oE5VDB/auth-HE4Y4T.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-slph4-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-109.json ./shellcheck-results/sc-115.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-129.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-81.json ./shellcheck-results/sc-91.json ./shellcheck-results/sc-95.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:09:46+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:46+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:46+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:09:46+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:09:46+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:09:46+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-slph4-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 3b606a9dd3a1 shellcheck-results.sarif Uploaded 3b606a9dd3a1 shellcheck-results.sarif Uploading 697b89f9f43a application/vnd.oci.image.manifest.v1+json Uploaded 697b89f9f43a application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c Digest: sha256:697b89f9f43a2ffcc142ab011a85a3ce481f11fe45156925375c9d0b78ad13bd No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-slph4-sast-snyk-check-pod | init container: prepare 2026/02/10 22:10:18 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-slph4-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:10:18 Decoded script /tekton/scripts/script-1-jqdv7 2026/02/10 22:10:18 Decoded script /tekton/scripts/script-2-59jq9 pod: konflux-demo-component-tfry-on-push-slph4-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.u0LnQx/auth-yEoIYt.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-slph4-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:10:22+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-slph4-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | init container: prepare 2026/02/10 22:09:39 Entrypoint initialization pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | init container: place-scripts 2026/02/10 22:09:39 Decoded script /tekton/scripts/script-0-4xpf2 2026/02/10 22:09:39 Decoded script /tekton/scripts/script-1-zvdqw 2026/02/10 22:09:39 Decoded script /tekton/scripts/script-2-6qplc 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-3-2rzrw 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-4-sd5mc 2026/02/10 22:09:40 Decoded script /tekton/scripts/script-5-8lbzp pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-set-skip-for-bundles: 2026/02/10 22:09:46 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-app-check: time="2026-02-10T22:09:46Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:09:47Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 for platform amd64" time="2026-02-10T22:09:47Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71" time="2026-02-10T22:09:55Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:09:55Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:09:55Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:09:55Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:09:55Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:09:55Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:09:55Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:10:04Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:10:04Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:10:04Z" level=info msg="This image's tag 2faa465d3060e1882317353f3b2796812d216a71 will be paired with digest sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 40, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8659, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 331, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:10:05Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761405","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 pod: konflux-demo-component-tfry1e224f57a0f4f5d9d15d29b94cdd61a2-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761405","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: konflux-demo-component-tfry4ad0309be232f0b71d20c243caf57708-pod | init container: prepare 2026/02/10 22:09:57 Entrypoint initialization pod: konflux-demo-component-tfry4ad0309be232f0b71d20c243caf57708-pod | init container: place-scripts 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-1-cztvf 2026/02/10 22:09:58 Decoded script /tekton/scripts/script-2-sk989 pod: konflux-demo-component-tfry4ad0309be232f0b71d20c243caf57708-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.IIO0wr/auth-YAFuFG.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b66de92430a2bc7ac8269edd5c6e08306bd08c8d5d91d5e4d0b06ae77d2d3917 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry4ad0309be232f0b71d20c243caf57708-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:10:04+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:10:04+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:10:04+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:10:04+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:10:04+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:10:04+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry4ad0309be232f0b71d20c243caf57708-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 1da9b99b8b41 sast_unicode_check_out.sarif Uploaded 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 413fd07e8823 application/vnd.oci.image.manifest.v1+json Uploaded 413fd07e8823 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:2faa465d3060e1882317353f3b2796812d216a71@sha256:4eaec6a8209551eaea49c27bf393235d07165ba4371578e16a37f3a64c40547c Digest: sha256:413fd07e8823c392a762a76b9cf3ee6ccd4a082dfd20da25726ec1c6b8e4ea2e No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | init container: prepare 2026/02/10 22:05:23 Entrypoint initialization pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | init container: place-scripts 2026/02/10 22:05:24 Decoded script /tekton/scripts/script-0-85mrt 2026/02/10 22:05:24 Decoded script /tekton/scripts/script-2-8gnhp 2026/02/10 22:05:24 Decoded script /tekton/scripts/script-3-2krfk pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | container step-skip-ta: pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfryc8713b8429675eb3e2e6b2da97bedee6-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Running PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-zthhf reason: Failed attempt 2/6: PipelineRun "konflux-demo-component-tfry-on-push-zthhf" failed: pod: konflux-demo-component-tfry-on-push-zthhf-apply-tags-pod | init container: prepare 2026/02/10 22:14:52 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:14:54Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a" time="2026-02-10T22:14:54Z" level=info msg="[param] Image digest: sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1" time="2026-02-10T22:14:54Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:14:55Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | init container: prepare 2026/02/10 22:12:44 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | init container: place-scripts 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-1-wcx7w 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-2-97rrj 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-3-cz8lt 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-4-bn778 2026/02/10 22:12:44 Decoded script /tekton/scripts/script-5-5snph pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.2b0MAA/auth-52qGbN.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-build: [2026-02-10T22:12:48,832239488+00:00] Validate context path [2026-02-10T22:12:48,835599992+00:00] Update CA trust [2026-02-10T22:12:48,836659831+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:12:50,880175012+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:12:50,885881450+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:12:50,992805479+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:12:56,070453204+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:12:50Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:12:50Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "eb803f83cbc225d97020c1f47eac5af67ed1d37a", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "eb803f83cbc225d97020c1f47eac5af67ed1d37a", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:12:56,117478428+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:12:56,120601309+00:00] Add secrets [2026-02-10T22:12:56,128025158+00:00] Run buildah build [2026-02-10T22:12:56,129109997+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=eb803f83cbc225d97020c1f47eac5af67ed1d37a --label org.opencontainers.image.revision=eb803f83cbc225d97020c1f47eac5af67ed1d37a --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:12:50Z --label org.opencontainers.image.created=2026-02-10T22:12:50Z --annotation org.opencontainers.image.revision=eb803f83cbc225d97020c1f47eac5af67ed1d37a --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:12:50Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.L3S0sB -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 714 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 384 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 26/134 kB Progress (1): 30/134 kB Progress (1): 34/134 kB Progress (1): 38/134 kB Progress (1): 42/134 kB Progress (1): 46/134 kB Progress (1): 48/134 kB Progress (1): 52/134 kB Progress (1): 56/134 kB Progress (1): 60/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 81/134 kB Progress (1): 85/134 kB Progress (1): 89/134 kB Progress (1): 93/134 kB Progress (1): 97/134 kB Progress (1): 101/134 kB Progress (1): 106/134 kB Progress (1): 110/134 kB Progress (1): 114/134 kB Progress (1): 116/134 kB Progress (1): 120/134 kB Progress (1): 124/134 kB Progress (1): 128/134 kB Progress (1): 132/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 586 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 290 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 503 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 193 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 607 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 656 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 249 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 627 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 859 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 249 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 300 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 8.2/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 25/30 kB Progress (1): 29/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 781 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 154 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 951 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 453 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 667 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 88 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 90 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 45 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 20 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 148 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/13 kB Progress (1): 5.0/13 kB Progress (2): 5.0/13 kB | 2.3/226 kB Progress (2): 7.8/13 kB | 2.3/226 kB Progress (2): 7.8/13 kB | 5.0/226 kB Progress (2): 12/13 kB | 5.0/226 kB Progress (2): 12/13 kB | 7.8/226 kB Progress (2): 13 kB | 7.8/226 kB Progress (2): 13 kB | 11/226 kB Progress (2): 13 kB | 13/226 kB Progress (2): 13 kB | 16/226 kB Progress (2): 13 kB | 19/226 kB Progress (2): 13 kB | 21/226 kB Progress (2): 13 kB | 24/226 kB Progress (2): 13 kB | 27/226 kB Progress (2): 13 kB | 30/226 kB Progress (2): 13 kB | 32/226 kB Progress (2): 13 kB | 35/226 kB Progress (2): 13 kB | 38/226 kB Progress (2): 13 kB | 41/226 kB Progress (2): 13 kB | 43/226 kB Progress (2): 13 kB | 46/226 kB Progress (2): 13 kB | 49/226 kB Progress (2): 13 kB | 53/226 kB Progress (2): 13 kB | 57/226 kB Progress (2): 13 kB | 61/226 kB Progress (2): 13 kB | 65/226 kB Progress (2): 13 kB | 69/226 kB Progress (2): 13 kB | 73/226 kB Progress (2): 13 kB | 77/226 kB Progress (2): 13 kB | 81/226 kB Progress (2): 13 kB | 85/226 kB Progress (2): 13 kB | 89/226 kB Progress (2): 13 kB | 94/226 kB Progress (2): 13 kB | 98/226 kB Progress (2): 13 kB | 102/226 kB Progress (2): 13 kB | 106/226 kB Progress (2): 13 kB | 110/226 kB Progress (2): 13 kB | 114/226 kB Progress (2): 13 kB | 118/226 kB Progress (2): 13 kB | 122/226 kB Progress (2): 13 kB | 126/226 kB Progress (2): 13 kB | 130/226 kB Progress (2): 13 kB | 133/226 kB Progress (2): 13 kB | 137/226 kB Progress (2): 13 kB | 141/226 kB Progress (2): 13 kB | 145/226 kB Progress (2): 13 kB | 149/226 kB Progress (2): 13 kB | 153/226 kB Progress (2): 13 kB | 157/226 kB Progress (2): 13 kB | 161/226 kB Progress (2): 13 kB | 165/226 kB Progress (2): 13 kB | 169/226 kB Progress (2): 13 kB | 173/226 kB Progress (2): 13 kB | 178/226 kB Progress (2): 13 kB | 182/226 kB Progress (2): 13 kB | 186/226 kB Progress (2): 13 kB | 190/226 kB Progress (2): 13 kB | 194/226 kB Progress (2): 13 kB | 198/226 kB Progress (2): 13 kB | 200/226 kB Progress (2): 13 kB | 204/226 kB Progress (2): 13 kB | 208/226 kB Progress (2): 13 kB | 212/226 kB Progress (2): 13 kB | 217/226 kB Progress (2): 13 kB | 221/226 kB Progress (2): 13 kB | 225/226 kB Progress (2): 13 kB | 226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 207 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 3.0 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.1 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 7.9 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 310 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 4.1/35 kB Progress (2): 4.1/35 kB | 4.1/29 kB Progress (2): 7.7/35 kB | 4.1/29 kB Progress (2): 7.7/35 kB | 7.7/29 kB Progress (2): 12/35 kB | 7.7/29 kB Progress (2): 12/35 kB | 12/29 kB Progress (2): 16/35 kB | 12/29 kB Progress (2): 16/35 kB | 16/29 kB Progress (3): 16/35 kB | 16/29 kB | 2.3/57 kB Progress (3): 16/35 kB | 20/29 kB | 2.3/57 kB Progress (3): 20/35 kB | 20/29 kB | 2.3/57 kB Progress (3): 20/35 kB | 20/29 kB | 5.0/57 kB Progress (3): 20/35 kB | 24/29 kB | 5.0/57 kB Progress (3): 24/35 kB | 24/29 kB | 5.0/57 kB Progress (3): 24/35 kB | 28/29 kB | 5.0/57 kB Progress (3): 28/35 kB | 28/29 kB | 5.0/57 kB Progress (3): 28/35 kB | 28/29 kB | 7.8/57 kB Progress (3): 28/35 kB | 29 kB | 7.8/57 kB Progress (3): 32/35 kB | 29 kB | 7.8/57 kB Progress (3): 32/35 kB | 29 kB | 11/57 kB Progress (3): 35 kB | 29 kB | 11/57 kB Progress (3): 35 kB | 29 kB | 13/57 kB Progress (3): 35 kB | 29 kB | 16/57 kB Progress (3): 35 kB | 29 kB | 19/57 kB Progress (3): 35 kB | 29 kB | 21/57 kB Progress (3): 35 kB | 29 kB | 24/57 kB Progress (3): 35 kB | 29 kB | 27/57 kB Progress (3): 35 kB | 29 kB | 30/57 kB Progress (3): 35 kB | 29 kB | 33/57 kB Progress (3): 35 kB | 29 kB | 36/57 kB Progress (3): 35 kB | 29 kB | 38/57 kB Progress (3): 35 kB | 29 kB | 41/57 kB Progress (3): 35 kB | 29 kB | 44/57 kB Progress (3): 35 kB | 29 kB | 48/57 kB Progress (3): 35 kB | 29 kB | 52/57 kB Progress (3): 35 kB | 29 kB | 56/57 kB Progress (3): 35 kB | 29 kB | 57 kB Progress (4): 35 kB | 29 kB | 57 kB | 3.8/116 kB Progress (5): 35 kB | 29 kB | 57 kB | 3.8/116 kB | 2.3/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 3.8/116 kB | 5.0/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 7.9/116 kB | 5.0/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 7.9/116 kB | 7.8/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 12/116 kB | 7.8/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 12/116 kB | 11/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 16/116 kB | 11/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 16/116 kB | 13/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 20/116 kB | 13/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 20/116 kB | 16/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 24/116 kB | 16/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 24/116 kB | 19/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 28/116 kB | 19/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 28/116 kB | 21/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 32/116 kB | 21/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 32/116 kB | 24/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 37/116 kB | 24/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 37/116 kB | 27/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 27/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 30/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 32/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 35/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 38/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 41/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 43/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 41/116 kB | 46/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 45/116 kB | 46/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 45/116 kB | 49/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 49/116 kB | 49/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 49/116 kB | 52/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 53/116 kB | 52/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 53/116 kB | 54/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 57/116 kB | 54/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 57/116 kB | 58/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 61/116 kB | 58/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 61/116 kB | 63/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 65/116 kB | 63/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 65/116 kB | 67/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 69/116 kB | 67/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 69/116 kB | 71/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 71/116 kB | 71/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 71/116 kB | 75/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 76/116 kB | 75/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 76/116 kB | 79/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 80/116 kB | 79/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 80/116 kB | 81/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 84/116 kB | 81/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 84/116 kB | 85/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 88/116 kB | 85/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 88/116 kB | 89/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 92/116 kB | 89/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 92/116 kB | 93/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 96/116 kB | 93/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 96/116 kB | 97/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 100/116 kB | 97/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 104/116 kB | 97/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 104/116 kB | 102/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 108/116 kB | 102/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 108/116 kB | 106/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 112/116 kB | 106/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 112/116 kB | 110/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 110/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 114/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 118/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 122/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 126/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 130/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 134/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 138/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 142/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 147/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 151/152 kB Progress (5): 35 kB | 29 kB | 57 kB | 116 kB | 152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 783 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 603 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 3.4/5.9 kB Progress (1): 5.9 kB Progress (2): 5.9 kB | 3.8/9.9 kB Progress (2): 5.9 kB | 7.9/9.9 kB Progress (2): 5.9 kB | 9.9 kB Progress (3): 5.9 kB | 9.9 kB | 3.8/24 kB Progress (3): 5.9 kB | 9.9 kB | 7.9/24 kB Progress (3): 5.9 kB | 9.9 kB | 12/24 kB Progress (3): 5.9 kB | 9.9 kB | 16/24 kB Progress (3): 5.9 kB | 9.9 kB | 20/24 kB Progress (3): 5.9 kB | 9.9 kB | 24/24 kB Progress (3): 5.9 kB | 9.9 kB | 24 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 4.1/21 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 7.7/21 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 12/21 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 16/21 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 20/21 kB Progress (4): 5.9 kB | 9.9 kB | 24 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (4): 9.9 kB | 24 kB | 21 kB | 3.8/14 kB Progress (4): 9.9 kB | 24 kB | 21 kB | 7.9/14 kB Progress (4): 9.9 kB | 24 kB | 21 kB | 12/14 kB Progress (4): 9.9 kB | 24 kB | 21 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (2): 14 kB | 4.1/30 kB Progress (2): 14 kB | 7.7/30 kB Progress (2): 14 kB | 12/30 kB Progress (2): 14 kB | 16/30 kB Progress (2): 14 kB | 20/30 kB Progress (2): 14 kB | 24/30 kB Progress (2): 14 kB | 28/30 kB Progress (2): 14 kB | 30 kB Progress (3): 14 kB | 30 kB | 3.8/13 kB Progress (3): 14 kB | 30 kB | 7.5/13 kB Progress (3): 14 kB | 30 kB | 12/13 kB Progress (3): 14 kB | 30 kB | 13 kB Progress (4): 14 kB | 30 kB | 13 kB | 3.8/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 7.9/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 12/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 16/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 20/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 24/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 28/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 32/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 37/37 kB Progress (4): 14 kB | 30 kB | 13 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (4): 30 kB | 13 kB | 37 kB | 4.1/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 7.7/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 12/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 16/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 20/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 24/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 28/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 32/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 36/38 kB Progress (4): 30 kB | 13 kB | 37 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 267 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 218 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (1): 4.1/86 kB Progress (1): 7.7/86 kB Progress (1): 12/86 kB Progress (1): 16/86 kB Progress (1): 20/86 kB Progress (1): 24/86 kB Progress (1): 28/86 kB Progress (1): 32/86 kB Progress (1): 36/86 kB Progress (1): 41/86 kB Progress (1): 45/86 kB Progress (1): 49/86 kB Progress (2): 49/86 kB | 3.8/49 kB Progress (2): 53/86 kB | 3.8/49 kB Progress (2): 57/86 kB | 3.8/49 kB Progress (2): 57/86 kB | 7.9/49 kB Progress (2): 61/86 kB | 7.9/49 kB Progress (2): 61/86 kB | 12/49 kB Progress (2): 65/86 kB | 12/49 kB Progress (2): 65/86 kB | 16/49 kB Progress (2): 65/86 kB | 20/49 kB Progress (2): 69/86 kB | 20/49 kB Progress (2): 73/86 kB | 20/49 kB Progress (2): 73/86 kB | 24/49 kB Progress (2): 77/86 kB | 24/49 kB Progress (2): 81/86 kB | 24/49 kB Progress (2): 81/86 kB | 28/49 kB Progress (2): 86/86 kB | 28/49 kB Progress (2): 86 kB | 28/49 kB Progress (2): 86 kB | 32/49 kB Progress (2): 86 kB | 37/49 kB Progress (2): 86 kB | 41/49 kB Progress (2): 86 kB | 45/49 kB Progress (2): 86 kB | 49/49 kB Progress (2): 86 kB | 49 kB Progress (3): 86 kB | 49 kB | 3.8/87 kB Progress (3): 86 kB | 49 kB | 7.9/87 kB Progress (3): 86 kB | 49 kB | 12/87 kB Progress (3): 86 kB | 49 kB | 16/87 kB Progress (3): 86 kB | 49 kB | 20/87 kB Progress (3): 86 kB | 49 kB | 24/87 kB Progress (3): 86 kB | 49 kB | 28/87 kB Progress (3): 86 kB | 49 kB | 32/87 kB Progress (3): 86 kB | 49 kB | 36/87 kB Progress (3): 86 kB | 49 kB | 40/87 kB Progress (3): 86 kB | 49 kB | 44/87 kB Progress (3): 86 kB | 49 kB | 48/87 kB Progress (3): 86 kB | 49 kB | 53/87 kB Progress (3): 86 kB | 49 kB | 57/87 kB Progress (3): 86 kB | 49 kB | 61/87 kB Progress (3): 86 kB | 49 kB | 65/87 kB Progress (3): 86 kB | 49 kB | 69/87 kB Progress (3): 86 kB | 49 kB | 73/87 kB Progress (3): 86 kB | 49 kB | 77/87 kB Progress (3): 86 kB | 49 kB | 81/87 kB Progress (3): 86 kB | 49 kB | 85/87 kB Progress (3): 86 kB | 49 kB | 87 kB Progress (4): 86 kB | 49 kB | 87 kB | 4.1/10 kB Progress (4): 86 kB | 49 kB | 87 kB | 7.7/10 kB Progress (4): 86 kB | 49 kB | 87 kB | 10 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 4.1/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 7.7/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 12/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 16/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 20/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 24/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 28/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 32/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 36/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 41/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 45/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 49/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 53/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 57/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 61/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 65/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 69/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 73/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 77/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 81/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 86/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 90/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 94/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 98/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 102/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 106/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 110/194 kB Progress (5): 86 kB | 49 kB | 87 kB | 10 kB | 114/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 496 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 282 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (3): 87 kB | 10 kB | 118/194 kB Progress (3): 87 kB | 10 kB | 122/194 kB Progress (3): 87 kB | 10 kB | 127/194 kB Progress (3): 87 kB | 10 kB | 131/194 kB Progress (3): 87 kB | 10 kB | 135/194 kB Progress (3): 87 kB | 10 kB | 139/194 kB Progress (3): 87 kB | 10 kB | 143/194 kB Progress (3): 87 kB | 10 kB | 147/194 kB Progress (3): 87 kB | 10 kB | 151/194 kB Progress (3): 87 kB | 10 kB | 155/194 kB Progress (3): 87 kB | 10 kB | 159/194 kB Progress (3): 87 kB | 10 kB | 163/194 kB Progress (3): 87 kB | 10 kB | 167/194 kB Progress (3): 87 kB | 10 kB | 172/194 kB Progress (3): 87 kB | 10 kB | 176/194 kB Progress (3): 87 kB | 10 kB | 180/194 kB Progress (3): 87 kB | 10 kB | 184/194 kB Progress (3): 87 kB | 10 kB | 188/194 kB Progress (3): 87 kB | 10 kB | 192/194 kB Progress (3): 87 kB | 10 kB | 194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (3): 87 kB | 194 kB | 3.8/121 kB Progress (3): 87 kB | 194 kB | 7.8/121 kB Progress (3): 87 kB | 194 kB | 12/121 kB Progress (3): 87 kB | 194 kB | 16/121 kB Progress (3): 87 kB | 194 kB | 20/121 kB Progress (3): 87 kB | 194 kB | 24/121 kB Progress (3): 87 kB | 194 kB | 28/121 kB Progress (3): 87 kB | 194 kB | 32/121 kB Progress (3): 87 kB | 194 kB | 36/121 kB Progress (3): 87 kB | 194 kB | 41/121 kB Progress (3): 87 kB | 194 kB | 45/121 kB Progress (3): 87 kB | 194 kB | 49/121 kB Progress (3): 87 kB | 194 kB | 53/121 kB Progress (3): 87 kB | 194 kB | 57/121 kB Progress (3): 87 kB | 194 kB | 61/121 kB Progress (3): 87 kB | 194 kB | 65/121 kB Progress (3): 87 kB | 194 kB | 69/121 kB Progress (3): 87 kB | 194 kB | 73/121 kB Progress (3): 87 kB | 194 kB | 77/121 kB Progress (3): 87 kB | 194 kB | 81/121 kB Progress (3): 87 kB | 194 kB | 86/121 kB Progress (3): 87 kB | 194 kB | 90/121 kB Progress (3): 87 kB | 194 kB | 94/121 kB Progress (3): 87 kB | 194 kB | 98/121 kB Progress (3): 87 kB | 194 kB | 102/121 kB Progress (3): 87 kB | 194 kB | 106/121 kB Progress (3): 87 kB | 194 kB | 110/121 kB Progress (3): 87 kB | 194 kB | 114/121 kB Progress (3): 87 kB | 194 kB | 118/121 kB Progress (3): 87 kB | 194 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 443 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 981 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (2): 121 kB | 4.1/223 kB Progress (2): 121 kB | 7.7/223 kB Progress (2): 121 kB | 12/223 kB Progress (2): 121 kB | 16/223 kB Progress (2): 121 kB | 20/223 kB Progress (2): 121 kB | 24/223 kB Progress (2): 121 kB | 28/223 kB Progress (2): 121 kB | 32/223 kB Progress (2): 121 kB | 36/223 kB Progress (2): 121 kB | 41/223 kB Progress (2): 121 kB | 45/223 kB Progress (2): 121 kB | 49/223 kB Progress (2): 121 kB | 53/223 kB Progress (2): 121 kB | 57/223 kB Progress (2): 121 kB | 61/223 kB Progress (2): 121 kB | 65/223 kB Progress (2): 121 kB | 69/223 kB Progress (2): 121 kB | 73/223 kB Progress (2): 121 kB | 77/223 kB Progress (2): 121 kB | 81/223 kB Progress (2): 121 kB | 86/223 kB Progress (2): 121 kB | 90/223 kB Progress (2): 121 kB | 94/223 kB Progress (2): 121 kB | 98/223 kB Progress (2): 121 kB | 102/223 kB Progress (2): 121 kB | 106/223 kB Progress (2): 121 kB | 110/223 kB Progress (2): 121 kB | 114/223 kB Progress (2): 121 kB | 118/223 kB Progress (2): 121 kB | 122/223 kB Progress (2): 121 kB | 127/223 kB Progress (2): 121 kB | 131/223 kB Progress (2): 121 kB | 135/223 kB Progress (2): 121 kB | 139/223 kB Progress (2): 121 kB | 143/223 kB Progress (2): 121 kB | 147/223 kB Progress (2): 121 kB | 151/223 kB Progress (2): 121 kB | 155/223 kB Progress (2): 121 kB | 159/223 kB Progress (2): 121 kB | 163/223 kB Progress (2): 121 kB | 167/223 kB Progress (2): 121 kB | 172/223 kB Progress (2): 121 kB | 176/223 kB Progress (2): 121 kB | 180/223 kB Progress (2): 121 kB | 184/223 kB Progress (2): 121 kB | 188/223 kB Progress (2): 121 kB | 192/223 kB Progress (2): 121 kB | 196/223 kB Progress (2): 121 kB | 200/223 kB Progress (2): 121 kB | 204/223 kB Progress (2): 121 kB | 208/223 kB Progress (2): 121 kB | 213/223 kB Progress (2): 121 kB | 217/223 kB Progress (2): 121 kB | 221/223 kB Progress (2): 121 kB | 223 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 568 kB/s) Progress (2): 223 kB | 4.1/43 kB Progress (2): 223 kB | 7.7/43 kB Progress (2): 223 kB | 12/43 kB Progress (2): 223 kB | 16/43 kB Progress (2): 223 kB | 20/43 kB Progress (2): 223 kB | 24/43 kB Progress (2): 223 kB | 28/43 kB Progress (2): 223 kB | 32/43 kB Progress (2): 223 kB | 36/43 kB Progress (2): 223 kB | 41/43 kB Progress (2): 223 kB | 43 kB Progress (3): 223 kB | 43 kB | 4.1/61 kB Progress (3): 223 kB | 43 kB | 7.7/61 kB Progress (3): 223 kB | 43 kB | 12/61 kB Progress (3): 223 kB | 43 kB | 16/61 kB Progress (3): 223 kB | 43 kB | 20/61 kB Progress (3): 223 kB | 43 kB | 24/61 kB Progress (3): 223 kB | 43 kB | 28/61 kB Progress (3): 223 kB | 43 kB | 32/61 kB Progress (3): 223 kB | 43 kB | 36/61 kB Progress (3): 223 kB | 43 kB | 41/61 kB Progress (3): 223 kB | 43 kB | 45/61 kB Progress (3): 223 kB | 43 kB | 49/61 kB Progress (3): 223 kB | 43 kB | 53/61 kB Progress (3): 223 kB | 43 kB | 57/61 kB Progress (3): 223 kB | 43 kB | 61/61 kB Progress (3): 223 kB | 43 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 979 kB/s) Progress (3): 43 kB | 61 kB | 4.1/6.8 kB Progress (3): 43 kB | 61 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 255 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 180 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 26 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 355 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 400 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 133 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 330 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 298 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 7.9 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 285 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.4 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 10 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.7/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 4.1/160 kB Progress (2): 13 kB | 7.7/160 kB Progress (2): 13 kB | 12/160 kB Progress (2): 13 kB | 16/160 kB Progress (2): 13 kB | 20/160 kB Progress (2): 13 kB | 24/160 kB Progress (2): 13 kB | 28/160 kB Progress (2): 13 kB | 32/160 kB Progress (2): 13 kB | 36/160 kB Progress (2): 13 kB | 41/160 kB Progress (2): 13 kB | 45/160 kB Progress (2): 13 kB | 49/160 kB Progress (2): 13 kB | 53/160 kB Progress (2): 13 kB | 57/160 kB Progress (2): 13 kB | 61/160 kB Progress (2): 13 kB | 65/160 kB Progress (2): 13 kB | 69/160 kB Progress (2): 13 kB | 73/160 kB Progress (2): 13 kB | 77/160 kB Progress (2): 13 kB | 81/160 kB Progress (2): 13 kB | 86/160 kB Progress (2): 13 kB | 90/160 kB Progress (2): 13 kB | 94/160 kB Progress (2): 13 kB | 98/160 kB Progress (2): 13 kB | 102/160 kB Progress (2): 13 kB | 106/160 kB Progress (2): 13 kB | 110/160 kB Progress (2): 13 kB | 114/160 kB Progress (2): 13 kB | 118/160 kB Progress (2): 13 kB | 122/160 kB Progress (2): 13 kB | 127/160 kB Progress (2): 13 kB | 131/160 kB Progress (2): 13 kB | 135/160 kB Progress (2): 13 kB | 139/160 kB Progress (2): 13 kB | 143/160 kB Progress (2): 13 kB | 147/160 kB Progress (2): 13 kB | 151/160 kB Progress (2): 13 kB | 155/160 kB Progress (2): 13 kB | 159/160 kB Progress (2): 13 kB | 160 kB Progress (3): 13 kB | 160 kB | 4.1/49 kB Progress (4): 13 kB | 160 kB | 4.1/49 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 7.7/49 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 7.7/49 kB | 7.7/89 kB Progress (4): 13 kB | 160 kB | 12/49 kB | 7.7/89 kB Progress (4): 13 kB | 160 kB | 12/49 kB | 12/89 kB Progress (4): 13 kB | 160 kB | 16/49 kB | 12/89 kB Progress (4): 13 kB | 160 kB | 16/49 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 20/49 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 24/49 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 24/49 kB | 20/89 kB Progress (4): 13 kB | 160 kB | 28/49 kB | 20/89 kB Progress (4): 13 kB | 160 kB | 28/49 kB | 24/89 kB Progress (4): 13 kB | 160 kB | 32/49 kB | 24/89 kB Progress (4): 13 kB | 160 kB | 32/49 kB | 28/89 kB Progress (4): 13 kB | 160 kB | 32/49 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 36/49 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 41/49 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 41/49 kB | 36/89 kB Progress (4): 13 kB | 160 kB | 45/49 kB | 36/89 kB Progress (4): 13 kB | 160 kB | 45/49 kB | 41/89 kB Progress (4): 13 kB | 160 kB | 49/49 kB | 41/89 kB Progress (4): 13 kB | 160 kB | 49/49 kB | 45/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 45/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 49/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 53/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 57/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 61/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 65/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 69/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 73/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 77/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 81/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 86/89 kB Progress (4): 13 kB | 160 kB | 49 kB | 89 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 4.1/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 7.7/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 12/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 16/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 20/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 24/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 28/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 32/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 36/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 41/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 45/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 49/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 53/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 57/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 61/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 65/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 69/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 73/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 77/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 81/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 86/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 90/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 94/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 98/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 102/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 106/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 110/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 114/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 118/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 122/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 127/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 131/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 135/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 139/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 143/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 147/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 151/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 155/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 159/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 163/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 167/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 172/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 176/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 180/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 184/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 188/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 192/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 196/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 200/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 204/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 208/211 kB Progress (5): 13 kB | 160 kB | 49 kB | 89 kB | 211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 300 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 963 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 3.4/21 kB Progress (2): 3.4/21 kB | 4.1/35 kB Progress (2): 3.4/21 kB | 7.7/35 kB Progress (2): 3.4/21 kB | 12/35 kB Progress (2): 3.4/21 kB | 16/35 kB Progress (2): 7.5/21 kB | 16/35 kB Progress (2): 7.5/21 kB | 20/35 kB Progress (2): 12/21 kB | 20/35 kB Progress (2): 12/21 kB | 24/35 kB Progress (2): 16/21 kB | 24/35 kB Progress (2): 20/21 kB | 24/35 kB Progress (2): 20/21 kB | 28/35 kB Progress (2): 20/21 kB | 32/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Progress (3): 21 kB | 35 kB | 4.1/87 kB Progress (3): 21 kB | 35 kB | 7.7/87 kB Progress (3): 21 kB | 35 kB | 12/87 kB Progress (3): 21 kB | 35 kB | 16/87 kB Progress (3): 21 kB | 35 kB | 20/87 kB Progress (3): 21 kB | 35 kB | 24/87 kB Progress (3): 21 kB | 35 kB | 28/87 kB Progress (3): 21 kB | 35 kB | 32/87 kB Progress (3): 21 kB | 35 kB | 36/87 kB Progress (3): 21 kB | 35 kB | 41/87 kB Progress (3): 21 kB | 35 kB | 45/87 kB Progress (3): 21 kB | 35 kB | 49/87 kB Progress (3): 21 kB | 35 kB | 53/87 kB Progress (3): 21 kB | 35 kB | 57/87 kB Progress (3): 21 kB | 35 kB | 61/87 kB Progress (3): 21 kB | 35 kB | 65/87 kB Progress (3): 21 kB | 35 kB | 69/87 kB Progress (3): 21 kB | 35 kB | 73/87 kB Progress (3): 21 kB | 35 kB | 77/87 kB Progress (3): 21 kB | 35 kB | 81/87 kB Progress (3): 21 kB | 35 kB | 86/87 kB Progress (3): 21 kB | 35 kB | 87 kB Progress (4): 21 kB | 35 kB | 87 kB | 4.1/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 7.7/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 12/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 16/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 20/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 24/25 kB Progress (4): 21 kB | 35 kB | 87 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 421 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 949 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Progress (3): 21 kB | 25 kB | 4.1/14 kB Progress (3): 21 kB | 25 kB | 7.7/14 kB Progress (3): 21 kB | 25 kB | 12/14 kB Progress (3): 21 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 213 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (3): 25 kB | 14 kB | 4.1/122 kB Progress (3): 25 kB | 14 kB | 7.7/122 kB Progress (3): 25 kB | 14 kB | 12/122 kB Progress (3): 25 kB | 14 kB | 16/122 kB Progress (3): 25 kB | 14 kB | 20/122 kB Progress (3): 25 kB | 14 kB | 24/122 kB Progress (3): 25 kB | 14 kB | 28/122 kB Progress (3): 25 kB | 14 kB | 32/122 kB Progress (3): 25 kB | 14 kB | 36/122 kB Progress (3): 25 kB | 14 kB | 41/122 kB Progress (3): 25 kB | 14 kB | 45/122 kB Progress (3): 25 kB | 14 kB | 49/122 kB Progress (3): 25 kB | 14 kB | 53/122 kB Progress (3): 25 kB | 14 kB | 57/122 kB Progress (3): 25 kB | 14 kB | 61/122 kB Progress (3): 25 kB | 14 kB | 65/122 kB Progress (3): 25 kB | 14 kB | 69/122 kB Progress (3): 25 kB | 14 kB | 73/122 kB Progress (3): 25 kB | 14 kB | 77/122 kB Progress (3): 25 kB | 14 kB | 81/122 kB Progress (3): 25 kB | 14 kB | 86/122 kB Progress (3): 25 kB | 14 kB | 90/122 kB Progress (3): 25 kB | 14 kB | 94/122 kB Progress (3): 25 kB | 14 kB | 98/122 kB Progress (3): 25 kB | 14 kB | 102/122 kB Progress (3): 25 kB | 14 kB | 106/122 kB Progress (3): 25 kB | 14 kB | 110/122 kB Progress (3): 25 kB | 14 kB | 114/122 kB Progress (3): 25 kB | 14 kB | 118/122 kB Progress (3): 25 kB | 14 kB | 122 kB Progress (4): 25 kB | 14 kB | 122 kB | 4.1/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 7.7/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 12/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 16/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 20/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 24/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 28/29 kB Progress (4): 25 kB | 14 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 201 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (3): 122 kB | 29 kB | 4.1/37 kB Progress (3): 122 kB | 29 kB | 7.7/37 kB Progress (3): 122 kB | 29 kB | 12/37 kB Progress (3): 122 kB | 29 kB | 16/37 kB Progress (3): 122 kB | 29 kB | 20/37 kB Progress (3): 122 kB | 29 kB | 24/37 kB Progress (3): 122 kB | 29 kB | 28/37 kB Progress (3): 122 kB | 29 kB | 32/37 kB Progress (3): 122 kB | 29 kB | 36/37 kB Progress (3): 122 kB | 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 944 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (1): 4.1/58 kB Progress (1): 7.7/58 kB Progress (1): 12/58 kB Progress (1): 16/58 kB Progress (1): 20/58 kB Progress (1): 24/58 kB Progress (1): 28/58 kB Progress (1): 32/58 kB Progress (1): 36/58 kB Progress (1): 41/58 kB Progress (1): 45/58 kB Progress (1): 49/58 kB Progress (1): 53/58 kB Progress (1): 57/58 kB Progress (1): 58 kB Progress (2): 58 kB | 4.1/33 kB Progress (2): 58 kB | 7.7/33 kB Progress (2): 58 kB | 12/33 kB Progress (2): 58 kB | 16/33 kB Progress (2): 58 kB | 20/33 kB Progress (2): 58 kB | 24/33 kB Progress (2): 58 kB | 28/33 kB Progress (2): 58 kB | 32/33 kB Progress (2): 58 kB | 33 kB Progress (3): 58 kB | 33 kB | 4.1/155 kB Progress (3): 58 kB | 33 kB | 8.2/155 kB Progress (3): 58 kB | 33 kB | 12/155 kB Progress (3): 58 kB | 33 kB | 16/155 kB Progress (3): 58 kB | 33 kB | 20/155 kB Progress (3): 58 kB | 33 kB | 25/155 kB Progress (3): 58 kB | 33 kB | 29/155 kB Progress (3): 58 kB | 33 kB | 33/155 kB Progress (3): 58 kB | 33 kB | 37/155 kB Progress (3): 58 kB | 33 kB | 41/155 kB Progress (3): 58 kB | 33 kB | 45/155 kB Progress (3): 58 kB | 33 kB | 49/155 kB Progress (3): 58 kB | 33 kB | 53/155 kB Progress (3): 58 kB | 33 kB | 57/155 kB Progress (3): 58 kB | 33 kB | 61/155 kB Progress (3): 58 kB | 33 kB | 66/155 kB Progress (3): 58 kB | 33 kB | 70/155 kB Progress (3): 58 kB | 33 kB | 74/155 kB Progress (3): 58 kB | 33 kB | 78/155 kB Progress (3): 58 kB | 33 kB | 82/155 kB Progress (3): 58 kB | 33 kB | 86/155 kB Progress (3): 58 kB | 33 kB | 90/155 kB Progress (3): 58 kB | 33 kB | 94/155 kB Progress (3): 58 kB | 33 kB | 98/155 kB Progress (3): 58 kB | 33 kB | 102/155 kB Progress (3): 58 kB | 33 kB | 106/155 kB Progress (3): 58 kB | 33 kB | 111/155 kB Progress (3): 58 kB | 33 kB | 115/155 kB Progress (3): 58 kB | 33 kB | 119/155 kB Progress (3): 58 kB | 33 kB | 123/155 kB Progress (3): 58 kB | 33 kB | 127/155 kB Progress (3): 58 kB | 33 kB | 131/155 kB Progress (3): 58 kB | 33 kB | 135/155 kB Progress (3): 58 kB | 33 kB | 139/155 kB Progress (3): 58 kB | 33 kB | 143/155 kB Progress (3): 58 kB | 33 kB | 147/155 kB Progress (3): 58 kB | 33 kB | 152/155 kB Progress (3): 58 kB | 33 kB | 155 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (3): 58 kB | 155 kB | 4.1/32 kB Progress (3): 58 kB | 155 kB | 7.7/32 kB Progress (3): 58 kB | 155 kB | 12/32 kB Progress (3): 58 kB | 155 kB | 16/32 kB Progress (3): 58 kB | 155 kB | 20/32 kB Progress (3): 58 kB | 155 kB | 24/32 kB Progress (3): 58 kB | 155 kB | 28/32 kB Progress (3): 58 kB | 155 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 340 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (3): 155 kB | 32 kB | 4.1/10 kB Progress (3): 155 kB | 32 kB | 7.7/10 kB Progress (3): 155 kB | 32 kB | 10 kB Progress (4): 155 kB | 32 kB | 10 kB | 4.1/14 kB Progress (4): 155 kB | 32 kB | 10 kB | 7.7/14 kB Progress (4): 155 kB | 32 kB | 10 kB | 12/14 kB Progress (4): 155 kB | 32 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 822 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (3): 10 kB | 14 kB | 4.1/4.2 kB Progress (3): 10 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (2): 4.2 kB | 4.1/25 kB Progress (2): 4.2 kB | 7.7/25 kB Progress (2): 4.2 kB | 12/25 kB Progress (2): 4.2 kB | 16/25 kB Progress (2): 4.2 kB | 20/25 kB Progress (2): 4.2 kB | 24/25 kB Progress (2): 4.2 kB | 25 kB Progress (3): 4.2 kB | 25 kB | 4.1/4.6 kB Progress (3): 4.2 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Progress (3): 25 kB | 4.6 kB | 4.1/19 kB Progress (3): 25 kB | 4.6 kB | 7.7/19 kB Progress (3): 25 kB | 4.6 kB | 12/19 kB Progress (3): 25 kB | 4.6 kB | 16/19 kB Progress (3): 25 kB | 4.6 kB | 19 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 4.1/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 7.7/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 12/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 16/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 20/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 24/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 28/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 32/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 36/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 41/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 45/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 111 kB/s) Progress (3): 4.6 kB | 19 kB | 49/217 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (3): 4.6 kB | 19 kB | 53/217 kB Progress (3): 4.6 kB | 19 kB | 57/217 kB Progress (3): 4.6 kB | 19 kB | 61/217 kB Progress (3): 4.6 kB | 19 kB | 65/217 kB Progress (3): 4.6 kB | 19 kB | 69/217 kB Progress (3): 4.6 kB | 19 kB | 73/217 kB Progress (3): 4.6 kB | 19 kB | 77/217 kB Progress (3): 4.6 kB | 19 kB | 81/217 kB Progress (3): 4.6 kB | 19 kB | 86/217 kB Progress (3): 4.6 kB | 19 kB | 90/217 kB Progress (3): 4.6 kB | 19 kB | 94/217 kB Progress (3): 4.6 kB | 19 kB | 98/217 kB Progress (3): 4.6 kB | 19 kB | 102/217 kB Progress (3): 4.6 kB | 19 kB | 106/217 kB Progress (3): 4.6 kB | 19 kB | 110/217 kB Progress (3): 4.6 kB | 19 kB | 114/217 kB Progress (3): 4.6 kB | 19 kB | 118/217 kB Progress (3): 4.6 kB | 19 kB | 122/217 kB Progress (3): 4.6 kB | 19 kB | 127/217 kB Progress (3): 4.6 kB | 19 kB | 131/217 kB Progress (3): 4.6 kB | 19 kB | 135/217 kB Progress (3): 4.6 kB | 19 kB | 139/217 kB Progress (3): 4.6 kB | 19 kB | 143/217 kB Progress (3): 4.6 kB | 19 kB | 147/217 kB Progress (3): 4.6 kB | 19 kB | 151/217 kB Progress (3): 4.6 kB | 19 kB | 155/217 kB Progress (3): 4.6 kB | 19 kB | 159/217 kB Progress (3): 4.6 kB | 19 kB | 163/217 kB Progress (3): 4.6 kB | 19 kB | 167/217 kB Progress (3): 4.6 kB | 19 kB | 172/217 kB Progress (3): 4.6 kB | 19 kB | 176/217 kB Progress (3): 4.6 kB | 19 kB | 180/217 kB Progress (3): 4.6 kB | 19 kB | 184/217 kB Progress (3): 4.6 kB | 19 kB | 188/217 kB Progress (3): 4.6 kB | 19 kB | 192/217 kB Progress (3): 4.6 kB | 19 kB | 196/217 kB Progress (3): 4.6 kB | 19 kB | 200/217 kB Progress (3): 4.6 kB | 19 kB | 204/217 kB Progress (3): 4.6 kB | 19 kB | 208/217 kB Progress (3): 4.6 kB | 19 kB | 213/217 kB Progress (3): 4.6 kB | 19 kB | 217/217 kB Progress (3): 4.6 kB | 19 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (3): 19 kB | 217 kB | 4.1/46 kB Progress (3): 19 kB | 217 kB | 7.7/46 kB Progress (3): 19 kB | 217 kB | 12/46 kB Progress (3): 19 kB | 217 kB | 16/46 kB Progress (3): 19 kB | 217 kB | 20/46 kB Progress (3): 19 kB | 217 kB | 24/46 kB Progress (3): 19 kB | 217 kB | 28/46 kB Progress (3): 19 kB | 217 kB | 32/46 kB Progress (3): 19 kB | 217 kB | 36/46 kB Progress (3): 19 kB | 217 kB | 41/46 kB Progress (3): 19 kB | 217 kB | 45/46 kB Progress (3): 19 kB | 217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (3): 217 kB | 46 kB | 4.1/134 kB Progress (3): 217 kB | 46 kB | 7.7/134 kB Progress (3): 217 kB | 46 kB | 12/134 kB Progress (3): 217 kB | 46 kB | 16/134 kB Progress (3): 217 kB | 46 kB | 20/134 kB Progress (3): 217 kB | 46 kB | 24/134 kB Progress (3): 217 kB | 46 kB | 28/134 kB Progress (3): 217 kB | 46 kB | 32/134 kB Progress (3): 217 kB | 46 kB | 36/134 kB Progress (3): 217 kB | 46 kB | 41/134 kB Progress (3): 217 kB | 46 kB | 45/134 kB Progress (3): 217 kB | 46 kB | 49/134 kB Progress (3): 217 kB | 46 kB | 53/134 kB Progress (3): 217 kB | 46 kB | 57/134 kB Progress (3): 217 kB | 46 kB | 61/134 kB Progress (3): 217 kB | 46 kB | 65/134 kB Progress (3): 217 kB | 46 kB | 69/134 kB Progress (3): 217 kB | 46 kB | 73/134 kB Progress (3): 217 kB | 46 kB | 77/134 kB Progress (3): 217 kB | 46 kB | 81/134 kB Progress (3): 217 kB | 46 kB | 86/134 kB Progress (3): 217 kB | 46 kB | 90/134 kB Progress (3): 217 kB | 46 kB | 94/134 kB Progress (3): 217 kB | 46 kB | 98/134 kB Progress (3): 217 kB | 46 kB | 102/134 kB Progress (3): 217 kB | 46 kB | 106/134 kB Progress (3): 217 kB | 46 kB | 110/134 kB Progress (3): 217 kB | 46 kB | 114/134 kB Progress (3): 217 kB | 46 kB | 118/134 kB Progress (3): 217 kB | 46 kB | 122/134 kB Progress (3): 217 kB | 46 kB | 127/134 kB Progress (3): 217 kB | 46 kB | 131/134 kB Progress (3): 217 kB | 46 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 870 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 46 kB | 134 kB | 4.1/358 kB Progress (3): 46 kB | 134 kB | 8.2/358 kB Progress (3): 46 kB | 134 kB | 12/358 kB Progress (3): 46 kB | 134 kB | 16/358 kB Progress (3): 46 kB | 134 kB | 20/358 kB Progress (3): 46 kB | 134 kB | 25/358 kB Progress (3): 46 kB | 134 kB | 29/358 kB Progress (3): 46 kB | 134 kB | 33/358 kB Progress (3): 46 kB | 134 kB | 37/358 kB Progress (3): 46 kB | 134 kB | 41/358 kB Progress (3): 46 kB | 134 kB | 45/358 kB Progress (3): 46 kB | 134 kB | 49/358 kB Progress (3): 46 kB | 134 kB | 53/358 kB Progress (3): 46 kB | 134 kB | 57/358 kB Progress (3): 46 kB | 134 kB | 61/358 kB Progress (3): 46 kB | 134 kB | 66/358 kB Progress (3): 46 kB | 134 kB | 70/358 kB Progress (3): 46 kB | 134 kB | 74/358 kB Progress (3): 46 kB | 134 kB | 78/358 kB Progress (3): 46 kB | 134 kB | 82/358 kB Progress (3): 46 kB | 134 kB | 86/358 kB Progress (3): 46 kB | 134 kB | 90/358 kB Progress (3): 46 kB | 134 kB | 94/358 kB Progress (3): 46 kB | 134 kB | 98/358 kB Progress (3): 46 kB | 134 kB | 102/358 kB Progress (3): 46 kB | 134 kB | 106/358 kB Progress (3): 46 kB | 134 kB | 111/358 kB Progress (3): 46 kB | 134 kB | 115/358 kB Progress (3): 46 kB | 134 kB | 119/358 kB Progress (3): 46 kB | 134 kB | 123/358 kB Progress (3): 46 kB | 134 kB | 127/358 kB Progress (3): 46 kB | 134 kB | 131/358 kB Progress (3): 46 kB | 134 kB | 135/358 kB Progress (3): 46 kB | 134 kB | 139/358 kB Progress (3): 46 kB | 134 kB | 143/358 kB Progress (3): 46 kB | 134 kB | 147/358 kB Progress (3): 46 kB | 134 kB | 152/358 kB Progress (3): 46 kB | 134 kB | 156/358 kB Progress (3): 46 kB | 134 kB | 160/358 kB Progress (3): 46 kB | 134 kB | 164/358 kB Progress (3): 46 kB | 134 kB | 168/358 kB Progress (3): 46 kB | 134 kB | 172/358 kB Progress (3): 46 kB | 134 kB | 176/358 kB Progress (3): 46 kB | 134 kB | 180/358 kB Progress (3): 46 kB | 134 kB | 184/358 kB Progress (3): 46 kB | 134 kB | 188/358 kB Progress (3): 46 kB | 134 kB | 193/358 kB Progress (3): 46 kB | 134 kB | 197/358 kB Progress (3): 46 kB | 134 kB | 201/358 kB Progress (3): 46 kB | 134 kB | 205/358 kB Progress (3): 46 kB | 134 kB | 209/358 kB Progress (3): 46 kB | 134 kB | 213/358 kB Progress (3): 46 kB | 134 kB | 217/358 kB Progress (3): 46 kB | 134 kB | 221/358 kB Progress (3): 46 kB | 134 kB | 225/358 kB Progress (3): 46 kB | 134 kB | 229/358 kB Progress (3): 46 kB | 134 kB | 233/358 kB Progress (3): 46 kB | 134 kB | 238/358 kB Progress (3): 46 kB | 134 kB | 242/358 kB Progress (3): 46 kB | 134 kB | 246/358 kB Progress (3): 46 kB | 134 kB | 250/358 kB Progress (3): 46 kB | 134 kB | 254/358 kB Progress (3): 46 kB | 134 kB | 258/358 kB Progress (3): 46 kB | 134 kB | 262/358 kB Progress (3): 46 kB | 134 kB | 266/358 kB Progress (3): 46 kB | 134 kB | 270/358 kB Progress (3): 46 kB | 134 kB | 274/358 kB Progress (3): 46 kB | 134 kB | 279/358 kB Progress (3): 46 kB | 134 kB | 283/358 kB Progress (3): 46 kB | 134 kB | 287/358 kB Progress (3): 46 kB | 134 kB | 291/358 kB Progress (3): 46 kB | 134 kB | 295/358 kB Progress (3): 46 kB | 134 kB | 299/358 kB Progress (3): 46 kB | 134 kB | 303/358 kB Progress (3): 46 kB | 134 kB | 307/358 kB Progress (3): 46 kB | 134 kB | 311/358 kB Progress (3): 46 kB | 134 kB | 315/358 kB Progress (3): 46 kB | 134 kB | 319/358 kB Progress (3): 46 kB | 134 kB | 324/358 kB Progress (3): 46 kB | 134 kB | 328/358 kB Progress (3): 46 kB | 134 kB | 332/358 kB Progress (3): 46 kB | 134 kB | 336/358 kB Progress (3): 46 kB | 134 kB | 340/358 kB Progress (3): 46 kB | 134 kB | 344/358 kB Progress (3): 46 kB | 134 kB | 348/358 kB Progress (3): 46 kB | 134 kB | 352/358 kB Progress (3): 46 kB | 134 kB | 356/358 kB Progress (3): 46 kB | 134 kB | 358 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 501 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (3): 46 kB | 358 kB | 4.1/640 kB Progress (3): 46 kB | 358 kB | 7.7/640 kB Progress (3): 46 kB | 358 kB | 12/640 kB Progress (3): 46 kB | 358 kB | 16/640 kB Progress (3): 46 kB | 358 kB | 20/640 kB Progress (3): 46 kB | 358 kB | 24/640 kB Progress (3): 46 kB | 358 kB | 28/640 kB Progress (3): 46 kB | 358 kB | 32/640 kB Progress (3): 46 kB | 358 kB | 36/640 kB Progress (3): 46 kB | 358 kB | 40/640 kB Progress (3): 46 kB | 358 kB | 44/640 kB Progress (3): 46 kB | 358 kB | 48/640 kB Progress (3): 46 kB | 358 kB | 53/640 kB Progress (3): 46 kB | 358 kB | 57/640 kB Progress (3): 46 kB | 358 kB | 61/640 kB Progress (3): 46 kB | 358 kB | 65/640 kB Progress (3): 46 kB | 358 kB | 69/640 kB Progress (3): 46 kB | 358 kB | 73/640 kB Progress (3): 46 kB | 358 kB | 77/640 kB Progress (3): 46 kB | 358 kB | 81/640 kB Progress (3): 46 kB | 358 kB | 85/640 kB Progress (3): 46 kB | 358 kB | 89/640 kB Progress (3): 46 kB | 358 kB | 94/640 kB Progress (3): 46 kB | 358 kB | 98/640 kB Progress (3): 46 kB | 358 kB | 102/640 kB Progress (3): 46 kB | 358 kB | 106/640 kB Progress (3): 46 kB | 358 kB | 110/640 kB Progress (3): 46 kB | 358 kB | 114/640 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 4.1/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 7.7/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 12/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 16/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 20/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 24/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 28/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 32/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 36/45 kB Progress (4): 46 kB | 358 kB | 114/640 kB | 41/45 kB Progress (4): 46 kB | 358 kB | 118/640 kB | 41/45 kB Progress (4): 46 kB | 358 kB | 118/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 122/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 126/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 130/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 134/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 139/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 143/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 147/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 151/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 155/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 159/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 163/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 167/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 171/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 175/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 180/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 184/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 188/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 192/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 196/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 200/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 204/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 208/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 212/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 216/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 220/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 225/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 229/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 233/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 237/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 241/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 245/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 249/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 253/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 257/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 261/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 266/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 270/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 274/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 278/640 kB | 45 kB Progress (4): 46 kB | 358 kB | 282/640 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 168 kB/s) Progress (3): 358 kB | 286/640 kB | 45 kB Progress (3): 358 kB | 290/640 kB | 45 kB Progress (3): 358 kB | 294/640 kB | 45 kB Progress (3): 358 kB | 298/640 kB | 45 kB Progress (3): 358 kB | 302/640 kB | 45 kB Progress (3): 358 kB | 307/640 kB | 45 kB Progress (3): 358 kB | 311/640 kB | 45 kB Progress (3): 358 kB | 315/640 kB | 45 kB Progress (3): 358 kB | 319/640 kB | 45 kB Progress (3): 358 kB | 323/640 kB | 45 kB Progress (3): 358 kB | 327/640 kB | 45 kB Progress (3): 358 kB | 331/640 kB | 45 kB Progress (3): 358 kB | 335/640 kB | 45 kB Progress (3): 358 kB | 339/640 kB | 45 kB Progress (3): 358 kB | 343/640 kB | 45 kB Progress (3): 358 kB | 347/640 kB | 45 kB Progress (3): 358 kB | 351/640 kB | 45 kB Progress (3): 358 kB | 355/640 kB | 45 kB Progress (3): 358 kB | 359/640 kB | 45 kB Progress (3): 358 kB | 364/640 kB | 45 kB Progress (3): 358 kB | 368/640 kB | 45 kB Progress (3): 358 kB | 372/640 kB | 45 kB Progress (3): 358 kB | 376/640 kB | 45 kB Progress (3): 358 kB | 380/640 kB | 45 kB Progress (3): 358 kB | 384/640 kB | 45 kB Progress (3): 358 kB | 388/640 kB | 45 kB Progress (3): 358 kB | 392/640 kB | 45 kB Progress (3): 358 kB | 396/640 kB | 45 kB Progress (3): 358 kB | 400/640 kB | 45 kB Progress (3): 358 kB | 405/640 kB | 45 kB Progress (3): 358 kB | 409/640 kB | 45 kB Progress (3): 358 kB | 413/640 kB | 45 kB Progress (3): 358 kB | 417/640 kB | 45 kB Progress (3): 358 kB | 421/640 kB | 45 kB Progress (3): 358 kB | 425/640 kB | 45 kB Progress (3): 358 kB | 429/640 kB | 45 kB Progress (3): 358 kB | 433/640 kB | 45 kB Progress (3): 358 kB | 437/640 kB | 45 kB Progress (3): 358 kB | 441/640 kB | 45 kB Progress (3): 358 kB | 446/640 kB | 45 kB Progress (3): 358 kB | 450/640 kB | 45 kB Progress (3): 358 kB | 454/640 kB | 45 kB Progress (3): 358 kB | 458/640 kB | 45 kB Progress (3): 358 kB | 462/640 kB | 45 kB Progress (3): 358 kB | 466/640 kB | 45 kB Progress (3): 358 kB | 470/640 kB | 45 kB Progress (3): 358 kB | 474/640 kB | 45 kB Progress (3): 358 kB | 478/640 kB | 45 kB Progress (3): 358 kB | 482/640 kB | 45 kB Progress (3): 358 kB | 486/640 kB | 45 kB Progress (3): 358 kB | 491/640 kB | 45 kB Progress (3): 358 kB | 495/640 kB | 45 kB Progress (3): 358 kB | 499/640 kB | 45 kB Progress (3): 358 kB | 503/640 kB | 45 kB Progress (3): 358 kB | 507/640 kB | 45 kB Progress (3): 358 kB | 511/640 kB | 45 kB Progress (3): 358 kB | 515/640 kB | 45 kB Progress (3): 358 kB | 519/640 kB | 45 kB Progress (3): 358 kB | 523/640 kB | 45 kB Progress (3): 358 kB | 527/640 kB | 45 kB Progress (3): 358 kB | 532/640 kB | 45 kB Progress (3): 358 kB | 536/640 kB | 45 kB Progress (3): 358 kB | 540/640 kB | 45 kB Progress (3): 358 kB | 544/640 kB | 45 kB Progress (3): 358 kB | 548/640 kB | 45 kB Progress (3): 358 kB | 552/640 kB | 45 kB Progress (3): 358 kB | 556/640 kB | 45 kB Progress (3): 358 kB | 560/640 kB | 45 kB Progress (3): 358 kB | 564/640 kB | 45 kB Progress (3): 358 kB | 568/640 kB | 45 kB Progress (3): 358 kB | 572/640 kB | 45 kB Progress (3): 358 kB | 577/640 kB | 45 kB Progress (3): 358 kB | 581/640 kB | 45 kB Progress (3): 358 kB | 585/640 kB | 45 kB Progress (3): 358 kB | 589/640 kB | 45 kB Progress (3): 358 kB | 593/640 kB | 45 kB Progress (3): 358 kB | 597/640 kB | 45 kB Progress (3): 358 kB | 601/640 kB | 45 kB Progress (3): 358 kB | 605/640 kB | 45 kB Progress (3): 358 kB | 609/640 kB | 45 kB Progress (3): 358 kB | 613/640 kB | 45 kB Progress (3): 358 kB | 618/640 kB | 45 kB Progress (3): 358 kB | 622/640 kB | 45 kB Progress (3): 358 kB | 626/640 kB | 45 kB Progress (3): 358 kB | 630/640 kB | 45 kB Progress (3): 358 kB | 634/640 kB | 45 kB Progress (3): 358 kB | 638/640 kB | 45 kB Progress (3): 358 kB | 640 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 151 kB/s) Progress (2): 640 kB | 4.1/121 kB Progress (2): 640 kB | 7.7/121 kB Progress (2): 640 kB | 12/121 kB Progress (2): 640 kB | 16/121 kB Progress (2): 640 kB | 20/121 kB Progress (2): 640 kB | 24/121 kB Progress (2): 640 kB | 28/121 kB Progress (2): 640 kB | 32/121 kB Progress (2): 640 kB | 36/121 kB Progress (2): 640 kB | 40/121 kB Progress (2): 640 kB | 44/121 kB Progress (2): 640 kB | 48/121 kB Progress (2): 640 kB | 53/121 kB Progress (2): 640 kB | 57/121 kB Progress (2): 640 kB | 61/121 kB Progress (2): 640 kB | 65/121 kB Progress (2): 640 kB | 69/121 kB Progress (2): 640 kB | 73/121 kB Progress (2): 640 kB | 77/121 kB Progress (2): 640 kB | 81/121 kB Progress (2): 640 kB | 85/121 kB Progress (2): 640 kB | 89/121 kB Progress (2): 640 kB | 94/121 kB Progress (2): 640 kB | 98/121 kB Progress (2): 640 kB | 102/121 kB Progress (2): 640 kB | 106/121 kB Progress (2): 640 kB | 110/121 kB Progress (2): 640 kB | 114/121 kB Progress (2): 640 kB | 118/121 kB Progress (2): 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 382 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 408 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 932 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 410 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 444 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 284 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/35 kB Progress (1): 7.7/35 kB Progress (1): 12/35 kB Progress (1): 16/35 kB Progress (1): 20/35 kB Progress (1): 24/35 kB Progress (1): 28/35 kB Progress (1): 32/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/31 kB Progress (2): 35 kB | 7.7/31 kB Progress (2): 35 kB | 12/31 kB Progress (2): 35 kB | 16/31 kB Progress (2): 35 kB | 20/31 kB Progress (2): 35 kB | 24/31 kB Progress (2): 35 kB | 28/31 kB Progress (2): 35 kB | 31 kB Progress (3): 35 kB | 31 kB | 4.1/316 kB Progress (3): 35 kB | 31 kB | 7.7/316 kB Progress (3): 35 kB | 31 kB | 12/316 kB Progress (3): 35 kB | 31 kB | 16/316 kB Progress (3): 35 kB | 31 kB | 20/316 kB Progress (3): 35 kB | 31 kB | 24/316 kB Progress (3): 35 kB | 31 kB | 28/316 kB Progress (3): 35 kB | 31 kB | 32/316 kB Progress (3): 35 kB | 31 kB | 36/316 kB Progress (3): 35 kB | 31 kB | 41/316 kB Progress (3): 35 kB | 31 kB | 45/316 kB Progress (3): 35 kB | 31 kB | 49/316 kB Progress (3): 35 kB | 31 kB | 53/316 kB Progress (3): 35 kB | 31 kB | 57/316 kB Progress (4): 35 kB | 31 kB | 57/316 kB | 4.1/263 kB Progress (4): 35 kB | 31 kB | 61/316 kB | 4.1/263 kB Progress (4): 35 kB | 31 kB | 61/316 kB | 7.7/263 kB Progress (4): 35 kB | 31 kB | 65/316 kB | 7.7/263 kB Progress (4): 35 kB | 31 kB | 65/316 kB | 12/263 kB Progress (4): 35 kB | 31 kB | 69/316 kB | 12/263 kB Progress (4): 35 kB | 31 kB | 69/316 kB | 16/263 kB Progress (4): 35 kB | 31 kB | 73/316 kB | 16/263 kB Progress (4): 35 kB | 31 kB | 73/316 kB | 20/263 kB Progress (4): 35 kB | 31 kB | 77/316 kB | 20/263 kB Progress (4): 35 kB | 31 kB | 77/316 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 81/316 kB | 24/263 kB Progress (4): 35 kB | 31 kB | 81/316 kB | 28/263 kB Progress (4): 35 kB | 31 kB | 86/316 kB | 28/263 kB Progress (4): 35 kB | 31 kB | 86/316 kB | 32/263 kB Progress (4): 35 kB | 31 kB | 90/316 kB | 32/263 kB Progress (4): 35 kB | 31 kB | 90/316 kB | 36/263 kB Progress (4): 35 kB | 31 kB | 94/316 kB | 36/263 kB Progress (4): 35 kB | 31 kB | 94/316 kB | 41/263 kB Progress (4): 35 kB | 31 kB | 98/316 kB | 41/263 kB Progress (4): 35 kB | 31 kB | 98/316 kB | 45/263 kB Progress (4): 35 kB | 31 kB | 102/316 kB | 45/263 kB Progress (4): 35 kB | 31 kB | 102/316 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 106/316 kB | 49/263 kB Progress (4): 35 kB | 31 kB | 106/316 kB | 53/263 kB Progress (4): 35 kB | 31 kB | 110/316 kB | 53/263 kB Progress (4): 35 kB | 31 kB | 110/316 kB | 57/263 kB Progress (4): 35 kB | 31 kB | 114/316 kB | 57/263 kB Progress (4): 35 kB | 31 kB | 114/316 kB | 61/263 kB Progress (4): 35 kB | 31 kB | 118/316 kB | 61/263 kB Progress (4): 35 kB | 31 kB | 118/316 kB | 65/263 kB Progress (4): 35 kB | 31 kB | 122/316 kB | 65/263 kB Progress (4): 35 kB | 31 kB | 122/316 kB | 69/263 kB Progress (4): 35 kB | 31 kB | 127/316 kB | 69/263 kB Progress (4): 35 kB | 31 kB | 127/316 kB | 73/263 kB Progress (4): 35 kB | 31 kB | 131/316 kB | 73/263 kB Progress (4): 35 kB | 31 kB | 131/316 kB | 77/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 77/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 81/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 86/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 90/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 94/263 kB Progress (4): 35 kB | 31 kB | 135/316 kB | 98/263 kB Progress (4): 35 kB | 31 kB | 139/316 kB | 98/263 kB Progress (4): 35 kB | 31 kB | 139/316 kB | 102/263 kB Progress (4): 35 kB | 31 kB | 143/316 kB | 102/263 kB Progress (4): 35 kB | 31 kB | 143/316 kB | 106/263 kB Progress (4): 35 kB | 31 kB | 147/316 kB | 106/263 kB Progress (4): 35 kB | 31 kB | 147/316 kB | 110/263 kB Progress (4): 35 kB | 31 kB | 151/316 kB | 110/263 kB Progress (4): 35 kB | 31 kB | 151/316 kB | 114/263 kB Progress (4): 35 kB | 31 kB | 155/316 kB | 114/263 kB Progress (4): 35 kB | 31 kB | 155/316 kB | 118/263 kB Progress (4): 35 kB | 31 kB | 159/316 kB | 118/263 kB Progress (4): 35 kB | 31 kB | 159/316 kB | 122/263 kB Progress (4): 35 kB | 31 kB | 163/316 kB | 122/263 kB Progress (4): 35 kB | 31 kB | 163/316 kB | 127/263 kB Progress (4): 35 kB | 31 kB | 167/316 kB | 127/263 kB Progress (4): 35 kB | 31 kB | 167/316 kB | 131/263 kB Progress (4): 35 kB | 31 kB | 172/316 kB | 131/263 kB Progress (4): 35 kB | 31 kB | 172/316 kB | 135/263 kB Progress (4): 35 kB | 31 kB | 176/316 kB | 135/263 kB Progress (4): 35 kB | 31 kB | 176/316 kB | 139/263 kB Progress (4): 35 kB | 31 kB | 180/316 kB | 139/263 kB Progress (4): 35 kB | 31 kB | 180/316 kB | 143/263 kB Progress (4): 35 kB | 31 kB | 184/316 kB | 143/263 kB Progress (4): 35 kB | 31 kB | 184/316 kB | 147/263 kB Progress (4): 35 kB | 31 kB | 188/316 kB | 147/263 kB Progress (4): 35 kB | 31 kB | 188/316 kB | 151/263 kB Progress (4): 35 kB | 31 kB | 192/316 kB | 151/263 kB Progress (4): 35 kB | 31 kB | 192/316 kB | 155/263 kB Progress (4): 35 kB | 31 kB | 196/316 kB | 155/263 kB Progress (5): 35 kB | 31 kB | 196/316 kB | 155/263 kB | 4.1/118 kB Progress (5): 35 kB | 31 kB | 196/316 kB | 159/263 kB | 4.1/118 kB Progress (5): 35 kB | 31 kB | 200/316 kB | 159/263 kB | 4.1/118 kB Progress (5): 35 kB | 31 kB | 200/316 kB | 159/263 kB | 7.7/118 kB Progress (5): 35 kB | 31 kB | 200/316 kB | 163/263 kB | 7.7/118 kB Progress (5): 35 kB | 31 kB | 200/316 kB | 163/263 kB | 12/118 kB Progress (5): 35 kB | 31 kB | 204/316 kB | 163/263 kB | 12/118 kB Progress (5): 35 kB | 31 kB | 204/316 kB | 163/263 kB | 16/118 kB Progress (5): 35 kB | 31 kB | 204/316 kB | 167/263 kB | 16/118 kB Progress (5): 35 kB | 31 kB | 204/316 kB | 172/263 kB | 16/118 kB Progress (5): 35 kB | 31 kB | 208/316 kB | 172/263 kB | 16/118 kB Progress (5): 35 kB | 31 kB | 208/316 kB | 176/263 kB | 16/118 kB Progress (5): 35 kB | 31 kB | 208/316 kB | 176/263 kB | 20/118 kB Progress (5): 35 kB | 31 kB | 213/316 kB | 176/263 kB | 20/118 kB Progress (5): 35 kB | 31 kB | 213/316 kB | 176/263 kB | 24/118 kB Progress (5): 35 kB | 31 kB | 213/316 kB | 180/263 kB | 24/118 kB Progress (5): 35 kB | 31 kB | 213/316 kB | 180/263 kB | 28/118 kB Progress (5): 35 kB | 31 kB | 217/316 kB | 180/263 kB | 28/118 kB Progress (5): 35 kB | 31 kB | 217/316 kB | 180/263 kB | 32/118 kB Progress (5): 35 kB | 31 kB | 217/316 kB | 184/263 kB | 32/118 kB Progress (5): 35 kB | 31 kB | 221/316 kB | 184/263 kB | 32/118 kB Progress (5): 35 kB | 31 kB | 221/316 kB | 188/263 kB | 32/118 kB Progress (5): 35 kB | 31 kB | 221/316 kB | 188/263 kB | 36/118 kB Progress (5): 35 kB | 31 kB | 225/316 kB | 188/263 kB | 36/118 kB Progress (5): 35 kB | 31 kB | 225/316 kB | 188/263 kB | 41/118 kB Progress (5): 35 kB | 31 kB | 225/316 kB | 192/263 kB | 41/118 kB Progress (5): 35 kB | 31 kB | 225/316 kB | 192/263 kB | 45/118 kB Progress (5): 35 kB | 31 kB | 229/316 kB | 192/263 kB | 45/118 kB Progress (5): 35 kB | 31 kB | 229/316 kB | 192/263 kB | 49/118 kB Progress (5): 35 kB | 31 kB | 229/316 kB | 196/263 kB | 49/118 kB Progress (5): 35 kB | 31 kB | 233/316 kB | 196/263 kB | 49/118 kB Progress (5): 35 kB | 31 kB | 233/316 kB | 196/263 kB | 53/118 kB Progress (5): 35 kB | 31 kB | 233/316 kB | 196/263 kB | 57/118 kB Progress (5): 35 kB | 31 kB | 237/316 kB | 196/263 kB | 57/118 kB Progress (5): 35 kB | 31 kB | 237/316 kB | 200/263 kB | 57/118 kB Progress (5): 35 kB | 31 kB | 237/316 kB | 200/263 kB | 61/118 kB Progress (5): 35 kB | 31 kB | 237/316 kB | 204/263 kB | 61/118 kB Progress (5): 35 kB | 31 kB | 241/316 kB | 204/263 kB | 61/118 kB Progress (5): 35 kB | 31 kB | 241/316 kB | 208/263 kB | 61/118 kB Progress (5): 35 kB | 31 kB | 241/316 kB | 208/263 kB | 65/118 kB Progress (5): 35 kB | 31 kB | 241/316 kB | 213/263 kB | 65/118 kB Progress (5): 35 kB | 31 kB | 245/316 kB | 213/263 kB | 65/118 kB Progress (5): 35 kB | 31 kB | 249/316 kB | 213/263 kB | 65/118 kB Progress (5): 35 kB | 31 kB | 249/316 kB | 213/263 kB | 69/118 kB Progress (5): 35 kB | 31 kB | 249/316 kB | 213/263 kB | 73/118 kB Progress (5): 35 kB | 31 kB | 249/316 kB | 217/263 kB | 73/118 kB Progress (5): 35 kB | 31 kB | 249/316 kB | 217/263 kB | 77/118 kB Progress (5): 35 kB | 31 kB | 254/316 kB | 217/263 kB | 77/118 kB Progress (5): 35 kB | 31 kB | 254/316 kB | 217/263 kB | 81/118 kB Progress (5): 35 kB | 31 kB | 254/316 kB | 221/263 kB | 81/118 kB Progress (5): 35 kB | 31 kB | 258/316 kB | 221/263 kB | 81/118 kB Progress (5): 35 kB | 31 kB | 258/316 kB | 225/263 kB | 81/118 kB Progress (5): 35 kB | 31 kB | 258/316 kB | 225/263 kB | 86/118 kB Progress (5): 35 kB | 31 kB | 262/316 kB | 225/263 kB | 86/118 kB Progress (5): 35 kB | 31 kB | 262/316 kB | 225/263 kB | 90/118 kB Progress (5): 35 kB | 31 kB | 262/316 kB | 229/263 kB | 90/118 kB Progress (5): 35 kB | 31 kB | 262/316 kB | 229/263 kB | 94/118 kB Progress (5): 35 kB | 31 kB | 266/316 kB | 229/263 kB | 94/118 kB Progress (5): 35 kB | 31 kB | 266/316 kB | 229/263 kB | 98/118 kB Progress (5): 35 kB | 31 kB | 266/316 kB | 233/263 kB | 98/118 kB Progress (5): 35 kB | 31 kB | 270/316 kB | 233/263 kB | 98/118 kB Progress (5): 35 kB | 31 kB | 270/316 kB | 237/263 kB | 98/118 kB Progress (5): 35 kB | 31 kB | 270/316 kB | 237/263 kB | 102/118 kB Progress (5): 35 kB | 31 kB | 270/316 kB | 241/263 kB | 102/118 kB Progress (5): 35 kB | 31 kB | 274/316 kB | 241/263 kB | 102/118 kB Progress (5): 35 kB | 31 kB | 274/316 kB | 245/263 kB | 102/118 kB Progress (5): 35 kB | 31 kB | 274/316 kB | 245/263 kB | 106/118 kB Progress (5): 35 kB | 31 kB | 278/316 kB | 245/263 kB | 106/118 kB Progress (5): 35 kB | 31 kB | 278/316 kB | 245/263 kB | 110/118 kB Progress (5): 35 kB | 31 kB | 282/316 kB | 245/263 kB | 110/118 kB Progress (5): 35 kB | 31 kB | 282/316 kB | 249/263 kB | 110/118 kB Progress (5): 35 kB | 31 kB | 282/316 kB | 249/263 kB | 114/118 kB Progress (5): 35 kB | 31 kB | 282/316 kB | 254/263 kB | 114/118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 913 kB/s) Progress (4): 31 kB | 282/316 kB | 254/263 kB | 118 kB Progress (4): 31 kB | 282/316 kB | 258/263 kB | 118 kB Progress (4): 31 kB | 286/316 kB | 258/263 kB | 118 kB Progress (4): 31 kB | 286/316 kB | 262/263 kB | 118 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (4): 31 kB | 290/316 kB | 262/263 kB | 118 kB Progress (4): 31 kB | 294/316 kB | 262/263 kB | 118 kB Progress (4): 31 kB | 294/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 299/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 303/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 307/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 311/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 315/316 kB | 263 kB | 118 kB Progress (4): 31 kB | 316 kB | 263 kB | 118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 609 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Progress (4): 316 kB | 263 kB | 118 kB | 4.1/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 7.7/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 12/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 16/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 20/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 24/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 28/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 32/232 kB Progress (4): 316 kB | 263 kB | 118 kB | 36/232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 5.6 MB/s) Progress (3): 263 kB | 118 kB | 41/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Progress (3): 263 kB | 118 kB | 45/232 kB Progress (3): 263 kB | 118 kB | 49/232 kB Progress (3): 263 kB | 118 kB | 53/232 kB Progress (3): 263 kB | 118 kB | 57/232 kB Progress (3): 263 kB | 118 kB | 61/232 kB Progress (3): 263 kB | 118 kB | 65/232 kB Progress (3): 263 kB | 118 kB | 69/232 kB Progress (3): 263 kB | 118 kB | 73/232 kB Progress (3): 263 kB | 118 kB | 77/232 kB Progress (3): 263 kB | 118 kB | 81/232 kB Progress (3): 263 kB | 118 kB | 86/232 kB Progress (3): 263 kB | 118 kB | 90/232 kB Progress (3): 263 kB | 118 kB | 94/232 kB Progress (3): 263 kB | 118 kB | 98/232 kB Progress (3): 263 kB | 118 kB | 102/232 kB Progress (3): 263 kB | 118 kB | 106/232 kB Progress (3): 263 kB | 118 kB | 110/232 kB Progress (3): 263 kB | 118 kB | 114/232 kB Progress (3): 263 kB | 118 kB | 118/232 kB Progress (3): 263 kB | 118 kB | 122/232 kB Progress (3): 263 kB | 118 kB | 127/232 kB Progress (3): 263 kB | 118 kB | 131/232 kB Progress (3): 263 kB | 118 kB | 135/232 kB Progress (3): 263 kB | 118 kB | 139/232 kB Progress (3): 263 kB | 118 kB | 143/232 kB Progress (3): 263 kB | 118 kB | 147/232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 4.4 MB/s) Progress (2): 118 kB | 151/232 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 118 kB | 155/232 kB Progress (2): 118 kB | 159/232 kB Progress (2): 118 kB | 163/232 kB Progress (2): 118 kB | 167/232 kB Progress (2): 118 kB | 172/232 kB Progress (2): 118 kB | 176/232 kB Progress (2): 118 kB | 180/232 kB Progress (2): 118 kB | 184/232 kB Progress (2): 118 kB | 188/232 kB Progress (2): 118 kB | 192/232 kB Progress (2): 118 kB | 196/232 kB Progress (2): 118 kB | 200/232 kB Progress (2): 118 kB | 204/232 kB Progress (2): 118 kB | 208/232 kB Progress (2): 118 kB | 213/232 kB Progress (2): 118 kB | 217/232 kB Progress (2): 118 kB | 221/232 kB Progress (2): 118 kB | 225/232 kB Progress (2): 118 kB | 229/232 kB Progress (2): 118 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 1.7 MB/s) Progress (2): 232 kB | 4.1/38 kB Progress (2): 232 kB | 7.7/38 kB Progress (2): 232 kB | 12/38 kB Progress (2): 232 kB | 16/38 kB Progress (2): 232 kB | 20/38 kB Progress (2): 232 kB | 24/38 kB Progress (2): 232 kB | 28/38 kB Progress (2): 232 kB | 32/38 kB Progress (2): 232 kB | 36/38 kB Progress (2): 232 kB | 38 kB Progress (3): 232 kB | 38 kB | 4.1/10 kB Progress (3): 232 kB | 38 kB | 7.7/10 kB Progress (3): 232 kB | 38 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.9 MB/s) Progress (3): 38 kB | 10 kB | 4.1/14 kB Progress (3): 38 kB | 10 kB | 7.7/14 kB Progress (3): 38 kB | 10 kB | 12/14 kB Progress (3): 38 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 417 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 140 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 99 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 106 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 892 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 395 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 300 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 417 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 403 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 410 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 419 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 191 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 410 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/327 kB Progress (1): 7.7/327 kB Progress (1): 12/327 kB Progress (1): 16/327 kB Progress (1): 20/327 kB Progress (1): 24/327 kB Progress (1): 28/327 kB Progress (1): 32/327 kB Progress (1): 36/327 kB Progress (1): 41/327 kB Progress (1): 45/327 kB Progress (1): 49/327 kB Progress (2): 49/327 kB | 4.1/41 kB Progress (2): 53/327 kB | 4.1/41 kB Progress (2): 53/327 kB | 7.7/41 kB Progress (2): 57/327 kB | 7.7/41 kB Progress (2): 57/327 kB | 12/41 kB Progress (2): 61/327 kB | 12/41 kB Progress (2): 61/327 kB | 16/41 kB Progress (2): 65/327 kB | 16/41 kB Progress (2): 65/327 kB | 20/41 kB Progress (2): 69/327 kB | 20/41 kB Progress (2): 69/327 kB | 24/41 kB Progress (2): 73/327 kB | 24/41 kB Progress (2): 73/327 kB | 28/41 kB Progress (2): 77/327 kB | 28/41 kB Progress (2): 77/327 kB | 32/41 kB Progress (2): 81/327 kB | 32/41 kB Progress (2): 81/327 kB | 36/41 kB Progress (2): 81/327 kB | 41/41 kB Progress (2): 86/327 kB | 41/41 kB Progress (2): 86/327 kB | 41 kB Progress (2): 90/327 kB | 41 kB Progress (2): 94/327 kB | 41 kB Progress (2): 98/327 kB | 41 kB Progress (2): 102/327 kB | 41 kB Progress (2): 106/327 kB | 41 kB Progress (2): 110/327 kB | 41 kB Progress (2): 114/327 kB | 41 kB Progress (2): 118/327 kB | 41 kB Progress (2): 122/327 kB | 41 kB Progress (2): 127/327 kB | 41 kB Progress (2): 131/327 kB | 41 kB Progress (2): 135/327 kB | 41 kB Progress (2): 139/327 kB | 41 kB Progress (2): 143/327 kB | 41 kB Progress (2): 147/327 kB | 41 kB Progress (2): 151/327 kB | 41 kB Progress (2): 155/327 kB | 41 kB Progress (2): 159/327 kB | 41 kB Progress (2): 163/327 kB | 41 kB Progress (2): 167/327 kB | 41 kB Progress (2): 172/327 kB | 41 kB Progress (2): 176/327 kB | 41 kB Progress (2): 180/327 kB | 41 kB Progress (2): 184/327 kB | 41 kB Progress (2): 188/327 kB | 41 kB Progress (2): 192/327 kB | 41 kB Progress (2): 196/327 kB | 41 kB Progress (2): 200/327 kB | 41 kB Progress (2): 204/327 kB | 41 kB Progress (2): 208/327 kB | 41 kB Progress (2): 213/327 kB | 41 kB Progress (2): 217/327 kB | 41 kB Progress (2): 221/327 kB | 41 kB Progress (2): 225/327 kB | 41 kB Progress (2): 229/327 kB | 41 kB Progress (2): 233/327 kB | 41 kB Progress (2): 237/327 kB | 41 kB Progress (2): 241/327 kB | 41 kB Progress (2): 245/327 kB | 41 kB Progress (2): 249/327 kB | 41 kB Progress (2): 254/327 kB | 41 kB Progress (2): 258/327 kB | 41 kB Progress (2): 262/327 kB | 41 kB Progress (2): 266/327 kB | 41 kB Progress (2): 270/327 kB | 41 kB Progress (2): 274/327 kB | 41 kB Progress (2): 278/327 kB | 41 kB Progress (2): 282/327 kB | 41 kB Progress (2): 286/327 kB | 41 kB Progress (2): 290/327 kB | 41 kB Progress (2): 294/327 kB | 41 kB Progress (2): 299/327 kB | 41 kB Progress (2): 303/327 kB | 41 kB Progress (2): 307/327 kB | 41 kB Progress (2): 311/327 kB | 41 kB Progress (2): 315/327 kB | 41 kB Progress (2): 319/327 kB | 41 kB Progress (2): 323/327 kB | 41 kB Progress (3): 323/327 kB | 41 kB | 4.1/26 kB Progress (3): 327 kB | 41 kB | 4.1/26 kB Progress (3): 327 kB | 41 kB | 8.2/26 kB Progress (3): 327 kB | 41 kB | 12/26 kB Progress (3): 327 kB | 41 kB | 16/26 kB Progress (3): 327 kB | 41 kB | 20/26 kB Progress (3): 327 kB | 41 kB | 25/26 kB Progress (3): 327 kB | 41 kB | 26 kB Progress (4): 327 kB | 41 kB | 26 kB | 4.1/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 7.7/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 12/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 16/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 20/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 24/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 28/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 32/36 kB Progress (4): 327 kB | 41 kB | 26 kB | 36 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Progress (4): 327 kB | 26 kB | 36 kB | 4.1/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 7.7/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 12/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 16/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 20/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 24/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 28/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 32/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 36/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 41/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 45/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 49/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 53/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 57/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 61/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 65/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 69/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 73/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 77/79 kB Progress (4): 327 kB | 26 kB | 36 kB | 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 7.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 547 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 685 kB/s) Progress (2): 79 kB | 2.5 kB Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (3): 79 kB | 2.5 kB | 4.1/211 kB Progress (3): 79 kB | 2.5 kB | 8.2/211 kB Progress (3): 79 kB | 2.5 kB | 12/211 kB Progress (3): 79 kB | 2.5 kB | 16/211 kB Progress (3): 79 kB | 2.5 kB | 20/211 kB Progress (3): 79 kB | 2.5 kB | 25/211 kB Progress (3): 79 kB | 2.5 kB | 29/211 kB Progress (3): 79 kB | 2.5 kB | 33/211 kB Progress (3): 79 kB | 2.5 kB | 37/211 kB Progress (3): 79 kB | 2.5 kB | 41/211 kB Progress (3): 79 kB | 2.5 kB | 45/211 kB Progress (3): 79 kB | 2.5 kB | 49/211 kB Progress (3): 79 kB | 2.5 kB | 53/211 kB Progress (3): 79 kB | 2.5 kB | 57/211 kB Progress (3): 79 kB | 2.5 kB | 61/211 kB Progress (3): 79 kB | 2.5 kB | 66/211 kB Progress (3): 79 kB | 2.5 kB | 70/211 kB Progress (3): 79 kB | 2.5 kB | 74/211 kB Progress (3): 79 kB | 2.5 kB | 78/211 kB Progress (3): 79 kB | 2.5 kB | 82/211 kB Progress (3): 79 kB | 2.5 kB | 86/211 kB Progress (3): 79 kB | 2.5 kB | 90/211 kB Progress (3): 79 kB | 2.5 kB | 94/211 kB Progress (3): 79 kB | 2.5 kB | 98/211 kB Progress (3): 79 kB | 2.5 kB | 102/211 kB Progress (3): 79 kB | 2.5 kB | 106/211 kB Progress (3): 79 kB | 2.5 kB | 111/211 kB Progress (3): 79 kB | 2.5 kB | 115/211 kB Progress (3): 79 kB | 2.5 kB | 119/211 kB Progress (3): 79 kB | 2.5 kB | 123/211 kB Progress (3): 79 kB | 2.5 kB | 127/211 kB Progress (3): 79 kB | 2.5 kB | 131/211 kB Progress (3): 79 kB | 2.5 kB | 135/211 kB Progress (3): 79 kB | 2.5 kB | 139/211 kB Progress (3): 79 kB | 2.5 kB | 143/211 kB Progress (3): 79 kB | 2.5 kB | 147/211 kB Progress (3): 79 kB | 2.5 kB | 152/211 kB Progress (3): 79 kB | 2.5 kB | 156/211 kB Progress (3): 79 kB | 2.5 kB | 160/211 kB Progress (3): 79 kB | 2.5 kB | 164/211 kB Progress (3): 79 kB | 2.5 kB | 168/211 kB Progress (3): 79 kB | 2.5 kB | 172/211 kB Progress (3): 79 kB | 2.5 kB | 176/211 kB Progress (3): 79 kB | 2.5 kB | 180/211 kB Progress (3): 79 kB | 2.5 kB | 184/211 kB Progress (3): 79 kB | 2.5 kB | 188/211 kB Progress (3): 79 kB | 2.5 kB | 193/211 kB Progress (3): 79 kB | 2.5 kB | 197/211 kB Progress (3): 79 kB | 2.5 kB | 201/211 kB Progress (3): 79 kB | 2.5 kB | 205/211 kB Progress (3): 79 kB | 2.5 kB | 209/211 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.2 MB/s) Progress (2): 2.5 kB | 211 kB Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (3): 2.5 kB | 211 kB | 4.1/58 kB Progress (3): 2.5 kB | 211 kB | 7.7/58 kB Progress (3): 2.5 kB | 211 kB | 12/58 kB Progress (3): 2.5 kB | 211 kB | 16/58 kB Progress (3): 2.5 kB | 211 kB | 20/58 kB Progress (3): 2.5 kB | 211 kB | 24/58 kB Progress (3): 2.5 kB | 211 kB | 28/58 kB Progress (3): 2.5 kB | 211 kB | 32/58 kB Progress (3): 2.5 kB | 211 kB | 36/58 kB Progress (3): 2.5 kB | 211 kB | 41/58 kB Progress (3): 2.5 kB | 211 kB | 45/58 kB Progress (3): 2.5 kB | 211 kB | 49/58 kB Progress (3): 2.5 kB | 211 kB | 53/58 kB Progress (3): 2.5 kB | 211 kB | 57/58 kB Progress (3): 2.5 kB | 211 kB | 58 kB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.1/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.2/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.3/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.4/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.5/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.7/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.8/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 0.9/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0/1.0 MB Progress (4): 2.5 kB | 211 kB | 58 kB | 1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 674 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (3): 211 kB | 1.0 MB | 4.1/116 kB Progress (3): 211 kB | 1.0 MB | 7.7/116 kB Progress (3): 211 kB | 1.0 MB | 12/116 kB Progress (3): 211 kB | 1.0 MB | 16/116 kB Progress (3): 211 kB | 1.0 MB | 20/116 kB Progress (3): 211 kB | 1.0 MB | 24/116 kB Progress (3): 211 kB | 1.0 MB | 28/116 kB Progress (3): 211 kB | 1.0 MB | 32/116 kB Progress (3): 211 kB | 1.0 MB | 36/116 kB Progress (3): 211 kB | 1.0 MB | 41/116 kB Progress (3): 211 kB | 1.0 MB | 45/116 kB Progress (3): 211 kB | 1.0 MB | 49/116 kB Progress (3): 211 kB | 1.0 MB | 53/116 kB Progress (3): 211 kB | 1.0 MB | 57/116 kB Progress (3): 211 kB | 1.0 MB | 61/116 kB Progress (3): 211 kB | 1.0 MB | 65/116 kB Progress (3): 211 kB | 1.0 MB | 69/116 kB Progress (3): 211 kB | 1.0 MB | 73/116 kB Progress (3): 211 kB | 1.0 MB | 77/116 kB Progress (3): 211 kB | 1.0 MB | 81/116 kB Progress (3): 211 kB | 1.0 MB | 86/116 kB Progress (3): 211 kB | 1.0 MB | 90/116 kB Progress (3): 211 kB | 1.0 MB | 94/116 kB Progress (3): 211 kB | 1.0 MB | 98/116 kB Progress (3): 211 kB | 1.0 MB | 102/116 kB Progress (3): 211 kB | 1.0 MB | 106/116 kB Progress (3): 211 kB | 1.0 MB | 110/116 kB Progress (3): 211 kB | 1.0 MB | 114/116 kB Progress (3): 211 kB | 1.0 MB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.8 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.1 MB/s) Progress (1): 4.1/85 kB Progress (1): 7.7/85 kB Progress (1): 12/85 kB Progress (1): 16/85 kB Progress (1): 20/85 kB Progress (1): 24/85 kB Progress (1): 28/85 kB Progress (1): 32/85 kB Progress (1): 36/85 kB Progress (1): 41/85 kB Progress (1): 45/85 kB Progress (1): 49/85 kB Progress (1): 53/85 kB Progress (1): 57/85 kB Progress (1): 61/85 kB Progress (1): 65/85 kB Progress (1): 69/85 kB Progress (1): 73/85 kB Progress (1): 77/85 kB Progress (1): 81/85 kB Progress (1): 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 652 kB/s) Progress (1): 4.1/267 kB Progress (1): 7.7/267 kB Progress (1): 12/267 kB Progress (1): 16/267 kB Progress (1): 20/267 kB Progress (1): 24/267 kB Progress (1): 28/267 kB Progress (1): 32/267 kB Progress (1): 36/267 kB Progress (1): 41/267 kB Progress (1): 45/267 kB Progress (1): 49/267 kB Progress (1): 53/267 kB Progress (1): 57/267 kB Progress (1): 61/267 kB Progress (1): 65/267 kB Progress (1): 69/267 kB Progress (1): 73/267 kB Progress (1): 77/267 kB Progress (1): 81/267 kB Progress (1): 86/267 kB Progress (1): 90/267 kB Progress (1): 94/267 kB Progress (1): 98/267 kB Progress (1): 102/267 kB Progress (1): 106/267 kB Progress (1): 110/267 kB Progress (1): 114/267 kB Progress (1): 118/267 kB Progress (1): 122/267 kB Progress (1): 127/267 kB Progress (1): 131/267 kB Progress (1): 135/267 kB Progress (1): 139/267 kB Progress (1): 143/267 kB Progress (1): 147/267 kB Progress (1): 151/267 kB Progress (1): 155/267 kB Progress (1): 159/267 kB Progress (1): 163/267 kB Progress (1): 167/267 kB Progress (1): 172/267 kB Progress (1): 176/267 kB Progress (1): 180/267 kB Progress (1): 184/267 kB Progress (1): 188/267 kB Progress (1): 192/267 kB Progress (1): 196/267 kB Progress (1): 200/267 kB Progress (1): 204/267 kB Progress (1): 208/267 kB Progress (1): 213/267 kB Progress (1): 217/267 kB Progress (1): 221/267 kB Progress (1): 225/267 kB Progress (1): 229/267 kB Progress (1): 233/267 kB Progress (1): 237/267 kB Progress (1): 241/267 kB Progress (1): 245/267 kB Progress (1): 249/267 kB Progress (1): 254/267 kB Progress (1): 258/267 kB Progress (1): 262/267 kB Progress (1): 266/267 kB Progress (1): 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.4 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 313 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 444 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 189 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 165 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 939 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 380 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 700 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 341 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 314 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 264 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 279 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 207 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 269 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 146 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 574 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/202 kB Progress (1): 7.7/202 kB Progress (1): 12/202 kB Progress (1): 16/202 kB Progress (1): 20/202 kB Progress (1): 24/202 kB Progress (1): 28/202 kB Progress (1): 32/202 kB Progress (1): 36/202 kB Progress (1): 41/202 kB Progress (1): 45/202 kB Progress (1): 49/202 kB Progress (1): 53/202 kB Progress (1): 57/202 kB Progress (1): 61/202 kB Progress (1): 65/202 kB Progress (1): 69/202 kB Progress (1): 73/202 kB Progress (1): 77/202 kB Progress (1): 81/202 kB Progress (1): 86/202 kB Progress (1): 90/202 kB Progress (1): 94/202 kB Progress (1): 98/202 kB Progress (1): 102/202 kB Progress (1): 106/202 kB Progress (1): 110/202 kB Progress (1): 114/202 kB Progress (1): 118/202 kB Progress (1): 122/202 kB Progress (1): 127/202 kB Progress (1): 131/202 kB Progress (1): 135/202 kB Progress (1): 139/202 kB Progress (1): 143/202 kB Progress (1): 147/202 kB Progress (1): 151/202 kB Progress (1): 155/202 kB Progress (1): 159/202 kB Progress (1): 163/202 kB Progress (1): 167/202 kB Progress (1): 172/202 kB Progress (1): 176/202 kB Progress (1): 180/202 kB Progress (1): 184/202 kB Progress (1): 188/202 kB Progress (1): 192/202 kB Progress (1): 196/202 kB Progress (1): 200/202 kB Progress (1): 202 kB Progress (2): 202 kB | 4.1/472 kB Progress (2): 202 kB | 7.7/472 kB Progress (2): 202 kB | 12/472 kB Progress (2): 202 kB | 16/472 kB Progress (2): 202 kB | 20/472 kB Progress (2): 202 kB | 24/472 kB Progress (2): 202 kB | 28/472 kB Progress (2): 202 kB | 32/472 kB Progress (2): 202 kB | 36/472 kB Progress (2): 202 kB | 40/472 kB Progress (2): 202 kB | 44/472 kB Progress (2): 202 kB | 48/472 kB Progress (2): 202 kB | 53/472 kB Progress (2): 202 kB | 57/472 kB Progress (2): 202 kB | 61/472 kB Progress (2): 202 kB | 65/472 kB Progress (2): 202 kB | 69/472 kB Progress (2): 202 kB | 73/472 kB Progress (2): 202 kB | 77/472 kB Progress (2): 202 kB | 81/472 kB Progress (2): 202 kB | 85/472 kB Progress (2): 202 kB | 89/472 kB Progress (2): 202 kB | 94/472 kB Progress (2): 202 kB | 98/472 kB Progress (3): 202 kB | 98/472 kB | 4.1/49 kB Progress (3): 202 kB | 102/472 kB | 4.1/49 kB Progress (3): 202 kB | 102/472 kB | 7.7/49 kB Progress (3): 202 kB | 106/472 kB | 7.7/49 kB Progress (3): 202 kB | 106/472 kB | 12/49 kB Progress (3): 202 kB | 110/472 kB | 12/49 kB Progress (3): 202 kB | 110/472 kB | 16/49 kB Progress (3): 202 kB | 114/472 kB | 16/49 kB Progress (3): 202 kB | 118/472 kB | 16/49 kB Progress (3): 202 kB | 118/472 kB | 20/49 kB Progress (3): 202 kB | 122/472 kB | 20/49 kB Progress (3): 202 kB | 122/472 kB | 24/49 kB Progress (3): 202 kB | 126/472 kB | 24/49 kB Progress (3): 202 kB | 126/472 kB | 28/49 kB Progress (3): 202 kB | 130/472 kB | 28/49 kB Progress (3): 202 kB | 130/472 kB | 32/49 kB Progress (3): 202 kB | 134/472 kB | 32/49 kB Progress (3): 202 kB | 134/472 kB | 36/49 kB Progress (3): 202 kB | 134/472 kB | 40/49 kB Progress (3): 202 kB | 139/472 kB | 40/49 kB Progress (3): 202 kB | 139/472 kB | 44/49 kB Progress (3): 202 kB | 143/472 kB | 44/49 kB Progress (3): 202 kB | 143/472 kB | 48/49 kB Progress (3): 202 kB | 147/472 kB | 48/49 kB Progress (3): 202 kB | 147/472 kB | 49 kB Progress (3): 202 kB | 151/472 kB | 49 kB Progress (3): 202 kB | 155/472 kB | 49 kB Progress (3): 202 kB | 159/472 kB | 49 kB Progress (3): 202 kB | 163/472 kB | 49 kB Progress (3): 202 kB | 167/472 kB | 49 kB Progress (3): 202 kB | 171/472 kB | 49 kB Progress (3): 202 kB | 175/472 kB | 49 kB Progress (3): 202 kB | 180/472 kB | 49 kB Progress (3): 202 kB | 184/472 kB | 49 kB Progress (3): 202 kB | 188/472 kB | 49 kB Progress (3): 202 kB | 192/472 kB | 49 kB Progress (3): 202 kB | 196/472 kB | 49 kB Progress (3): 202 kB | 200/472 kB | 49 kB Progress (3): 202 kB | 204/472 kB | 49 kB Progress (3): 202 kB | 208/472 kB | 49 kB Progress (3): 202 kB | 212/472 kB | 49 kB Progress (3): 202 kB | 216/472 kB | 49 kB Progress (3): 202 kB | 220/472 kB | 49 kB Progress (3): 202 kB | 225/472 kB | 49 kB Progress (3): 202 kB | 229/472 kB | 49 kB Progress (3): 202 kB | 233/472 kB | 49 kB Progress (3): 202 kB | 237/472 kB | 49 kB Progress (3): 202 kB | 241/472 kB | 49 kB Progress (3): 202 kB | 245/472 kB | 49 kB Progress (3): 202 kB | 249/472 kB | 49 kB Progress (3): 202 kB | 253/472 kB | 49 kB Progress (3): 202 kB | 257/472 kB | 49 kB Progress (3): 202 kB | 261/472 kB | 49 kB Progress (3): 202 kB | 266/472 kB | 49 kB Progress (3): 202 kB | 270/472 kB | 49 kB Progress (3): 202 kB | 274/472 kB | 49 kB Progress (3): 202 kB | 278/472 kB | 49 kB Progress (3): 202 kB | 282/472 kB | 49 kB Progress (3): 202 kB | 286/472 kB | 49 kB Progress (3): 202 kB | 290/472 kB | 49 kB Progress (3): 202 kB | 294/472 kB | 49 kB Progress (3): 202 kB | 298/472 kB | 49 kB Progress (3): 202 kB | 302/472 kB | 49 kB Progress (3): 202 kB | 307/472 kB | 49 kB Progress (3): 202 kB | 311/472 kB | 49 kB Progress (3): 202 kB | 315/472 kB | 49 kB Progress (3): 202 kB | 319/472 kB | 49 kB Progress (3): 202 kB | 323/472 kB | 49 kB Progress (3): 202 kB | 327/472 kB | 49 kB Progress (3): 202 kB | 331/472 kB | 49 kB Progress (3): 202 kB | 335/472 kB | 49 kB Progress (3): 202 kB | 339/472 kB | 49 kB Progress (3): 202 kB | 343/472 kB | 49 kB Progress (3): 202 kB | 347/472 kB | 49 kB Progress (3): 202 kB | 352/472 kB | 49 kB Progress (3): 202 kB | 356/472 kB | 49 kB Progress (3): 202 kB | 360/472 kB | 49 kB Progress (3): 202 kB | 364/472 kB | 49 kB Progress (3): 202 kB | 368/472 kB | 49 kB Progress (3): 202 kB | 372/472 kB | 49 kB Progress (3): 202 kB | 376/472 kB | 49 kB Progress (3): 202 kB | 380/472 kB | 49 kB Progress (3): 202 kB | 384/472 kB | 49 kB Progress (3): 202 kB | 388/472 kB | 49 kB Progress (4): 202 kB | 388/472 kB | 49 kB | 4.1/153 kB Progress (4): 202 kB | 393/472 kB | 49 kB | 4.1/153 kB Progress (4): 202 kB | 397/472 kB | 49 kB | 4.1/153 kB Progress (4): 202 kB | 397/472 kB | 49 kB | 7.7/153 kB Progress (4): 202 kB | 401/472 kB | 49 kB | 7.7/153 kB Progress (4): 202 kB | 401/472 kB | 49 kB | 12/153 kB Progress (4): 202 kB | 405/472 kB | 49 kB | 12/153 kB Progress (4): 202 kB | 405/472 kB | 49 kB | 16/153 kB Progress (4): 202 kB | 409/472 kB | 49 kB | 16/153 kB Progress (4): 202 kB | 413/472 kB | 49 kB | 16/153 kB Progress (4): 202 kB | 413/472 kB | 49 kB | 20/153 kB Progress (4): 202 kB | 417/472 kB | 49 kB | 20/153 kB Progress (4): 202 kB | 417/472 kB | 49 kB | 24/153 kB Progress (4): 202 kB | 421/472 kB | 49 kB | 24/153 kB Progress (4): 202 kB | 425/472 kB | 49 kB | 24/153 kB Progress (4): 202 kB | 425/472 kB | 49 kB | 28/153 kB Progress (4): 202 kB | 429/472 kB | 49 kB | 28/153 kB Progress (4): 202 kB | 429/472 kB | 49 kB | 32/153 kB Progress (4): 202 kB | 429/472 kB | 49 kB | 36/153 kB Progress (4): 202 kB | 433/472 kB | 49 kB | 36/153 kB Progress (4): 202 kB | 433/472 kB | 49 kB | 41/153 kB Progress (4): 202 kB | 438/472 kB | 49 kB | 41/153 kB Progress (4): 202 kB | 442/472 kB | 49 kB | 41/153 kB Progress (4): 202 kB | 442/472 kB | 49 kB | 45/153 kB Progress (4): 202 kB | 446/472 kB | 49 kB | 45/153 kB Progress (4): 202 kB | 446/472 kB | 49 kB | 49/153 kB Progress (4): 202 kB | 450/472 kB | 49 kB | 49/153 kB Progress (4): 202 kB | 450/472 kB | 49 kB | 53/153 kB Progress (4): 202 kB | 454/472 kB | 49 kB | 53/153 kB Progress (4): 202 kB | 454/472 kB | 49 kB | 57/153 kB Progress (4): 202 kB | 458/472 kB | 49 kB | 57/153 kB Progress (4): 202 kB | 462/472 kB | 49 kB | 57/153 kB Progress (4): 202 kB | 462/472 kB | 49 kB | 61/153 kB Progress (4): 202 kB | 466/472 kB | 49 kB | 61/153 kB Progress (4): 202 kB | 466/472 kB | 49 kB | 65/153 kB Progress (4): 202 kB | 470/472 kB | 49 kB | 65/153 kB Progress (4): 202 kB | 470/472 kB | 49 kB | 69/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 69/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 73/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 77/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 81/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 86/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 90/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 94/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 98/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 102/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 106/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 110/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 114/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 118/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 122/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 127/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 131/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 135/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 139/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 143/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 147/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 151/153 kB Progress (4): 202 kB | 472 kB | 49 kB | 153 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 5.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Progress (4): 472 kB | 49 kB | 153 kB | 4.1/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 7.7/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 12/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 16/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 20/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 24/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 28/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 32/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 36/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 40/165 kB Progress (4): 472 kB | 49 kB | 153 kB | 44/165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 11 MB/s) Progress (3): 49 kB | 153 kB | 48/165 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Progress (3): 49 kB | 153 kB | 53/165 kB Progress (3): 49 kB | 153 kB | 57/165 kB Progress (3): 49 kB | 153 kB | 61/165 kB Progress (3): 49 kB | 153 kB | 65/165 kB Progress (3): 49 kB | 153 kB | 69/165 kB Progress (3): 49 kB | 153 kB | 73/165 kB Progress (3): 49 kB | 153 kB | 77/165 kB Progress (3): 49 kB | 153 kB | 81/165 kB Progress (3): 49 kB | 153 kB | 85/165 kB Progress (3): 49 kB | 153 kB | 89/165 kB Progress (3): 49 kB | 153 kB | 93/165 kB Progress (3): 49 kB | 153 kB | 98/165 kB Progress (3): 49 kB | 153 kB | 102/165 kB Progress (3): 49 kB | 153 kB | 106/165 kB Progress (3): 49 kB | 153 kB | 110/165 kB Progress (3): 49 kB | 153 kB | 114/165 kB Progress (3): 49 kB | 153 kB | 118/165 kB Progress (3): 49 kB | 153 kB | 122/165 kB Progress (3): 49 kB | 153 kB | 126/165 kB Progress (3): 49 kB | 153 kB | 130/165 kB Progress (3): 49 kB | 153 kB | 134/165 kB Progress (3): 49 kB | 153 kB | 139/165 kB Progress (3): 49 kB | 153 kB | 143/165 kB Progress (3): 49 kB | 153 kB | 147/165 kB Progress (3): 49 kB | 153 kB | 151/165 kB Progress (3): 49 kB | 153 kB | 155/165 kB Progress (3): 49 kB | 153 kB | 159/165 kB Progress (3): 49 kB | 153 kB | 163/165 kB Progress (3): 49 kB | 153 kB | 165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 165 kB | 4.1/47 kB Progress (2): 165 kB | 7.7/47 kB Progress (2): 165 kB | 12/47 kB Progress (2): 165 kB | 16/47 kB Progress (2): 165 kB | 20/47 kB Progress (3): 165 kB | 20/47 kB | 4.1/527 kB Progress (3): 165 kB | 24/47 kB | 4.1/527 kB Progress (3): 165 kB | 24/47 kB | 7.7/527 kB Progress (3): 165 kB | 28/47 kB | 7.7/527 kB Progress (3): 165 kB | 28/47 kB | 12/527 kB Progress (3): 165 kB | 32/47 kB | 12/527 kB Progress (3): 165 kB | 36/47 kB | 12/527 kB Progress (3): 165 kB | 36/47 kB | 16/527 kB Progress (3): 165 kB | 41/47 kB | 16/527 kB Progress (3): 165 kB | 41/47 kB | 20/527 kB Progress (3): 165 kB | 45/47 kB | 20/527 kB Progress (3): 165 kB | 45/47 kB | 24/527 kB Progress (3): 165 kB | 47 kB | 24/527 kB Progress (3): 165 kB | 47 kB | 28/527 kB Progress (3): 165 kB | 47 kB | 32/527 kB Progress (3): 165 kB | 47 kB | 36/527 kB Progress (3): 165 kB | 47 kB | 41/527 kB Progress (3): 165 kB | 47 kB | 45/527 kB Progress (3): 165 kB | 47 kB | 49/527 kB Progress (3): 165 kB | 47 kB | 53/527 kB Progress (3): 165 kB | 47 kB | 57/527 kB Progress (3): 165 kB | 47 kB | 61/527 kB Progress (3): 165 kB | 47 kB | 65/527 kB Progress (3): 165 kB | 47 kB | 69/527 kB Progress (3): 165 kB | 47 kB | 73/527 kB Progress (3): 165 kB | 47 kB | 77/527 kB Progress (3): 165 kB | 47 kB | 81/527 kB Progress (3): 165 kB | 47 kB | 86/527 kB Progress (3): 165 kB | 47 kB | 90/527 kB Progress (3): 165 kB | 47 kB | 94/527 kB Progress (3): 165 kB | 47 kB | 98/527 kB Progress (3): 165 kB | 47 kB | 102/527 kB Progress (3): 165 kB | 47 kB | 106/527 kB Progress (3): 165 kB | 47 kB | 110/527 kB Progress (3): 165 kB | 47 kB | 114/527 kB Progress (3): 165 kB | 47 kB | 118/527 kB Progress (3): 165 kB | 47 kB | 122/527 kB Progress (3): 165 kB | 47 kB | 127/527 kB Progress (3): 165 kB | 47 kB | 131/527 kB Progress (3): 165 kB | 47 kB | 135/527 kB Progress (3): 165 kB | 47 kB | 139/527 kB Progress (3): 165 kB | 47 kB | 143/527 kB Progress (3): 165 kB | 47 kB | 147/527 kB Progress (3): 165 kB | 47 kB | 151/527 kB Progress (3): 165 kB | 47 kB | 155/527 kB Progress (3): 165 kB | 47 kB | 159/527 kB Progress (3): 165 kB | 47 kB | 163/527 kB Progress (3): 165 kB | 47 kB | 167/527 kB Progress (3): 165 kB | 47 kB | 172/527 kB Progress (3): 165 kB | 47 kB | 176/527 kB Progress (3): 165 kB | 47 kB | 180/527 kB Progress (3): 165 kB | 47 kB | 184/527 kB Progress (3): 165 kB | 47 kB | 188/527 kB Progress (3): 165 kB | 47 kB | 192/527 kB Progress (3): 165 kB | 47 kB | 196/527 kB Progress (3): 165 kB | 47 kB | 200/527 kB Progress (3): 165 kB | 47 kB | 204/527 kB Progress (3): 165 kB | 47 kB | 208/527 kB Progress (3): 165 kB | 47 kB | 213/527 kB Progress (3): 165 kB | 47 kB | 217/527 kB Progress (3): 165 kB | 47 kB | 221/527 kB Progress (3): 165 kB | 47 kB | 225/527 kB Progress (3): 165 kB | 47 kB | 229/527 kB Progress (3): 165 kB | 47 kB | 233/527 kB Progress (3): 165 kB | 47 kB | 237/527 kB Progress (3): 165 kB | 47 kB | 241/527 kB Progress (3): 165 kB | 47 kB | 245/527 kB Progress (3): 165 kB | 47 kB | 249/527 kB Progress (3): 165 kB | 47 kB | 254/527 kB Progress (3): 165 kB | 47 kB | 258/527 kB Progress (3): 165 kB | 47 kB | 262/527 kB Progress (3): 165 kB | 47 kB | 266/527 kB Progress (3): 165 kB | 47 kB | 270/527 kB Progress (3): 165 kB | 47 kB | 274/527 kB Progress (3): 165 kB | 47 kB | 278/527 kB Progress (3): 165 kB | 47 kB | 282/527 kB Progress (3): 165 kB | 47 kB | 286/527 kB Progress (3): 165 kB | 47 kB | 290/527 kB Progress (3): 165 kB | 47 kB | 294/527 kB Progress (3): 165 kB | 47 kB | 299/527 kB Progress (3): 165 kB | 47 kB | 303/527 kB Progress (3): 165 kB | 47 kB | 307/527 kB Progress (3): 165 kB | 47 kB | 311/527 kB Progress (3): 165 kB | 47 kB | 315/527 kB Progress (3): 165 kB | 47 kB | 319/527 kB Progress (3): 165 kB | 47 kB | 323/527 kB Progress (3): 165 kB | 47 kB | 327/527 kB Progress (3): 165 kB | 47 kB | 331/527 kB Progress (3): 165 kB | 47 kB | 335/527 kB Progress (3): 165 kB | 47 kB | 340/527 kB Progress (3): 165 kB | 47 kB | 344/527 kB Progress (3): 165 kB | 47 kB | 348/527 kB Progress (3): 165 kB | 47 kB | 352/527 kB Progress (3): 165 kB | 47 kB | 356/527 kB Progress (3): 165 kB | 47 kB | 360/527 kB Progress (3): 165 kB | 47 kB | 364/527 kB Progress (3): 165 kB | 47 kB | 368/527 kB Progress (3): 165 kB | 47 kB | 372/527 kB Progress (3): 165 kB | 47 kB | 376/527 kB Progress (3): 165 kB | 47 kB | 380/527 kB Progress (3): 165 kB | 47 kB | 385/527 kB Progress (3): 165 kB | 47 kB | 389/527 kB Progress (3): 165 kB | 47 kB | 393/527 kB Progress (3): 165 kB | 47 kB | 397/527 kB Progress (3): 165 kB | 47 kB | 401/527 kB Progress (3): 165 kB | 47 kB | 405/527 kB Progress (3): 165 kB | 47 kB | 409/527 kB Progress (3): 165 kB | 47 kB | 413/527 kB Progress (3): 165 kB | 47 kB | 417/527 kB Progress (3): 165 kB | 47 kB | 421/527 kB Progress (3): 165 kB | 47 kB | 426/527 kB Progress (3): 165 kB | 47 kB | 430/527 kB Progress (3): 165 kB | 47 kB | 434/527 kB Progress (3): 165 kB | 47 kB | 438/527 kB Progress (3): 165 kB | 47 kB | 442/527 kB Progress (3): 165 kB | 47 kB | 446/527 kB Progress (3): 165 kB | 47 kB | 450/527 kB Progress (3): 165 kB | 47 kB | 454/527 kB Progress (3): 165 kB | 47 kB | 458/527 kB Progress (3): 165 kB | 47 kB | 462/527 kB Progress (3): 165 kB | 47 kB | 466/527 kB Progress (3): 165 kB | 47 kB | 471/527 kB Progress (3): 165 kB | 47 kB | 475/527 kB Progress (3): 165 kB | 47 kB | 479/527 kB Progress (3): 165 kB | 47 kB | 483/527 kB Progress (3): 165 kB | 47 kB | 487/527 kB Progress (3): 165 kB | 47 kB | 491/527 kB Progress (3): 165 kB | 47 kB | 495/527 kB Progress (3): 165 kB | 47 kB | 499/527 kB Progress (3): 165 kB | 47 kB | 503/527 kB Progress (3): 165 kB | 47 kB | 507/527 kB Progress (3): 165 kB | 47 kB | 512/527 kB Progress (3): 165 kB | 47 kB | 514/527 kB Progress (3): 165 kB | 47 kB | 518/527 kB Progress (3): 165 kB | 47 kB | 522/527 kB Progress (3): 165 kB | 47 kB | 526/527 kB Progress (3): 165 kB | 47 kB | 527 kB Progress (4): 165 kB | 47 kB | 527 kB | 4.1/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 7.7/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 12/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 16/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 20/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 24/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 28/30 kB Progress (4): 165 kB | 47 kB | 527 kB | 30 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 4.1/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 7.7/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 12/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 16/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 20/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 24/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 28/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 32/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 36/38 kB Progress (5): 165 kB | 47 kB | 527 kB | 30 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 606 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 415 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Progress (2): 14 kB | 3.4/148 kB Progress (2): 14 kB | 7.5/148 kB Progress (2): 14 kB | 12/148 kB Progress (2): 14 kB | 16/148 kB Progress (2): 14 kB | 20/148 kB Progress (2): 14 kB | 24/148 kB Progress (2): 14 kB | 28/148 kB Progress (2): 14 kB | 32/148 kB Progress (2): 14 kB | 36/148 kB Progress (2): 14 kB | 40/148 kB Progress (2): 14 kB | 44/148 kB Progress (2): 14 kB | 48/148 kB Progress (2): 14 kB | 53/148 kB Progress (2): 14 kB | 57/148 kB Progress (2): 14 kB | 61/148 kB Progress (2): 14 kB | 65/148 kB Progress (2): 14 kB | 69/148 kB Progress (2): 14 kB | 73/148 kB Progress (2): 14 kB | 77/148 kB Progress (2): 14 kB | 81/148 kB Progress (2): 14 kB | 85/148 kB Progress (2): 14 kB | 89/148 kB Progress (2): 14 kB | 94/148 kB Progress (2): 14 kB | 98/148 kB Progress (2): 14 kB | 102/148 kB Progress (2): 14 kB | 106/148 kB Progress (2): 14 kB | 110/148 kB Progress (2): 14 kB | 114/148 kB Progress (2): 14 kB | 118/148 kB Progress (2): 14 kB | 122/148 kB Progress (2): 14 kB | 126/148 kB Progress (2): 14 kB | 130/148 kB Progress (2): 14 kB | 134/148 kB Progress (2): 14 kB | 139/148 kB Progress (2): 14 kB | 143/148 kB Progress (2): 14 kB | 147/148 kB Progress (2): 14 kB | 148 kB Progress (3): 14 kB | 148 kB | 4.1/106 kB Progress (3): 14 kB | 148 kB | 8.2/106 kB Progress (3): 14 kB | 148 kB | 12/106 kB Progress (3): 14 kB | 148 kB | 16/106 kB Progress (3): 14 kB | 148 kB | 20/106 kB Progress (3): 14 kB | 148 kB | 25/106 kB Progress (3): 14 kB | 148 kB | 29/106 kB Progress (3): 14 kB | 148 kB | 33/106 kB Progress (3): 14 kB | 148 kB | 37/106 kB Progress (3): 14 kB | 148 kB | 41/106 kB Progress (3): 14 kB | 148 kB | 45/106 kB Progress (3): 14 kB | 148 kB | 49/106 kB Progress (3): 14 kB | 148 kB | 53/106 kB Progress (3): 14 kB | 148 kB | 57/106 kB Progress (3): 14 kB | 148 kB | 61/106 kB Progress (3): 14 kB | 148 kB | 66/106 kB Progress (3): 14 kB | 148 kB | 70/106 kB Progress (3): 14 kB | 148 kB | 74/106 kB Progress (3): 14 kB | 148 kB | 78/106 kB Progress (3): 14 kB | 148 kB | 82/106 kB Progress (3): 14 kB | 148 kB | 86/106 kB Progress (3): 14 kB | 148 kB | 90/106 kB Progress (3): 14 kB | 148 kB | 94/106 kB Progress (3): 14 kB | 148 kB | 98/106 kB Progress (3): 14 kB | 148 kB | 102/106 kB Progress (3): 14 kB | 148 kB | 106 kB Progress (4): 14 kB | 148 kB | 106 kB | 4.1/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 7.7/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 12/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 16/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 20/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 24/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 28/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 32/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 36/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 40/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 44/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 48/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 53/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 57/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 61/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 65/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 69/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 73/74 kB Progress (4): 14 kB | 148 kB | 106 kB | 74 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 4.1/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 7.7/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 12/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 16/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 20/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 24/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 28/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 32/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 36/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 40/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 44/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 48/51 kB Progress (5): 14 kB | 148 kB | 106 kB | 74 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 843 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (3): 74 kB | 51 kB | 4.1/61 kB Progress (3): 74 kB | 51 kB | 7.7/61 kB Progress (3): 74 kB | 51 kB | 12/61 kB Progress (3): 74 kB | 51 kB | 16/61 kB Progress (3): 74 kB | 51 kB | 20/61 kB Progress (3): 74 kB | 51 kB | 24/61 kB Progress (3): 74 kB | 51 kB | 28/61 kB Progress (3): 74 kB | 51 kB | 32/61 kB Progress (3): 74 kB | 51 kB | 36/61 kB Progress (3): 74 kB | 51 kB | 41/61 kB Progress (3): 74 kB | 51 kB | 45/61 kB Progress (3): 74 kB | 51 kB | 49/61 kB Progress (3): 74 kB | 51 kB | 53/61 kB Progress (3): 74 kB | 51 kB | 57/61 kB Progress (3): 74 kB | 51 kB | 61/61 kB Progress (3): 74 kB | 51 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 541 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (3): 51 kB | 61 kB | 4.1/108 kB Progress (3): 51 kB | 61 kB | 7.7/108 kB Progress (3): 51 kB | 61 kB | 12/108 kB Progress (3): 51 kB | 61 kB | 16/108 kB Progress (3): 51 kB | 61 kB | 20/108 kB Progress (3): 51 kB | 61 kB | 24/108 kB Progress (3): 51 kB | 61 kB | 28/108 kB Progress (3): 51 kB | 61 kB | 32/108 kB Progress (3): 51 kB | 61 kB | 36/108 kB Progress (3): 51 kB | 61 kB | 41/108 kB Progress (3): 51 kB | 61 kB | 45/108 kB Progress (3): 51 kB | 61 kB | 49/108 kB Progress (3): 51 kB | 61 kB | 53/108 kB Progress (3): 51 kB | 61 kB | 57/108 kB Progress (3): 51 kB | 61 kB | 61/108 kB Progress (3): 51 kB | 61 kB | 65/108 kB Progress (3): 51 kB | 61 kB | 69/108 kB Progress (3): 51 kB | 61 kB | 73/108 kB Progress (3): 51 kB | 61 kB | 77/108 kB Progress (3): 51 kB | 61 kB | 81/108 kB Progress (3): 51 kB | 61 kB | 86/108 kB Progress (3): 51 kB | 61 kB | 90/108 kB Progress (3): 51 kB | 61 kB | 94/108 kB Progress (3): 51 kB | 61 kB | 98/108 kB Progress (3): 51 kB | 61 kB | 102/108 kB Progress (3): 51 kB | 61 kB | 106/108 kB Progress (3): 51 kB | 61 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 351 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (3): 61 kB | 108 kB | 4.1/46 kB Progress (3): 61 kB | 108 kB | 7.7/46 kB Progress (3): 61 kB | 108 kB | 12/46 kB Progress (3): 61 kB | 108 kB | 16/46 kB Progress (3): 61 kB | 108 kB | 20/46 kB Progress (3): 61 kB | 108 kB | 24/46 kB Progress (3): 61 kB | 108 kB | 28/46 kB Progress (3): 61 kB | 108 kB | 32/46 kB Progress (3): 61 kB | 108 kB | 36/46 kB Progress (3): 61 kB | 108 kB | 41/46 kB Progress (3): 61 kB | 108 kB | 45/46 kB Progress (3): 61 kB | 108 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 399 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 675 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (2): 46 kB | 4.1/4.2 kB Progress (2): 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (2): 4.2 kB | 4.1/13 kB Progress (2): 4.2 kB | 7.7/13 kB Progress (2): 4.2 kB | 12/13 kB Progress (2): 4.2 kB | 13 kB Progress (3): 4.2 kB | 13 kB | 4.1/52 kB Progress (3): 4.2 kB | 13 kB | 7.7/52 kB Progress (3): 4.2 kB | 13 kB | 12/52 kB Progress (3): 4.2 kB | 13 kB | 16/52 kB Progress (3): 4.2 kB | 13 kB | 20/52 kB Progress (3): 4.2 kB | 13 kB | 24/52 kB Progress (3): 4.2 kB | 13 kB | 28/52 kB Progress (3): 4.2 kB | 13 kB | 32/52 kB Progress (3): 4.2 kB | 13 kB | 36/52 kB Progress (3): 4.2 kB | 13 kB | 41/52 kB Progress (3): 4.2 kB | 13 kB | 45/52 kB Progress (3): 4.2 kB | 13 kB | 49/52 kB Progress (3): 4.2 kB | 13 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 22 kB/s) Progress (3): 13 kB | 52 kB | 4.1/29 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (3): 13 kB | 52 kB | 7.7/29 kB Progress (3): 13 kB | 52 kB | 12/29 kB Progress (3): 13 kB | 52 kB | 16/29 kB Progress (3): 13 kB | 52 kB | 20/29 kB Progress (3): 13 kB | 52 kB | 24/29 kB Progress (3): 13 kB | 52 kB | 28/29 kB Progress (3): 13 kB | 52 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (2): 29 kB | 4.1/263 kB Progress (2): 29 kB | 7.7/263 kB Progress (2): 29 kB | 12/263 kB Progress (2): 29 kB | 16/263 kB Progress (2): 29 kB | 20/263 kB Progress (2): 29 kB | 24/263 kB Progress (2): 29 kB | 28/263 kB Progress (2): 29 kB | 32/263 kB Progress (2): 29 kB | 36/263 kB Progress (2): 29 kB | 41/263 kB Progress (2): 29 kB | 45/263 kB Progress (2): 29 kB | 49/263 kB Progress (2): 29 kB | 53/263 kB Progress (2): 29 kB | 57/263 kB Progress (2): 29 kB | 61/263 kB Progress (2): 29 kB | 65/263 kB Progress (2): 29 kB | 69/263 kB Progress (2): 29 kB | 73/263 kB Progress (2): 29 kB | 77/263 kB Progress (2): 29 kB | 81/263 kB Progress (2): 29 kB | 86/263 kB Progress (2): 29 kB | 90/263 kB Progress (2): 29 kB | 94/263 kB Progress (2): 29 kB | 98/263 kB Progress (2): 29 kB | 102/263 kB Progress (2): 29 kB | 106/263 kB Progress (2): 29 kB | 110/263 kB Progress (2): 29 kB | 114/263 kB Progress (2): 29 kB | 118/263 kB Progress (2): 29 kB | 122/263 kB Progress (2): 29 kB | 127/263 kB Progress (2): 29 kB | 131/263 kB Progress (2): 29 kB | 135/263 kB Progress (2): 29 kB | 139/263 kB Progress (2): 29 kB | 143/263 kB Progress (2): 29 kB | 147/263 kB Progress (2): 29 kB | 151/263 kB Progress (2): 29 kB | 155/263 kB Progress (2): 29 kB | 159/263 kB Progress (2): 29 kB | 163/263 kB Progress (2): 29 kB | 167/263 kB Progress (2): 29 kB | 172/263 kB Progress (2): 29 kB | 176/263 kB Progress (2): 29 kB | 180/263 kB Progress (2): 29 kB | 184/263 kB Progress (2): 29 kB | 188/263 kB Progress (2): 29 kB | 192/263 kB Progress (2): 29 kB | 196/263 kB Progress (2): 29 kB | 200/263 kB Progress (2): 29 kB | 204/263 kB Progress (2): 29 kB | 208/263 kB Progress (2): 29 kB | 213/263 kB Progress (2): 29 kB | 217/263 kB Progress (2): 29 kB | 221/263 kB Progress (2): 29 kB | 225/263 kB Progress (2): 29 kB | 229/263 kB Progress (2): 29 kB | 233/263 kB Progress (2): 29 kB | 237/263 kB Progress (2): 29 kB | 241/263 kB Progress (2): 29 kB | 245/263 kB Progress (2): 29 kB | 249/263 kB Progress (2): 29 kB | 253/263 kB Progress (2): 29 kB | 258/263 kB Progress (2): 29 kB | 262/263 kB Progress (2): 29 kB | 263 kB Progress (3): 29 kB | 263 kB | 4.1/164 kB Progress (3): 29 kB | 263 kB | 7.7/164 kB Progress (3): 29 kB | 263 kB | 12/164 kB Progress (3): 29 kB | 263 kB | 16/164 kB Progress (3): 29 kB | 263 kB | 20/164 kB Progress (3): 29 kB | 263 kB | 24/164 kB Progress (3): 29 kB | 263 kB | 28/164 kB Progress (3): 29 kB | 263 kB | 32/164 kB Progress (3): 29 kB | 263 kB | 36/164 kB Progress (3): 29 kB | 263 kB | 41/164 kB Progress (3): 29 kB | 263 kB | 45/164 kB Progress (3): 29 kB | 263 kB | 49/164 kB Progress (3): 29 kB | 263 kB | 53/164 kB Progress (3): 29 kB | 263 kB | 57/164 kB Progress (4): 29 kB | 263 kB | 57/164 kB | 4.1/61 kB Progress (4): 29 kB | 263 kB | 61/164 kB | 4.1/61 kB Progress (4): 29 kB | 263 kB | 65/164 kB | 4.1/61 kB Progress (4): 29 kB | 263 kB | 65/164 kB | 7.7/61 kB Progress (4): 29 kB | 263 kB | 69/164 kB | 7.7/61 kB Progress (4): 29 kB | 263 kB | 69/164 kB | 12/61 kB Progress (4): 29 kB | 263 kB | 73/164 kB | 12/61 kB Progress (4): 29 kB | 263 kB | 73/164 kB | 16/61 kB Progress (4): 29 kB | 263 kB | 77/164 kB | 16/61 kB Progress (4): 29 kB | 263 kB | 81/164 kB | 16/61 kB Progress (4): 29 kB | 263 kB | 81/164 kB | 20/61 kB Progress (4): 29 kB | 263 kB | 86/164 kB | 20/61 kB Progress (4): 29 kB | 263 kB | 86/164 kB | 24/61 kB Progress (4): 29 kB | 263 kB | 90/164 kB | 24/61 kB Progress (4): 29 kB | 263 kB | 90/164 kB | 28/61 kB Progress (4): 29 kB | 263 kB | 94/164 kB | 28/61 kB Progress (4): 29 kB | 263 kB | 94/164 kB | 32/61 kB Progress (4): 29 kB | 263 kB | 98/164 kB | 32/61 kB Progress (4): 29 kB | 263 kB | 98/164 kB | 36/61 kB Progress (4): 29 kB | 263 kB | 102/164 kB | 36/61 kB Progress (4): 29 kB | 263 kB | 102/164 kB | 41/61 kB Progress (4): 29 kB | 263 kB | 106/164 kB | 41/61 kB Progress (4): 29 kB | 263 kB | 106/164 kB | 45/61 kB Progress (4): 29 kB | 263 kB | 110/164 kB | 45/61 kB Progress (4): 29 kB | 263 kB | 110/164 kB | 49/61 kB Progress (4): 29 kB | 263 kB | 114/164 kB | 49/61 kB Progress (4): 29 kB | 263 kB | 114/164 kB | 53/61 kB Progress (4): 29 kB | 263 kB | 118/164 kB | 53/61 kB Progress (4): 29 kB | 263 kB | 118/164 kB | 57/61 kB Progress (4): 29 kB | 263 kB | 122/164 kB | 57/61 kB Progress (4): 29 kB | 263 kB | 122/164 kB | 61/61 kB Progress (4): 29 kB | 263 kB | 127/164 kB | 61/61 kB Progress (4): 29 kB | 263 kB | 131/164 kB | 61/61 kB Progress (4): 29 kB | 263 kB | 135/164 kB | 61/61 kB Progress (4): 29 kB | 263 kB | 135/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 139/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 143/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 147/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 151/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 155/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 159/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 163/164 kB | 61 kB Progress (4): 29 kB | 263 kB | 164 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 128 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Progress (3): 164 kB | 61 kB | 4.1/120 kB Progress (3): 164 kB | 61 kB | 7.7/120 kB Progress (3): 164 kB | 61 kB | 12/120 kB Progress (3): 164 kB | 61 kB | 16/120 kB Progress (3): 164 kB | 61 kB | 20/120 kB Progress (3): 164 kB | 61 kB | 24/120 kB Progress (3): 164 kB | 61 kB | 28/120 kB Progress (3): 164 kB | 61 kB | 32/120 kB Progress (3): 164 kB | 61 kB | 36/120 kB Progress (3): 164 kB | 61 kB | 41/120 kB Progress (3): 164 kB | 61 kB | 45/120 kB Progress (3): 164 kB | 61 kB | 49/120 kB Progress (3): 164 kB | 61 kB | 53/120 kB Progress (3): 164 kB | 61 kB | 57/120 kB Progress (3): 164 kB | 61 kB | 61/120 kB Progress (3): 164 kB | 61 kB | 65/120 kB Progress (3): 164 kB | 61 kB | 69/120 kB Progress (3): 164 kB | 61 kB | 73/120 kB Progress (3): 164 kB | 61 kB | 77/120 kB Progress (3): 164 kB | 61 kB | 81/120 kB Progress (3): 164 kB | 61 kB | 86/120 kB Progress (3): 164 kB | 61 kB | 90/120 kB Progress (3): 164 kB | 61 kB | 94/120 kB Progress (3): 164 kB | 61 kB | 98/120 kB Progress (3): 164 kB | 61 kB | 102/120 kB Progress (3): 164 kB | 61 kB | 106/120 kB Progress (3): 164 kB | 61 kB | 110/120 kB Progress (3): 164 kB | 61 kB | 114/120 kB Progress (3): 164 kB | 61 kB | 118/120 kB Progress (3): 164 kB | 61 kB | 120 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (3): 164 kB | 120 kB | 4.1/26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 668 kB/s) Progress (2): 120 kB | 7.7/26 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 120 kB | 12/26 kB Progress (2): 120 kB | 16/26 kB Progress (2): 120 kB | 20/26 kB Progress (2): 120 kB | 24/26 kB Progress (2): 120 kB | 26 kB Progress (3): 120 kB | 26 kB | 4.1/335 kB Progress (3): 120 kB | 26 kB | 7.7/335 kB Progress (3): 120 kB | 26 kB | 12/335 kB Progress (3): 120 kB | 26 kB | 16/335 kB Progress (3): 120 kB | 26 kB | 20/335 kB Progress (3): 120 kB | 26 kB | 24/335 kB Progress (3): 120 kB | 26 kB | 28/335 kB Progress (3): 120 kB | 26 kB | 32/335 kB Progress (3): 120 kB | 26 kB | 36/335 kB Progress (3): 120 kB | 26 kB | 41/335 kB Progress (3): 120 kB | 26 kB | 45/335 kB Progress (3): 120 kB | 26 kB | 49/335 kB Progress (3): 120 kB | 26 kB | 53/335 kB Progress (3): 120 kB | 26 kB | 57/335 kB Progress (3): 120 kB | 26 kB | 61/335 kB Progress (3): 120 kB | 26 kB | 65/335 kB Progress (3): 120 kB | 26 kB | 69/335 kB Progress (3): 120 kB | 26 kB | 73/335 kB Progress (3): 120 kB | 26 kB | 77/335 kB Progress (3): 120 kB | 26 kB | 81/335 kB Progress (3): 120 kB | 26 kB | 86/335 kB Progress (3): 120 kB | 26 kB | 90/335 kB Progress (3): 120 kB | 26 kB | 94/335 kB Progress (3): 120 kB | 26 kB | 98/335 kB Progress (3): 120 kB | 26 kB | 102/335 kB Progress (3): 120 kB | 26 kB | 106/335 kB Progress (3): 120 kB | 26 kB | 110/335 kB Progress (3): 120 kB | 26 kB | 114/335 kB Progress (3): 120 kB | 26 kB | 118/335 kB Progress (3): 120 kB | 26 kB | 122/335 kB Progress (3): 120 kB | 26 kB | 127/335 kB Progress (3): 120 kB | 26 kB | 131/335 kB Progress (3): 120 kB | 26 kB | 135/335 kB Progress (3): 120 kB | 26 kB | 139/335 kB Progress (3): 120 kB | 26 kB | 143/335 kB Progress (3): 120 kB | 26 kB | 147/335 kB Progress (3): 120 kB | 26 kB | 151/335 kB Progress (3): 120 kB | 26 kB | 155/335 kB Progress (3): 120 kB | 26 kB | 159/335 kB Progress (3): 120 kB | 26 kB | 163/335 kB Progress (3): 120 kB | 26 kB | 167/335 kB Progress (3): 120 kB | 26 kB | 172/335 kB Progress (3): 120 kB | 26 kB | 176/335 kB Progress (3): 120 kB | 26 kB | 180/335 kB Progress (3): 120 kB | 26 kB | 184/335 kB Progress (3): 120 kB | 26 kB | 188/335 kB Progress (3): 120 kB | 26 kB | 192/335 kB Progress (3): 120 kB | 26 kB | 196/335 kB Progress (3): 120 kB | 26 kB | 200/335 kB Progress (3): 120 kB | 26 kB | 204/335 kB Progress (3): 120 kB | 26 kB | 208/335 kB Progress (3): 120 kB | 26 kB | 213/335 kB Progress (3): 120 kB | 26 kB | 217/335 kB Progress (3): 120 kB | 26 kB | 221/335 kB Progress (3): 120 kB | 26 kB | 225/335 kB Progress (3): 120 kB | 26 kB | 229/335 kB Progress (3): 120 kB | 26 kB | 233/335 kB Progress (3): 120 kB | 26 kB | 237/335 kB Progress (3): 120 kB | 26 kB | 241/335 kB Progress (3): 120 kB | 26 kB | 245/335 kB Progress (3): 120 kB | 26 kB | 249/335 kB Progress (3): 120 kB | 26 kB | 254/335 kB Progress (3): 120 kB | 26 kB | 258/335 kB Progress (3): 120 kB | 26 kB | 262/335 kB Progress (3): 120 kB | 26 kB | 266/335 kB Progress (3): 120 kB | 26 kB | 270/335 kB Progress (3): 120 kB | 26 kB | 274/335 kB Progress (3): 120 kB | 26 kB | 278/335 kB Progress (3): 120 kB | 26 kB | 282/335 kB Progress (3): 120 kB | 26 kB | 286/335 kB Progress (3): 120 kB | 26 kB | 290/335 kB Progress (3): 120 kB | 26 kB | 294/335 kB Progress (3): 120 kB | 26 kB | 299/335 kB Progress (3): 120 kB | 26 kB | 303/335 kB Progress (3): 120 kB | 26 kB | 307/335 kB Progress (3): 120 kB | 26 kB | 311/335 kB Progress (3): 120 kB | 26 kB | 315/335 kB Progress (3): 120 kB | 26 kB | 319/335 kB Progress (3): 120 kB | 26 kB | 323/335 kB Progress (3): 120 kB | 26 kB | 327/335 kB Progress (3): 120 kB | 26 kB | 331/335 kB Progress (3): 120 kB | 26 kB | 335 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Progress (2): 120 kB | 4.1/122 kB Progress (2): 120 kB | 8.2/122 kB Progress (2): 120 kB | 12/122 kB Progress (2): 120 kB | 16/122 kB Progress (2): 120 kB | 20/122 kB Progress (2): 120 kB | 25/122 kB Progress (2): 120 kB | 29/122 kB Progress (2): 120 kB | 33/122 kB Progress (2): 120 kB | 37/122 kB Progress (2): 120 kB | 41/122 kB Progress (2): 120 kB | 45/122 kB Progress (2): 120 kB | 49/122 kB Progress (2): 120 kB | 53/122 kB Progress (2): 120 kB | 57/122 kB Progress (2): 120 kB | 61/122 kB Progress (2): 120 kB | 66/122 kB Progress (2): 120 kB | 70/122 kB Progress (2): 120 kB | 74/122 kB Progress (2): 120 kB | 78/122 kB Progress (2): 120 kB | 82/122 kB Progress (2): 120 kB | 86/122 kB Progress (2): 120 kB | 90/122 kB Progress (2): 120 kB | 94/122 kB Progress (2): 120 kB | 98/122 kB Progress (2): 120 kB | 102/122 kB Progress (2): 120 kB | 106/122 kB Progress (2): 120 kB | 111/122 kB Progress (2): 120 kB | 115/122 kB Progress (2): 120 kB | 119/122 kB Progress (2): 120 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 438 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Progress (2): 122 kB | 4.1/72 kB Progress (2): 122 kB | 7.7/72 kB Progress (2): 122 kB | 12/72 kB Progress (2): 122 kB | 16/72 kB Progress (2): 122 kB | 20/72 kB Progress (2): 122 kB | 24/72 kB Progress (2): 122 kB | 28/72 kB Progress (2): 122 kB | 32/72 kB Progress (2): 122 kB | 36/72 kB Progress (2): 122 kB | 41/72 kB Progress (2): 122 kB | 45/72 kB Progress (2): 122 kB | 49/72 kB Progress (2): 122 kB | 53/72 kB Progress (2): 122 kB | 57/72 kB Progress (2): 122 kB | 61/72 kB Progress (2): 122 kB | 65/72 kB Progress (2): 122 kB | 69/72 kB Progress (2): 122 kB | 72 kB Progress (3): 122 kB | 72 kB | 4.1/53 kB Progress (3): 122 kB | 72 kB | 7.7/53 kB Progress (3): 122 kB | 72 kB | 12/53 kB Progress (3): 122 kB | 72 kB | 16/53 kB Progress (3): 122 kB | 72 kB | 20/53 kB Progress (3): 122 kB | 72 kB | 24/53 kB Progress (3): 122 kB | 72 kB | 28/53 kB Progress (3): 122 kB | 72 kB | 32/53 kB Progress (3): 122 kB | 72 kB | 36/53 kB Progress (3): 122 kB | 72 kB | 41/53 kB Progress (3): 122 kB | 72 kB | 45/53 kB Progress (3): 122 kB | 72 kB | 49/53 kB Progress (3): 122 kB | 72 kB | 53 kB Progress (4): 122 kB | 72 kB | 53 kB | 4.1/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 7.5/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 12/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 16/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 20/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 24/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 28/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 32/33 kB Progress (4): 122 kB | 72 kB | 53 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 414 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (1): 4.1/37 kB Progress (1): 7.7/37 kB Progress (1): 12/37 kB Progress (1): 16/37 kB Progress (1): 20/37 kB Progress (1): 24/37 kB Progress (1): 28/37 kB Progress (1): 32/37 kB Progress (1): 36/37 kB Progress (1): 37 kB Progress (2): 37 kB | 4.1/134 kB Progress (2): 37 kB | 7.7/134 kB Progress (2): 37 kB | 12/134 kB Progress (2): 37 kB | 16/134 kB Progress (2): 37 kB | 20/134 kB Progress (2): 37 kB | 24/134 kB Progress (2): 37 kB | 28/134 kB Progress (2): 37 kB | 32/134 kB Progress (2): 37 kB | 36/134 kB Progress (2): 37 kB | 41/134 kB Progress (2): 37 kB | 45/134 kB Progress (2): 37 kB | 49/134 kB Progress (2): 37 kB | 53/134 kB Progress (2): 37 kB | 57/134 kB Progress (2): 37 kB | 61/134 kB Progress (2): 37 kB | 65/134 kB Progress (3): 37 kB | 65/134 kB | 4.1/215 kB Progress (3): 37 kB | 65/134 kB | 7.7/215 kB Progress (3): 37 kB | 69/134 kB | 7.7/215 kB Progress (3): 37 kB | 69/134 kB | 12/215 kB Progress (3): 37 kB | 73/134 kB | 12/215 kB Progress (3): 37 kB | 73/134 kB | 16/215 kB Progress (3): 37 kB | 77/134 kB | 16/215 kB Progress (3): 37 kB | 81/134 kB | 16/215 kB Progress (3): 37 kB | 81/134 kB | 20/215 kB Progress (3): 37 kB | 81/134 kB | 24/215 kB Progress (3): 37 kB | 86/134 kB | 24/215 kB Progress (3): 37 kB | 90/134 kB | 24/215 kB Progress (3): 37 kB | 90/134 kB | 28/215 kB Progress (3): 37 kB | 94/134 kB | 28/215 kB Progress (3): 37 kB | 94/134 kB | 32/215 kB Progress (3): 37 kB | 98/134 kB | 32/215 kB Progress (3): 37 kB | 98/134 kB | 36/215 kB Progress (3): 37 kB | 98/134 kB | 41/215 kB Progress (3): 37 kB | 102/134 kB | 41/215 kB Progress (3): 37 kB | 102/134 kB | 45/215 kB Progress (3): 37 kB | 106/134 kB | 45/215 kB Progress (3): 37 kB | 106/134 kB | 49/215 kB Progress (3): 37 kB | 110/134 kB | 49/215 kB Progress (3): 37 kB | 110/134 kB | 53/215 kB Progress (3): 37 kB | 114/134 kB | 53/215 kB Progress (3): 37 kB | 114/134 kB | 57/215 kB Progress (3): 37 kB | 118/134 kB | 57/215 kB Progress (3): 37 kB | 122/134 kB | 57/215 kB Progress (3): 37 kB | 122/134 kB | 61/215 kB Progress (3): 37 kB | 127/134 kB | 61/215 kB Progress (3): 37 kB | 127/134 kB | 65/215 kB Progress (3): 37 kB | 131/134 kB | 65/215 kB Progress (3): 37 kB | 131/134 kB | 69/215 kB Progress (3): 37 kB | 134 kB | 69/215 kB Progress (3): 37 kB | 134 kB | 73/215 kB Progress (3): 37 kB | 134 kB | 77/215 kB Progress (3): 37 kB | 134 kB | 81/215 kB Progress (3): 37 kB | 134 kB | 86/215 kB Progress (3): 37 kB | 134 kB | 90/215 kB Progress (3): 37 kB | 134 kB | 94/215 kB Progress (3): 37 kB | 134 kB | 98/215 kB Progress (3): 37 kB | 134 kB | 102/215 kB Progress (3): 37 kB | 134 kB | 106/215 kB Progress (3): 37 kB | 134 kB | 110/215 kB Progress (3): 37 kB | 134 kB | 114/215 kB Progress (3): 37 kB | 134 kB | 118/215 kB Progress (3): 37 kB | 134 kB | 122/215 kB Progress (3): 37 kB | 134 kB | 127/215 kB Progress (3): 37 kB | 134 kB | 131/215 kB Progress (3): 37 kB | 134 kB | 135/215 kB Progress (3): 37 kB | 134 kB | 139/215 kB Progress (3): 37 kB | 134 kB | 143/215 kB Progress (3): 37 kB | 134 kB | 147/215 kB Progress (3): 37 kB | 134 kB | 151/215 kB Progress (3): 37 kB | 134 kB | 155/215 kB Progress (3): 37 kB | 134 kB | 159/215 kB Progress (3): 37 kB | 134 kB | 163/215 kB Progress (3): 37 kB | 134 kB | 167/215 kB Progress (3): 37 kB | 134 kB | 172/215 kB Progress (3): 37 kB | 134 kB | 176/215 kB Progress (3): 37 kB | 134 kB | 180/215 kB Progress (3): 37 kB | 134 kB | 184/215 kB Progress (3): 37 kB | 134 kB | 188/215 kB Progress (3): 37 kB | 134 kB | 192/215 kB Progress (3): 37 kB | 134 kB | 196/215 kB Progress (3): 37 kB | 134 kB | 200/215 kB Progress (3): 37 kB | 134 kB | 204/215 kB Progress (3): 37 kB | 134 kB | 208/215 kB Progress (3): 37 kB | 134 kB | 213/215 kB Progress (3): 37 kB | 134 kB | 215 kB Progress (4): 37 kB | 134 kB | 215 kB | 4.1/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 7.7/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 12/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 16/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 20/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 24/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 28/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 32/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 36/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 41/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 45/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 49/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 53/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 57/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 61/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 65/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 69/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 73/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 77/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 81/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 86/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 90/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 94/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 98/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 102/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 106/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 110/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 114/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 118/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 122/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 127/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 131/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 135/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 139/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 143/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 147/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 151/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 155/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 159/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 163/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 167/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 172/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 176/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 180/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 184/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 188/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 192/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 196/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 200/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 204/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 208/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 213/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 217/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 221/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 225/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 229/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 233/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 237/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 241/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 245/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 249/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 254/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 258/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 262/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 266/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 270/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 274/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 278/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 282/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 286/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 290/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 294/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 299/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 303/305 kB Progress (4): 37 kB | 134 kB | 215 kB | 305 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 4.1/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 7.7/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 12/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 16/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 20/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 24/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 28/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 32/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 36/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 41/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 45/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 49/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 53/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 57/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 61/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 65/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 69/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 73/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 77/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 81/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 86/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 90/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 94/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 98/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 102/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 106/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 110/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 114/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 118/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 122/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 127/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 131/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 135/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 139/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 143/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 147/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 151/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 155/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 159/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 163/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 167/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 172/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 176/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 180/180 kB Progress (5): 37 kB | 134 kB | 215 kB | 305 kB | 180 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 628 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 375 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (3): 305 kB | 180 kB | 4.1/85 kB Progress (3): 305 kB | 180 kB | 7.7/85 kB Progress (3): 305 kB | 180 kB | 12/85 kB Progress (3): 305 kB | 180 kB | 16/85 kB Progress (3): 305 kB | 180 kB | 20/85 kB Progress (3): 305 kB | 180 kB | 24/85 kB Progress (3): 305 kB | 180 kB | 28/85 kB Progress (3): 305 kB | 180 kB | 32/85 kB Progress (3): 305 kB | 180 kB | 36/85 kB Progress (3): 305 kB | 180 kB | 41/85 kB Progress (3): 305 kB | 180 kB | 45/85 kB Progress (3): 305 kB | 180 kB | 49/85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 501 kB/s) Progress (2): 305 kB | 53/85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (2): 305 kB | 57/85 kB Progress (2): 305 kB | 61/85 kB Progress (2): 305 kB | 65/85 kB Progress (2): 305 kB | 69/85 kB Progress (2): 305 kB | 73/85 kB Progress (2): 305 kB | 77/85 kB Progress (2): 305 kB | 81/85 kB Progress (2): 305 kB | 85 kB Progress (3): 305 kB | 85 kB | 0/2.6 MB Progress (3): 305 kB | 85 kB | 0/2.6 MB Progress (3): 305 kB | 85 kB | 0/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.1/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.2/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.3/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.4/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.5/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.6/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.7/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.8/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 0.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.0/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.1/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.2/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.3/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.4/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.5/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.6/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.7/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.8/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 1.9/2.6 MB Progress (3): 305 kB | 85 kB | 2.0/2.6 MB Progress (3): 305 kB | 85 kB | 2.0/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 811 kB/s) Progress (2): 85 kB | 2.0/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 2.0/2.6 MB Progress (2): 85 kB | 2.0/2.6 MB Progress (2): 85 kB | 2.0/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.1/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.2/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.3/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.4/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.5/2.6 MB Progress (2): 85 kB | 2.6/2.6 MB Progress (2): 85 kB | 2.6/2.6 MB Progress (2): 85 kB | 2.6/2.6 MB Progress (2): 85 kB | 2.6/2.6 MB Progress (2): 85 kB | 2.6/2.6 MB Progress (2): 85 kB | 2.6 MB Progress (3): 85 kB | 2.6 MB | 4.1/4.6 kB Progress (3): 85 kB | 2.6 MB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 222 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (3): 2.6 MB | 4.6 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Progress (2): 2.6 MB | 4.1/5.9 kB Progress (2): 2.6 MB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Progress (2): 5.9 kB | 4.1/14 kB Progress (2): 5.9 kB | 7.5/14 kB Progress (2): 5.9 kB | 12/14 kB Progress (2): 5.9 kB | 14 kB Progress (3): 5.9 kB | 14 kB | 4.1/8.8 kB Progress (3): 5.9 kB | 14 kB | 7.7/8.8 kB Progress (3): 5.9 kB | 14 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 32 kB/s) Progress (2): 8.8 kB | 4.1/500 kB Progress (2): 8.8 kB | 7.7/500 kB Progress (2): 8.8 kB | 12/500 kB Progress (2): 8.8 kB | 16/500 kB Progress (2): 8.8 kB | 20/500 kB Progress (2): 8.8 kB | 24/500 kB Progress (2): 8.8 kB | 28/500 kB Progress (2): 8.8 kB | 32/500 kB Progress (2): 8.8 kB | 36/500 kB Progress (2): 8.8 kB | 41/500 kB Progress (2): 8.8 kB | 45/500 kB Progress (2): 8.8 kB | 49/500 kB Progress (2): 8.8 kB | 53/500 kB Progress (2): 8.8 kB | 57/500 kB Progress (2): 8.8 kB | 61/500 kB Progress (2): 8.8 kB | 65/500 kB Progress (2): 8.8 kB | 69/500 kB Progress (2): 8.8 kB | 73/500 kB Progress (2): 8.8 kB | 77/500 kB Progress (2): 8.8 kB | 81/500 kB Progress (2): 8.8 kB | 86/500 kB Progress (2): 8.8 kB | 90/500 kB Progress (2): 8.8 kB | 94/500 kB Progress (2): 8.8 kB | 98/500 kB Progress (2): 8.8 kB | 102/500 kB Progress (2): 8.8 kB | 106/500 kB Progress (2): 8.8 kB | 110/500 kB Progress (2): 8.8 kB | 114/500 kB Progress (2): 8.8 kB | 118/500 kB Progress (2): 8.8 kB | 122/500 kB Progress (2): 8.8 kB | 127/500 kB Progress (2): 8.8 kB | 131/500 kB Progress (2): 8.8 kB | 135/500 kB Progress (2): 8.8 kB | 139/500 kB Progress (2): 8.8 kB | 143/500 kB Progress (2): 8.8 kB | 147/500 kB Progress (2): 8.8 kB | 151/500 kB Progress (2): 8.8 kB | 155/500 kB Progress (2): 8.8 kB | 159/500 kB Progress (2): 8.8 kB | 163/500 kB Progress (2): 8.8 kB | 167/500 kB Progress (2): 8.8 kB | 172/500 kB Progress (2): 8.8 kB | 176/500 kB Progress (2): 8.8 kB | 180/500 kB Progress (2): 8.8 kB | 184/500 kB Progress (2): 8.8 kB | 188/500 kB Progress (2): 8.8 kB | 192/500 kB Progress (2): 8.8 kB | 196/500 kB Progress (2): 8.8 kB | 200/500 kB Progress (2): 8.8 kB | 204/500 kB Progress (2): 8.8 kB | 208/500 kB Progress (2): 8.8 kB | 213/500 kB Progress (2): 8.8 kB | 217/500 kB Progress (2): 8.8 kB | 221/500 kB Progress (2): 8.8 kB | 225/500 kB Progress (2): 8.8 kB | 229/500 kB Progress (2): 8.8 kB | 233/500 kB Progress (2): 8.8 kB | 237/500 kB Progress (2): 8.8 kB | 241/500 kB Progress (2): 8.8 kB | 245/500 kB Progress (2): 8.8 kB | 249/500 kB Progress (2): 8.8 kB | 254/500 kB Progress (2): 8.8 kB | 258/500 kB Progress (2): 8.8 kB | 262/500 kB Progress (2): 8.8 kB | 266/500 kB Progress (2): 8.8 kB | 270/500 kB Progress (2): 8.8 kB | 274/500 kB Progress (2): 8.8 kB | 278/500 kB Progress (2): 8.8 kB | 282/500 kB Progress (2): 8.8 kB | 286/500 kB Progress (2): 8.8 kB | 290/500 kB Progress (2): 8.8 kB | 294/500 kB Progress (2): 8.8 kB | 299/500 kB Progress (2): 8.8 kB | 303/500 kB Progress (2): 8.8 kB | 307/500 kB Progress (2): 8.8 kB | 311/500 kB Progress (2): 8.8 kB | 315/500 kB Progress (2): 8.8 kB | 319/500 kB Progress (2): 8.8 kB | 323/500 kB Progress (2): 8.8 kB | 327/500 kB Progress (2): 8.8 kB | 331/500 kB Progress (2): 8.8 kB | 335/500 kB Progress (2): 8.8 kB | 340/500 kB Progress (2): 8.8 kB | 344/500 kB Progress (2): 8.8 kB | 348/500 kB Progress (2): 8.8 kB | 352/500 kB Progress (2): 8.8 kB | 356/500 kB Progress (2): 8.8 kB | 360/500 kB Progress (2): 8.8 kB | 364/500 kB Progress (2): 8.8 kB | 368/500 kB Progress (2): 8.8 kB | 372/500 kB Progress (2): 8.8 kB | 376/500 kB Progress (2): 8.8 kB | 380/500 kB Progress (2): 8.8 kB | 385/500 kB Progress (2): 8.8 kB | 389/500 kB Progress (2): 8.8 kB | 393/500 kB Progress (2): 8.8 kB | 397/500 kB Progress (2): 8.8 kB | 401/500 kB Progress (2): 8.8 kB | 405/500 kB Progress (2): 8.8 kB | 409/500 kB Progress (2): 8.8 kB | 413/500 kB Progress (2): 8.8 kB | 417/500 kB Progress (2): 8.8 kB | 421/500 kB Progress (2): 8.8 kB | 426/500 kB Progress (2): 8.8 kB | 430/500 kB Progress (2): 8.8 kB | 434/500 kB Progress (2): 8.8 kB | 438/500 kB Progress (2): 8.8 kB | 442/500 kB Progress (2): 8.8 kB | 446/500 kB Progress (2): 8.8 kB | 450/500 kB Progress (2): 8.8 kB | 454/500 kB Progress (2): 8.8 kB | 458/500 kB Progress (2): 8.8 kB | 462/500 kB Progress (2): 8.8 kB | 466/500 kB Progress (2): 8.8 kB | 471/500 kB Progress (2): 8.8 kB | 475/500 kB Progress (2): 8.8 kB | 479/500 kB Progress (2): 8.8 kB | 483/500 kB Progress (2): 8.8 kB | 487/500 kB Progress (2): 8.8 kB | 491/500 kB Progress (2): 8.8 kB | 495/500 kB Progress (2): 8.8 kB | 499/500 kB Progress (2): 8.8 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Progress (2): 500 kB | 4.1/20 kB Progress (2): 500 kB | 7.7/20 kB Progress (2): 500 kB | 12/20 kB Progress (2): 500 kB | 16/20 kB Progress (2): 500 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 40 kB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 19.177 s [INFO] Finished at: 2026-02-10T22:13:22Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="eb803f83cbc225d97020c1f47eac5af67ed1d37a" "org.opencontainers.image.revision"="eb803f83cbc225d97020c1f47eac5af67ed1d37a" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:12:50Z" "org.opencontainers.image.created"="2026-02-10T22:12:50Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a --> 8b1b38259b22 Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a 8b1b38259b22e1a2e991376184a68ad86c845b13dfc7ab35427d9d41c5e04fef [2026-02-10T22:13:24,384919841+00:00] Unsetting proxy [2026-02-10T22:13:24,386244425+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:da6d8502e4fcef5bbc2981869cc7ac5f526ecb32d7743ec11adb892f2dce735e Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:8b1b38259b22e1a2e991376184a68ad86c845b13dfc7ab35427d9d41c5e04fef Writing manifest to image destination [2026-02-10T22:13:29,062040644+00:00] End build pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-push: [2026-02-10T22:13:29,961189677+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:13:33,447519046+00:00] Convert image [2026-02-10T22:13:33,448695217+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-zthhf-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-zthhf-build-container Getting image source signatures Copying blob sha256:da6d8502e4fcef5bbc2981869cc7ac5f526ecb32d7743ec11adb892f2dce735e Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:8b1b38259b22e1a2e991376184a68ad86c845b13dfc7ab35427d9d41c5e04fef Writing manifest to image destination [2026-02-10T22:13:42,841668561+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Getting image source signatures Copying blob sha256:da6d8502e4fcef5bbc2981869cc7ac5f526ecb32d7743ec11adb892f2dce735e Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:8b1b38259b22e1a2e991376184a68ad86c845b13dfc7ab35427d9d41c5e04fef Writing manifest to image destination sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a [2026-02-10T22:13:43,968491447+00:00] End push pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:13:44,080535162+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:13:53,957229156+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-prepare-sboms: [2026-02-10T22:13:54,194501696+00:00] Prepare SBOM [2026-02-10T22:13:54,198354959+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:14:06,421 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:14:07,629 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:14:11,170 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:14:11,170 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:14:11,170 [INFO] mobster.log: Contextual workflow completed in 3.65s 2026-02-10 22:14:11,724 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:14:12,626817442+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-zthhf-build-container-pod | container step-upload-sbom: [2026-02-10T22:14:13,304549879+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:b922ded5d75f9538c871518f6166194ef40b01c3dbbff3c25bdc7dcce1936816 [2026-02-10T22:14:24,173186806+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-zthhf-build-image-index-pod | init container: prepare 2026/02/10 22:14:26 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-build-image-index-pod | init container: place-scripts 2026/02/10 22:14:41 Decoded script /tekton/scripts/script-0-p6g4d 2026/02/10 22:14:41 Decoded script /tekton/scripts/script-1-d6j6d 2026/02/10 22:14:41 Decoded script /tekton/scripts/script-2-l78m2 pod: konflux-demo-component-tfry-on-push-zthhf-build-image-index-pod | container step-build: [2026-02-10T22:14:44,721609112+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 635afd95122cb4003dd645001284b3ad4689abd5aeb2dc9fce3e02ef223219a7 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1. pod: konflux-demo-component-tfry-on-push-zthhf-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-zthhf-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:14:46,937962424+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | init container: prepare 2026/02/10 22:14:50 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | init container: place-scripts 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-0-ss2kj 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-1-8sjlv 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-2-5sjtx 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-3-4czbg pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1. pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:14:58Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"}] 2026-02-10T22:14:58Z INF libvuln initialized component=libvuln/New 2026-02-10T22:14:59Z INF registered configured scanners component=libindex/New 2026-02-10T22:14:59Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:14:59Z INF index request start component=libindex/Libindex.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 2026-02-10T22:14:59Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 2026-02-10T22:14:59Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=CheckManifest 2026-02-10T22:14:59Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=FetchLayers 2026-02-10T22:15:02Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=FetchLayers 2026-02-10T22:15:02Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=FetchLayers 2026-02-10T22:15:02Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=ScanLayers 2026-02-10T22:15:02Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:15:02Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:15:03Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=ScanLayers 2026-02-10T22:15:03Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=IndexManifest 2026-02-10T22:15:03Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=IndexFinished 2026-02-10T22:15:03Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 state=IndexFinished 2026-02-10T22:15:04Z INF index request done component=libindex/Libindex.Index manifest=sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 { "manifest_hash": "sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "cdf663d8-8129-445c-a5bc-21466ca0ac91": { "id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7": { "id": "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "947ee052-e522-4ed9-8540-51c86b4d7247": { "id": "947ee052-e522-4ed9-8540-51c86b4d7247", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "add237e2-8c94-4f4c-8bd5-ad5d81877202": { "id": "add237e2-8c94-4f4c-8bd5-ad5d81877202", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "b17fecb1-fca2-4be3-aeb7-c7597eb9738b": { "id": "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "b2234e31-31e7-4f6f-b76b-a0c361ffb14b": { "id": "b2234e31-31e7-4f6f-b76b-a0c361ffb14b", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "f489d2e4-96b7-4b4e-999a-0b3c47acb703": { "id": "f489d2e4-96b7-4b4e-999a-0b3c47acb703", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:58a95807260c4e13d7ff02058caa9873c2d296fbada0037c1b89c5a96a10d2d1", "distribution_id": "", "repository_ids": [ "b2234e31-31e7-4f6f-b76b-a0c361ffb14b" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:58a95807260c4e13d7ff02058caa9873c2d296fbada0037c1b89c5a96a10d2d1", "distribution_id": "", "repository_ids": [ "b2234e31-31e7-4f6f-b76b-a0c361ffb14b" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "f489d2e4-96b7-4b4e-999a-0b3c47acb703", "f489d2e4-96b7-4b4e-999a-0b3c47acb703" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:58a95807260c4e13d7ff02058caa9873c2d296fbada0037c1b89c5a96a10d2d1", "distribution_id": "", "repository_ids": [ "b2234e31-31e7-4f6f-b76b-a0c361ffb14b" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "f489d2e4-96b7-4b4e-999a-0b3c47acb703", "f489d2e4-96b7-4b4e-999a-0b3c47acb703" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:58a95807260c4e13d7ff02058caa9873c2d296fbada0037c1b89c5a96a10d2d1", "distribution_id": "", "repository_ids": [ "b2234e31-31e7-4f6f-b76b-a0c361ffb14b" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "19e5cd6e-1a99-4cb1-baf9-7fe54ac8fcd7", "add237e2-8c94-4f4c-8bd5-ad5d81877202" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "cdf663d8-8129-445c-a5bc-21466ca0ac91", "repository_ids": [ "b17fecb1-fca2-4be3-aeb7-c7597eb9738b", "947ee052-e522-4ed9-8540-51c86b4d7247" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-zthhf-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), tar-2:1.30-11.el8_10 (CVE-2025-45582), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), expat-2.5.0-1.el8_10 (CVE-2024-28757), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), libzstd-1.4.4-1.el8 (CVE-2022-4899), file-libs-5.33-27.el8_10 (CVE-2019-8905), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), pcre2-10.32-3.el8_6 (CVE-2022-41409), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libzstd-1.4.4-1.el8 (CVE-2021-24032), file-libs-5.33-27.el8_10 (CVE-2019-8906), gawk-4.2.1-4.el8 (CVE-2023-4156), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a", "digests": ["sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:15:35+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-zthhf-clamav-scan-pod | init container: prepare 2026/02/10 22:14:51 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-clamav-scan-pod | init container: place-scripts 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-0-xcgxs 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-1-f7c5j pod: konflux-demo-component-tfry-on-push-zthhf-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 23.722 sec (0 m 23 s) Start Date: 2026:02:10 22:15:10 End Date: 2026:02:10 22:15:33 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761733","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761733","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761733","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a", "digests": ["sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1"]}} pod: konflux-demo-component-tfry-on-push-zthhf-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 7d709c825ff8 clamscan-result-amd64.log Uploading 46e68a1246df clamscan-ec-test-amd64.json Uploaded 7d709c825ff8 clamscan-result-amd64.log Uploaded 46e68a1246df clamscan-ec-test-amd64.json Uploading c8fcff81e217 application/vnd.oci.image.manifest.v1+json Uploaded c8fcff81e217 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 Digest: sha256:c8fcff81e2175d029ed639d799ffe6502154399fa117f89bce8c038b36f428e7 pod: konflux-demo-component-tfry-on-push-zthhf-clone-repository-pod | init container: prepare 2026/02/10 22:12:25 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-clone-repository-pod | init container: place-scripts 2026/02/10 22:12:26 Decoded script /tekton/scripts/script-0-wzpn5 2026/02/10 22:12:26 Decoded script /tekton/scripts/script-1-x5ldf pod: konflux-demo-component-tfry-on-push-zthhf-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761550.6051648,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761550.8014467,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ eb803f83cbc225d97020c1f47eac5af67ed1d37a (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770761550.8014936,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761550.8255506,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision eb803f83cbc225d97020c1f47eac5af67ed1d37a directly. pod: konflux-demo-component-tfry-on-push-zthhf-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-zthhf-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.25gIgD/auth-lEJRzG.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a.git SOURCE_ARTIFACT Uploading 695de639cb5d SOURCE_ARTIFACT Uploaded 695de639cb5d SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:c01c7df964ea2e8a6678bde4da24e8e3353f8328885f3cc4df7dd567e6952b10 Artifacts created pod: konflux-demo-component-tfry-on-push-zthhf-init-pod | init container: prepare 2026/02/10 22:12:16 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-init-pod | init container: place-scripts 2026/02/10 22:12:17 Decoded script /tekton/scripts/script-0-s2ppj pod: konflux-demo-component-tfry-on-push-zthhf-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-zthhf-push-dockerfile-pod | init container: prepare 2026/02/10 22:14:52 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-1-9287l pod: konflux-demo-component-tfry-on-push-zthhf-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.jOZ7oJ/auth-Cyl9eX.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb to /var/workdir/source pod: konflux-demo-component-tfry-on-push-zthhf-push-dockerfile-pod | container step-push: [2026-02-10T22:14:56,037150226+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.ZV7v362DfE --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-zthhf-sast-shell-check-pod | init container: prepare 2026/02/10 22:14:51 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-1-t9mdp 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-2-7t46p pod: konflux-demo-component-tfry-on-push-zthhf-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.ueP44I/auth-2FbN0q.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-zthhf-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-111.json ./shellcheck-results/sc-113.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-128.json ./shellcheck-results/sc-76.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-82.json ./shellcheck-results/sc-84.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + echo 'ShellCheck results have been saved to shellcheck-results.json' ShellCheck results have been saved to shellcheck-results.json + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:14:56+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-zthhf-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 7a807d036589 application/vnd.oci.image.manifest.v1+json Uploaded 7a807d036589 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 Digest: sha256:7a807d03658928585b4ad9ccb973c16d4b63147ff27a904d328031a9a18b914d No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-zthhf-sast-snyk-check-pod | init container: prepare 2026/02/10 22:14:51 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-zthhf-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-1-hmfpq 2026/02/10 22:14:51 Decoded script /tekton/scripts/script-2-8fgbm pod: konflux-demo-component-tfry-on-push-zthhf-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.UPB0a6/auth-8VTUn7.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-zthhf-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-zthhf-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | init container: prepare 2026/02/10 22:12:35 Entrypoint initialization pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | init container: place-scripts 2026/02/10 22:12:35 Decoded script /tekton/scripts/script-0-p6nbv 2026/02/10 22:12:35 Decoded script /tekton/scripts/script-2-btfp4 2026/02/10 22:12:35 Decoded script /tekton/scripts/script-3-7zph8 pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | container step-skip-ta: pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfry392abc89eb5ffd25b42f5b5b1c184e34-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfry485770545fa251d18c3fe63435e98a60-pod | init container: prepare 2026/02/10 22:14:52 Entrypoint initialization pod: konflux-demo-component-tfry485770545fa251d18c3fe63435e98a60-pod | init container: place-scripts 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-1-xz9bh 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-2-5jxpn pod: konflux-demo-component-tfry485770545fa251d18c3fe63435e98a60-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.MYXn2m/auth-QSqOUD.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:695de639cb5d55a4de2cdf89e9e39456999724c93f12f0ee5f9967fc49bf31fb to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry485770545fa251d18c3fe63435e98a60-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:14:56+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:14:56+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry485770545fa251d18c3fe63435e98a60-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 4baae396327b application/vnd.oci.image.manifest.v1+json Uploaded 4baae396327b application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a@sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 Digest: sha256:4baae396327b0260452b68d58c8c9e0f0069d7954989c4f8d169687cfa00e92b No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | init container: prepare 2026/02/10 22:14:51 Entrypoint initialization pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | init container: place-scripts 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-0-6m5q2 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-1-tnztp 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-2-7njd7 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-3-fmlq7 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-4-bm9w8 2026/02/10 22:14:52 Decoded script /tekton/scripts/script-5-475kp pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-set-skip-for-bundles: 2026/02/10 22:14:56 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-app-check: time="2026-02-10T22:14:57Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:14:57Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a for platform amd64" time="2026-02-10T22:14:57Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a" time="2026-02-10T22:15:06Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:15:06Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:15:06Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:15:06Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:15:06Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:15:06Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:15:06Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:15:16Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:15:19Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:15:19Z" level=info msg="This image's tag eb803f83cbc225d97020c1f47eac5af67ed1d37a will be paired with digest sha256:354885d91f2f85d70e25e82ada9de29953d20afe2167708f72dcbbdba30ce2f1 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 39, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 10217, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 3077, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:15:19Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761720","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:eb803f83cbc225d97020c1f47eac5af67ed1d37a pod: konflux-demo-component-tfry66bcecf1be133b630ee783dbe37c2269-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761720","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Running PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-xbd5j reason: Failed attempt 3/6: PipelineRun "konflux-demo-component-tfry-on-push-xbd5j" failed: pod: konflux-demo-component-tfry-on-push-xbd5j-apply-tags-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:18:15Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f" time="2026-02-10T22:18:15Z" level=info msg="[param] Image digest: sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402" time="2026-02-10T22:18:15Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:18:15Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | init container: prepare 2026/02/10 22:16:31 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | init container: place-scripts 2026/02/10 22:16:32 Decoded script /tekton/scripts/script-1-xk2vb 2026/02/10 22:16:32 Decoded script /tekton/scripts/script-2-r7glq 2026/02/10 22:16:32 Decoded script /tekton/scripts/script-3-mxptx 2026/02/10 22:16:32 Decoded script /tekton/scripts/script-4-cmvqk 2026/02/10 22:16:32 Decoded script /tekton/scripts/script-5-jg9wh pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.ipdyIk/auth-dS6x2U.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-build: [2026-02-10T22:16:37,777777390+00:00] Validate context path [2026-02-10T22:16:37,781075526+00:00] Update CA trust [2026-02-10T22:16:37,782136444+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:16:39,728958376+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:16:39,734786599+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:16:40,369114696+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:16:44,352593899+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:16:40Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:16:40Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "e5831357c8c8aa550cafde1d9cd124a963dd7b1f", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "e5831357c8c8aa550cafde1d9cd124a963dd7b1f", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:16:44,395906896+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:16:44,399041334+00:00] Add secrets [2026-02-10T22:16:44,406260825+00:00] Run buildah build [2026-02-10T22:16:44,407317188+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=e5831357c8c8aa550cafde1d9cd124a963dd7b1f --label org.opencontainers.image.revision=e5831357c8c8aa550cafde1d9cd124a963dd7b1f --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:16:40Z --label org.opencontainers.image.created=2026-02-10T22:16:40Z --annotation org.opencontainers.image.revision=e5831357c8c8aa550cafde1d9cd124a963dd7b1f --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:16:40Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.5ajr1p -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 218 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 680 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 376 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 418 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 247 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 3.4/25 kB Progress (1): 7.5/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 432 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 458 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 239 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 428 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 177 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 603 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 767 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 226 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 544 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 162 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 671 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 334 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 506 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 63 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 97 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 26 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 28 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 267 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/13 kB Progress (1): 5.0/13 kB Progress (1): 7.8/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 2.3/226 kB Progress (2): 13 kB | 5.0/226 kB Progress (2): 13 kB | 7.8/226 kB Progress (2): 13 kB | 11/226 kB Progress (2): 13 kB | 13/226 kB Progress (2): 13 kB | 16/226 kB Progress (2): 13 kB | 19/226 kB Progress (2): 13 kB | 21/226 kB Progress (2): 13 kB | 24/226 kB Progress (2): 13 kB | 27/226 kB Progress (2): 13 kB | 30/226 kB Progress (2): 13 kB | 32/226 kB Progress (2): 13 kB | 35/226 kB Progress (2): 13 kB | 38/226 kB Progress (2): 13 kB | 40/226 kB Progress (2): 13 kB | 43/226 kB Progress (2): 13 kB | 46/226 kB Progress (2): 13 kB | 48/226 kB Progress (2): 13 kB | 53/226 kB Progress (2): 13 kB | 57/226 kB Progress (2): 13 kB | 61/226 kB Progress (2): 13 kB | 65/226 kB Progress (2): 13 kB | 69/226 kB Progress (2): 13 kB | 73/226 kB Progress (2): 13 kB | 75/226 kB Progress (2): 13 kB | 79/226 kB Progress (2): 13 kB | 83/226 kB Progress (2): 13 kB | 88/226 kB Progress (2): 13 kB | 92/226 kB Progress (2): 13 kB | 96/226 kB Progress (2): 13 kB | 100/226 kB Progress (2): 13 kB | 104/226 kB Progress (2): 13 kB | 108/226 kB Progress (2): 13 kB | 112/226 kB Progress (2): 13 kB | 116/226 kB Progress (2): 13 kB | 120/226 kB Progress (2): 13 kB | 124/226 kB Progress (2): 13 kB | 128/226 kB Progress (2): 13 kB | 133/226 kB Progress (2): 13 kB | 137/226 kB Progress (2): 13 kB | 141/226 kB Progress (2): 13 kB | 143/226 kB Progress (2): 13 kB | 147/226 kB Progress (2): 13 kB | 151/226 kB Progress (2): 13 kB | 155/226 kB Progress (2): 13 kB | 159/226 kB Progress (2): 13 kB | 163/226 kB Progress (2): 13 kB | 167/226 kB Progress (2): 13 kB | 171/226 kB Progress (2): 13 kB | 175/226 kB Progress (2): 13 kB | 180/226 kB Progress (2): 13 kB | 184/226 kB Progress (2): 13 kB | 188/226 kB Progress (2): 13 kB | 192/226 kB Progress (2): 13 kB | 196/226 kB Progress (2): 13 kB | 200/226 kB Progress (2): 13 kB | 204/226 kB Progress (2): 13 kB | 208/226 kB Progress (2): 13 kB | 212/226 kB Progress (2): 13 kB | 216/226 kB Progress (2): 13 kB | 220/226 kB Progress (2): 13 kB | 225/226 kB Progress (2): 13 kB | 226 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 262 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 3.4 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 195 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 7.7 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 381 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 135 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 276 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 316 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.3/57 kB Progress (1): 5.0/57 kB Progress (1): 7.8/57 kB Progress (1): 11/57 kB Progress (1): 14/57 kB Progress (1): 16/57 kB Progress (1): 19/57 kB Progress (1): 22/57 kB Progress (1): 25/57 kB Progress (1): 27/57 kB Progress (1): 30/57 kB Progress (1): 33/57 kB Progress (1): 36/57 kB Progress (1): 38/57 kB Progress (1): 41/57 kB Progress (1): 44/57 kB Progress (1): 48/57 kB Progress (1): 52/57 kB Progress (1): 56/57 kB Progress (1): 57 kB Progress (2): 57 kB | 3.8/35 kB Progress (2): 57 kB | 7.9/35 kB Progress (2): 57 kB | 12/35 kB Progress (2): 57 kB | 16/35 kB Progress (2): 57 kB | 20/35 kB Progress (2): 57 kB | 24/35 kB Progress (2): 57 kB | 28/35 kB Progress (2): 57 kB | 32/35 kB Progress (2): 57 kB | 35 kB Progress (3): 57 kB | 35 kB | 4.1/116 kB Progress (3): 57 kB | 35 kB | 7.7/116 kB Progress (3): 57 kB | 35 kB | 12/116 kB Progress (3): 57 kB | 35 kB | 16/116 kB Progress (3): 57 kB | 35 kB | 20/116 kB Progress (3): 57 kB | 35 kB | 24/116 kB Progress (3): 57 kB | 35 kB | 28/116 kB Progress (3): 57 kB | 35 kB | 32/116 kB Progress (4): 57 kB | 35 kB | 32/116 kB | 4.1/152 kB Progress (4): 57 kB | 35 kB | 32/116 kB | 7.7/152 kB Progress (4): 57 kB | 35 kB | 36/116 kB | 7.7/152 kB Progress (4): 57 kB | 35 kB | 36/116 kB | 12/152 kB Progress (4): 57 kB | 35 kB | 41/116 kB | 12/152 kB Progress (4): 57 kB | 35 kB | 45/116 kB | 12/152 kB Progress (4): 57 kB | 35 kB | 49/116 kB | 12/152 kB Progress (4): 57 kB | 35 kB | 49/116 kB | 16/152 kB Progress (4): 57 kB | 35 kB | 49/116 kB | 20/152 kB Progress (4): 57 kB | 35 kB | 49/116 kB | 24/152 kB Progress (4): 57 kB | 35 kB | 53/116 kB | 24/152 kB Progress (4): 57 kB | 35 kB | 53/116 kB | 28/152 kB Progress (4): 57 kB | 35 kB | 57/116 kB | 28/152 kB Progress (4): 57 kB | 35 kB | 61/116 kB | 28/152 kB Progress (4): 57 kB | 35 kB | 65/116 kB | 28/152 kB Progress (4): 57 kB | 35 kB | 65/116 kB | 32/152 kB Progress (4): 57 kB | 35 kB | 65/116 kB | 36/152 kB Progress (4): 57 kB | 35 kB | 69/116 kB | 36/152 kB Progress (4): 57 kB | 35 kB | 69/116 kB | 40/152 kB Progress (4): 57 kB | 35 kB | 73/116 kB | 40/152 kB Progress (4): 57 kB | 35 kB | 73/116 kB | 44/152 kB Progress (4): 57 kB | 35 kB | 77/116 kB | 44/152 kB Progress (4): 57 kB | 35 kB | 81/116 kB | 44/152 kB Progress (4): 57 kB | 35 kB | 86/116 kB | 44/152 kB Progress (5): 57 kB | 35 kB | 86/116 kB | 44/152 kB | 2.3/29 kB Progress (5): 57 kB | 35 kB | 86/116 kB | 48/152 kB | 2.3/29 kB Progress (5): 57 kB | 35 kB | 90/116 kB | 48/152 kB | 2.3/29 kB Progress (5): 57 kB | 35 kB | 90/116 kB | 53/152 kB | 2.3/29 kB Progress (5): 57 kB | 35 kB | 90/116 kB | 53/152 kB | 5.0/29 kB Progress (5): 57 kB | 35 kB | 90/116 kB | 57/152 kB | 5.0/29 kB Progress (5): 57 kB | 35 kB | 94/116 kB | 57/152 kB | 5.0/29 kB Progress (5): 57 kB | 35 kB | 94/116 kB | 61/152 kB | 5.0/29 kB Progress (5): 57 kB | 35 kB | 94/116 kB | 61/152 kB | 7.8/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 61/152 kB | 7.8/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 61/152 kB | 11/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 61/152 kB | 13/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 65/152 kB | 13/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 65/152 kB | 16/29 kB Progress (5): 57 kB | 35 kB | 98/116 kB | 69/152 kB | 16/29 kB Progress (5): 57 kB | 35 kB | 102/116 kB | 69/152 kB | 16/29 kB Progress (5): 57 kB | 35 kB | 102/116 kB | 73/152 kB | 16/29 kB Progress (5): 57 kB | 35 kB | 102/116 kB | 73/152 kB | 19/29 kB Progress (5): 57 kB | 35 kB | 102/116 kB | 77/152 kB | 19/29 kB Progress (5): 57 kB | 35 kB | 106/116 kB | 77/152 kB | 19/29 kB Progress (5): 57 kB | 35 kB | 106/116 kB | 77/152 kB | 21/29 kB Progress (5): 57 kB | 35 kB | 110/116 kB | 77/152 kB | 21/29 kB Progress (5): 57 kB | 35 kB | 114/116 kB | 77/152 kB | 21/29 kB Progress (5): 57 kB | 35 kB | 114/116 kB | 77/152 kB | 24/29 kB Progress (5): 57 kB | 35 kB | 116 kB | 77/152 kB | 24/29 kB Progress (5): 57 kB | 35 kB | 116 kB | 77/152 kB | 27/29 kB Progress (5): 57 kB | 35 kB | 116 kB | 81/152 kB | 27/29 kB Progress (5): 57 kB | 35 kB | 116 kB | 81/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 85/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 89/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 94/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 98/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 102/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 106/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 110/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 114/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 118/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 122/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 126/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 130/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 134/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 139/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 143/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 147/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 151/152 kB | 29 kB Progress (5): 57 kB | 35 kB | 116 kB | 152 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 750 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 2.3/5.9 kB Progress (1): 5.0/5.9 kB Progress (1): 5.9 kB Progress (2): 5.9 kB | 3.8/9.9 kB Progress (2): 5.9 kB | 7.9/9.9 kB Progress (2): 5.9 kB | 9.9 kB Progress (3): 5.9 kB | 9.9 kB | 3.8/21 kB Progress (3): 5.9 kB | 9.9 kB | 7.9/21 kB Progress (3): 5.9 kB | 9.9 kB | 12/21 kB Progress (3): 5.9 kB | 9.9 kB | 16/21 kB Progress (3): 5.9 kB | 9.9 kB | 20/21 kB Progress (3): 5.9 kB | 9.9 kB | 21 kB Progress (4): 5.9 kB | 9.9 kB | 21 kB | 3.4/24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (3): 9.9 kB | 21 kB | 7.5/24 kB Progress (3): 9.9 kB | 21 kB | 12/24 kB Progress (3): 9.9 kB | 21 kB | 16/24 kB Progress (3): 9.9 kB | 21 kB | 20/24 kB Progress (3): 9.9 kB | 21 kB | 24/24 kB Progress (3): 9.9 kB | 21 kB | 24 kB Progress (4): 9.9 kB | 21 kB | 24 kB | 4.1/14 kB Progress (4): 9.9 kB | 21 kB | 24 kB | 7.7/14 kB Progress (4): 9.9 kB | 21 kB | 24 kB | 12/14 kB Progress (4): 9.9 kB | 21 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 226 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (3): 24 kB | 14 kB | 2.3/30 kB Progress (3): 24 kB | 14 kB | 5.0/30 kB Progress (3): 24 kB | 14 kB | 7.8/30 kB Progress (3): 24 kB | 14 kB | 11/30 kB Progress (3): 24 kB | 14 kB | 14/30 kB Progress (3): 24 kB | 14 kB | 18/30 kB Progress (3): 24 kB | 14 kB | 22/30 kB Progress (3): 24 kB | 14 kB | 26/30 kB Progress (3): 24 kB | 14 kB | 30/30 kB Progress (3): 24 kB | 14 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 211 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (2): 30 kB | 3.8/37 kB Progress (2): 30 kB | 7.9/37 kB Progress (2): 30 kB | 12/37 kB Progress (2): 30 kB | 16/37 kB Progress (2): 30 kB | 20/37 kB Progress (2): 30 kB | 24/37 kB Progress (2): 30 kB | 28/37 kB Progress (2): 30 kB | 32/37 kB Progress (2): 30 kB | 36/37 kB Progress (2): 30 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (2): 37 kB | 3.8/13 kB Progress (2): 37 kB | 7.9/13 kB Progress (2): 37 kB | 12/13 kB Progress (2): 37 kB | 13 kB Progress (3): 37 kB | 13 kB | 3.8/49 kB Progress (3): 37 kB | 13 kB | 7.9/49 kB Progress (3): 37 kB | 13 kB | 12/49 kB Progress (3): 37 kB | 13 kB | 16/49 kB Progress (3): 37 kB | 13 kB | 20/49 kB Progress (4): 37 kB | 13 kB | 20/49 kB | 4.1/87 kB Progress (4): 37 kB | 13 kB | 24/49 kB | 4.1/87 kB Progress (4): 37 kB | 13 kB | 24/49 kB | 7.7/87 kB Progress (4): 37 kB | 13 kB | 24/49 kB | 12/87 kB Progress (4): 37 kB | 13 kB | 28/49 kB | 12/87 kB Progress (4): 37 kB | 13 kB | 28/49 kB | 16/87 kB Progress (4): 37 kB | 13 kB | 32/49 kB | 16/87 kB Progress (4): 37 kB | 13 kB | 37/49 kB | 16/87 kB Progress (4): 37 kB | 13 kB | 41/49 kB | 16/87 kB Progress (4): 37 kB | 13 kB | 41/49 kB | 20/87 kB Progress (4): 37 kB | 13 kB | 41/49 kB | 24/87 kB Progress (4): 37 kB | 13 kB | 45/49 kB | 24/87 kB Progress (4): 37 kB | 13 kB | 45/49 kB | 28/87 kB Progress (4): 37 kB | 13 kB | 45/49 kB | 32/87 kB Progress (4): 37 kB | 13 kB | 49/49 kB | 32/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 32/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 36/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 40/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 44/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 48/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 53/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 57/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 61/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 65/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 69/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 73/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 77/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 81/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 85/87 kB Progress (4): 37 kB | 13 kB | 49 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (4): 37 kB | 49 kB | 87 kB | 4.1/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 7.7/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 12/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 16/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 20/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 24/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 28/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 32/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 36/38 kB Progress (4): 37 kB | 49 kB | 87 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 247 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 319 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (3): 87 kB | 38 kB | 3.8/86 kB Progress (3): 87 kB | 38 kB | 7.9/86 kB Progress (3): 87 kB | 38 kB | 12/86 kB Progress (3): 87 kB | 38 kB | 16/86 kB Progress (3): 87 kB | 38 kB | 20/86 kB Progress (3): 87 kB | 38 kB | 24/86 kB Progress (3): 87 kB | 38 kB | 28/86 kB Progress (3): 87 kB | 38 kB | 32/86 kB Progress (3): 87 kB | 38 kB | 36/86 kB Progress (3): 87 kB | 38 kB | 40/86 kB Progress (3): 87 kB | 38 kB | 44/86 kB Progress (3): 87 kB | 38 kB | 48/86 kB Progress (3): 87 kB | 38 kB | 53/86 kB Progress (3): 87 kB | 38 kB | 57/86 kB Progress (3): 87 kB | 38 kB | 61/86 kB Progress (3): 87 kB | 38 kB | 65/86 kB Progress (3): 87 kB | 38 kB | 69/86 kB Progress (3): 87 kB | 38 kB | 73/86 kB Progress (3): 87 kB | 38 kB | 77/86 kB Progress (3): 87 kB | 38 kB | 81/86 kB Progress (3): 87 kB | 38 kB | 85/86 kB Progress (3): 87 kB | 38 kB | 86 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 514 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (2): 86 kB | 3.8/194 kB Progress (2): 86 kB | 7.9/194 kB Progress (2): 86 kB | 12/194 kB Progress (2): 86 kB | 16/194 kB Progress (2): 86 kB | 20/194 kB Progress (2): 86 kB | 24/194 kB Progress (2): 86 kB | 28/194 kB Progress (2): 86 kB | 32/194 kB Progress (2): 86 kB | 37/194 kB Progress (2): 86 kB | 41/194 kB Progress (2): 86 kB | 45/194 kB Progress (2): 86 kB | 49/194 kB Progress (2): 86 kB | 53/194 kB Progress (2): 86 kB | 57/194 kB Progress (2): 86 kB | 61/194 kB Progress (2): 86 kB | 65/194 kB Progress (2): 86 kB | 69/194 kB Progress (2): 86 kB | 71/194 kB Progress (2): 86 kB | 76/194 kB Progress (2): 86 kB | 80/194 kB Progress (2): 86 kB | 84/194 kB Progress (2): 86 kB | 88/194 kB Progress (2): 86 kB | 92/194 kB Progress (2): 86 kB | 96/194 kB Progress (2): 86 kB | 100/194 kB Progress (2): 86 kB | 104/194 kB Progress (2): 86 kB | 108/194 kB Progress (2): 86 kB | 112/194 kB Progress (2): 86 kB | 116/194 kB Progress (2): 86 kB | 121/194 kB Progress (2): 86 kB | 125/194 kB Progress (2): 86 kB | 129/194 kB Progress (2): 86 kB | 133/194 kB Progress (2): 86 kB | 137/194 kB Progress (2): 86 kB | 141/194 kB Progress (2): 86 kB | 145/194 kB Progress (2): 86 kB | 149/194 kB Progress (2): 86 kB | 153/194 kB Progress (2): 86 kB | 157/194 kB Progress (2): 86 kB | 162/194 kB Progress (2): 86 kB | 166/194 kB Progress (2): 86 kB | 170/194 kB Progress (2): 86 kB | 174/194 kB Progress (2): 86 kB | 178/194 kB Progress (2): 86 kB | 182/194 kB Progress (2): 86 kB | 186/194 kB Progress (2): 86 kB | 190/194 kB Progress (2): 86 kB | 194 kB Progress (3): 86 kB | 194 kB | 3.8/10 kB Progress (3): 86 kB | 194 kB | 7.9/10 kB Progress (3): 86 kB | 194 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 462 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (3): 194 kB | 10 kB | 4.1/121 kB Progress (3): 194 kB | 10 kB | 7.7/121 kB Progress (3): 194 kB | 10 kB | 12/121 kB Progress (3): 194 kB | 10 kB | 16/121 kB Progress (3): 194 kB | 10 kB | 20/121 kB Progress (3): 194 kB | 10 kB | 24/121 kB Progress (3): 194 kB | 10 kB | 28/121 kB Progress (3): 194 kB | 10 kB | 32/121 kB Progress (3): 194 kB | 10 kB | 36/121 kB Progress (3): 194 kB | 10 kB | 41/121 kB Progress (3): 194 kB | 10 kB | 45/121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 1.0 MB/s) Progress (2): 10 kB | 49/121 kB Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (2): 10 kB | 53/121 kB Progress (2): 10 kB | 57/121 kB Progress (2): 10 kB | 61/121 kB Progress (2): 10 kB | 65/121 kB Progress (2): 10 kB | 69/121 kB Progress (2): 10 kB | 73/121 kB Progress (3): 10 kB | 73/121 kB | 4.1/223 kB Progress (3): 10 kB | 73/121 kB | 7.7/223 kB Progress (3): 10 kB | 73/121 kB | 12/223 kB Progress (3): 10 kB | 73/121 kB | 16/223 kB Progress (3): 10 kB | 77/121 kB | 16/223 kB Progress (3): 10 kB | 81/121 kB | 16/223 kB Progress (3): 10 kB | 86/121 kB | 16/223 kB Progress (3): 10 kB | 90/121 kB | 16/223 kB Progress (3): 10 kB | 90/121 kB | 20/223 kB Progress (3): 10 kB | 90/121 kB | 24/223 kB Progress (3): 10 kB | 90/121 kB | 28/223 kB Progress (3): 10 kB | 90/121 kB | 32/223 kB Progress (3): 10 kB | 94/121 kB | 32/223 kB Progress (3): 10 kB | 98/121 kB | 32/223 kB Progress (3): 10 kB | 102/121 kB | 32/223 kB Progress (3): 10 kB | 106/121 kB | 32/223 kB Progress (3): 10 kB | 106/121 kB | 36/223 kB Progress (3): 10 kB | 106/121 kB | 41/223 kB Progress (3): 10 kB | 106/121 kB | 45/223 kB Progress (3): 10 kB | 106/121 kB | 49/223 kB Progress (3): 10 kB | 110/121 kB | 49/223 kB Progress (3): 10 kB | 114/121 kB | 49/223 kB Progress (3): 10 kB | 118/121 kB | 49/223 kB Progress (3): 10 kB | 121 kB | 49/223 kB Progress (3): 10 kB | 121 kB | 53/223 kB Progress (3): 10 kB | 121 kB | 57/223 kB Progress (3): 10 kB | 121 kB | 61/223 kB Progress (3): 10 kB | 121 kB | 65/223 kB Progress (3): 10 kB | 121 kB | 69/223 kB Progress (3): 10 kB | 121 kB | 73/223 kB Progress (3): 10 kB | 121 kB | 77/223 kB Progress (3): 10 kB | 121 kB | 81/223 kB Progress (3): 10 kB | 121 kB | 86/223 kB Progress (3): 10 kB | 121 kB | 90/223 kB Progress (3): 10 kB | 121 kB | 94/223 kB Progress (3): 10 kB | 121 kB | 98/223 kB Progress (3): 10 kB | 121 kB | 102/223 kB Progress (3): 10 kB | 121 kB | 106/223 kB Progress (3): 10 kB | 121 kB | 110/223 kB Progress (3): 10 kB | 121 kB | 114/223 kB Progress (3): 10 kB | 121 kB | 118/223 kB Progress (3): 10 kB | 121 kB | 122/223 kB Progress (3): 10 kB | 121 kB | 127/223 kB Progress (3): 10 kB | 121 kB | 131/223 kB Progress (3): 10 kB | 121 kB | 135/223 kB Progress (3): 10 kB | 121 kB | 139/223 kB Progress (3): 10 kB | 121 kB | 143/223 kB Progress (3): 10 kB | 121 kB | 147/223 kB Progress (3): 10 kB | 121 kB | 151/223 kB Progress (3): 10 kB | 121 kB | 155/223 kB Progress (3): 10 kB | 121 kB | 159/223 kB Progress (3): 10 kB | 121 kB | 163/223 kB Progress (3): 10 kB | 121 kB | 167/223 kB Progress (3): 10 kB | 121 kB | 172/223 kB Progress (3): 10 kB | 121 kB | 176/223 kB Progress (3): 10 kB | 121 kB | 180/223 kB Progress (3): 10 kB | 121 kB | 184/223 kB Progress (3): 10 kB | 121 kB | 188/223 kB Progress (3): 10 kB | 121 kB | 192/223 kB Progress (3): 10 kB | 121 kB | 196/223 kB Progress (3): 10 kB | 121 kB | 200/223 kB Progress (3): 10 kB | 121 kB | 204/223 kB Progress (3): 10 kB | 121 kB | 208/223 kB Progress (3): 10 kB | 121 kB | 213/223 kB Progress (3): 10 kB | 121 kB | 217/223 kB Progress (3): 10 kB | 121 kB | 221/223 kB Progress (3): 10 kB | 121 kB | 223 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (3): 121 kB | 223 kB | 3.8/43 kB Progress (3): 121 kB | 223 kB | 7.9/43 kB Progress (3): 121 kB | 223 kB | 12/43 kB Progress (3): 121 kB | 223 kB | 16/43 kB Progress (3): 121 kB | 223 kB | 20/43 kB Progress (4): 121 kB | 223 kB | 20/43 kB | 4.1/6.8 kB Progress (4): 121 kB | 223 kB | 20/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 24/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 28/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 32/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 37/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 41/43 kB | 6.8 kB Progress (4): 121 kB | 223 kB | 43 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 555 kB/s) Progress (4): 223 kB | 43 kB | 6.8 kB | 3.8/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 7.9/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 12/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 16/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 20/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 24/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 28/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 32/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 37/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 41/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 45/61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 987 kB/s) Progress (3): 43 kB | 6.8 kB | 49/61 kB Progress (3): 43 kB | 6.8 kB | 53/61 kB Progress (3): 43 kB | 6.8 kB | 57/61 kB Progress (3): 43 kB | 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 30 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 184 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 247 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 378 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 548 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 177 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 675 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 237 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 162 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 5.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 325 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 312 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 3.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/89 kB Progress (1): 7.7/89 kB Progress (1): 12/89 kB Progress (1): 16/89 kB Progress (1): 20/89 kB Progress (1): 24/89 kB Progress (1): 28/89 kB Progress (1): 32/89 kB Progress (1): 36/89 kB Progress (1): 41/89 kB Progress (1): 45/89 kB Progress (1): 49/89 kB Progress (1): 53/89 kB Progress (1): 57/89 kB Progress (1): 61/89 kB Progress (1): 65/89 kB Progress (1): 69/89 kB Progress (1): 73/89 kB Progress (1): 77/89 kB Progress (1): 81/89 kB Progress (1): 86/89 kB Progress (1): 89 kB Progress (2): 89 kB | 4.1/211 kB Progress (2): 89 kB | 7.7/211 kB Progress (2): 89 kB | 12/211 kB Progress (2): 89 kB | 16/211 kB Progress (2): 89 kB | 20/211 kB Progress (2): 89 kB | 24/211 kB Progress (2): 89 kB | 28/211 kB Progress (2): 89 kB | 32/211 kB Progress (2): 89 kB | 36/211 kB Progress (2): 89 kB | 41/211 kB Progress (2): 89 kB | 45/211 kB Progress (2): 89 kB | 49/211 kB Progress (2): 89 kB | 53/211 kB Progress (2): 89 kB | 57/211 kB Progress (2): 89 kB | 61/211 kB Progress (2): 89 kB | 65/211 kB Progress (2): 89 kB | 69/211 kB Progress (2): 89 kB | 73/211 kB Progress (2): 89 kB | 77/211 kB Progress (2): 89 kB | 81/211 kB Progress (2): 89 kB | 86/211 kB Progress (2): 89 kB | 90/211 kB Progress (2): 89 kB | 94/211 kB Progress (2): 89 kB | 98/211 kB Progress (2): 89 kB | 102/211 kB Progress (2): 89 kB | 106/211 kB Progress (2): 89 kB | 110/211 kB Progress (3): 89 kB | 110/211 kB | 4.1/13 kB Progress (3): 89 kB | 114/211 kB | 4.1/13 kB Progress (3): 89 kB | 114/211 kB | 7.7/13 kB Progress (3): 89 kB | 118/211 kB | 7.7/13 kB Progress (3): 89 kB | 118/211 kB | 12/13 kB Progress (3): 89 kB | 122/211 kB | 12/13 kB Progress (3): 89 kB | 122/211 kB | 13 kB Progress (3): 89 kB | 127/211 kB | 13 kB Progress (3): 89 kB | 131/211 kB | 13 kB Progress (3): 89 kB | 135/211 kB | 13 kB Progress (4): 89 kB | 135/211 kB | 13 kB | 4.1/160 kB Progress (4): 89 kB | 139/211 kB | 13 kB | 4.1/160 kB Progress (4): 89 kB | 139/211 kB | 13 kB | 7.7/160 kB Progress (4): 89 kB | 143/211 kB | 13 kB | 7.7/160 kB Progress (4): 89 kB | 143/211 kB | 13 kB | 12/160 kB Progress (4): 89 kB | 147/211 kB | 13 kB | 12/160 kB Progress (4): 89 kB | 147/211 kB | 13 kB | 16/160 kB Progress (4): 89 kB | 151/211 kB | 13 kB | 16/160 kB Progress (4): 89 kB | 151/211 kB | 13 kB | 20/160 kB Progress (4): 89 kB | 155/211 kB | 13 kB | 20/160 kB Progress (4): 89 kB | 155/211 kB | 13 kB | 24/160 kB Progress (4): 89 kB | 159/211 kB | 13 kB | 24/160 kB Progress (4): 89 kB | 163/211 kB | 13 kB | 24/160 kB Progress (4): 89 kB | 163/211 kB | 13 kB | 28/160 kB Progress (4): 89 kB | 163/211 kB | 13 kB | 32/160 kB Progress (4): 89 kB | 167/211 kB | 13 kB | 32/160 kB Progress (4): 89 kB | 167/211 kB | 13 kB | 36/160 kB Progress (4): 89 kB | 172/211 kB | 13 kB | 36/160 kB Progress (4): 89 kB | 172/211 kB | 13 kB | 41/160 kB Progress (4): 89 kB | 176/211 kB | 13 kB | 41/160 kB Progress (4): 89 kB | 180/211 kB | 13 kB | 41/160 kB Progress (4): 89 kB | 180/211 kB | 13 kB | 45/160 kB Progress (4): 89 kB | 180/211 kB | 13 kB | 49/160 kB Progress (4): 89 kB | 184/211 kB | 13 kB | 49/160 kB Progress (4): 89 kB | 184/211 kB | 13 kB | 53/160 kB Progress (4): 89 kB | 188/211 kB | 13 kB | 53/160 kB Progress (4): 89 kB | 188/211 kB | 13 kB | 57/160 kB Progress (4): 89 kB | 192/211 kB | 13 kB | 57/160 kB Progress (4): 89 kB | 196/211 kB | 13 kB | 57/160 kB Progress (4): 89 kB | 196/211 kB | 13 kB | 61/160 kB Progress (5): 89 kB | 196/211 kB | 13 kB | 61/160 kB | 4.1/49 kB Progress (5): 89 kB | 200/211 kB | 13 kB | 61/160 kB | 4.1/49 kB Progress (5): 89 kB | 200/211 kB | 13 kB | 61/160 kB | 7.7/49 kB Progress (5): 89 kB | 200/211 kB | 13 kB | 65/160 kB | 7.7/49 kB Progress (5): 89 kB | 200/211 kB | 13 kB | 65/160 kB | 12/49 kB Progress (5): 89 kB | 204/211 kB | 13 kB | 65/160 kB | 12/49 kB Progress (5): 89 kB | 204/211 kB | 13 kB | 65/160 kB | 16/49 kB Progress (5): 89 kB | 204/211 kB | 13 kB | 69/160 kB | 16/49 kB Progress (5): 89 kB | 208/211 kB | 13 kB | 69/160 kB | 16/49 kB Progress (5): 89 kB | 208/211 kB | 13 kB | 69/160 kB | 20/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 69/160 kB | 20/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 73/160 kB | 20/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 73/160 kB | 24/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 73/160 kB | 28/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 73/160 kB | 32/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 77/160 kB | 32/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 77/160 kB | 36/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 81/160 kB | 36/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 81/160 kB | 41/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 86/160 kB | 41/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 86/160 kB | 45/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 90/160 kB | 45/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 90/160 kB | 49/49 kB Progress (5): 89 kB | 211 kB | 13 kB | 90/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 94/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 98/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 102/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 106/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 110/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 114/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 118/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 122/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 127/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 131/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 135/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 139/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 143/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 147/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 151/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 155/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 159/160 kB | 49 kB Progress (5): 89 kB | 211 kB | 13 kB | 160 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 2.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 4.1/21 kB Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 7.7/21 kB Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 12/21 kB Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 16/21 kB Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 20/21 kB Progress (5): 211 kB | 13 kB | 160 kB | 49 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 909 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 2.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 307 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (1): 4.1/87 kB Progress (1): 7.7/87 kB Progress (1): 12/87 kB Progress (1): 16/87 kB Progress (1): 20/87 kB Progress (1): 24/87 kB Progress (1): 28/87 kB Progress (1): 32/87 kB Progress (1): 36/87 kB Progress (1): 40/87 kB Progress (1): 44/87 kB Progress (1): 48/87 kB Progress (1): 53/87 kB Progress (1): 57/87 kB Progress (1): 61/87 kB Progress (1): 65/87 kB Progress (1): 69/87 kB Progress (1): 73/87 kB Progress (1): 77/87 kB Progress (1): 81/87 kB Progress (1): 85/87 kB Progress (1): 87 kB Progress (2): 87 kB | 4.1/35 kB Progress (2): 87 kB | 7.7/35 kB Progress (2): 87 kB | 12/35 kB Progress (2): 87 kB | 16/35 kB Progress (2): 87 kB | 20/35 kB Progress (2): 87 kB | 24/35 kB Progress (2): 87 kB | 28/35 kB Progress (2): 87 kB | 32/35 kB Progress (2): 87 kB | 35 kB Progress (3): 87 kB | 35 kB | 4.1/25 kB Progress (3): 87 kB | 35 kB | 7.7/25 kB Progress (3): 87 kB | 35 kB | 12/25 kB Progress (3): 87 kB | 35 kB | 16/25 kB Progress (3): 87 kB | 35 kB | 20/25 kB Progress (3): 87 kB | 35 kB | 24/25 kB Progress (3): 87 kB | 35 kB | 25 kB Progress (4): 87 kB | 35 kB | 25 kB | 4.1/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 7.7/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 12/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 16/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 20/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 24/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 28/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 32/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 36/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 41/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 45/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 49/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 53/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 57/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 61/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 65/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 69/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 73/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 77/122 kB Progress (4): 87 kB | 35 kB | 25 kB | 81/122 kB Progress (5): 87 kB | 35 kB | 25 kB | 81/122 kB | 4.1/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 86/122 kB | 4.1/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 86/122 kB | 7.7/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 90/122 kB | 7.7/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 90/122 kB | 12/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 94/122 kB | 12/14 kB Progress (5): 87 kB | 35 kB | 25 kB | 94/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 98/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 102/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 106/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 110/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 114/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 118/122 kB | 14 kB Progress (5): 87 kB | 35 kB | 25 kB | 122 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 939 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 230 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (2): 14 kB | 4.1/29 kB Progress (2): 14 kB | 7.7/29 kB Progress (2): 14 kB | 12/29 kB Progress (2): 14 kB | 16/29 kB Progress (2): 14 kB | 20/29 kB Progress (2): 14 kB | 24/29 kB Progress (2): 14 kB | 28/29 kB Progress (2): 14 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Progress (2): 29 kB | 4.1/37 kB Progress (2): 29 kB | 7.7/37 kB Progress (2): 29 kB | 12/37 kB Progress (2): 29 kB | 16/37 kB Progress (2): 29 kB | 20/37 kB Progress (2): 29 kB | 24/37 kB Progress (2): 29 kB | 28/37 kB Progress (2): 29 kB | 32/37 kB Progress (2): 29 kB | 36/37 kB Progress (2): 29 kB | 37 kB Progress (3): 29 kB | 37 kB | 4.1/33 kB Progress (3): 29 kB | 37 kB | 7.7/33 kB Progress (3): 29 kB | 37 kB | 12/33 kB Progress (3): 29 kB | 37 kB | 16/33 kB Progress (3): 29 kB | 37 kB | 20/33 kB Progress (3): 29 kB | 37 kB | 24/33 kB Progress (3): 29 kB | 37 kB | 28/33 kB Progress (3): 29 kB | 37 kB | 32/33 kB Progress (3): 29 kB | 37 kB | 33 kB Progress (4): 29 kB | 37 kB | 33 kB | 4.1/10 kB Progress (4): 29 kB | 37 kB | 33 kB | 7.7/10 kB Progress (4): 29 kB | 37 kB | 33 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 220 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 279 kB/s) Progress (3): 33 kB | 10 kB | 4.1/58 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 33 kB | 10 kB | 7.7/58 kB Progress (3): 33 kB | 10 kB | 12/58 kB Progress (3): 33 kB | 10 kB | 16/58 kB Progress (3): 33 kB | 10 kB | 20/58 kB Progress (3): 33 kB | 10 kB | 24/58 kB Progress (3): 33 kB | 10 kB | 28/58 kB Progress (3): 33 kB | 10 kB | 32/58 kB Progress (3): 33 kB | 10 kB | 36/58 kB Progress (3): 33 kB | 10 kB | 41/58 kB Progress (3): 33 kB | 10 kB | 45/58 kB Progress (3): 33 kB | 10 kB | 49/58 kB Progress (3): 33 kB | 10 kB | 53/58 kB Progress (3): 33 kB | 10 kB | 57/58 kB Progress (3): 33 kB | 10 kB | 58 kB Progress (4): 33 kB | 10 kB | 58 kB | 4.1/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 7.7/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 12/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 16/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 20/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 24/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 28/32 kB Progress (4): 33 kB | 10 kB | 58 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 217 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 373 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (2): 32 kB | 4.1/155 kB Progress (2): 32 kB | 7.7/155 kB Progress (2): 32 kB | 12/155 kB Progress (2): 32 kB | 16/155 kB Progress (2): 32 kB | 20/155 kB Progress (2): 32 kB | 24/155 kB Progress (2): 32 kB | 28/155 kB Progress (2): 32 kB | 32/155 kB Progress (2): 32 kB | 36/155 kB Progress (2): 32 kB | 41/155 kB Progress (2): 32 kB | 45/155 kB Progress (2): 32 kB | 49/155 kB Progress (2): 32 kB | 53/155 kB Progress (2): 32 kB | 57/155 kB Progress (2): 32 kB | 61/155 kB Progress (2): 32 kB | 65/155 kB Progress (2): 32 kB | 69/155 kB Progress (2): 32 kB | 73/155 kB Progress (2): 32 kB | 77/155 kB Progress (2): 32 kB | 81/155 kB Progress (2): 32 kB | 86/155 kB Progress (2): 32 kB | 90/155 kB Progress (2): 32 kB | 94/155 kB Progress (2): 32 kB | 98/155 kB Progress (2): 32 kB | 102/155 kB Progress (2): 32 kB | 106/155 kB Progress (2): 32 kB | 110/155 kB Progress (2): 32 kB | 114/155 kB Progress (2): 32 kB | 118/155 kB Progress (2): 32 kB | 122/155 kB Progress (2): 32 kB | 127/155 kB Progress (2): 32 kB | 131/155 kB Progress (2): 32 kB | 135/155 kB Progress (2): 32 kB | 139/155 kB Progress (2): 32 kB | 143/155 kB Progress (2): 32 kB | 147/155 kB Progress (2): 32 kB | 151/155 kB Progress (2): 32 kB | 155 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 192 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 155 kB | 4.1/14 kB Progress (2): 155 kB | 7.7/14 kB Progress (2): 155 kB | 12/14 kB Progress (2): 155 kB | 14 kB Progress (3): 155 kB | 14 kB | 4.1/25 kB Progress (3): 155 kB | 14 kB | 7.7/25 kB Progress (3): 155 kB | 14 kB | 12/25 kB Progress (3): 155 kB | 14 kB | 16/25 kB Progress (3): 155 kB | 14 kB | 20/25 kB Progress (3): 155 kB | 14 kB | 24/25 kB Progress (3): 155 kB | 14 kB | 25 kB Progress (4): 155 kB | 14 kB | 25 kB | 4.1/4.2 kB Progress (4): 155 kB | 14 kB | 25 kB | 4.2 kB Progress (5): 155 kB | 14 kB | 25 kB | 4.2 kB | 4.1/4.6 kB Progress (5): 155 kB | 14 kB | 25 kB | 4.2 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 788 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (1): 4.1/19 kB Progress (1): 7.7/19 kB Progress (1): 12/19 kB Progress (1): 16/19 kB Progress (1): 19 kB Progress (2): 19 kB | 4.1/134 kB Progress (2): 19 kB | 7.7/134 kB Progress (2): 19 kB | 12/134 kB Progress (2): 19 kB | 16/134 kB Progress (2): 19 kB | 20/134 kB Progress (2): 19 kB | 24/134 kB Progress (2): 19 kB | 28/134 kB Progress (2): 19 kB | 32/134 kB Progress (2): 19 kB | 36/134 kB Progress (2): 19 kB | 41/134 kB Progress (2): 19 kB | 45/134 kB Progress (2): 19 kB | 49/134 kB Progress (2): 19 kB | 53/134 kB Progress (2): 19 kB | 57/134 kB Progress (2): 19 kB | 61/134 kB Progress (2): 19 kB | 65/134 kB Progress (2): 19 kB | 69/134 kB Progress (2): 19 kB | 73/134 kB Progress (2): 19 kB | 77/134 kB Progress (2): 19 kB | 81/134 kB Progress (2): 19 kB | 86/134 kB Progress (2): 19 kB | 90/134 kB Progress (2): 19 kB | 94/134 kB Progress (2): 19 kB | 98/134 kB Progress (2): 19 kB | 102/134 kB Progress (2): 19 kB | 106/134 kB Progress (2): 19 kB | 110/134 kB Progress (2): 19 kB | 114/134 kB Progress (3): 19 kB | 114/134 kB | 4.1/46 kB Progress (3): 19 kB | 118/134 kB | 4.1/46 kB Progress (3): 19 kB | 118/134 kB | 7.7/46 kB Progress (3): 19 kB | 122/134 kB | 7.7/46 kB Progress (3): 19 kB | 122/134 kB | 12/46 kB Progress (3): 19 kB | 122/134 kB | 16/46 kB Progress (4): 19 kB | 122/134 kB | 16/46 kB | 4.1/217 kB Progress (4): 19 kB | 127/134 kB | 16/46 kB | 4.1/217 kB Progress (4): 19 kB | 131/134 kB | 16/46 kB | 4.1/217 kB Progress (4): 19 kB | 131/134 kB | 16/46 kB | 7.7/217 kB Progress (4): 19 kB | 131/134 kB | 20/46 kB | 7.7/217 kB Progress (4): 19 kB | 131/134 kB | 20/46 kB | 12/217 kB Progress (4): 19 kB | 134 kB | 20/46 kB | 12/217 kB Progress (4): 19 kB | 134 kB | 20/46 kB | 16/217 kB Progress (4): 19 kB | 134 kB | 24/46 kB | 16/217 kB Progress (4): 19 kB | 134 kB | 28/46 kB | 16/217 kB Progress (4): 19 kB | 134 kB | 32/46 kB | 16/217 kB Progress (4): 19 kB | 134 kB | 32/46 kB | 20/217 kB Progress (4): 19 kB | 134 kB | 36/46 kB | 20/217 kB Progress (4): 19 kB | 134 kB | 36/46 kB | 24/217 kB Progress (4): 19 kB | 134 kB | 41/46 kB | 24/217 kB Progress (4): 19 kB | 134 kB | 41/46 kB | 28/217 kB Progress (4): 19 kB | 134 kB | 45/46 kB | 28/217 kB Progress (4): 19 kB | 134 kB | 45/46 kB | 32/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 32/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 36/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 41/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 45/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 49/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 53/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 57/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 61/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 65/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 69/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 73/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 77/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 81/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 86/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 90/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 94/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 98/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 102/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 106/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 110/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 114/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 118/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 122/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 127/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 131/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 135/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 139/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 143/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 147/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 151/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 155/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 159/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 163/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 167/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 172/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 176/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 180/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 184/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 188/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 192/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 196/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 200/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 204/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 208/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 213/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 217/217 kB Progress (4): 19 kB | 134 kB | 46 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 562 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (3): 46 kB | 217 kB | 4.1/358 kB Progress (3): 46 kB | 217 kB | 7.7/358 kB Progress (3): 46 kB | 217 kB | 12/358 kB Progress (3): 46 kB | 217 kB | 16/358 kB Progress (3): 46 kB | 217 kB | 20/358 kB Progress (3): 46 kB | 217 kB | 24/358 kB Progress (3): 46 kB | 217 kB | 28/358 kB Progress (3): 46 kB | 217 kB | 32/358 kB Progress (3): 46 kB | 217 kB | 36/358 kB Progress (3): 46 kB | 217 kB | 41/358 kB Progress (3): 46 kB | 217 kB | 45/358 kB Progress (3): 46 kB | 217 kB | 49/358 kB Progress (3): 46 kB | 217 kB | 53/358 kB Progress (3): 46 kB | 217 kB | 57/358 kB Progress (3): 46 kB | 217 kB | 61/358 kB Progress (3): 46 kB | 217 kB | 65/358 kB Progress (3): 46 kB | 217 kB | 69/358 kB Progress (3): 46 kB | 217 kB | 73/358 kB Progress (3): 46 kB | 217 kB | 77/358 kB Progress (3): 46 kB | 217 kB | 81/358 kB Progress (3): 46 kB | 217 kB | 85/358 kB Progress (3): 46 kB | 217 kB | 89/358 kB Progress (3): 46 kB | 217 kB | 94/358 kB Progress (3): 46 kB | 217 kB | 98/358 kB Progress (3): 46 kB | 217 kB | 102/358 kB Progress (3): 46 kB | 217 kB | 106/358 kB Progress (3): 46 kB | 217 kB | 110/358 kB Progress (3): 46 kB | 217 kB | 114/358 kB Progress (3): 46 kB | 217 kB | 118/358 kB Progress (3): 46 kB | 217 kB | 122/358 kB Progress (3): 46 kB | 217 kB | 126/358 kB Progress (3): 46 kB | 217 kB | 130/358 kB Progress (3): 46 kB | 217 kB | 134/358 kB Progress (3): 46 kB | 217 kB | 139/358 kB Progress (3): 46 kB | 217 kB | 143/358 kB Progress (3): 46 kB | 217 kB | 147/358 kB Progress (3): 46 kB | 217 kB | 151/358 kB Progress (3): 46 kB | 217 kB | 155/358 kB Progress (3): 46 kB | 217 kB | 159/358 kB Progress (3): 46 kB | 217 kB | 163/358 kB Progress (3): 46 kB | 217 kB | 167/358 kB Progress (3): 46 kB | 217 kB | 171/358 kB Progress (3): 46 kB | 217 kB | 175/358 kB Progress (3): 46 kB | 217 kB | 180/358 kB Progress (3): 46 kB | 217 kB | 184/358 kB Progress (3): 46 kB | 217 kB | 188/358 kB Progress (3): 46 kB | 217 kB | 192/358 kB Progress (3): 46 kB | 217 kB | 196/358 kB Progress (3): 46 kB | 217 kB | 200/358 kB Progress (3): 46 kB | 217 kB | 204/358 kB Progress (3): 46 kB | 217 kB | 208/358 kB Progress (3): 46 kB | 217 kB | 212/358 kB Progress (3): 46 kB | 217 kB | 216/358 kB Progress (3): 46 kB | 217 kB | 220/358 kB Progress (3): 46 kB | 217 kB | 225/358 kB Progress (3): 46 kB | 217 kB | 229/358 kB Progress (3): 46 kB | 217 kB | 233/358 kB Progress (3): 46 kB | 217 kB | 237/358 kB Progress (3): 46 kB | 217 kB | 241/358 kB Progress (3): 46 kB | 217 kB | 245/358 kB Progress (3): 46 kB | 217 kB | 249/358 kB Progress (3): 46 kB | 217 kB | 253/358 kB Progress (3): 46 kB | 217 kB | 257/358 kB Progress (3): 46 kB | 217 kB | 261/358 kB Progress (3): 46 kB | 217 kB | 266/358 kB Progress (3): 46 kB | 217 kB | 270/358 kB Progress (3): 46 kB | 217 kB | 274/358 kB Progress (3): 46 kB | 217 kB | 278/358 kB Progress (3): 46 kB | 217 kB | 282/358 kB Progress (3): 46 kB | 217 kB | 286/358 kB Progress (3): 46 kB | 217 kB | 290/358 kB Progress (3): 46 kB | 217 kB | 294/358 kB Progress (3): 46 kB | 217 kB | 298/358 kB Progress (3): 46 kB | 217 kB | 302/358 kB Progress (3): 46 kB | 217 kB | 307/358 kB Progress (3): 46 kB | 217 kB | 311/358 kB Progress (3): 46 kB | 217 kB | 315/358 kB Progress (3): 46 kB | 217 kB | 319/358 kB Progress (3): 46 kB | 217 kB | 323/358 kB Progress (3): 46 kB | 217 kB | 327/358 kB Progress (3): 46 kB | 217 kB | 331/358 kB Progress (3): 46 kB | 217 kB | 335/358 kB Progress (3): 46 kB | 217 kB | 339/358 kB Progress (3): 46 kB | 217 kB | 343/358 kB Progress (3): 46 kB | 217 kB | 347/358 kB Progress (3): 46 kB | 217 kB | 352/358 kB Progress (3): 46 kB | 217 kB | 356/358 kB Progress (3): 46 kB | 217 kB | 358 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (3): 217 kB | 358 kB | 4.1/45 kB Progress (3): 217 kB | 358 kB | 7.7/45 kB Progress (3): 217 kB | 358 kB | 12/45 kB Progress (3): 217 kB | 358 kB | 16/45 kB Progress (3): 217 kB | 358 kB | 20/45 kB Progress (3): 217 kB | 358 kB | 24/45 kB Progress (3): 217 kB | 358 kB | 28/45 kB Progress (3): 217 kB | 358 kB | 32/45 kB Progress (3): 217 kB | 358 kB | 36/45 kB Progress (3): 217 kB | 358 kB | 41/45 kB Progress (3): 217 kB | 358 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 846 kB/s) Progress (3): 358 kB | 45 kB | 4.1/640 kB Progress (3): 358 kB | 45 kB | 7.7/640 kB Progress (3): 358 kB | 45 kB | 12/640 kB Progress (3): 358 kB | 45 kB | 16/640 kB Progress (3): 358 kB | 45 kB | 20/640 kB Progress (3): 358 kB | 45 kB | 24/640 kB Progress (3): 358 kB | 45 kB | 28/640 kB Progress (3): 358 kB | 45 kB | 32/640 kB Progress (3): 358 kB | 45 kB | 36/640 kB Progress (3): 358 kB | 45 kB | 41/640 kB Progress (3): 358 kB | 45 kB | 45/640 kB Progress (3): 358 kB | 45 kB | 49/640 kB Progress (3): 358 kB | 45 kB | 53/640 kB Progress (3): 358 kB | 45 kB | 57/640 kB Progress (3): 358 kB | 45 kB | 61/640 kB Progress (3): 358 kB | 45 kB | 65/640 kB Progress (3): 358 kB | 45 kB | 69/640 kB Progress (3): 358 kB | 45 kB | 73/640 kB Progress (3): 358 kB | 45 kB | 77/640 kB Progress (3): 358 kB | 45 kB | 81/640 kB Progress (3): 358 kB | 45 kB | 86/640 kB Progress (3): 358 kB | 45 kB | 90/640 kB Progress (3): 358 kB | 45 kB | 94/640 kB Progress (3): 358 kB | 45 kB | 98/640 kB Progress (3): 358 kB | 45 kB | 102/640 kB Progress (3): 358 kB | 45 kB | 106/640 kB Progress (3): 358 kB | 45 kB | 110/640 kB Progress (3): 358 kB | 45 kB | 114/640 kB Progress (3): 358 kB | 45 kB | 118/640 kB Progress (3): 358 kB | 45 kB | 122/640 kB Progress (3): 358 kB | 45 kB | 127/640 kB Progress (3): 358 kB | 45 kB | 131/640 kB Progress (3): 358 kB | 45 kB | 135/640 kB Progress (3): 358 kB | 45 kB | 139/640 kB Progress (3): 358 kB | 45 kB | 143/640 kB Progress (3): 358 kB | 45 kB | 147/640 kB Progress (3): 358 kB | 45 kB | 151/640 kB Progress (3): 358 kB | 45 kB | 155/640 kB Progress (3): 358 kB | 45 kB | 159/640 kB Progress (3): 358 kB | 45 kB | 163/640 kB Progress (3): 358 kB | 45 kB | 167/640 kB Progress (3): 358 kB | 45 kB | 172/640 kB Progress (3): 358 kB | 45 kB | 176/640 kB Progress (3): 358 kB | 45 kB | 180/640 kB Progress (3): 358 kB | 45 kB | 184/640 kB Progress (3): 358 kB | 45 kB | 188/640 kB Progress (3): 358 kB | 45 kB | 192/640 kB Progress (3): 358 kB | 45 kB | 196/640 kB Progress (3): 358 kB | 45 kB | 200/640 kB Progress (3): 358 kB | 45 kB | 204/640 kB Progress (3): 358 kB | 45 kB | 208/640 kB Progress (3): 358 kB | 45 kB | 213/640 kB Progress (3): 358 kB | 45 kB | 217/640 kB Progress (3): 358 kB | 45 kB | 221/640 kB Progress (3): 358 kB | 45 kB | 225/640 kB Progress (3): 358 kB | 45 kB | 229/640 kB Progress (3): 358 kB | 45 kB | 233/640 kB Progress (3): 358 kB | 45 kB | 237/640 kB Progress (3): 358 kB | 45 kB | 241/640 kB Progress (3): 358 kB | 45 kB | 245/640 kB Progress (3): 358 kB | 45 kB | 249/640 kB Progress (3): 358 kB | 45 kB | 254/640 kB Progress (3): 358 kB | 45 kB | 258/640 kB Progress (3): 358 kB | 45 kB | 262/640 kB Progress (3): 358 kB | 45 kB | 266/640 kB Progress (3): 358 kB | 45 kB | 270/640 kB Progress (3): 358 kB | 45 kB | 274/640 kB Progress (3): 358 kB | 45 kB | 278/640 kB Progress (3): 358 kB | 45 kB | 282/640 kB Progress (3): 358 kB | 45 kB | 286/640 kB Progress (3): 358 kB | 45 kB | 290/640 kB Progress (3): 358 kB | 45 kB | 294/640 kB Progress (3): 358 kB | 45 kB | 299/640 kB Progress (3): 358 kB | 45 kB | 303/640 kB Progress (3): 358 kB | 45 kB | 307/640 kB Progress (3): 358 kB | 45 kB | 311/640 kB Progress (3): 358 kB | 45 kB | 315/640 kB Progress (3): 358 kB | 45 kB | 319/640 kB Progress (3): 358 kB | 45 kB | 323/640 kB Progress (3): 358 kB | 45 kB | 327/640 kB Progress (3): 358 kB | 45 kB | 331/640 kB Progress (3): 358 kB | 45 kB | 335/640 kB Progress (3): 358 kB | 45 kB | 340/640 kB Progress (3): 358 kB | 45 kB | 344/640 kB Progress (3): 358 kB | 45 kB | 348/640 kB Progress (3): 358 kB | 45 kB | 352/640 kB Progress (3): 358 kB | 45 kB | 356/640 kB Progress (3): 358 kB | 45 kB | 360/640 kB Progress (3): 358 kB | 45 kB | 364/640 kB Progress (3): 358 kB | 45 kB | 368/640 kB Progress (3): 358 kB | 45 kB | 372/640 kB Progress (3): 358 kB | 45 kB | 376/640 kB Progress (3): 358 kB | 45 kB | 380/640 kB Progress (3): 358 kB | 45 kB | 385/640 kB Progress (3): 358 kB | 45 kB | 389/640 kB Progress (3): 358 kB | 45 kB | 393/640 kB Progress (3): 358 kB | 45 kB | 397/640 kB Progress (3): 358 kB | 45 kB | 401/640 kB Progress (3): 358 kB | 45 kB | 405/640 kB Progress (3): 358 kB | 45 kB | 409/640 kB Progress (3): 358 kB | 45 kB | 413/640 kB Progress (3): 358 kB | 45 kB | 417/640 kB Progress (3): 358 kB | 45 kB | 421/640 kB Progress (3): 358 kB | 45 kB | 426/640 kB Progress (3): 358 kB | 45 kB | 430/640 kB Progress (3): 358 kB | 45 kB | 434/640 kB Progress (3): 358 kB | 45 kB | 438/640 kB Progress (3): 358 kB | 45 kB | 442/640 kB Progress (3): 358 kB | 45 kB | 446/640 kB Progress (3): 358 kB | 45 kB | 450/640 kB Progress (3): 358 kB | 45 kB | 454/640 kB Progress (3): 358 kB | 45 kB | 458/640 kB Progress (3): 358 kB | 45 kB | 462/640 kB Progress (3): 358 kB | 45 kB | 466/640 kB Progress (3): 358 kB | 45 kB | 471/640 kB Progress (3): 358 kB | 45 kB | 475/640 kB Progress (3): 358 kB | 45 kB | 479/640 kB Progress (3): 358 kB | 45 kB | 483/640 kB Progress (3): 358 kB | 45 kB | 487/640 kB Progress (3): 358 kB | 45 kB | 491/640 kB Progress (3): 358 kB | 45 kB | 495/640 kB Progress (3): 358 kB | 45 kB | 499/640 kB Progress (3): 358 kB | 45 kB | 503/640 kB Progress (3): 358 kB | 45 kB | 507/640 kB Progress (3): 358 kB | 45 kB | 512/640 kB Progress (3): 358 kB | 45 kB | 516/640 kB Progress (3): 358 kB | 45 kB | 520/640 kB Progress (3): 358 kB | 45 kB | 524/640 kB Progress (3): 358 kB | 45 kB | 528/640 kB Progress (3): 358 kB | 45 kB | 532/640 kB Progress (3): 358 kB | 45 kB | 536/640 kB Progress (3): 358 kB | 45 kB | 540/640 kB Progress (3): 358 kB | 45 kB | 544/640 kB Progress (3): 358 kB | 45 kB | 548/640 kB Progress (3): 358 kB | 45 kB | 553/640 kB Progress (3): 358 kB | 45 kB | 557/640 kB Progress (3): 358 kB | 45 kB | 561/640 kB Progress (3): 358 kB | 45 kB | 565/640 kB Progress (3): 358 kB | 45 kB | 569/640 kB Progress (3): 358 kB | 45 kB | 573/640 kB Progress (3): 358 kB | 45 kB | 577/640 kB Progress (3): 358 kB | 45 kB | 581/640 kB Progress (3): 358 kB | 45 kB | 585/640 kB Progress (3): 358 kB | 45 kB | 589/640 kB Progress (3): 358 kB | 45 kB | 593/640 kB Progress (3): 358 kB | 45 kB | 598/640 kB Progress (3): 358 kB | 45 kB | 602/640 kB Progress (3): 358 kB | 45 kB | 606/640 kB Progress (3): 358 kB | 45 kB | 610/640 kB Progress (3): 358 kB | 45 kB | 614/640 kB Progress (3): 358 kB | 45 kB | 618/640 kB Progress (3): 358 kB | 45 kB | 622/640 kB Progress (3): 358 kB | 45 kB | 626/640 kB Progress (3): 358 kB | 45 kB | 630/640 kB Progress (3): 358 kB | 45 kB | 634/640 kB Progress (3): 358 kB | 45 kB | 639/640 kB Progress (3): 358 kB | 45 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 163 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Progress (2): 640 kB | 3.4/121 kB Progress (2): 640 kB | 7.5/121 kB Progress (2): 640 kB | 12/121 kB Progress (2): 640 kB | 16/121 kB Progress (2): 640 kB | 20/121 kB Progress (2): 640 kB | 24/121 kB Progress (2): 640 kB | 28/121 kB Progress (2): 640 kB | 32/121 kB Progress (2): 640 kB | 36/121 kB Progress (2): 640 kB | 40/121 kB Progress (2): 640 kB | 44/121 kB Progress (2): 640 kB | 48/121 kB Progress (2): 640 kB | 53/121 kB Progress (2): 640 kB | 57/121 kB Progress (2): 640 kB | 61/121 kB Progress (2): 640 kB | 65/121 kB Progress (2): 640 kB | 69/121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.3 MB/s) Progress (1): 73/121 kB Progress (1): 77/121 kB Progress (1): 81/121 kB Progress (1): 85/121 kB Progress (1): 89/121 kB Progress (1): 94/121 kB Progress (1): 98/121 kB Progress (1): 102/121 kB Progress (1): 106/121 kB Progress (1): 110/121 kB Progress (1): 114/121 kB Progress (1): 118/121 kB Progress (1): 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 389 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 407 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 230 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 306 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 180 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/118 kB Progress (1): 7.7/118 kB Progress (1): 12/118 kB Progress (1): 16/118 kB Progress (1): 20/118 kB Progress (1): 24/118 kB Progress (1): 28/118 kB Progress (1): 32/118 kB Progress (1): 36/118 kB Progress (1): 41/118 kB Progress (1): 45/118 kB Progress (1): 49/118 kB Progress (1): 53/118 kB Progress (1): 57/118 kB Progress (1): 61/118 kB Progress (1): 65/118 kB Progress (1): 69/118 kB Progress (1): 73/118 kB Progress (1): 77/118 kB Progress (1): 81/118 kB Progress (1): 86/118 kB Progress (1): 90/118 kB Progress (1): 94/118 kB Progress (1): 98/118 kB Progress (1): 102/118 kB Progress (1): 106/118 kB Progress (1): 110/118 kB Progress (1): 114/118 kB Progress (1): 118 kB Progress (2): 118 kB | 4.1/316 kB Progress (2): 118 kB | 7.7/316 kB Progress (2): 118 kB | 12/316 kB Progress (2): 118 kB | 16/316 kB Progress (2): 118 kB | 20/316 kB Progress (2): 118 kB | 24/316 kB Progress (2): 118 kB | 28/316 kB Progress (2): 118 kB | 32/316 kB Progress (2): 118 kB | 36/316 kB Progress (2): 118 kB | 40/316 kB Progress (2): 118 kB | 44/316 kB Progress (2): 118 kB | 48/316 kB Progress (2): 118 kB | 53/316 kB Progress (2): 118 kB | 57/316 kB Progress (2): 118 kB | 61/316 kB Progress (2): 118 kB | 65/316 kB Progress (2): 118 kB | 69/316 kB Progress (2): 118 kB | 73/316 kB Progress (2): 118 kB | 77/316 kB Progress (2): 118 kB | 81/316 kB Progress (2): 118 kB | 85/316 kB Progress (2): 118 kB | 89/316 kB Progress (2): 118 kB | 94/316 kB Progress (2): 118 kB | 98/316 kB Progress (2): 118 kB | 102/316 kB Progress (2): 118 kB | 106/316 kB Progress (2): 118 kB | 110/316 kB Progress (2): 118 kB | 114/316 kB Progress (2): 118 kB | 118/316 kB Progress (2): 118 kB | 122/316 kB Progress (2): 118 kB | 126/316 kB Progress (2): 118 kB | 130/316 kB Progress (2): 118 kB | 134/316 kB Progress (2): 118 kB | 139/316 kB Progress (2): 118 kB | 143/316 kB Progress (2): 118 kB | 147/316 kB Progress (2): 118 kB | 151/316 kB Progress (2): 118 kB | 155/316 kB Progress (2): 118 kB | 159/316 kB Progress (3): 118 kB | 159/316 kB | 4.1/263 kB Progress (3): 118 kB | 163/316 kB | 4.1/263 kB Progress (3): 118 kB | 163/316 kB | 7.7/263 kB Progress (3): 118 kB | 167/316 kB | 7.7/263 kB Progress (3): 118 kB | 167/316 kB | 12/263 kB Progress (3): 118 kB | 171/316 kB | 12/263 kB Progress (3): 118 kB | 171/316 kB | 16/263 kB Progress (3): 118 kB | 175/316 kB | 16/263 kB Progress (3): 118 kB | 175/316 kB | 20/263 kB Progress (3): 118 kB | 180/316 kB | 20/263 kB Progress (3): 118 kB | 180/316 kB | 24/263 kB Progress (3): 118 kB | 184/316 kB | 24/263 kB Progress (3): 118 kB | 184/316 kB | 28/263 kB Progress (3): 118 kB | 188/316 kB | 28/263 kB Progress (3): 118 kB | 188/316 kB | 32/263 kB Progress (3): 118 kB | 192/316 kB | 32/263 kB Progress (3): 118 kB | 192/316 kB | 36/263 kB Progress (3): 118 kB | 192/316 kB | 41/263 kB Progress (3): 118 kB | 192/316 kB | 45/263 kB Progress (3): 118 kB | 196/316 kB | 45/263 kB Progress (3): 118 kB | 196/316 kB | 49/263 kB Progress (3): 118 kB | 200/316 kB | 49/263 kB Progress (3): 118 kB | 204/316 kB | 49/263 kB Progress (3): 118 kB | 208/316 kB | 49/263 kB Progress (3): 118 kB | 208/316 kB | 53/263 kB Progress (3): 118 kB | 208/316 kB | 57/263 kB Progress (3): 118 kB | 208/316 kB | 61/263 kB Progress (3): 118 kB | 208/316 kB | 65/263 kB Progress (3): 118 kB | 212/316 kB | 65/263 kB Progress (3): 118 kB | 216/316 kB | 65/263 kB Progress (3): 118 kB | 216/316 kB | 69/263 kB Progress (3): 118 kB | 220/316 kB | 69/263 kB Progress (3): 118 kB | 220/316 kB | 73/263 kB Progress (3): 118 kB | 225/316 kB | 73/263 kB Progress (3): 118 kB | 225/316 kB | 77/263 kB Progress (3): 118 kB | 225/316 kB | 81/263 kB Progress (3): 118 kB | 229/316 kB | 81/263 kB Progress (3): 118 kB | 233/316 kB | 81/263 kB Progress (3): 118 kB | 233/316 kB | 86/263 kB Progress (3): 118 kB | 233/316 kB | 90/263 kB Progress (3): 118 kB | 233/316 kB | 94/263 kB Progress (3): 118 kB | 233/316 kB | 98/263 kB Progress (3): 118 kB | 237/316 kB | 98/263 kB Progress (3): 118 kB | 241/316 kB | 98/263 kB Progress (3): 118 kB | 241/316 kB | 102/263 kB Progress (3): 118 kB | 245/316 kB | 102/263 kB Progress (3): 118 kB | 245/316 kB | 106/263 kB Progress (3): 118 kB | 249/316 kB | 106/263 kB Progress (3): 118 kB | 249/316 kB | 110/263 kB Progress (3): 118 kB | 249/316 kB | 114/263 kB Progress (3): 118 kB | 253/316 kB | 114/263 kB Progress (3): 118 kB | 253/316 kB | 118/263 kB Progress (3): 118 kB | 257/316 kB | 118/263 kB Progress (3): 118 kB | 257/316 kB | 122/263 kB Progress (3): 118 kB | 261/316 kB | 122/263 kB Progress (3): 118 kB | 261/316 kB | 127/263 kB Progress (3): 118 kB | 265/316 kB | 127/263 kB Progress (3): 118 kB | 265/316 kB | 131/263 kB Progress (3): 118 kB | 265/316 kB | 135/263 kB Progress (3): 118 kB | 269/316 kB | 135/263 kB Progress (3): 118 kB | 273/316 kB | 135/263 kB Progress (3): 118 kB | 273/316 kB | 139/263 kB Progress (3): 118 kB | 278/316 kB | 139/263 kB Progress (3): 118 kB | 278/316 kB | 143/263 kB Progress (3): 118 kB | 282/316 kB | 143/263 kB Progress (3): 118 kB | 282/316 kB | 147/263 kB Progress (3): 118 kB | 282/316 kB | 151/263 kB Progress (3): 118 kB | 286/316 kB | 151/263 kB Progress (3): 118 kB | 286/316 kB | 155/263 kB Progress (3): 118 kB | 290/316 kB | 155/263 kB Progress (3): 118 kB | 290/316 kB | 159/263 kB Progress (3): 118 kB | 294/316 kB | 159/263 kB Progress (3): 118 kB | 294/316 kB | 163/263 kB Progress (3): 118 kB | 298/316 kB | 163/263 kB Progress (3): 118 kB | 298/316 kB | 167/263 kB Progress (3): 118 kB | 298/316 kB | 172/263 kB Progress (3): 118 kB | 298/316 kB | 176/263 kB Progress (3): 118 kB | 302/316 kB | 176/263 kB Progress (3): 118 kB | 302/316 kB | 180/263 kB Progress (3): 118 kB | 306/316 kB | 180/263 kB Progress (3): 118 kB | 310/316 kB | 180/263 kB Progress (3): 118 kB | 314/316 kB | 180/263 kB Progress (3): 118 kB | 314/316 kB | 184/263 kB Progress (3): 118 kB | 314/316 kB | 188/263 kB Progress (3): 118 kB | 316 kB | 188/263 kB Progress (3): 118 kB | 316 kB | 192/263 kB Progress (3): 118 kB | 316 kB | 196/263 kB Progress (4): 118 kB | 316 kB | 196/263 kB | 4.1/35 kB Progress (4): 118 kB | 316 kB | 200/263 kB | 4.1/35 kB Progress (4): 118 kB | 316 kB | 200/263 kB | 7.7/35 kB Progress (4): 118 kB | 316 kB | 204/263 kB | 7.7/35 kB Progress (4): 118 kB | 316 kB | 204/263 kB | 12/35 kB Progress (4): 118 kB | 316 kB | 208/263 kB | 12/35 kB Progress (4): 118 kB | 316 kB | 208/263 kB | 16/35 kB Progress (4): 118 kB | 316 kB | 213/263 kB | 16/35 kB Progress (5): 118 kB | 316 kB | 213/263 kB | 16/35 kB | 4.1/31 kB Progress (5): 118 kB | 316 kB | 213/263 kB | 20/35 kB | 4.1/31 kB Progress (5): 118 kB | 316 kB | 213/263 kB | 20/35 kB | 7.7/31 kB Progress (5): 118 kB | 316 kB | 217/263 kB | 20/35 kB | 7.7/31 kB Progress (5): 118 kB | 316 kB | 217/263 kB | 20/35 kB | 12/31 kB Progress (5): 118 kB | 316 kB | 217/263 kB | 24/35 kB | 12/31 kB Progress (5): 118 kB | 316 kB | 217/263 kB | 24/35 kB | 16/31 kB Progress (5): 118 kB | 316 kB | 221/263 kB | 24/35 kB | 16/31 kB Progress (5): 118 kB | 316 kB | 221/263 kB | 28/35 kB | 16/31 kB Progress (5): 118 kB | 316 kB | 221/263 kB | 28/35 kB | 20/31 kB Progress (5): 118 kB | 316 kB | 225/263 kB | 28/35 kB | 20/31 kB Progress (5): 118 kB | 316 kB | 225/263 kB | 28/35 kB | 24/31 kB Progress (5): 118 kB | 316 kB | 225/263 kB | 32/35 kB | 24/31 kB Progress (5): 118 kB | 316 kB | 225/263 kB | 32/35 kB | 28/31 kB Progress (5): 118 kB | 316 kB | 229/263 kB | 32/35 kB | 28/31 kB Progress (5): 118 kB | 316 kB | 229/263 kB | 32/35 kB | 31 kB Progress (5): 118 kB | 316 kB | 229/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 233/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 237/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 241/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 245/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 249/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 254/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 258/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 262/263 kB | 35 kB | 31 kB Progress (5): 118 kB | 316 kB | 263 kB | 35 kB | 31 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 4.1/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 7.7/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 12/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 16/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 20/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 24/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 28/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 32/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 36/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 41/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 45/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 49/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 53/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 57/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 61/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 65/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 69/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 73/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 77/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 81/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 86/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 90/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 94/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 98/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 102/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 106/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 110/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 114/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 118/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 122/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 127/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 131/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 135/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 139/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 143/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 147/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 151/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 155/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 159/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 163/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 167/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 172/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 176/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 180/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 184/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 188/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 192/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 196/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 200/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 204/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 208/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 213/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 217/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 221/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 225/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 229/232 kB Progress (5): 316 kB | 263 kB | 35 kB | 31 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 510 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 4.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 403 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 3.3 MB/s) Progress (2): 232 kB | 4.1/38 kB Progress (2): 232 kB | 7.7/38 kB Progress (2): 232 kB | 12/38 kB Progress (2): 232 kB | 16/38 kB Progress (2): 232 kB | 20/38 kB Progress (2): 232 kB | 24/38 kB Progress (2): 232 kB | 28/38 kB Progress (2): 232 kB | 32/38 kB Progress (2): 232 kB | 36/38 kB Progress (2): 232 kB | 38 kB Progress (3): 232 kB | 38 kB | 4.1/10 kB Progress (3): 232 kB | 38 kB | 7.7/10 kB Progress (3): 232 kB | 38 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.3 MB/s) Progress (3): 38 kB | 10 kB | 4.1/14 kB Progress (3): 38 kB | 10 kB | 7.7/14 kB Progress (3): 38 kB | 10 kB | 12/14 kB Progress (3): 38 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 336 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 82 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 96 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 669 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 329 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 259 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 7.7 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 256 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 314 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/79 kB Progress (1): 7.7/79 kB Progress (1): 12/79 kB Progress (1): 16/79 kB Progress (1): 20/79 kB Progress (1): 24/79 kB Progress (1): 28/79 kB Progress (1): 32/79 kB Progress (1): 36/79 kB Progress (1): 41/79 kB Progress (1): 45/79 kB Progress (1): 49/79 kB Progress (1): 53/79 kB Progress (1): 57/79 kB Progress (1): 61/79 kB Progress (1): 65/79 kB Progress (1): 69/79 kB Progress (1): 73/79 kB Progress (1): 77/79 kB Progress (1): 79 kB Progress (2): 79 kB | 4.1/26 kB Progress (3): 79 kB | 4.1/26 kB | 4.1/41 kB Progress (3): 79 kB | 7.7/26 kB | 4.1/41 kB Progress (3): 79 kB | 7.7/26 kB | 7.7/41 kB Progress (3): 79 kB | 12/26 kB | 7.7/41 kB Progress (3): 79 kB | 12/26 kB | 12/41 kB Progress (3): 79 kB | 16/26 kB | 12/41 kB Progress (3): 79 kB | 16/26 kB | 16/41 kB Progress (3): 79 kB | 20/26 kB | 16/41 kB Progress (3): 79 kB | 24/26 kB | 16/41 kB Progress (3): 79 kB | 24/26 kB | 20/41 kB Progress (3): 79 kB | 26 kB | 20/41 kB Progress (3): 79 kB | 26 kB | 24/41 kB Progress (3): 79 kB | 26 kB | 28/41 kB Progress (3): 79 kB | 26 kB | 32/41 kB Progress (3): 79 kB | 26 kB | 36/41 kB Progress (3): 79 kB | 26 kB | 41/41 kB Progress (3): 79 kB | 26 kB | 41 kB Progress (4): 79 kB | 26 kB | 41 kB | 4.1/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 7.7/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 12/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 16/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 20/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 24/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 28/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 32/36 kB Progress (4): 79 kB | 26 kB | 41 kB | 36 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 4.1/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 7.7/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 12/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 16/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 20/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 24/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 28/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 32/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 36/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 41/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 45/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 49/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 53/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 57/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 61/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 65/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 69/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 73/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 77/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 81/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 86/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 90/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 94/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 98/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 102/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 106/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 110/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 114/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 118/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 122/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 127/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 131/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 135/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 139/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 143/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 147/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 151/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 155/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 159/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 163/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 167/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 172/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 176/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 180/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 184/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 188/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 192/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 196/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 200/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 204/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 208/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 213/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 217/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 221/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 225/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 229/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 233/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 237/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 241/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 245/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 249/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 254/327 kB Progress (5): 79 kB | 26 kB | 41 kB | 36 kB | 258/327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.8 MB/s) Progress (4): 26 kB | 41 kB | 36 kB | 262/327 kB Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Progress (4): 26 kB | 41 kB | 36 kB | 266/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 270/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 274/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 278/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 282/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 286/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 290/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 294/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 299/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 303/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 307/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 311/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 315/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 319/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 323/327 kB Progress (4): 26 kB | 41 kB | 36 kB | 327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Progress (4): 41 kB | 36 kB | 327 kB | 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 571 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 4.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (2): 2.5 kB | 4.1/211 kB Progress (2): 2.5 kB | 7.7/211 kB Progress (2): 2.5 kB | 12/211 kB Progress (2): 2.5 kB | 16/211 kB Progress (2): 2.5 kB | 20/211 kB Progress (2): 2.5 kB | 24/211 kB Progress (2): 2.5 kB | 28/211 kB Progress (2): 2.5 kB | 32/211 kB Progress (2): 2.5 kB | 36/211 kB Progress (2): 2.5 kB | 40/211 kB Progress (2): 2.5 kB | 44/211 kB Progress (2): 2.5 kB | 48/211 kB Progress (2): 2.5 kB | 53/211 kB Progress (2): 2.5 kB | 57/211 kB Progress (2): 2.5 kB | 61/211 kB Progress (2): 2.5 kB | 65/211 kB Progress (2): 2.5 kB | 69/211 kB Progress (2): 2.5 kB | 73/211 kB Progress (2): 2.5 kB | 77/211 kB Progress (2): 2.5 kB | 81/211 kB Progress (2): 2.5 kB | 85/211 kB Progress (2): 2.5 kB | 89/211 kB Progress (2): 2.5 kB | 94/211 kB Progress (2): 2.5 kB | 98/211 kB Progress (2): 2.5 kB | 102/211 kB Progress (2): 2.5 kB | 106/211 kB Progress (2): 2.5 kB | 110/211 kB Progress (2): 2.5 kB | 114/211 kB Progress (2): 2.5 kB | 118/211 kB Progress (2): 2.5 kB | 122/211 kB Progress (2): 2.5 kB | 126/211 kB Progress (2): 2.5 kB | 130/211 kB Progress (2): 2.5 kB | 134/211 kB Progress (2): 2.5 kB | 139/211 kB Progress (2): 2.5 kB | 143/211 kB Progress (2): 2.5 kB | 147/211 kB Progress (2): 2.5 kB | 151/211 kB Progress (2): 2.5 kB | 155/211 kB Progress (2): 2.5 kB | 159/211 kB Progress (2): 2.5 kB | 163/211 kB Progress (2): 2.5 kB | 167/211 kB Progress (2): 2.5 kB | 171/211 kB Progress (2): 2.5 kB | 175/211 kB Progress (2): 2.5 kB | 180/211 kB Progress (2): 2.5 kB | 184/211 kB Progress (2): 2.5 kB | 188/211 kB Progress (2): 2.5 kB | 192/211 kB Progress (2): 2.5 kB | 196/211 kB Progress (2): 2.5 kB | 200/211 kB Progress (2): 2.5 kB | 204/211 kB Progress (2): 2.5 kB | 208/211 kB Progress (2): 2.5 kB | 211 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.1/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Progress (2): 211 kB | 0.2/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.3/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.4/1.0 MB Progress (1): 0.5/1.0 MB Progress (1): 0.5/1.0 MB Progress (1): 0.5/1.0 MB Progress (1): 0.5/1.0 MB Progress (2): 0.5/1.0 MB | 4.1/85 kB Progress (2): 0.5/1.0 MB | 4.1/85 kB Progress (2): 0.5/1.0 MB | 7.7/85 kB Progress (2): 0.5/1.0 MB | 7.7/85 kB Progress (3): 0.5/1.0 MB | 7.7/85 kB | 4.1/116 kB Progress (3): 0.5/1.0 MB | 12/85 kB | 4.1/116 kB Progress (3): 0.5/1.0 MB | 12/85 kB | 7.7/116 kB Progress (3): 0.5/1.0 MB | 12/85 kB | 7.7/116 kB Progress (3): 0.5/1.0 MB | 12/85 kB | 12/116 kB Progress (3): 0.5/1.0 MB | 16/85 kB | 12/116 kB Progress (3): 0.5/1.0 MB | 16/85 kB | 16/116 kB Progress (3): 0.5/1.0 MB | 16/85 kB | 16/116 kB Progress (3): 0.5/1.0 MB | 20/85 kB | 16/116 kB Progress (3): 0.5/1.0 MB | 24/85 kB | 16/116 kB Progress (3): 0.5/1.0 MB | 24/85 kB | 20/116 kB Progress (3): 0.5/1.0 MB | 28/85 kB | 20/116 kB Progress (3): 0.5/1.0 MB | 28/85 kB | 24/116 kB Progress (3): 0.5/1.0 MB | 32/85 kB | 24/116 kB Progress (3): 0.5/1.0 MB | 32/85 kB | 28/116 kB Progress (3): 0.5/1.0 MB | 32/85 kB | 32/116 kB Progress (3): 0.5/1.0 MB | 36/85 kB | 32/116 kB Progress (3): 0.5/1.0 MB | 41/85 kB | 32/116 kB Progress (3): 0.5/1.0 MB | 41/85 kB | 36/116 kB Progress (3): 0.5/1.0 MB | 41/85 kB | 41/116 kB Progress (3): 0.5/1.0 MB | 41/85 kB | 45/116 kB Progress (3): 0.5/1.0 MB | 45/85 kB | 45/116 kB Progress (3): 0.5/1.0 MB | 45/85 kB | 49/116 kB Progress (3): 0.5/1.0 MB | 49/85 kB | 49/116 kB Progress (3): 0.5/1.0 MB | 49/85 kB | 53/116 kB Progress (3): 0.5/1.0 MB | 53/85 kB | 53/116 kB Progress (3): 0.5/1.0 MB | 53/85 kB | 57/116 kB Progress (3): 0.5/1.0 MB | 57/85 kB | 57/116 kB Progress (3): 0.5/1.0 MB | 57/85 kB | 61/116 kB Progress (3): 0.5/1.0 MB | 57/85 kB | 61/116 kB Progress (3): 0.5/1.0 MB | 57/85 kB | 65/116 kB Progress (3): 0.5/1.0 MB | 61/85 kB | 65/116 kB Progress (3): 0.5/1.0 MB | 61/85 kB | 65/116 kB Progress (3): 0.5/1.0 MB | 65/85 kB | 65/116 kB Progress (3): 0.5/1.0 MB | 65/85 kB | 69/116 kB Progress (3): 0.5/1.0 MB | 65/85 kB | 73/116 kB Progress (3): 0.5/1.0 MB | 65/85 kB | 77/116 kB Progress (3): 0.5/1.0 MB | 69/85 kB | 77/116 kB Progress (3): 0.5/1.0 MB | 69/85 kB | 81/116 kB Progress (3): 0.5/1.0 MB | 69/85 kB | 81/116 kB Progress (3): 0.5/1.0 MB | 73/85 kB | 81/116 kB Progress (3): 0.5/1.0 MB | 73/85 kB | 81/116 kB Progress (3): 0.5/1.0 MB | 77/85 kB | 81/116 kB Progress (3): 0.5/1.0 MB | 77/85 kB | 86/116 kB Progress (3): 0.5/1.0 MB | 81/85 kB | 86/116 kB Progress (3): 0.5/1.0 MB | 81/85 kB | 90/116 kB Progress (3): 0.5/1.0 MB | 81/85 kB | 90/116 kB Progress (3): 0.5/1.0 MB | 85 kB | 90/116 kB Progress (3): 0.5/1.0 MB | 85 kB | 94/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 94/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 98/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 102/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 102/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 106/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 106/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 110/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 114/116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.6/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.7/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.8/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (3): 0.9/1.0 MB | 85 kB | 116 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 4.1/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 7.7/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 12/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 16/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 20/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 24/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 28/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 32/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 36/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 41/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 45/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 49/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 53/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 57/58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 0.9/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0/1.0 MB | 85 kB | 116 kB | 58 kB Progress (4): 1.0 MB | 85 kB | 116 kB | 58 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 4.1/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 7.7/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 12/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 16/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 20/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 24/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 28/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 32/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 36/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 41/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 45/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 49/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 53/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 57/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 61/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 65/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 69/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 73/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 77/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 81/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 86/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 90/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 94/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 98/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 102/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 106/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 110/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 114/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 118/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 122/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 127/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 131/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 135/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 139/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 143/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 147/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 151/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 155/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 159/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 163/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 167/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 172/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 176/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 180/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 184/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 188/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 192/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 196/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 200/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 204/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 208/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 213/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 217/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 221/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 225/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 229/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 233/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 237/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 241/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 245/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 249/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 254/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 258/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 262/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 266/267 kB Progress (5): 1.0 MB | 85 kB | 116 kB | 58 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 647 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 823 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 400 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 6.9 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 342 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 304 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 8.8 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 736 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 295 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 689 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 275 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 696 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 321 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 222 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 985 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 181 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 472 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 328 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/153 kB Progress (1): 7.7/153 kB Progress (1): 12/153 kB Progress (1): 16/153 kB Progress (1): 20/153 kB Progress (1): 24/153 kB Progress (1): 28/153 kB Progress (1): 32/153 kB Progress (1): 36/153 kB Progress (1): 41/153 kB Progress (1): 45/153 kB Progress (1): 49/153 kB Progress (1): 53/153 kB Progress (1): 57/153 kB Progress (1): 61/153 kB Progress (1): 65/153 kB Progress (1): 69/153 kB Progress (1): 73/153 kB Progress (1): 77/153 kB Progress (1): 81/153 kB Progress (1): 86/153 kB Progress (1): 90/153 kB Progress (1): 94/153 kB Progress (1): 98/153 kB Progress (1): 102/153 kB Progress (1): 106/153 kB Progress (1): 110/153 kB Progress (1): 114/153 kB Progress (1): 118/153 kB Progress (1): 122/153 kB Progress (1): 127/153 kB Progress (1): 131/153 kB Progress (1): 135/153 kB Progress (1): 139/153 kB Progress (1): 143/153 kB Progress (1): 147/153 kB Progress (1): 151/153 kB Progress (1): 153 kB Progress (2): 153 kB | 4.1/165 kB Progress (2): 153 kB | 7.7/165 kB Progress (2): 153 kB | 12/165 kB Progress (2): 153 kB | 16/165 kB Progress (2): 153 kB | 20/165 kB Progress (2): 153 kB | 24/165 kB Progress (2): 153 kB | 28/165 kB Progress (2): 153 kB | 32/165 kB Progress (2): 153 kB | 36/165 kB Progress (2): 153 kB | 40/165 kB Progress (2): 153 kB | 44/165 kB Progress (2): 153 kB | 48/165 kB Progress (2): 153 kB | 53/165 kB Progress (2): 153 kB | 57/165 kB Progress (2): 153 kB | 61/165 kB Progress (2): 153 kB | 65/165 kB Progress (2): 153 kB | 69/165 kB Progress (2): 153 kB | 73/165 kB Progress (2): 153 kB | 77/165 kB Progress (2): 153 kB | 81/165 kB Progress (2): 153 kB | 85/165 kB Progress (2): 153 kB | 89/165 kB Progress (2): 153 kB | 93/165 kB Progress (2): 153 kB | 98/165 kB Progress (2): 153 kB | 102/165 kB Progress (2): 153 kB | 106/165 kB Progress (2): 153 kB | 110/165 kB Progress (2): 153 kB | 114/165 kB Progress (2): 153 kB | 118/165 kB Progress (2): 153 kB | 122/165 kB Progress (2): 153 kB | 126/165 kB Progress (2): 153 kB | 130/165 kB Progress (2): 153 kB | 134/165 kB Progress (2): 153 kB | 139/165 kB Progress (2): 153 kB | 143/165 kB Progress (2): 153 kB | 147/165 kB Progress (2): 153 kB | 151/165 kB Progress (2): 153 kB | 155/165 kB Progress (2): 153 kB | 159/165 kB Progress (2): 153 kB | 163/165 kB Progress (2): 153 kB | 165 kB Progress (3): 153 kB | 165 kB | 4.1/472 kB Progress (3): 153 kB | 165 kB | 7.7/472 kB Progress (3): 153 kB | 165 kB | 12/472 kB Progress (3): 153 kB | 165 kB | 16/472 kB Progress (3): 153 kB | 165 kB | 20/472 kB Progress (3): 153 kB | 165 kB | 24/472 kB Progress (3): 153 kB | 165 kB | 28/472 kB Progress (3): 153 kB | 165 kB | 32/472 kB Progress (3): 153 kB | 165 kB | 36/472 kB Progress (3): 153 kB | 165 kB | 41/472 kB Progress (3): 153 kB | 165 kB | 45/472 kB Progress (3): 153 kB | 165 kB | 49/472 kB Progress (3): 153 kB | 165 kB | 53/472 kB Progress (3): 153 kB | 165 kB | 57/472 kB Progress (3): 153 kB | 165 kB | 61/472 kB Progress (3): 153 kB | 165 kB | 65/472 kB Progress (3): 153 kB | 165 kB | 69/472 kB Progress (3): 153 kB | 165 kB | 73/472 kB Progress (3): 153 kB | 165 kB | 77/472 kB Progress (3): 153 kB | 165 kB | 81/472 kB Progress (3): 153 kB | 165 kB | 86/472 kB Progress (3): 153 kB | 165 kB | 90/472 kB Progress (3): 153 kB | 165 kB | 94/472 kB Progress (3): 153 kB | 165 kB | 98/472 kB Progress (3): 153 kB | 165 kB | 102/472 kB Progress (3): 153 kB | 165 kB | 106/472 kB Progress (3): 153 kB | 165 kB | 110/472 kB Progress (3): 153 kB | 165 kB | 114/472 kB Progress (3): 153 kB | 165 kB | 118/472 kB Progress (3): 153 kB | 165 kB | 122/472 kB Progress (3): 153 kB | 165 kB | 127/472 kB Progress (3): 153 kB | 165 kB | 131/472 kB Progress (3): 153 kB | 165 kB | 135/472 kB Progress (3): 153 kB | 165 kB | 139/472 kB Progress (3): 153 kB | 165 kB | 143/472 kB Progress (3): 153 kB | 165 kB | 147/472 kB Progress (4): 153 kB | 165 kB | 147/472 kB | 4.1/202 kB Progress (4): 153 kB | 165 kB | 151/472 kB | 4.1/202 kB Progress (4): 153 kB | 165 kB | 151/472 kB | 7.7/202 kB Progress (4): 153 kB | 165 kB | 155/472 kB | 7.7/202 kB Progress (5): 153 kB | 165 kB | 155/472 kB | 7.7/202 kB | 4.1/49 kB Progress (5): 153 kB | 165 kB | 155/472 kB | 12/202 kB | 4.1/49 kB Progress (5): 153 kB | 165 kB | 155/472 kB | 12/202 kB | 7.7/49 kB Progress (5): 153 kB | 165 kB | 159/472 kB | 12/202 kB | 7.7/49 kB Progress (5): 153 kB | 165 kB | 163/472 kB | 12/202 kB | 7.7/49 kB Progress (5): 153 kB | 165 kB | 163/472 kB | 12/202 kB | 12/49 kB Progress (5): 153 kB | 165 kB | 163/472 kB | 16/202 kB | 12/49 kB Progress (5): 153 kB | 165 kB | 163/472 kB | 16/202 kB | 16/49 kB Progress (5): 153 kB | 165 kB | 167/472 kB | 16/202 kB | 16/49 kB Progress (5): 153 kB | 165 kB | 167/472 kB | 20/202 kB | 16/49 kB Progress (5): 153 kB | 165 kB | 167/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 172/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 176/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 180/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 184/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 188/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 192/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 196/472 kB | 20/202 kB | 20/49 kB Progress (5): 153 kB | 165 kB | 196/472 kB | 20/202 kB | 24/49 kB Progress (5): 153 kB | 165 kB | 196/472 kB | 24/202 kB | 24/49 kB Progress (5): 153 kB | 165 kB | 196/472 kB | 24/202 kB | 28/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 24/202 kB | 28/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 24/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 28/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 32/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 36/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 41/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 45/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 49/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 53/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 57/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 61/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 200/472 kB | 65/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 204/472 kB | 65/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 208/472 kB | 65/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 208/472 kB | 69/202 kB | 32/49 kB Progress (5): 153 kB | 165 kB | 208/472 kB | 69/202 kB | 36/49 kB Progress (5): 153 kB | 165 kB | 208/472 kB | 73/202 kB | 36/49 kB Progress (5): 153 kB | 165 kB | 208/472 kB | 73/202 kB | 41/49 kB Progress (5): 153 kB | 165 kB | 213/472 kB | 73/202 kB | 41/49 kB Progress (5): 153 kB | 165 kB | 213/472 kB | 73/202 kB | 45/49 kB Progress (5): 153 kB | 165 kB | 217/472 kB | 73/202 kB | 45/49 kB Progress (5): 153 kB | 165 kB | 217/472 kB | 73/202 kB | 49/49 kB Progress (5): 153 kB | 165 kB | 217/472 kB | 77/202 kB | 49/49 kB Progress (5): 153 kB | 165 kB | 221/472 kB | 77/202 kB | 49/49 kB Progress (5): 153 kB | 165 kB | 221/472 kB | 77/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 221/472 kB | 81/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 225/472 kB | 81/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 225/472 kB | 86/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 229/472 kB | 86/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 229/472 kB | 90/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 233/472 kB | 90/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 233/472 kB | 94/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 233/472 kB | 98/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 237/472 kB | 98/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 237/472 kB | 102/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 240/472 kB | 102/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 240/472 kB | 106/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 240/472 kB | 110/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 244/472 kB | 110/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 244/472 kB | 114/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 248/472 kB | 114/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 248/472 kB | 118/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 252/472 kB | 118/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 252/472 kB | 122/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 256/472 kB | 122/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 256/472 kB | 127/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 256/472 kB | 130/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 260/472 kB | 130/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 260/472 kB | 134/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 265/472 kB | 134/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 269/472 kB | 134/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 269/472 kB | 139/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 269/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 273/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 277/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 281/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 285/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 289/472 kB | 143/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 289/472 kB | 147/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 293/472 kB | 147/202 kB | 49 kB Progress (5): 153 kB | 165 kB | 297/472 kB | 147/202 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 4.0 MB/s) Progress (4): 165 kB | 297/472 kB | 151/202 kB | 49 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Progress (4): 165 kB | 297/472 kB | 155/202 kB | 49 kB Progress (4): 165 kB | 301/472 kB | 155/202 kB | 49 kB Progress (4): 165 kB | 301/472 kB | 159/202 kB | 49 kB Progress (4): 165 kB | 306/472 kB | 159/202 kB | 49 kB Progress (4): 165 kB | 306/472 kB | 163/202 kB | 49 kB Progress (4): 165 kB | 310/472 kB | 163/202 kB | 49 kB Progress (4): 165 kB | 314/472 kB | 163/202 kB | 49 kB Progress (4): 165 kB | 314/472 kB | 167/202 kB | 49 kB Progress (4): 165 kB | 318/472 kB | 167/202 kB | 49 kB Progress (4): 165 kB | 318/472 kB | 171/202 kB | 49 kB Progress (4): 165 kB | 322/472 kB | 171/202 kB | 49 kB Progress (4): 165 kB | 322/472 kB | 175/202 kB | 49 kB Progress (4): 165 kB | 326/472 kB | 175/202 kB | 49 kB Progress (4): 165 kB | 326/472 kB | 180/202 kB | 49 kB Progress (4): 165 kB | 330/472 kB | 180/202 kB | 49 kB Progress (4): 165 kB | 334/472 kB | 180/202 kB | 49 kB Progress (4): 165 kB | 334/472 kB | 184/202 kB | 49 kB Progress (4): 165 kB | 338/472 kB | 184/202 kB | 49 kB Progress (4): 165 kB | 338/472 kB | 188/202 kB | 49 kB Progress (4): 165 kB | 342/472 kB | 188/202 kB | 49 kB Progress (4): 165 kB | 342/472 kB | 192/202 kB | 49 kB Progress (4): 165 kB | 342/472 kB | 196/202 kB | 49 kB Progress (4): 165 kB | 347/472 kB | 196/202 kB | 49 kB Progress (4): 165 kB | 347/472 kB | 200/202 kB | 49 kB Progress (4): 165 kB | 351/472 kB | 200/202 kB | 49 kB Progress (4): 165 kB | 351/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 355/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 359/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 363/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 367/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 371/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 375/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 379/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 383/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 387/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 392/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 396/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 400/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 404/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 408/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 412/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 416/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 420/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 424/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 428/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 433/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 437/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 441/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 445/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 449/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 453/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 457/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 459/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 463/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 467/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 472/472 kB | 202 kB | 49 kB Progress (4): 165 kB | 472 kB | 202 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Progress (4): 472 kB | 202 kB | 49 kB | 4.1/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 7.7/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 12/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 16/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 20/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 24/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 28/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 32/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 36/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 41/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 45/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 49/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 53/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 57/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 61/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 65/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 69/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 73/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 77/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 81/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 86/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 90/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 94/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 98/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 102/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 106/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 110/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 114/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 118/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 122/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 127/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 131/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 135/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 139/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 143/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 147/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 151/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 155/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 159/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 163/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 167/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 172/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 176/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 180/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 184/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 188/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 192/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 196/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 200/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 204/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 208/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 213/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 217/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 221/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 225/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 229/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 233/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 237/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 241/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 245/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 249/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 254/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 258/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 262/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 266/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 270/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 274/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 278/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 282/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 286/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 290/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 294/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 299/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 303/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 307/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 311/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 315/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 319/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 323/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 327/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 331/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 335/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 340/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 344/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 348/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 352/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 356/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 360/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 364/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 368/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 372/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 376/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 380/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 385/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 389/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 393/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 397/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 401/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 405/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 409/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 413/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 417/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 421/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 426/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 430/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 434/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 438/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 442/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 446/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 450/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 454/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 458/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 462/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 466/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 471/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 475/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 479/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 483/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 487/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 491/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 495/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 499/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 503/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 507/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 512/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 516/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 520/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 524/527 kB Progress (4): 472 kB | 202 kB | 49 kB | 527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 741 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 3.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 6.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (2): 527 kB | 4.1/47 kB Progress (2): 527 kB | 7.7/47 kB Progress (2): 527 kB | 12/47 kB Progress (2): 527 kB | 16/47 kB Progress (2): 527 kB | 20/47 kB Progress (2): 527 kB | 24/47 kB Progress (2): 527 kB | 28/47 kB Progress (2): 527 kB | 32/47 kB Progress (2): 527 kB | 36/47 kB Progress (2): 527 kB | 41/47 kB Progress (2): 527 kB | 45/47 kB Progress (2): 527 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Progress (2): 47 kB | 4.1/30 kB Progress (2): 47 kB | 7.7/30 kB Progress (2): 47 kB | 12/30 kB Progress (2): 47 kB | 16/30 kB Progress (2): 47 kB | 20/30 kB Progress (2): 47 kB | 24/30 kB Progress (2): 47 kB | 28/30 kB Progress (2): 47 kB | 30 kB Progress (3): 47 kB | 30 kB | 4.1/51 kB Progress (3): 47 kB | 30 kB | 7.5/51 kB Progress (3): 47 kB | 30 kB | 12/51 kB Progress (3): 47 kB | 30 kB | 16/51 kB Progress (3): 47 kB | 30 kB | 20/51 kB Progress (3): 47 kB | 30 kB | 24/51 kB Progress (3): 47 kB | 30 kB | 28/51 kB Progress (3): 47 kB | 30 kB | 32/51 kB Progress (3): 47 kB | 30 kB | 36/51 kB Progress (3): 47 kB | 30 kB | 40/51 kB Progress (3): 47 kB | 30 kB | 44/51 kB Progress (3): 47 kB | 30 kB | 48/51 kB Progress (3): 47 kB | 30 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 491 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Progress (3): 30 kB | 51 kB | 4.1/148 kB Progress (3): 30 kB | 51 kB | 7.7/148 kB Progress (3): 30 kB | 51 kB | 12/148 kB Progress (3): 30 kB | 51 kB | 16/148 kB Progress (3): 30 kB | 51 kB | 20/148 kB Progress (3): 30 kB | 51 kB | 24/148 kB Progress (3): 30 kB | 51 kB | 28/148 kB Progress (3): 30 kB | 51 kB | 32/148 kB Progress (3): 30 kB | 51 kB | 36/148 kB Progress (3): 30 kB | 51 kB | 40/148 kB Progress (3): 30 kB | 51 kB | 44/148 kB Progress (3): 30 kB | 51 kB | 48/148 kB Progress (3): 30 kB | 51 kB | 53/148 kB Progress (3): 30 kB | 51 kB | 57/148 kB Progress (3): 30 kB | 51 kB | 61/148 kB Progress (3): 30 kB | 51 kB | 65/148 kB Progress (3): 30 kB | 51 kB | 69/148 kB Progress (3): 30 kB | 51 kB | 73/148 kB Progress (3): 30 kB | 51 kB | 77/148 kB Progress (3): 30 kB | 51 kB | 81/148 kB Progress (3): 30 kB | 51 kB | 85/148 kB Progress (3): 30 kB | 51 kB | 89/148 kB Progress (3): 30 kB | 51 kB | 94/148 kB Progress (3): 30 kB | 51 kB | 98/148 kB Progress (3): 30 kB | 51 kB | 102/148 kB Progress (3): 30 kB | 51 kB | 106/148 kB Progress (3): 30 kB | 51 kB | 110/148 kB Progress (3): 30 kB | 51 kB | 114/148 kB Progress (3): 30 kB | 51 kB | 118/148 kB Progress (3): 30 kB | 51 kB | 122/148 kB Progress (3): 30 kB | 51 kB | 126/148 kB Progress (3): 30 kB | 51 kB | 130/148 kB Progress (4): 30 kB | 51 kB | 130/148 kB | 4.1/38 kB Progress (4): 30 kB | 51 kB | 134/148 kB | 4.1/38 kB Progress (4): 30 kB | 51 kB | 134/148 kB | 7.7/38 kB Progress (4): 30 kB | 51 kB | 139/148 kB | 7.7/38 kB Progress (4): 30 kB | 51 kB | 139/148 kB | 12/38 kB Progress (4): 30 kB | 51 kB | 143/148 kB | 12/38 kB Progress (4): 30 kB | 51 kB | 143/148 kB | 16/38 kB Progress (4): 30 kB | 51 kB | 147/148 kB | 16/38 kB Progress (4): 30 kB | 51 kB | 147/148 kB | 20/38 kB Progress (4): 30 kB | 51 kB | 147/148 kB | 24/38 kB Progress (4): 30 kB | 51 kB | 148 kB | 24/38 kB Progress (4): 30 kB | 51 kB | 148 kB | 28/38 kB Progress (4): 30 kB | 51 kB | 148 kB | 32/38 kB Progress (4): 30 kB | 51 kB | 148 kB | 36/38 kB Progress (4): 30 kB | 51 kB | 148 kB | 38 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 4.1/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 7.7/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 12/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 16/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 20/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 24/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 28/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 32/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 36/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 41/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 45/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 49/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 53/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 57/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 61/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 65/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 69/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 73/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 77/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 81/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 86/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 90/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 94/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 98/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 102/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 106/106 kB Progress (5): 30 kB | 51 kB | 148 kB | 38 kB | 106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 843 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 286 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (1): 4.1/108 kB Progress (1): 7.7/108 kB Progress (1): 12/108 kB Progress (1): 16/108 kB Progress (1): 20/108 kB Progress (1): 24/108 kB Progress (1): 28/108 kB Progress (1): 32/108 kB Progress (1): 36/108 kB Progress (1): 41/108 kB Progress (1): 45/108 kB Progress (1): 49/108 kB Progress (1): 53/108 kB Progress (1): 57/108 kB Progress (1): 61/108 kB Progress (1): 65/108 kB Progress (1): 69/108 kB Progress (1): 73/108 kB Progress (1): 77/108 kB Progress (1): 81/108 kB Progress (1): 86/108 kB Progress (1): 90/108 kB Progress (1): 94/108 kB Progress (1): 98/108 kB Progress (1): 102/108 kB Progress (1): 106/108 kB Progress (1): 108 kB Progress (2): 108 kB | 4.1/74 kB Progress (2): 108 kB | 7.7/74 kB Progress (2): 108 kB | 12/74 kB Progress (2): 108 kB | 16/74 kB Progress (2): 108 kB | 20/74 kB Progress (2): 108 kB | 24/74 kB Progress (2): 108 kB | 28/74 kB Progress (2): 108 kB | 32/74 kB Progress (2): 108 kB | 36/74 kB Progress (2): 108 kB | 41/74 kB Progress (2): 108 kB | 45/74 kB Progress (2): 108 kB | 49/74 kB Progress (2): 108 kB | 53/74 kB Progress (2): 108 kB | 57/74 kB Progress (2): 108 kB | 61/74 kB Progress (2): 108 kB | 65/74 kB Progress (2): 108 kB | 69/74 kB Progress (2): 108 kB | 73/74 kB Progress (2): 108 kB | 74 kB Progress (3): 108 kB | 74 kB | 4.1/14 kB Progress (3): 108 kB | 74 kB | 7.7/14 kB Progress (3): 108 kB | 74 kB | 12/14 kB Progress (3): 108 kB | 74 kB | 14 kB Progress (4): 108 kB | 74 kB | 14 kB | 4.1/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 7.7/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 12/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 16/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 20/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 24/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 28/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 32/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 36/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 41/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 45/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 49/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 53/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 57/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 61/61 kB Progress (4): 108 kB | 74 kB | 14 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 82 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 658 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (3): 74 kB | 61 kB | 4.1/46 kB Progress (3): 74 kB | 61 kB | 7.7/46 kB Progress (3): 74 kB | 61 kB | 12/46 kB Progress (3): 74 kB | 61 kB | 16/46 kB Progress (3): 74 kB | 61 kB | 20/46 kB Progress (3): 74 kB | 61 kB | 24/46 kB Progress (3): 74 kB | 61 kB | 28/46 kB Progress (3): 74 kB | 61 kB | 32/46 kB Progress (3): 74 kB | 61 kB | 36/46 kB Progress (3): 74 kB | 61 kB | 41/46 kB Progress (3): 74 kB | 61 kB | 45/46 kB Progress (3): 74 kB | 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 426 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (3): 61 kB | 46 kB | 4.1/29 kB Progress (3): 61 kB | 46 kB | 8.2/29 kB Progress (3): 61 kB | 46 kB | 12/29 kB Progress (3): 61 kB | 46 kB | 16/29 kB Progress (3): 61 kB | 46 kB | 20/29 kB Progress (3): 61 kB | 46 kB | 25/29 kB Progress (3): 61 kB | 46 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 327 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 240 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 148 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (1): 4.1/4.2 kB Progress (1): 4.2 kB Progress (2): 4.2 kB | 4.1/120 kB Progress (2): 4.2 kB | 7.7/120 kB Progress (2): 4.2 kB | 12/120 kB Progress (2): 4.2 kB | 16/120 kB Progress (2): 4.2 kB | 20/120 kB Progress (2): 4.2 kB | 24/120 kB Progress (2): 4.2 kB | 28/120 kB Progress (2): 4.2 kB | 32/120 kB Progress (2): 4.2 kB | 36/120 kB Progress (2): 4.2 kB | 41/120 kB Progress (2): 4.2 kB | 45/120 kB Progress (2): 4.2 kB | 49/120 kB Progress (2): 4.2 kB | 53/120 kB Progress (2): 4.2 kB | 57/120 kB Progress (2): 4.2 kB | 61/120 kB Progress (2): 4.2 kB | 65/120 kB Progress (2): 4.2 kB | 69/120 kB Progress (2): 4.2 kB | 73/120 kB Progress (2): 4.2 kB | 77/120 kB Progress (2): 4.2 kB | 81/120 kB Progress (2): 4.2 kB | 86/120 kB Progress (2): 4.2 kB | 90/120 kB Progress (2): 4.2 kB | 94/120 kB Progress (2): 4.2 kB | 98/120 kB Progress (2): 4.2 kB | 102/120 kB Progress (2): 4.2 kB | 106/120 kB Progress (2): 4.2 kB | 110/120 kB Progress (2): 4.2 kB | 114/120 kB Progress (2): 4.2 kB | 118/120 kB Progress (2): 4.2 kB | 120 kB Progress (3): 4.2 kB | 120 kB | 4.1/13 kB Progress (4): 4.2 kB | 120 kB | 4.1/13 kB | 4.1/52 kB Progress (4): 4.2 kB | 120 kB | 7.7/13 kB | 4.1/52 kB Progress (4): 4.2 kB | 120 kB | 7.7/13 kB | 7.7/52 kB Progress (4): 4.2 kB | 120 kB | 12/13 kB | 7.7/52 kB Progress (4): 4.2 kB | 120 kB | 12/13 kB | 12/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 12/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 16/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 20/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 24/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 28/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 32/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 36/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 41/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 45/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 49/52 kB Progress (4): 4.2 kB | 120 kB | 13 kB | 52 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 4.1/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 7.7/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 12/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 16/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 20/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 24/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 28/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 32/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 36/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 41/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 45/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 49/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 53/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 57/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 61/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 65/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 69/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 73/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 77/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 81/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 86/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 90/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 94/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 98/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 102/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 106/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 110/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 114/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 118/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 122/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 127/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 131/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 135/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 139/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 143/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 147/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 151/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 155/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 159/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 163/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 167/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 172/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 176/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 180/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 184/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 188/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 192/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 196/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 200/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 204/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 208/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 213/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 217/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 221/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 225/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 229/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 233/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 237/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 241/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 245/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 249/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 254/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 258/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 262/263 kB Progress (5): 4.2 kB | 120 kB | 13 kB | 52 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 523 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (3): 13 kB | 263 kB | 4.1/164 kB Progress (3): 13 kB | 263 kB | 7.7/164 kB Progress (3): 13 kB | 263 kB | 12/164 kB Progress (3): 13 kB | 263 kB | 16/164 kB Progress (3): 13 kB | 263 kB | 20/164 kB Progress (3): 13 kB | 263 kB | 24/164 kB Progress (3): 13 kB | 263 kB | 28/164 kB Progress (3): 13 kB | 263 kB | 32/164 kB Progress (3): 13 kB | 263 kB | 36/164 kB Progress (3): 13 kB | 263 kB | 41/164 kB Progress (3): 13 kB | 263 kB | 45/164 kB Progress (3): 13 kB | 263 kB | 49/164 kB Progress (3): 13 kB | 263 kB | 53/164 kB Progress (3): 13 kB | 263 kB | 57/164 kB Progress (3): 13 kB | 263 kB | 61/164 kB Progress (3): 13 kB | 263 kB | 65/164 kB Progress (3): 13 kB | 263 kB | 69/164 kB Progress (3): 13 kB | 263 kB | 73/164 kB Progress (3): 13 kB | 263 kB | 77/164 kB Progress (3): 13 kB | 263 kB | 81/164 kB Progress (3): 13 kB | 263 kB | 86/164 kB Progress (3): 13 kB | 263 kB | 90/164 kB Progress (3): 13 kB | 263 kB | 94/164 kB Progress (3): 13 kB | 263 kB | 98/164 kB Progress (3): 13 kB | 263 kB | 102/164 kB Progress (3): 13 kB | 263 kB | 106/164 kB Progress (3): 13 kB | 263 kB | 110/164 kB Progress (3): 13 kB | 263 kB | 114/164 kB Progress (3): 13 kB | 263 kB | 118/164 kB Progress (3): 13 kB | 263 kB | 122/164 kB Progress (3): 13 kB | 263 kB | 127/164 kB Progress (3): 13 kB | 263 kB | 131/164 kB Progress (3): 13 kB | 263 kB | 135/164 kB Progress (3): 13 kB | 263 kB | 139/164 kB Progress (3): 13 kB | 263 kB | 143/164 kB Progress (3): 13 kB | 263 kB | 147/164 kB Progress (3): 13 kB | 263 kB | 151/164 kB Progress (3): 13 kB | 263 kB | 155/164 kB Progress (3): 13 kB | 263 kB | 159/164 kB Progress (3): 13 kB | 263 kB | 163/164 kB Progress (3): 13 kB | 263 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 164 kB | 4.1/335 kB Progress (2): 164 kB | 7.7/335 kB Progress (2): 164 kB | 12/335 kB Progress (2): 164 kB | 16/335 kB Progress (2): 164 kB | 20/335 kB Progress (2): 164 kB | 24/335 kB Progress (2): 164 kB | 28/335 kB Progress (2): 164 kB | 32/335 kB Progress (2): 164 kB | 36/335 kB Progress (2): 164 kB | 41/335 kB Progress (2): 164 kB | 45/335 kB Progress (2): 164 kB | 49/335 kB Progress (2): 164 kB | 53/335 kB Progress (2): 164 kB | 57/335 kB Progress (2): 164 kB | 61/335 kB Progress (2): 164 kB | 65/335 kB Progress (2): 164 kB | 69/335 kB Progress (2): 164 kB | 73/335 kB Progress (2): 164 kB | 77/335 kB Progress (2): 164 kB | 81/335 kB Progress (2): 164 kB | 86/335 kB Progress (2): 164 kB | 90/335 kB Progress (2): 164 kB | 94/335 kB Progress (2): 164 kB | 98/335 kB Progress (2): 164 kB | 102/335 kB Progress (2): 164 kB | 106/335 kB Progress (2): 164 kB | 110/335 kB Progress (2): 164 kB | 114/335 kB Progress (2): 164 kB | 118/335 kB Progress (2): 164 kB | 122/335 kB Progress (2): 164 kB | 127/335 kB Progress (2): 164 kB | 131/335 kB Progress (2): 164 kB | 135/335 kB Progress (2): 164 kB | 139/335 kB Progress (2): 164 kB | 143/335 kB Progress (2): 164 kB | 147/335 kB Progress (2): 164 kB | 151/335 kB Progress (2): 164 kB | 155/335 kB Progress (2): 164 kB | 159/335 kB Progress (2): 164 kB | 163/335 kB Progress (2): 164 kB | 167/335 kB Progress (2): 164 kB | 172/335 kB Progress (2): 164 kB | 176/335 kB Progress (2): 164 kB | 180/335 kB Progress (2): 164 kB | 184/335 kB Progress (2): 164 kB | 188/335 kB Progress (2): 164 kB | 192/335 kB Progress (2): 164 kB | 196/335 kB Progress (2): 164 kB | 200/335 kB Progress (2): 164 kB | 204/335 kB Progress (2): 164 kB | 208/335 kB Progress (2): 164 kB | 213/335 kB Progress (2): 164 kB | 217/335 kB Progress (2): 164 kB | 221/335 kB Progress (2): 164 kB | 225/335 kB Progress (2): 164 kB | 229/335 kB Progress (2): 164 kB | 233/335 kB Progress (2): 164 kB | 237/335 kB Progress (2): 164 kB | 241/335 kB Progress (2): 164 kB | 245/335 kB Progress (2): 164 kB | 249/335 kB Progress (2): 164 kB | 254/335 kB Progress (2): 164 kB | 258/335 kB Progress (2): 164 kB | 262/335 kB Progress (2): 164 kB | 266/335 kB Progress (2): 164 kB | 270/335 kB Progress (2): 164 kB | 274/335 kB Progress (2): 164 kB | 278/335 kB Progress (2): 164 kB | 282/335 kB Progress (2): 164 kB | 286/335 kB Progress (2): 164 kB | 290/335 kB Progress (2): 164 kB | 294/335 kB Progress (2): 164 kB | 299/335 kB Progress (2): 164 kB | 303/335 kB Progress (2): 164 kB | 307/335 kB Progress (2): 164 kB | 311/335 kB Progress (2): 164 kB | 315/335 kB Progress (2): 164 kB | 319/335 kB Progress (2): 164 kB | 323/335 kB Progress (2): 164 kB | 327/335 kB Progress (2): 164 kB | 331/335 kB Progress (2): 164 kB | 335 kB Progress (3): 164 kB | 335 kB | 4.1/61 kB Progress (3): 164 kB | 335 kB | 7.7/61 kB Progress (3): 164 kB | 335 kB | 12/61 kB Progress (3): 164 kB | 335 kB | 16/61 kB Progress (3): 164 kB | 335 kB | 20/61 kB Progress (3): 164 kB | 335 kB | 24/61 kB Progress (3): 164 kB | 335 kB | 28/61 kB Progress (3): 164 kB | 335 kB | 32/61 kB Progress (3): 164 kB | 335 kB | 36/61 kB Progress (3): 164 kB | 335 kB | 41/61 kB Progress (3): 164 kB | 335 kB | 45/61 kB Progress (3): 164 kB | 335 kB | 49/61 kB Progress (3): 164 kB | 335 kB | 53/61 kB Progress (3): 164 kB | 335 kB | 57/61 kB Progress (3): 164 kB | 335 kB | 61/61 kB Progress (3): 164 kB | 335 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 589 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (3): 335 kB | 61 kB | 4.1/26 kB Progress (3): 335 kB | 61 kB | 7.7/26 kB Progress (3): 335 kB | 61 kB | 12/26 kB Progress (3): 335 kB | 61 kB | 16/26 kB Progress (3): 335 kB | 61 kB | 20/26 kB Progress (3): 335 kB | 61 kB | 24/26 kB Progress (3): 335 kB | 61 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (3): 61 kB | 26 kB | 4.1/122 kB Progress (3): 61 kB | 26 kB | 7.7/122 kB Progress (3): 61 kB | 26 kB | 12/122 kB Progress (3): 61 kB | 26 kB | 16/122 kB Progress (3): 61 kB | 26 kB | 20/122 kB Progress (3): 61 kB | 26 kB | 24/122 kB Progress (3): 61 kB | 26 kB | 28/122 kB Progress (3): 61 kB | 26 kB | 32/122 kB Progress (3): 61 kB | 26 kB | 36/122 kB Progress (3): 61 kB | 26 kB | 41/122 kB Progress (3): 61 kB | 26 kB | 45/122 kB Progress (3): 61 kB | 26 kB | 49/122 kB Progress (3): 61 kB | 26 kB | 53/122 kB Progress (3): 61 kB | 26 kB | 57/122 kB Progress (3): 61 kB | 26 kB | 61/122 kB Progress (3): 61 kB | 26 kB | 65/122 kB Progress (3): 61 kB | 26 kB | 69/122 kB Progress (3): 61 kB | 26 kB | 73/122 kB Progress (3): 61 kB | 26 kB | 77/122 kB Progress (3): 61 kB | 26 kB | 81/122 kB Progress (3): 61 kB | 26 kB | 86/122 kB Progress (3): 61 kB | 26 kB | 90/122 kB Progress (3): 61 kB | 26 kB | 94/122 kB Progress (3): 61 kB | 26 kB | 98/122 kB Progress (3): 61 kB | 26 kB | 102/122 kB Progress (3): 61 kB | 26 kB | 106/122 kB Progress (3): 61 kB | 26 kB | 110/122 kB Progress (3): 61 kB | 26 kB | 114/122 kB Progress (3): 61 kB | 26 kB | 118/122 kB Progress (3): 61 kB | 26 kB | 122 kB Progress (4): 61 kB | 26 kB | 122 kB | 4.1/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 7.7/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 12/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 16/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 20/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 24/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 28/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 32/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 36/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 41/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 45/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 49/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 53/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 57/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 61/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 65/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 69/72 kB Progress (4): 61 kB | 26 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 122 kB | 4.1/53 kB Progress (2): 122 kB | 7.7/53 kB Progress (2): 122 kB | 12/53 kB Progress (2): 122 kB | 16/53 kB Progress (2): 122 kB | 20/53 kB Progress (2): 122 kB | 24/53 kB Progress (2): 122 kB | 28/53 kB Progress (2): 122 kB | 32/53 kB Progress (2): 122 kB | 36/53 kB Progress (2): 122 kB | 41/53 kB Progress (2): 122 kB | 45/53 kB Progress (2): 122 kB | 49/53 kB Progress (2): 122 kB | 53 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 368 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (2): 53 kB | 4.1/305 kB Progress (2): 53 kB | 7.7/305 kB Progress (2): 53 kB | 12/305 kB Progress (2): 53 kB | 16/305 kB Progress (2): 53 kB | 20/305 kB Progress (2): 53 kB | 24/305 kB Progress (2): 53 kB | 28/305 kB Progress (2): 53 kB | 32/305 kB Progress (2): 53 kB | 36/305 kB Progress (2): 53 kB | 41/305 kB Progress (2): 53 kB | 45/305 kB Progress (2): 53 kB | 49/305 kB Progress (2): 53 kB | 53/305 kB Progress (2): 53 kB | 57/305 kB Progress (2): 53 kB | 61/305 kB Progress (2): 53 kB | 65/305 kB Progress (2): 53 kB | 69/305 kB Progress (2): 53 kB | 73/305 kB Progress (2): 53 kB | 77/305 kB Progress (2): 53 kB | 81/305 kB Progress (2): 53 kB | 86/305 kB Progress (2): 53 kB | 90/305 kB Progress (2): 53 kB | 94/305 kB Progress (2): 53 kB | 98/305 kB Progress (2): 53 kB | 102/305 kB Progress (2): 53 kB | 106/305 kB Progress (2): 53 kB | 110/305 kB Progress (2): 53 kB | 114/305 kB Progress (2): 53 kB | 118/305 kB Progress (2): 53 kB | 122/305 kB Progress (2): 53 kB | 127/305 kB Progress (2): 53 kB | 131/305 kB Progress (2): 53 kB | 135/305 kB Progress (2): 53 kB | 139/305 kB Progress (2): 53 kB | 143/305 kB Progress (2): 53 kB | 147/305 kB Progress (2): 53 kB | 151/305 kB Progress (2): 53 kB | 155/305 kB Progress (2): 53 kB | 159/305 kB Progress (2): 53 kB | 163/305 kB Progress (2): 53 kB | 167/305 kB Progress (2): 53 kB | 172/305 kB Progress (2): 53 kB | 176/305 kB Progress (2): 53 kB | 180/305 kB Progress (2): 53 kB | 184/305 kB Progress (2): 53 kB | 188/305 kB Progress (2): 53 kB | 192/305 kB Progress (2): 53 kB | 196/305 kB Progress (2): 53 kB | 200/305 kB Progress (2): 53 kB | 204/305 kB Progress (2): 53 kB | 208/305 kB Progress (2): 53 kB | 213/305 kB Progress (2): 53 kB | 217/305 kB Progress (2): 53 kB | 221/305 kB Progress (2): 53 kB | 225/305 kB Progress (2): 53 kB | 229/305 kB Progress (2): 53 kB | 233/305 kB Progress (2): 53 kB | 237/305 kB Progress (2): 53 kB | 241/305 kB Progress (2): 53 kB | 245/305 kB Progress (2): 53 kB | 249/305 kB Progress (2): 53 kB | 254/305 kB Progress (2): 53 kB | 258/305 kB Progress (2): 53 kB | 262/305 kB Progress (2): 53 kB | 266/305 kB Progress (2): 53 kB | 270/305 kB Progress (2): 53 kB | 274/305 kB Progress (2): 53 kB | 278/305 kB Progress (2): 53 kB | 282/305 kB Progress (2): 53 kB | 286/305 kB Progress (2): 53 kB | 290/305 kB Progress (2): 53 kB | 294/305 kB Progress (2): 53 kB | 299/305 kB Progress (2): 53 kB | 303/305 kB Progress (2): 53 kB | 305 kB Progress (3): 53 kB | 305 kB | 4.1/33 kB Progress (3): 53 kB | 305 kB | 7.7/33 kB Progress (3): 53 kB | 305 kB | 12/33 kB Progress (3): 53 kB | 305 kB | 16/33 kB Progress (3): 53 kB | 305 kB | 20/33 kB Progress (3): 53 kB | 305 kB | 24/33 kB Progress (3): 53 kB | 305 kB | 28/33 kB Progress (3): 53 kB | 305 kB | 32/33 kB Progress (3): 53 kB | 305 kB | 33 kB Progress (4): 53 kB | 305 kB | 33 kB | 4.1/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 7.7/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 12/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 16/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 20/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 24/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 28/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 32/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 36/37 kB Progress (4): 53 kB | 305 kB | 33 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 152 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 869 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (3): 33 kB | 37 kB | 4.1/180 kB Progress (3): 33 kB | 37 kB | 7.7/180 kB Progress (3): 33 kB | 37 kB | 12/180 kB Progress (3): 33 kB | 37 kB | 16/180 kB Progress (3): 33 kB | 37 kB | 20/180 kB Progress (3): 33 kB | 37 kB | 24/180 kB Progress (3): 33 kB | 37 kB | 28/180 kB Progress (3): 33 kB | 37 kB | 32/180 kB Progress (3): 33 kB | 37 kB | 36/180 kB Progress (3): 33 kB | 37 kB | 41/180 kB Progress (3): 33 kB | 37 kB | 45/180 kB Progress (3): 33 kB | 37 kB | 49/180 kB Progress (3): 33 kB | 37 kB | 53/180 kB Progress (3): 33 kB | 37 kB | 57/180 kB Progress (3): 33 kB | 37 kB | 61/180 kB Progress (3): 33 kB | 37 kB | 65/180 kB Progress (3): 33 kB | 37 kB | 69/180 kB Progress (3): 33 kB | 37 kB | 73/180 kB Progress (3): 33 kB | 37 kB | 77/180 kB Progress (3): 33 kB | 37 kB | 81/180 kB Progress (3): 33 kB | 37 kB | 86/180 kB Progress (3): 33 kB | 37 kB | 90/180 kB Progress (3): 33 kB | 37 kB | 94/180 kB Progress (3): 33 kB | 37 kB | 98/180 kB Progress (3): 33 kB | 37 kB | 102/180 kB Progress (3): 33 kB | 37 kB | 106/180 kB Progress (3): 33 kB | 37 kB | 110/180 kB Progress (3): 33 kB | 37 kB | 114/180 kB Progress (3): 33 kB | 37 kB | 118/180 kB Progress (3): 33 kB | 37 kB | 122/180 kB Progress (3): 33 kB | 37 kB | 127/180 kB Progress (3): 33 kB | 37 kB | 131/180 kB Progress (3): 33 kB | 37 kB | 135/180 kB Progress (3): 33 kB | 37 kB | 139/180 kB Progress (3): 33 kB | 37 kB | 143/180 kB Progress (3): 33 kB | 37 kB | 147/180 kB Progress (3): 33 kB | 37 kB | 151/180 kB Progress (3): 33 kB | 37 kB | 155/180 kB Progress (3): 33 kB | 37 kB | 159/180 kB Progress (3): 33 kB | 37 kB | 163/180 kB Progress (3): 33 kB | 37 kB | 167/180 kB Progress (3): 33 kB | 37 kB | 172/180 kB Progress (3): 33 kB | 37 kB | 176/180 kB Progress (3): 33 kB | 37 kB | 180/180 kB Progress (3): 33 kB | 37 kB | 180 kB Progress (4): 33 kB | 37 kB | 180 kB | 4.1/215 kB Progress (4): 33 kB | 37 kB | 180 kB | 7.7/215 kB Progress (4): 33 kB | 37 kB | 180 kB | 12/215 kB Progress (4): 33 kB | 37 kB | 180 kB | 16/215 kB Progress (4): 33 kB | 37 kB | 180 kB | 20/215 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 4.1/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 7.7/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 12/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 16/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 20/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 24/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 28/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 32/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 36/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 41/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 45/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 49/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 53/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 57/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 20/215 kB | 61/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 24/215 kB | 61/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 24/215 kB | 65/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 28/215 kB | 65/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 28/215 kB | 69/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 28/215 kB | 73/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 28/215 kB | 77/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 28/215 kB | 81/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 32/215 kB | 81/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 32/215 kB | 86/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 36/215 kB | 86/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 36/215 kB | 90/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 41/215 kB | 90/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 41/215 kB | 94/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 41/215 kB | 98/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 45/215 kB | 98/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 45/215 kB | 102/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 49/215 kB | 102/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 49/215 kB | 106/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 53/215 kB | 106/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 53/215 kB | 110/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 57/215 kB | 110/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 57/215 kB | 114/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 61/215 kB | 114/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 61/215 kB | 118/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 65/215 kB | 118/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 65/215 kB | 122/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 69/215 kB | 122/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 69/215 kB | 127/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 73/215 kB | 127/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 73/215 kB | 131/134 kB Progress (5): 33 kB | 37 kB | 180 kB | 73/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 77/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 81/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 86/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 90/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 94/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 98/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 102/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 106/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 110/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 114/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 118/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 122/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 127/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 131/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 135/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 139/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 143/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 147/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 151/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 155/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 159/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 163/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 167/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 172/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 176/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 180/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 184/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 188/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 192/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 196/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 200/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 204/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 208/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 213/215 kB | 134 kB Progress (5): 33 kB | 37 kB | 180 kB | 215 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 464 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (3): 215 kB | 134 kB | 4.1/4.6 kB Progress (3): 215 kB | 134 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 528 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 134 kB | 4.6 kB | 0/2.6 MB Progress (3): 134 kB | 4.6 kB | 0/2.6 MB Progress (3): 134 kB | 4.6 kB | 0/2.6 MB Progress (3): 134 kB | 4.6 kB | 0.1/2.6 MB Progress (3): 134 kB | 4.6 kB | 0.1/2.6 MB Progress (3): 134 kB | 4.6 kB | 0.1/2.6 MB Progress (3): 134 kB | 4.6 kB | 0.1/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 320 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 4.6 kB | 0.1/2.6 MB Progress (2): 4.6 kB | 0.1/2.6 MB Progress (3): 4.6 kB | 0.1/2.6 MB | 4.1/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 4.1/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 7.7/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 12/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 16/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 20/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 24/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 28/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 32/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 36/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 41/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 45/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 49/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 53/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 57/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 61/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 65/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 69/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 73/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 77/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 81/85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.2/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.3/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Progress (3): 4.6 kB | 0.4/2.6 MB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.5/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.6/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.7/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.8/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 0.9/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.0/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.1/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.2/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.3/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (2): 1.4/2.6 MB | 85 kB Progress (3): 1.4/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.5/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.6/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.7/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.8/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.9/2.6 MB | 85 kB | 2.2 kB Progress (3): 1.9/2.6 MB | 85 kB | 2.2 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 4.1/5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 1.9/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.0/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.1/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.2/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.3/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.4/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (4): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 4.1/20 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 7.7/20 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 7.7/20 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 12/20 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 16/20 kB Progress (5): 2.5/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6/2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Progress (5): 2.6 MB | 85 kB | 2.2 kB | 5.9 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 4.7 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 5.5 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 42 kB/s) Progress (1): 4.1/8.8 kB Progress (1): 7.7/8.8 kB Progress (1): 8.8 kB Progress (2): 8.8 kB | 4.1/14 kB Progress (2): 8.8 kB | 7.7/14 kB Progress (2): 8.8 kB | 12/14 kB Progress (2): 8.8 kB | 14 kB Progress (3): 8.8 kB | 14 kB | 4.1/500 kB Progress (3): 8.8 kB | 14 kB | 7.7/500 kB Progress (3): 8.8 kB | 14 kB | 12/500 kB Progress (3): 8.8 kB | 14 kB | 16/500 kB Progress (3): 8.8 kB | 14 kB | 20/500 kB Progress (3): 8.8 kB | 14 kB | 24/500 kB Progress (3): 8.8 kB | 14 kB | 28/500 kB Progress (3): 8.8 kB | 14 kB | 32/500 kB Progress (3): 8.8 kB | 14 kB | 36/500 kB Progress (3): 8.8 kB | 14 kB | 41/500 kB Progress (3): 8.8 kB | 14 kB | 45/500 kB Progress (3): 8.8 kB | 14 kB | 49/500 kB Progress (3): 8.8 kB | 14 kB | 53/500 kB Progress (3): 8.8 kB | 14 kB | 57/500 kB Progress (3): 8.8 kB | 14 kB | 61/500 kB Progress (3): 8.8 kB | 14 kB | 65/500 kB Progress (3): 8.8 kB | 14 kB | 69/500 kB Progress (3): 8.8 kB | 14 kB | 73/500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 18 kB/s) Progress (2): 14 kB | 77/500 kB Progress (2): 14 kB | 81/500 kB Progress (2): 14 kB | 86/500 kB Progress (2): 14 kB | 90/500 kB Progress (2): 14 kB | 94/500 kB Progress (2): 14 kB | 98/500 kB Progress (2): 14 kB | 102/500 kB Progress (2): 14 kB | 106/500 kB Progress (2): 14 kB | 110/500 kB Progress (2): 14 kB | 114/500 kB Progress (2): 14 kB | 118/500 kB Progress (2): 14 kB | 122/500 kB Progress (2): 14 kB | 127/500 kB Progress (2): 14 kB | 131/500 kB Progress (2): 14 kB | 135/500 kB Progress (2): 14 kB | 139/500 kB Progress (2): 14 kB | 143/500 kB Progress (2): 14 kB | 147/500 kB Progress (2): 14 kB | 151/500 kB Progress (2): 14 kB | 155/500 kB Progress (2): 14 kB | 159/500 kB Progress (2): 14 kB | 163/500 kB Progress (2): 14 kB | 167/500 kB Progress (2): 14 kB | 172/500 kB Progress (2): 14 kB | 176/500 kB Progress (2): 14 kB | 180/500 kB Progress (2): 14 kB | 184/500 kB Progress (2): 14 kB | 188/500 kB Progress (2): 14 kB | 192/500 kB Progress (2): 14 kB | 196/500 kB Progress (2): 14 kB | 200/500 kB Progress (2): 14 kB | 204/500 kB Progress (2): 14 kB | 208/500 kB Progress (2): 14 kB | 213/500 kB Progress (2): 14 kB | 217/500 kB Progress (2): 14 kB | 221/500 kB Progress (2): 14 kB | 225/500 kB Progress (2): 14 kB | 229/500 kB Progress (2): 14 kB | 233/500 kB Progress (2): 14 kB | 237/500 kB Progress (2): 14 kB | 241/500 kB Progress (2): 14 kB | 245/500 kB Progress (2): 14 kB | 249/500 kB Progress (2): 14 kB | 254/500 kB Progress (2): 14 kB | 258/500 kB Progress (2): 14 kB | 262/500 kB Progress (2): 14 kB | 266/500 kB Progress (2): 14 kB | 270/500 kB Progress (2): 14 kB | 274/500 kB Progress (2): 14 kB | 278/500 kB Progress (2): 14 kB | 282/500 kB Progress (2): 14 kB | 286/500 kB Progress (2): 14 kB | 290/500 kB Progress (2): 14 kB | 294/500 kB Progress (2): 14 kB | 299/500 kB Progress (2): 14 kB | 303/500 kB Progress (2): 14 kB | 307/500 kB Progress (2): 14 kB | 311/500 kB Progress (2): 14 kB | 315/500 kB Progress (2): 14 kB | 319/500 kB Progress (2): 14 kB | 323/500 kB Progress (2): 14 kB | 327/500 kB Progress (2): 14 kB | 331/500 kB Progress (2): 14 kB | 335/500 kB Progress (2): 14 kB | 340/500 kB Progress (2): 14 kB | 344/500 kB Progress (2): 14 kB | 348/500 kB Progress (2): 14 kB | 352/500 kB Progress (2): 14 kB | 356/500 kB Progress (2): 14 kB | 360/500 kB Progress (2): 14 kB | 364/500 kB Progress (2): 14 kB | 368/500 kB Progress (2): 14 kB | 372/500 kB Progress (2): 14 kB | 376/500 kB Progress (2): 14 kB | 380/500 kB Progress (2): 14 kB | 385/500 kB Progress (2): 14 kB | 389/500 kB Progress (2): 14 kB | 393/500 kB Progress (2): 14 kB | 397/500 kB Progress (2): 14 kB | 401/500 kB Progress (2): 14 kB | 405/500 kB Progress (2): 14 kB | 409/500 kB Progress (2): 14 kB | 413/500 kB Progress (2): 14 kB | 417/500 kB Progress (2): 14 kB | 421/500 kB Progress (2): 14 kB | 426/500 kB Progress (2): 14 kB | 430/500 kB Progress (2): 14 kB | 434/500 kB Progress (2): 14 kB | 438/500 kB Progress (2): 14 kB | 442/500 kB Progress (2): 14 kB | 446/500 kB Progress (2): 14 kB | 450/500 kB Progress (2): 14 kB | 454/500 kB Progress (2): 14 kB | 458/500 kB Progress (2): 14 kB | 462/500 kB Progress (2): 14 kB | 466/500 kB Progress (2): 14 kB | 471/500 kB Progress (2): 14 kB | 475/500 kB Progress (2): 14 kB | 479/500 kB Progress (2): 14 kB | 483/500 kB Progress (2): 14 kB | 487/500 kB Progress (2): 14 kB | 491/500 kB Progress (2): 14 kB | 495/500 kB Progress (2): 14 kB | 499/500 kB Progress (2): 14 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 27 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 932 kB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 22.164 s [INFO] Finished at: 2026-02-10T22:17:12Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="e5831357c8c8aa550cafde1d9cd124a963dd7b1f" "org.opencontainers.image.revision"="e5831357c8c8aa550cafde1d9cd124a963dd7b1f" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:16:40Z" "org.opencontainers.image.created"="2026-02-10T22:16:40Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f --> 97a946400e09 Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f 97a946400e09a29441ab6867a816e15758462a7a11a037e05d50cf7b303ee471 [2026-02-10T22:17:13,314776222+00:00] Unsetting proxy [2026-02-10T22:17:13,315960097+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:8d4b724140decacf5277929d49aded3605d21e7b2df1b0e4250c8a755295c484 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:97a946400e09a29441ab6867a816e15758462a7a11a037e05d50cf7b303ee471 Writing manifest to image destination [2026-02-10T22:17:15,380926733+00:00] End build pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-push: [2026-02-10T22:17:15,913249807+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:17:19,628351853+00:00] Convert image [2026-02-10T22:17:19,629398639+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-xbd5j-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-xbd5j-build-container Getting image source signatures Copying blob sha256:8d4b724140decacf5277929d49aded3605d21e7b2df1b0e4250c8a755295c484 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:97a946400e09a29441ab6867a816e15758462a7a11a037e05d50cf7b303ee471 Writing manifest to image destination [2026-02-10T22:17:23,595018145+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Getting image source signatures Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:8d4b724140decacf5277929d49aded3605d21e7b2df1b0e4250c8a755295c484 Copying config sha256:97a946400e09a29441ab6867a816e15758462a7a11a037e05d50cf7b303ee471 Writing manifest to image destination sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f [2026-02-10T22:17:24,547008406+00:00] End push pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:17:25,026618060+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:17:33,575844716+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-prepare-sboms: [2026-02-10T22:17:34,236714313+00:00] Prepare SBOM [2026-02-10T22:17:34,240390691+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:17:44,991 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:17:46,287 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:17:49,620 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:17:49,620 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:17:49,621 [INFO] mobster.log: Contextual workflow completed in 3.53s 2026-02-10 22:17:49,889 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:17:50,689970263+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-xbd5j-build-container-pod | container step-upload-sbom: [2026-02-10T22:17:51,255001579+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:61efcdf44ae828965e4279db597e59f373bfa673bd277ced19068272d7ab90dd [2026-02-10T22:18:01,419955690+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-xbd5j-build-image-index-pod | init container: prepare 2026/02/10 22:18:03 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-build-image-index-pod | init container: place-scripts 2026/02/10 22:18:04 Decoded script /tekton/scripts/script-0-s7mwg 2026/02/10 22:18:04 Decoded script /tekton/scripts/script-1-ql2b7 2026/02/10 22:18:04 Decoded script /tekton/scripts/script-2-j7fvs pod: konflux-demo-component-tfry-on-push-xbd5j-build-image-index-pod | container step-build: [2026-02-10T22:18:07,027449975+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 3b431ce52c27123cd6f5db93e30f075cb264d7935da53cd8c7329046dda03b74 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402. pod: konflux-demo-component-tfry-on-push-xbd5j-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-xbd5j-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:18:09,243326116+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | init container: place-scripts 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-0-4vv7b 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-1-29rpm 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-2-d8vlb 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-3-j5dw6 pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402. pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:18:20Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:18:20Z INF libvuln initialized component=libvuln/New 2026-02-10T22:18:21Z INF registered configured scanners component=libindex/New 2026-02-10T22:18:21Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:18:21Z INF index request start component=libindex/Libindex.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 2026-02-10T22:18:21Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 2026-02-10T22:18:21Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=CheckManifest 2026-02-10T22:18:21Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=FetchLayers 2026-02-10T22:18:24Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=FetchLayers 2026-02-10T22:18:24Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=FetchLayers 2026-02-10T22:18:24Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=ScanLayers 2026-02-10T22:18:24Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:18:24Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:18:25Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=ScanLayers 2026-02-10T22:18:25Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=IndexManifest 2026-02-10T22:18:25Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=IndexFinished 2026-02-10T22:18:25Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 state=IndexFinished 2026-02-10T22:18:25Z INF index request done component=libindex/Libindex.Index manifest=sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 { "manifest_hash": "sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "33cb91df-6b1c-4c00-8d67-6fdd6155345a": { "id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0": { "id": "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "4244a1d9-8315-4e75-883d-97f70491f171": { "id": "4244a1d9-8315-4e75-883d-97f70491f171", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "5474ac85-459f-40b8-b6ac-35617de6df01": { "id": "5474ac85-459f-40b8-b6ac-35617de6df01", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "5aef633a-dd8c-44fc-938a-7c6b60b965a7": { "id": "5aef633a-dd8c-44fc-938a-7c6b60b965a7", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "80ed2363-f3af-4945-a5df-ae3efe1ea960": { "id": "80ed2363-f3af-4945-a5df-ae3efe1ea960", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "dfce87b1-eec1-4a46-a0ff-45f93a6bd380": { "id": "dfce87b1-eec1-4a46-a0ff-45f93a6bd380", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7bca661f0f49c4eafcb008fb10a89f6b0e7d9731200c3f75ae254970303d86e1", "distribution_id": "", "repository_ids": [ "5aef633a-dd8c-44fc-938a-7c6b60b965a7" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7bca661f0f49c4eafcb008fb10a89f6b0e7d9731200c3f75ae254970303d86e1", "distribution_id": "", "repository_ids": [ "5aef633a-dd8c-44fc-938a-7c6b60b965a7" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "4244a1d9-8315-4e75-883d-97f70491f171", "4244a1d9-8315-4e75-883d-97f70491f171" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7bca661f0f49c4eafcb008fb10a89f6b0e7d9731200c3f75ae254970303d86e1", "distribution_id": "", "repository_ids": [ "5aef633a-dd8c-44fc-938a-7c6b60b965a7" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "4244a1d9-8315-4e75-883d-97f70491f171", "4244a1d9-8315-4e75-883d-97f70491f171" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:7bca661f0f49c4eafcb008fb10a89f6b0e7d9731200c3f75ae254970303d86e1", "distribution_id": "", "repository_ids": [ "5aef633a-dd8c-44fc-938a-7c6b60b965a7" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "80ed2363-f3af-4945-a5df-ae3efe1ea960", "dfce87b1-eec1-4a46-a0ff-45f93a6bd380" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "33cb91df-6b1c-4c00-8d67-6fdd6155345a", "repository_ids": [ "2c2236b4-7fcd-4fd6-8e9a-e3dcfc89c0c0", "5474ac85-459f-40b8-b6ac-35617de6df01" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-xbd5j-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), tar-2:1.30-11.el8_10 (CVE-2025-45582), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), file-libs-5.33-27.el8_10 (CVE-2019-8905), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), expat-2.5.0-1.el8_10 (CVE-2024-28757), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), coreutils-single-8.30-16.el8_10 (CVE-2025-5278)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), pcre2-10.32-3.el8_6 (CVE-2022-41409), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), gawk-4.2.1-4.el8 (CVE-2023-4156), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libzstd-1.4.4-1.el8 (CVE-2021-24032), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), file-libs-5.33-27.el8_10 (CVE-2019-8906), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), elfutils-libelf-0.190-2.el8 (CVE-2024-25260)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f", "digests": ["sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:18:40+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-xbd5j-clamav-scan-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-clamav-scan-pod | init container: place-scripts 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-0-s58vz 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-1-nkls8 pod: konflux-demo-component-tfry-on-push-xbd5j-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 20.398 sec (0 m 20 s) Start Date: 2026:02:10 22:18:30 End Date: 2026:02:10 22:18:50 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770761930","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761930","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770761930","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f", "digests": ["sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402"]}} pod: konflux-demo-component-tfry-on-push-xbd5j-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading b282d19bca6d clamscan-ec-test-amd64.json Uploading 175f7d2101a6 clamscan-result-amd64.log Uploaded b282d19bca6d clamscan-ec-test-amd64.json Uploaded 175f7d2101a6 clamscan-result-amd64.log Uploading c66ef9bce8d0 application/vnd.oci.image.manifest.v1+json Uploaded c66ef9bce8d0 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 Digest: sha256:c66ef9bce8d04c08d149915c6857be6fdae4a0e2ee6882e082a75d65496d8d81 pod: konflux-demo-component-tfry-on-push-xbd5j-clone-repository-pod | init container: prepare 2026/02/10 22:16:12 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-clone-repository-pod | init container: place-scripts 2026/02/10 22:16:12 Decoded script /tekton/scripts/script-0-9qhqd 2026/02/10 22:16:12 Decoded script /tekton/scripts/script-1-2kxzj pod: konflux-demo-component-tfry-on-push-xbd5j-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761776.522776,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761776.7458591,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ e5831357c8c8aa550cafde1d9cd124a963dd7b1f (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770761776.745902,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761776.7706509,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision e5831357c8c8aa550cafde1d9cd124a963dd7b1f directly. pod: konflux-demo-component-tfry-on-push-xbd5j-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-xbd5j-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.dH4FWA/auth-q1dxmg.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f.git SOURCE_ARTIFACT Uploading ce9fd9ff3d6c SOURCE_ARTIFACT Uploaded ce9fd9ff3d6c SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:992338d07ef7c2611bde4e99e90f7e5a0a3e5bbef66e23745bab6521c723abad Artifacts created pod: konflux-demo-component-tfry-on-push-xbd5j-init-pod | init container: prepare 2026/02/10 22:16:03 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-init-pod | init container: place-scripts 2026/02/10 22:16:04 Decoded script /tekton/scripts/script-0-vzmtw pod: konflux-demo-component-tfry-on-push-xbd5j-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-xbd5j-push-dockerfile-pod | init container: prepare 2026/02/10 22:18:13 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-1-p9bjz pod: konflux-demo-component-tfry-on-push-xbd5j-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.j2LZyB/auth-dX8mXN.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 to /var/workdir/source pod: konflux-demo-component-tfry-on-push-xbd5j-push-dockerfile-pod | container step-push: [2026-02-10T22:18:18,300604281+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.4O6Vw7bSzE --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-xbd5j-sast-shell-check-pod | init container: prepare 2026/02/10 22:18:13 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-1-ng4cn 2026/02/10 22:18:14 Decoded script /tekton/scripts/script-2-5kn5q pod: konflux-demo-component-tfry-on-push-xbd5j-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.yEpzWD/auth-siapkC.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-xbd5j-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-119.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-126.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-81.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:19+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-xbd5j-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading de1ca0aae2b6 application/vnd.oci.image.manifest.v1+json Uploaded de1ca0aae2b6 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 Digest: sha256:de1ca0aae2b66f1ebe91ba76afed90a33c9ef6b847dd82f4cbd654694809dbd8 No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-xbd5j-sast-snyk-check-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-xbd5j-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-1-5tpl5 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-2-z6r69 pod: konflux-demo-component-tfry-on-push-xbd5j-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.4l1hC6/auth-Oj0Srh.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-xbd5j-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:18:17+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-xbd5j-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | init container: prepare 2026/02/10 22:16:21 Entrypoint initialization pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | init container: place-scripts 2026/02/10 22:16:21 Decoded script /tekton/scripts/script-0-jzxt9 2026/02/10 22:16:21 Decoded script /tekton/scripts/script-2-66rqp 2026/02/10 22:16:21 Decoded script /tekton/scripts/script-3-pjckd pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | container step-skip-ta: pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfry75f510dac3afc2b6c6011cf2b5f39e91-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfryb4182ffcf925eb73cdda45752f71f7a9-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfryb4182ffcf925eb73cdda45752f71f7a9-pod | init container: place-scripts 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-1-t5b7c 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-2-dph88 pod: konflux-demo-component-tfryb4182ffcf925eb73cdda45752f71f7a9-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.e1KAUX/auth-Uy5m7k.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:ce9fd9ff3d6cd31237d45bb3f7bc3ea57b7d7d918494c350d4c33f40feeeb034 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfryb4182ffcf925eb73cdda45752f71f7a9-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:18:19+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:18:19+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfryb4182ffcf925eb73cdda45752f71f7a9-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 5a203565c48f application/vnd.oci.image.manifest.v1+json Uploaded 5a203565c48f application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f@sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 Digest: sha256:5a203565c48f3048e0647c0a35567046cc010cee44a5731568d9520df287de9a No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | init container: prepare 2026/02/10 22:18:12 Entrypoint initialization pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | init container: place-scripts 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-0-n7js5 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-1-f59m2 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-2-fgxtb 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-3-5thw8 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-4-4l2qm 2026/02/10 22:18:13 Decoded script /tekton/scripts/script-5-fvjnv pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-set-skip-for-bundles: 2026/02/10 22:18:17 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-app-check: time="2026-02-10T22:18:17Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:18:18Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f for platform amd64" time="2026-02-10T22:18:18Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f" time="2026-02-10T22:18:26Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:18:26Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:18:26Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:18:26Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:18:26Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:18:26Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:18:26Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:18:34Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:18:34Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:18:34Z" level=info msg="This image's tag e5831357c8c8aa550cafde1d9cd124a963dd7b1f will be paired with digest sha256:4f24bc9a1681d4713a47f12555456080abcf7e41b3fec4cccfee03c420fb4402 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 33, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8470, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 159, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:18:35Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770761915","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e5831357c8c8aa550cafde1d9cd124a963dd7b1f pod: konflux-demo-component-tfryba7405cd7b1da6632e32e7a19ac1207d-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770761915","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: ResolvingTaskRef PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Running PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vj8dh reason: Failed attempt 4/6: PipelineRun "konflux-demo-component-tfry-on-push-vj8dh" failed: pod: konflux-demo-component-tfry-on-push-vj8dh-apply-tags-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:21:19Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c" time="2026-02-10T22:21:19Z" level=info msg="[param] Image digest: sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90" time="2026-02-10T22:21:19Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:21:20Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | init container: prepare 2026/02/10 22:19:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | init container: place-scripts 2026/02/10 22:19:39 Decoded script /tekton/scripts/script-1-fq24s 2026/02/10 22:19:39 Decoded script /tekton/scripts/script-2-jsb6b 2026/02/10 22:19:39 Decoded script /tekton/scripts/script-3-mxhjv 2026/02/10 22:19:39 Decoded script /tekton/scripts/script-4-l78b9 2026/02/10 22:19:39 Decoded script /tekton/scripts/script-5-tbr6h pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.gtJIPi/auth-p9T0u8.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-build: [2026-02-10T22:19:44,092335498+00:00] Validate context path [2026-02-10T22:19:44,096184740+00:00] Update CA trust [2026-02-10T22:19:44,097346909+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:19:46,079638474+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:19:46,085162395+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:19:46,173897718+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:19:51,410284079+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:19:46Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:19:46Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "77169bc89c21f13d10579dae80d1ac4578ad720c", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "77169bc89c21f13d10579dae80d1ac4578ad720c", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:19:51,454138394+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:19:51,457388369+00:00] Add secrets [2026-02-10T22:19:51,464945752+00:00] Run buildah build [2026-02-10T22:19:51,466007738+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=77169bc89c21f13d10579dae80d1ac4578ad720c --label org.opencontainers.image.revision=77169bc89c21f13d10579dae80d1ac4578ad720c --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:19:46Z --label org.opencontainers.image.created=2026-02-10T22:19:46Z --annotation org.opencontainers.image.revision=77169bc89c21f13d10579dae80d1ac4578ad720c --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:19:46Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.nF5buh -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 289 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 874 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 348 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 712 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 285 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 586 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 850 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 400 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 820 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 243 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 270 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 665 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 276 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 328 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 846 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 599 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 804 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.4/3.6 kB Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 90 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 58 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 109 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 28 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 354 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 204 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 226 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (1): 24/226 kB Progress (1): 27/226 kB Progress (1): 30/226 kB Progress (1): 32/226 kB Progress (1): 35/226 kB Progress (1): 38/226 kB Progress (1): 41/226 kB Progress (1): 43/226 kB Progress (1): 47/226 kB Progress (1): 52/226 kB Progress (1): 56/226 kB Progress (1): 60/226 kB Progress (1): 64/226 kB Progress (1): 68/226 kB Progress (2): 68/226 kB | 2.3/13 kB Progress (2): 72/226 kB | 2.3/13 kB Progress (2): 76/226 kB | 2.3/13 kB Progress (2): 76/226 kB | 5.0/13 kB Progress (2): 80/226 kB | 5.0/13 kB Progress (2): 80/226 kB | 7.8/13 kB Progress (2): 82/226 kB | 7.8/13 kB Progress (2): 82/226 kB | 12/13 kB Progress (2): 82/226 kB | 13 kB Progress (2): 86/226 kB | 13 kB Progress (2): 90/226 kB | 13 kB Progress (2): 95/226 kB | 13 kB Progress (2): 99/226 kB | 13 kB Progress (2): 103/226 kB | 13 kB Progress (2): 107/226 kB | 13 kB Progress (2): 111/226 kB | 13 kB Progress (2): 115/226 kB | 13 kB Progress (2): 119/226 kB | 13 kB Progress (2): 123/226 kB | 13 kB Progress (2): 127/226 kB | 13 kB Progress (2): 131/226 kB | 13 kB Progress (2): 136/226 kB | 13 kB Progress (2): 140/226 kB | 13 kB Progress (2): 144/226 kB | 13 kB Progress (2): 148/226 kB | 13 kB Progress (2): 150/226 kB | 13 kB Progress (2): 154/226 kB | 13 kB Progress (2): 158/226 kB | 13 kB Progress (2): 162/226 kB | 13 kB Progress (2): 166/226 kB | 13 kB Progress (2): 170/226 kB | 13 kB Progress (2): 175/226 kB | 13 kB Progress (2): 179/226 kB | 13 kB Progress (2): 183/226 kB | 13 kB Progress (2): 187/226 kB | 13 kB Progress (2): 191/226 kB | 13 kB Progress (2): 195/226 kB | 13 kB Progress (2): 199/226 kB | 13 kB Progress (2): 203/226 kB | 13 kB Progress (2): 207/226 kB | 13 kB Progress (2): 211/226 kB | 13 kB Progress (2): 215/226 kB | 13 kB Progress (2): 220/226 kB | 13 kB Progress (2): 224/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 262 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 4.0 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 11 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 169 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 399 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 202 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 211 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 149 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 3.8/35 kB Progress (1): 7.9/35 kB Progress (1): 12/35 kB Progress (1): 16/35 kB Progress (1): 20/35 kB Progress (1): 24/35 kB Progress (1): 28/35 kB Progress (1): 32/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/57 kB Progress (2): 35 kB | 7.7/57 kB Progress (2): 35 kB | 12/57 kB Progress (2): 35 kB | 16/57 kB Progress (2): 35 kB | 20/57 kB Progress (2): 35 kB | 24/57 kB Progress (2): 35 kB | 28/57 kB Progress (2): 35 kB | 32/57 kB Progress (2): 35 kB | 36/57 kB Progress (2): 35 kB | 41/57 kB Progress (2): 35 kB | 45/57 kB Progress (2): 35 kB | 49/57 kB Progress (2): 35 kB | 53/57 kB Progress (2): 35 kB | 57 kB Progress (3): 35 kB | 57 kB | 2.3/29 kB Progress (3): 35 kB | 57 kB | 5.0/29 kB Progress (3): 35 kB | 57 kB | 7.8/29 kB Progress (3): 35 kB | 57 kB | 11/29 kB Progress (3): 35 kB | 57 kB | 13/29 kB Progress (3): 35 kB | 57 kB | 16/29 kB Progress (3): 35 kB | 57 kB | 19/29 kB Progress (3): 35 kB | 57 kB | 21/29 kB Progress (3): 35 kB | 57 kB | 24/29 kB Progress (3): 35 kB | 57 kB | 27/29 kB Progress (3): 35 kB | 57 kB | 29 kB Progress (4): 35 kB | 57 kB | 29 kB | 4.1/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 7.7/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 12/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 16/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 20/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 24/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 28/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 32/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 36/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 41/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 45/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 49/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 53/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 57/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 61/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 65/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 69/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 73/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 77/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 81/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 86/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 90/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 94/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 98/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 102/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 106/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 110/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 114/116 kB Progress (4): 35 kB | 57 kB | 29 kB | 116 kB Progress (5): 35 kB | 57 kB | 29 kB | 116 kB | 2.3/152 kB Progress (5): 35 kB | 57 kB | 29 kB | 116 kB | 5.0/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 820 kB/s) Progress (4): 57 kB | 29 kB | 116 kB | 7.8/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Progress (4): 57 kB | 29 kB | 116 kB | 11/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 13/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 16/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 19/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 21/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 24/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 27/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 30/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 32/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 35/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 38/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 41/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 43/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 46/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 49/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 52/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 54/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 58/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 63/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 67/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 71/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 75/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 79/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 81/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 85/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 89/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 93/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 97/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 102/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 106/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 110/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 114/152 kB Progress (4): 57 kB | 29 kB | 116 kB | 118/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (3): 29 kB | 116 kB | 122/152 kB Progress (3): 29 kB | 116 kB | 126/152 kB Progress (3): 29 kB | 116 kB | 130/152 kB Progress (3): 29 kB | 116 kB | 134/152 kB Progress (3): 29 kB | 116 kB | 138/152 kB Progress (3): 29 kB | 116 kB | 142/152 kB Progress (3): 29 kB | 116 kB | 147/152 kB Progress (3): 29 kB | 116 kB | 151/152 kB Progress (3): 29 kB | 116 kB | 152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 1.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 152 kB | 3.8/21 kB Progress (2): 152 kB | 7.9/21 kB Progress (2): 152 kB | 12/21 kB Progress (2): 152 kB | 16/21 kB Progress (2): 152 kB | 20/21 kB Progress (2): 152 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (2): 21 kB | 2.3/5.9 kB Progress (2): 21 kB | 5.0/5.9 kB Progress (2): 21 kB | 5.9 kB Progress (3): 21 kB | 5.9 kB | 4.1/9.9 kB Progress (3): 21 kB | 5.9 kB | 7.7/9.9 kB Progress (3): 21 kB | 5.9 kB | 9.9 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 4.1/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 7.7/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 12/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 16/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 20/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 24/24 kB Progress (4): 21 kB | 5.9 kB | 9.9 kB | 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 210 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (2): 24 kB | 2.7/30 kB Progress (2): 24 kB | 5.5/30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 222 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (1): 9.6/30 kB Progress (1): 14/30 kB Progress (1): 18/30 kB Progress (1): 22/30 kB Progress (1): 25/30 kB Progress (1): 29/30 kB Progress (1): 30 kB Progress (2): 30 kB | 3.8/37 kB Progress (2): 30 kB | 7.9/37 kB Progress (2): 30 kB | 12/37 kB Progress (2): 30 kB | 16/37 kB Progress (2): 30 kB | 20/37 kB Progress (2): 30 kB | 24/37 kB Progress (2): 30 kB | 28/37 kB Progress (2): 30 kB | 32/37 kB Progress (2): 30 kB | 37/37 kB Progress (2): 30 kB | 37 kB Progress (3): 30 kB | 37 kB | 3.8/14 kB Progress (3): 30 kB | 37 kB | 7.9/14 kB Progress (3): 30 kB | 37 kB | 12/14 kB Progress (3): 30 kB | 37 kB | 14 kB Progress (4): 30 kB | 37 kB | 14 kB | 4.1/13 kB Progress (4): 30 kB | 37 kB | 14 kB | 7.7/13 kB Progress (4): 30 kB | 37 kB | 14 kB | 12/13 kB Progress (4): 30 kB | 37 kB | 14 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (4): 37 kB | 14 kB | 13 kB | 4.1/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 7.7/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 12/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 16/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 20/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 24/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 28/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 32/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 36/38 kB Progress (4): 37 kB | 14 kB | 13 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 246 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (1): 3.8/87 kB Progress (1): 7.9/87 kB Progress (1): 12/87 kB Progress (1): 16/87 kB Progress (1): 20/87 kB Progress (1): 24/87 kB Progress (1): 28/87 kB Progress (1): 32/87 kB Progress (1): 36/87 kB Progress (1): 40/87 kB Progress (1): 44/87 kB Progress (2): 44/87 kB | 3.8/49 kB Progress (2): 44/87 kB | 7.9/49 kB Progress (2): 44/87 kB | 12/49 kB Progress (2): 48/87 kB | 12/49 kB Progress (2): 48/87 kB | 16/49 kB Progress (2): 48/87 kB | 20/49 kB Progress (2): 53/87 kB | 20/49 kB Progress (2): 53/87 kB | 24/49 kB Progress (2): 57/87 kB | 24/49 kB Progress (2): 61/87 kB | 24/49 kB Progress (2): 61/87 kB | 28/49 kB Progress (2): 65/87 kB | 28/49 kB Progress (2): 69/87 kB | 28/49 kB Progress (2): 69/87 kB | 32/49 kB Progress (2): 73/87 kB | 32/49 kB Progress (2): 73/87 kB | 37/49 kB Progress (2): 77/87 kB | 37/49 kB Progress (2): 79/87 kB | 37/49 kB Progress (2): 83/87 kB | 37/49 kB Progress (2): 83/87 kB | 41/49 kB Progress (2): 83/87 kB | 45/49 kB Progress (2): 83/87 kB | 49/49 kB Progress (2): 83/87 kB | 49 kB Progress (2): 87 kB | 49 kB Progress (3): 87 kB | 49 kB | 3.8/86 kB Progress (3): 87 kB | 49 kB | 7.9/86 kB Progress (3): 87 kB | 49 kB | 12/86 kB Progress (3): 87 kB | 49 kB | 16/86 kB Progress (3): 87 kB | 49 kB | 20/86 kB Progress (3): 87 kB | 49 kB | 24/86 kB Progress (3): 87 kB | 49 kB | 28/86 kB Progress (3): 87 kB | 49 kB | 32/86 kB Progress (3): 87 kB | 49 kB | 37/86 kB Progress (3): 87 kB | 49 kB | 41/86 kB Progress (3): 87 kB | 49 kB | 45/86 kB Progress (3): 87 kB | 49 kB | 49/86 kB Progress (3): 87 kB | 49 kB | 53/86 kB Progress (3): 87 kB | 49 kB | 57/86 kB Progress (3): 87 kB | 49 kB | 61/86 kB Progress (3): 87 kB | 49 kB | 65/86 kB Progress (3): 87 kB | 49 kB | 69/86 kB Progress (3): 87 kB | 49 kB | 73/86 kB Progress (3): 87 kB | 49 kB | 77/86 kB Progress (3): 87 kB | 49 kB | 81/86 kB Progress (3): 87 kB | 49 kB | 86/86 kB Progress (3): 87 kB | 49 kB | 86 kB Progress (4): 87 kB | 49 kB | 86 kB | 4.1/10 kB Progress (4): 87 kB | 49 kB | 86 kB | 8.2/10 kB Progress (4): 87 kB | 49 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 264 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 457 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (1): 4.1/194 kB Progress (1): 7.7/194 kB Progress (1): 12/194 kB Progress (1): 16/194 kB Progress (1): 20/194 kB Progress (1): 24/194 kB Progress (1): 28/194 kB Progress (1): 32/194 kB Progress (1): 36/194 kB Progress (1): 41/194 kB Progress (1): 45/194 kB Progress (1): 49/194 kB Progress (1): 53/194 kB Progress (1): 57/194 kB Progress (1): 61/194 kB Progress (1): 65/194 kB Progress (1): 69/194 kB Progress (1): 73/194 kB Progress (1): 77/194 kB Progress (1): 81/194 kB Progress (1): 86/194 kB Progress (1): 90/194 kB Progress (1): 94/194 kB Progress (1): 98/194 kB Progress (1): 102/194 kB Progress (1): 106/194 kB Progress (1): 110/194 kB Progress (1): 114/194 kB Progress (1): 118/194 kB Progress (1): 122/194 kB Progress (1): 127/194 kB Progress (1): 131/194 kB Progress (1): 135/194 kB Progress (1): 139/194 kB Progress (1): 143/194 kB Progress (1): 147/194 kB Progress (1): 151/194 kB Progress (1): 155/194 kB Progress (1): 159/194 kB Progress (1): 163/194 kB Progress (1): 167/194 kB Progress (1): 172/194 kB Progress (1): 176/194 kB Progress (1): 180/194 kB Progress (1): 184/194 kB Progress (1): 188/194 kB Progress (1): 192/194 kB Progress (1): 194 kB Progress (2): 194 kB | 4.1/121 kB Progress (2): 194 kB | 7.7/121 kB Progress (2): 194 kB | 12/121 kB Progress (2): 194 kB | 16/121 kB Progress (2): 194 kB | 20/121 kB Progress (2): 194 kB | 24/121 kB Progress (2): 194 kB | 28/121 kB Progress (2): 194 kB | 32/121 kB Progress (3): 194 kB | 32/121 kB | 3.8/223 kB Progress (3): 194 kB | 36/121 kB | 3.8/223 kB Progress (3): 194 kB | 36/121 kB | 7.9/223 kB Progress (3): 194 kB | 41/121 kB | 7.9/223 kB Progress (3): 194 kB | 45/121 kB | 7.9/223 kB Progress (3): 194 kB | 45/121 kB | 12/223 kB Progress (3): 194 kB | 49/121 kB | 12/223 kB Progress (3): 194 kB | 49/121 kB | 16/223 kB Progress (3): 194 kB | 49/121 kB | 20/223 kB Progress (3): 194 kB | 49/121 kB | 24/223 kB Progress (3): 194 kB | 53/121 kB | 24/223 kB Progress (3): 194 kB | 57/121 kB | 24/223 kB Progress (3): 194 kB | 57/121 kB | 28/223 kB Progress (3): 194 kB | 57/121 kB | 32/223 kB Progress (3): 194 kB | 57/121 kB | 37/223 kB Progress (3): 194 kB | 61/121 kB | 37/223 kB Progress (3): 194 kB | 65/121 kB | 37/223 kB Progress (3): 194 kB | 65/121 kB | 41/223 kB Progress (3): 194 kB | 69/121 kB | 41/223 kB Progress (3): 194 kB | 69/121 kB | 45/223 kB Progress (3): 194 kB | 73/121 kB | 45/223 kB Progress (3): 194 kB | 73/121 kB | 49/223 kB Progress (3): 194 kB | 73/121 kB | 53/223 kB Progress (3): 194 kB | 73/121 kB | 57/223 kB Progress (3): 194 kB | 73/121 kB | 61/223 kB Progress (3): 194 kB | 73/121 kB | 65/223 kB Progress (3): 194 kB | 73/121 kB | 69/223 kB Progress (3): 194 kB | 77/121 kB | 69/223 kB Progress (3): 194 kB | 81/121 kB | 69/223 kB Progress (3): 194 kB | 86/121 kB | 69/223 kB Progress (3): 194 kB | 90/121 kB | 69/223 kB Progress (3): 194 kB | 90/121 kB | 73/223 kB Progress (3): 194 kB | 90/121 kB | 78/223 kB Progress (3): 194 kB | 90/121 kB | 82/223 kB Progress (3): 194 kB | 90/121 kB | 86/223 kB Progress (3): 194 kB | 90/121 kB | 90/223 kB Progress (3): 194 kB | 90/121 kB | 94/223 kB Progress (3): 194 kB | 94/121 kB | 94/223 kB Progress (3): 194 kB | 94/121 kB | 98/223 kB Progress (3): 194 kB | 98/121 kB | 98/223 kB Progress (3): 194 kB | 98/121 kB | 102/223 kB Progress (3): 194 kB | 102/121 kB | 102/223 kB Progress (3): 194 kB | 106/121 kB | 102/223 kB Progress (4): 194 kB | 106/121 kB | 102/223 kB | 4.1/6.8 kB Progress (4): 194 kB | 106/121 kB | 102/223 kB | 6.8 kB Progress (4): 194 kB | 106/121 kB | 106/223 kB | 6.8 kB Progress (4): 194 kB | 110/121 kB | 106/223 kB | 6.8 kB Progress (4): 194 kB | 110/121 kB | 110/223 kB | 6.8 kB Progress (4): 194 kB | 114/121 kB | 110/223 kB | 6.8 kB Progress (4): 194 kB | 114/121 kB | 114/223 kB | 6.8 kB Progress (4): 194 kB | 118/121 kB | 114/223 kB | 6.8 kB Progress (4): 194 kB | 118/121 kB | 118/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 118/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 123/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 127/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 131/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 135/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 139/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 143/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 147/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 151/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 155/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 159/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 164/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 168/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 172/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 176/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 180/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 184/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 188/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 192/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 196/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 200/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 204/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 209/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 213/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 217/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 221/223 kB | 6.8 kB Progress (4): 194 kB | 121 kB | 223 kB | 6.8 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 4.1/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 7.7/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 12/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 16/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 20/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 24/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 28/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 32/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 36/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 41/43 kB Progress (5): 194 kB | 121 kB | 223 kB | 6.8 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 515 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 183 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 942 kB/s) Progress (2): 194 kB | 4.1/61 kB Progress (2): 194 kB | 7.7/61 kB Progress (2): 194 kB | 12/61 kB Progress (2): 194 kB | 16/61 kB Progress (2): 194 kB | 20/61 kB Progress (2): 194 kB | 24/61 kB Progress (2): 194 kB | 28/61 kB Progress (2): 194 kB | 32/61 kB Progress (2): 194 kB | 36/61 kB Progress (2): 194 kB | 41/61 kB Progress (2): 194 kB | 45/61 kB Progress (2): 194 kB | 49/61 kB Progress (2): 194 kB | 53/61 kB Progress (2): 194 kB | 57/61 kB Progress (2): 194 kB | 61/61 kB Progress (2): 194 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 768 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 232 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 138 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 547 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 831 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 117 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 487 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 150 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 357 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 457 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 16 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 475 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 2.8 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/13 kB Progress (1): 7.5/13 kB Progress (1): 12/13 kB Progress (1): 13 kB Progress (2): 13 kB | 4.1/160 kB Progress (2): 13 kB | 7.7/160 kB Progress (2): 13 kB | 12/160 kB Progress (2): 13 kB | 16/160 kB Progress (2): 13 kB | 20/160 kB Progress (2): 13 kB | 24/160 kB Progress (2): 13 kB | 28/160 kB Progress (2): 13 kB | 32/160 kB Progress (2): 13 kB | 36/160 kB Progress (2): 13 kB | 41/160 kB Progress (2): 13 kB | 45/160 kB Progress (2): 13 kB | 49/160 kB Progress (2): 13 kB | 53/160 kB Progress (2): 13 kB | 57/160 kB Progress (2): 13 kB | 61/160 kB Progress (2): 13 kB | 65/160 kB Progress (2): 13 kB | 69/160 kB Progress (2): 13 kB | 73/160 kB Progress (2): 13 kB | 77/160 kB Progress (2): 13 kB | 81/160 kB Progress (2): 13 kB | 86/160 kB Progress (2): 13 kB | 90/160 kB Progress (2): 13 kB | 94/160 kB Progress (2): 13 kB | 98/160 kB Progress (2): 13 kB | 102/160 kB Progress (2): 13 kB | 106/160 kB Progress (2): 13 kB | 110/160 kB Progress (2): 13 kB | 114/160 kB Progress (2): 13 kB | 118/160 kB Progress (2): 13 kB | 122/160 kB Progress (2): 13 kB | 127/160 kB Progress (2): 13 kB | 131/160 kB Progress (2): 13 kB | 135/160 kB Progress (2): 13 kB | 139/160 kB Progress (2): 13 kB | 143/160 kB Progress (2): 13 kB | 147/160 kB Progress (2): 13 kB | 151/160 kB Progress (2): 13 kB | 155/160 kB Progress (2): 13 kB | 159/160 kB Progress (2): 13 kB | 160 kB Progress (3): 13 kB | 160 kB | 4.1/211 kB Progress (3): 13 kB | 160 kB | 7.7/211 kB Progress (3): 13 kB | 160 kB | 12/211 kB Progress (3): 13 kB | 160 kB | 16/211 kB Progress (3): 13 kB | 160 kB | 20/211 kB Progress (3): 13 kB | 160 kB | 24/211 kB Progress (3): 13 kB | 160 kB | 28/211 kB Progress (4): 13 kB | 160 kB | 28/211 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 32/211 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 36/211 kB | 4.1/89 kB Progress (4): 13 kB | 160 kB | 36/211 kB | 7.7/89 kB Progress (4): 13 kB | 160 kB | 41/211 kB | 7.7/89 kB Progress (4): 13 kB | 160 kB | 41/211 kB | 12/89 kB Progress (4): 13 kB | 160 kB | 41/211 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 45/211 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 49/211 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 53/211 kB | 16/89 kB Progress (4): 13 kB | 160 kB | 53/211 kB | 20/89 kB Progress (4): 13 kB | 160 kB | 57/211 kB | 20/89 kB Progress (4): 13 kB | 160 kB | 57/211 kB | 24/89 kB Progress (4): 13 kB | 160 kB | 57/211 kB | 28/89 kB Progress (4): 13 kB | 160 kB | 61/211 kB | 28/89 kB Progress (4): 13 kB | 160 kB | 61/211 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 65/211 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 69/211 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 73/211 kB | 32/89 kB Progress (4): 13 kB | 160 kB | 73/211 kB | 36/89 kB Progress (4): 13 kB | 160 kB | 73/211 kB | 41/89 kB Progress (4): 13 kB | 160 kB | 77/211 kB | 41/89 kB Progress (4): 13 kB | 160 kB | 77/211 kB | 45/89 kB Progress (4): 13 kB | 160 kB | 81/211 kB | 45/89 kB Progress (4): 13 kB | 160 kB | 81/211 kB | 49/89 kB Progress (4): 13 kB | 160 kB | 86/211 kB | 49/89 kB Progress (4): 13 kB | 160 kB | 90/211 kB | 49/89 kB Progress (4): 13 kB | 160 kB | 90/211 kB | 53/89 kB Progress (4): 13 kB | 160 kB | 94/211 kB | 53/89 kB Progress (4): 13 kB | 160 kB | 94/211 kB | 57/89 kB Progress (4): 13 kB | 160 kB | 98/211 kB | 57/89 kB Progress (4): 13 kB | 160 kB | 98/211 kB | 61/89 kB Progress (4): 13 kB | 160 kB | 102/211 kB | 61/89 kB Progress (4): 13 kB | 160 kB | 102/211 kB | 65/89 kB Progress (4): 13 kB | 160 kB | 106/211 kB | 65/89 kB Progress (4): 13 kB | 160 kB | 106/211 kB | 69/89 kB Progress (4): 13 kB | 160 kB | 110/211 kB | 69/89 kB Progress (4): 13 kB | 160 kB | 110/211 kB | 73/89 kB Progress (4): 13 kB | 160 kB | 114/211 kB | 73/89 kB Progress (4): 13 kB | 160 kB | 114/211 kB | 77/89 kB Progress (4): 13 kB | 160 kB | 118/211 kB | 77/89 kB Progress (4): 13 kB | 160 kB | 118/211 kB | 81/89 kB Progress (4): 13 kB | 160 kB | 122/211 kB | 81/89 kB Progress (4): 13 kB | 160 kB | 122/211 kB | 86/89 kB Progress (4): 13 kB | 160 kB | 122/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 127/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 131/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 135/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 139/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 143/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 147/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 151/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 155/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 159/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 163/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 167/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 172/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 176/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 180/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 184/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 188/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 192/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 196/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 200/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 204/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 208/211 kB | 89 kB Progress (4): 13 kB | 160 kB | 211 kB | 89 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 4.1/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 7.7/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 12/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 16/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 20/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 24/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 28/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 32/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 36/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 41/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 45/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 49/49 kB Progress (5): 13 kB | 160 kB | 211 kB | 89 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 293 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 847 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/21 kB Progress (1): 7.7/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/87 kB Progress (2): 21 kB | 7.7/87 kB Progress (2): 21 kB | 12/87 kB Progress (2): 21 kB | 16/87 kB Progress (2): 21 kB | 20/87 kB Progress (2): 21 kB | 24/87 kB Progress (2): 21 kB | 28/87 kB Progress (2): 21 kB | 32/87 kB Progress (2): 21 kB | 36/87 kB Progress (2): 21 kB | 41/87 kB Progress (2): 21 kB | 45/87 kB Progress (2): 21 kB | 49/87 kB Progress (2): 21 kB | 53/87 kB Progress (2): 21 kB | 57/87 kB Progress (2): 21 kB | 61/87 kB Progress (2): 21 kB | 65/87 kB Progress (2): 21 kB | 69/87 kB Progress (2): 21 kB | 73/87 kB Progress (2): 21 kB | 77/87 kB Progress (2): 21 kB | 81/87 kB Progress (2): 21 kB | 86/87 kB Progress (2): 21 kB | 87 kB Progress (3): 21 kB | 87 kB | 4.1/35 kB Progress (3): 21 kB | 87 kB | 7.5/35 kB Progress (3): 21 kB | 87 kB | 12/35 kB Progress (3): 21 kB | 87 kB | 16/35 kB Progress (3): 21 kB | 87 kB | 20/35 kB Progress (3): 21 kB | 87 kB | 24/35 kB Progress (3): 21 kB | 87 kB | 28/35 kB Progress (3): 21 kB | 87 kB | 32/35 kB Progress (3): 21 kB | 87 kB | 35 kB Progress (4): 21 kB | 87 kB | 35 kB | 4.1/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 7.7/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 12/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 16/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 20/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 24/25 kB Progress (4): 21 kB | 87 kB | 35 kB | 25 kB Progress (5): 21 kB | 87 kB | 35 kB | 25 kB | 4.1/14 kB Progress (5): 21 kB | 87 kB | 35 kB | 25 kB | 7.7/14 kB Progress (5): 21 kB | 87 kB | 35 kB | 25 kB | 12/14 kB Progress (5): 21 kB | 87 kB | 35 kB | 25 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 992 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 380 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 139 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (2): 25 kB | 4.1/122 kB Progress (2): 25 kB | 7.7/122 kB Progress (2): 25 kB | 12/122 kB Progress (2): 25 kB | 16/122 kB Progress (2): 25 kB | 20/122 kB Progress (2): 25 kB | 24/122 kB Progress (2): 25 kB | 28/122 kB Progress (2): 25 kB | 32/122 kB Progress (2): 25 kB | 36/122 kB Progress (2): 25 kB | 41/122 kB Progress (2): 25 kB | 45/122 kB Progress (2): 25 kB | 49/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 241 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (1): 53/122 kB Progress (1): 57/122 kB Progress (1): 61/122 kB Progress (1): 65/122 kB Progress (1): 69/122 kB Progress (1): 73/122 kB Progress (1): 77/122 kB Progress (1): 81/122 kB Progress (1): 86/122 kB Progress (1): 90/122 kB Progress (1): 94/122 kB Progress (1): 98/122 kB Progress (1): 102/122 kB Progress (1): 106/122 kB Progress (1): 110/122 kB Progress (1): 114/122 kB Progress (1): 118/122 kB Progress (1): 122 kB Progress (2): 122 kB | 4.1/29 kB Progress (2): 122 kB | 7.7/29 kB Progress (2): 122 kB | 12/29 kB Progress (2): 122 kB | 16/29 kB Progress (2): 122 kB | 20/29 kB Progress (2): 122 kB | 24/29 kB Progress (2): 122 kB | 28/29 kB Progress (2): 122 kB | 29 kB Progress (3): 122 kB | 29 kB | 4.1/58 kB Progress (3): 122 kB | 29 kB | 7.7/58 kB Progress (3): 122 kB | 29 kB | 12/58 kB Progress (3): 122 kB | 29 kB | 16/58 kB Progress (3): 122 kB | 29 kB | 20/58 kB Progress (3): 122 kB | 29 kB | 24/58 kB Progress (3): 122 kB | 29 kB | 28/58 kB Progress (3): 122 kB | 29 kB | 32/58 kB Progress (3): 122 kB | 29 kB | 36/58 kB Progress (3): 122 kB | 29 kB | 41/58 kB Progress (3): 122 kB | 29 kB | 45/58 kB Progress (3): 122 kB | 29 kB | 49/58 kB Progress (3): 122 kB | 29 kB | 53/58 kB Progress (3): 122 kB | 29 kB | 57/58 kB Progress (3): 122 kB | 29 kB | 58 kB Progress (4): 122 kB | 29 kB | 58 kB | 4.1/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 7.7/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 12/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 16/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 20/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 24/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 28/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 32/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 36/37 kB Progress (4): 122 kB | 29 kB | 58 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 990 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (3): 58 kB | 37 kB | 4.1/10 kB Progress (3): 58 kB | 37 kB | 7.7/10 kB Progress (3): 58 kB | 37 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 399 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (1): 4.1/155 kB Progress (1): 7.7/155 kB Progress (1): 12/155 kB Progress (1): 16/155 kB Progress (1): 20/155 kB Progress (1): 24/155 kB Progress (1): 28/155 kB Progress (1): 32/155 kB Progress (1): 36/155 kB Progress (1): 41/155 kB Progress (1): 45/155 kB Progress (1): 49/155 kB Progress (1): 53/155 kB Progress (1): 57/155 kB Progress (1): 61/155 kB Progress (1): 65/155 kB Progress (1): 69/155 kB Progress (1): 73/155 kB Progress (1): 77/155 kB Progress (1): 81/155 kB Progress (1): 86/155 kB Progress (1): 90/155 kB Progress (1): 94/155 kB Progress (1): 98/155 kB Progress (1): 102/155 kB Progress (1): 106/155 kB Progress (1): 110/155 kB Progress (1): 114/155 kB Progress (1): 118/155 kB Progress (1): 122/155 kB Progress (1): 127/155 kB Progress (1): 131/155 kB Progress (1): 135/155 kB Progress (1): 139/155 kB Progress (1): 143/155 kB Progress (1): 147/155 kB Progress (1): 151/155 kB Progress (1): 155 kB Progress (2): 155 kB | 4.1/33 kB Progress (2): 155 kB | 7.7/33 kB Progress (2): 155 kB | 12/33 kB Progress (2): 155 kB | 16/33 kB Progress (2): 155 kB | 20/33 kB Progress (2): 155 kB | 24/33 kB Progress (2): 155 kB | 28/33 kB Progress (2): 155 kB | 32/33 kB Progress (2): 155 kB | 33 kB Progress (3): 155 kB | 33 kB | 4.1/32 kB Progress (3): 155 kB | 33 kB | 7.7/32 kB Progress (3): 155 kB | 33 kB | 12/32 kB Progress (3): 155 kB | 33 kB | 16/32 kB Progress (4): 155 kB | 33 kB | 16/32 kB | 4.1/14 kB Progress (4): 155 kB | 33 kB | 20/32 kB | 4.1/14 kB Progress (4): 155 kB | 33 kB | 20/32 kB | 7.7/14 kB Progress (4): 155 kB | 33 kB | 24/32 kB | 7.7/14 kB Progress (4): 155 kB | 33 kB | 24/32 kB | 12/14 kB Progress (4): 155 kB | 33 kB | 28/32 kB | 12/14 kB Progress (4): 155 kB | 33 kB | 28/32 kB | 14 kB Progress (4): 155 kB | 33 kB | 32 kB | 14 kB Progress (5): 155 kB | 33 kB | 32 kB | 14 kB | 4.1/4.2 kB Progress (5): 155 kB | 33 kB | 32 kB | 14 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 909 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (2): 4.2 kB | 4.1/25 kB Progress (2): 4.2 kB | 7.7/25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 22 kB/s) Progress (1): 12/25 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Progress (2): 25 kB | 4.1/4.6 kB Progress (2): 25 kB | 4.6 kB Progress (3): 25 kB | 4.6 kB | 4.1/19 kB Progress (3): 25 kB | 4.6 kB | 7.5/19 kB Progress (3): 25 kB | 4.6 kB | 12/19 kB Progress (3): 25 kB | 4.6 kB | 16/19 kB Progress (3): 25 kB | 4.6 kB | 19 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 4.1/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 7.7/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 12/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 16/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 20/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 24/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 28/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 32/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 36/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 41/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 45/217 kB Progress (4): 25 kB | 4.6 kB | 19 kB | 49/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (4): 4.6 kB | 19 kB | 49/217 kB | 4.1/46 kB Progress (4): 4.6 kB | 19 kB | 49/217 kB | 7.7/46 kB Progress (4): 4.6 kB | 19 kB | 49/217 kB | 12/46 kB Progress (4): 4.6 kB | 19 kB | 49/217 kB | 16/46 kB Progress (4): 4.6 kB | 19 kB | 53/217 kB | 16/46 kB Progress (4): 4.6 kB | 19 kB | 57/217 kB | 16/46 kB Progress (4): 4.6 kB | 19 kB | 57/217 kB | 20/46 kB Progress (4): 4.6 kB | 19 kB | 61/217 kB | 20/46 kB Progress (4): 4.6 kB | 19 kB | 61/217 kB | 24/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 24/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 28/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 32/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 36/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 41/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 45/46 kB Progress (4): 4.6 kB | 19 kB | 65/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 69/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 73/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 77/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 81/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 86/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 90/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 94/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 98/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 102/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 106/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 110/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 114/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 118/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 122/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 127/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 131/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 135/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 139/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 143/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 147/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 151/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 155/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 159/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 163/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 167/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 172/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 176/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 180/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 184/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 188/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 192/217 kB | 46 kB Progress (4): 4.6 kB | 19 kB | 196/217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 21 kB/s) Progress (3): 19 kB | 200/217 kB | 46 kB Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (3): 19 kB | 204/217 kB | 46 kB Progress (3): 19 kB | 208/217 kB | 46 kB Progress (3): 19 kB | 213/217 kB | 46 kB Progress (3): 19 kB | 217/217 kB | 46 kB Progress (3): 19 kB | 217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 200 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (2): 217 kB | 4.1/134 kB Progress (2): 217 kB | 7.7/134 kB Progress (2): 217 kB | 12/134 kB Progress (2): 217 kB | 16/134 kB Progress (2): 217 kB | 20/134 kB Progress (2): 217 kB | 24/134 kB Progress (2): 217 kB | 28/134 kB Progress (2): 217 kB | 32/134 kB Progress (2): 217 kB | 36/134 kB Progress (2): 217 kB | 41/134 kB Progress (2): 217 kB | 45/134 kB Progress (2): 217 kB | 49/134 kB Progress (2): 217 kB | 53/134 kB Progress (2): 217 kB | 57/134 kB Progress (2): 217 kB | 61/134 kB Progress (2): 217 kB | 65/134 kB Progress (2): 217 kB | 69/134 kB Progress (2): 217 kB | 73/134 kB Progress (2): 217 kB | 77/134 kB Progress (2): 217 kB | 81/134 kB Progress (2): 217 kB | 86/134 kB Progress (2): 217 kB | 90/134 kB Progress (2): 217 kB | 94/134 kB Progress (2): 217 kB | 98/134 kB Progress (2): 217 kB | 102/134 kB Progress (2): 217 kB | 106/134 kB Progress (2): 217 kB | 110/134 kB Progress (2): 217 kB | 114/134 kB Progress (2): 217 kB | 118/134 kB Progress (2): 217 kB | 122/134 kB Progress (2): 217 kB | 127/134 kB Progress (2): 217 kB | 131/134 kB Progress (2): 217 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 910 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (2): 134 kB | 4.1/358 kB Progress (2): 134 kB | 7.7/358 kB Progress (2): 134 kB | 12/358 kB Progress (2): 134 kB | 16/358 kB Progress (2): 134 kB | 20/358 kB Progress (2): 134 kB | 24/358 kB Progress (2): 134 kB | 28/358 kB Progress (2): 134 kB | 32/358 kB Progress (2): 134 kB | 36/358 kB Progress (2): 134 kB | 41/358 kB Progress (2): 134 kB | 45/358 kB Progress (2): 134 kB | 49/358 kB Progress (2): 134 kB | 53/358 kB Progress (2): 134 kB | 57/358 kB Progress (2): 134 kB | 61/358 kB Progress (2): 134 kB | 65/358 kB Progress (2): 134 kB | 69/358 kB Progress (2): 134 kB | 73/358 kB Progress (2): 134 kB | 77/358 kB Progress (2): 134 kB | 81/358 kB Progress (2): 134 kB | 86/358 kB Progress (2): 134 kB | 90/358 kB Progress (2): 134 kB | 94/358 kB Progress (2): 134 kB | 98/358 kB Progress (2): 134 kB | 102/358 kB Progress (2): 134 kB | 106/358 kB Progress (2): 134 kB | 110/358 kB Progress (2): 134 kB | 114/358 kB Progress (2): 134 kB | 118/358 kB Progress (2): 134 kB | 122/358 kB Progress (3): 134 kB | 122/358 kB | 4.1/45 kB Progress (3): 134 kB | 122/358 kB | 7.7/45 kB Progress (3): 134 kB | 122/358 kB | 12/45 kB Progress (3): 134 kB | 122/358 kB | 16/45 kB Progress (3): 134 kB | 122/358 kB | 20/45 kB Progress (3): 134 kB | 122/358 kB | 24/45 kB Progress (3): 134 kB | 122/358 kB | 28/45 kB Progress (3): 134 kB | 122/358 kB | 32/45 kB Progress (3): 134 kB | 122/358 kB | 36/45 kB Progress (3): 134 kB | 122/358 kB | 41/45 kB Progress (3): 134 kB | 122/358 kB | 45 kB Progress (3): 134 kB | 127/358 kB | 45 kB Progress (3): 134 kB | 131/358 kB | 45 kB Progress (3): 134 kB | 135/358 kB | 45 kB Progress (3): 134 kB | 139/358 kB | 45 kB Progress (3): 134 kB | 143/358 kB | 45 kB Progress (3): 134 kB | 147/358 kB | 45 kB Progress (3): 134 kB | 151/358 kB | 45 kB Progress (3): 134 kB | 155/358 kB | 45 kB Progress (3): 134 kB | 159/358 kB | 45 kB Progress (3): 134 kB | 163/358 kB | 45 kB Progress (3): 134 kB | 167/358 kB | 45 kB Progress (3): 134 kB | 172/358 kB | 45 kB Progress (3): 134 kB | 176/358 kB | 45 kB Progress (3): 134 kB | 180/358 kB | 45 kB Progress (3): 134 kB | 184/358 kB | 45 kB Progress (3): 134 kB | 188/358 kB | 45 kB Progress (3): 134 kB | 192/358 kB | 45 kB Progress (3): 134 kB | 196/358 kB | 45 kB Progress (3): 134 kB | 200/358 kB | 45 kB Progress (3): 134 kB | 204/358 kB | 45 kB Progress (3): 134 kB | 208/358 kB | 45 kB Progress (3): 134 kB | 213/358 kB | 45 kB Progress (3): 134 kB | 217/358 kB | 45 kB Progress (3): 134 kB | 221/358 kB | 45 kB Progress (3): 134 kB | 225/358 kB | 45 kB Progress (3): 134 kB | 229/358 kB | 45 kB Progress (3): 134 kB | 233/358 kB | 45 kB Progress (3): 134 kB | 237/358 kB | 45 kB Progress (3): 134 kB | 241/358 kB | 45 kB Progress (3): 134 kB | 245/358 kB | 45 kB Progress (3): 134 kB | 249/358 kB | 45 kB Progress (3): 134 kB | 254/358 kB | 45 kB Progress (4): 134 kB | 254/358 kB | 45 kB | 4.1/640 kB Progress (4): 134 kB | 254/358 kB | 45 kB | 8.2/640 kB Progress (4): 134 kB | 258/358 kB | 45 kB | 8.2/640 kB Progress (4): 134 kB | 262/358 kB | 45 kB | 8.2/640 kB Progress (4): 134 kB | 262/358 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 266/358 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 266/358 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 270/358 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 270/358 kB | 45 kB | 20/640 kB Progress (4): 134 kB | 270/358 kB | 45 kB | 25/640 kB Progress (4): 134 kB | 274/358 kB | 45 kB | 25/640 kB Progress (4): 134 kB | 278/358 kB | 45 kB | 25/640 kB Progress (4): 134 kB | 282/358 kB | 45 kB | 25/640 kB Progress (4): 134 kB | 286/358 kB | 45 kB | 25/640 kB Progress (4): 134 kB | 286/358 kB | 45 kB | 29/640 kB Progress (4): 134 kB | 290/358 kB | 45 kB | 29/640 kB Progress (4): 134 kB | 294/358 kB | 45 kB | 29/640 kB Progress (4): 134 kB | 299/358 kB | 45 kB | 29/640 kB Progress (4): 134 kB | 303/358 kB | 45 kB | 29/640 kB Progress (4): 134 kB | 303/358 kB | 45 kB | 33/640 kB Progress (4): 134 kB | 303/358 kB | 45 kB | 37/640 kB Progress (4): 134 kB | 303/358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 307/358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 311/358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 315/358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 319/358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 319/358 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 323/358 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 323/358 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 327/358 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 331/358 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 331/358 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 57/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 61/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 66/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 70/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 74/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 78/640 kB Progress (4): 134 kB | 335/358 kB | 45 kB | 82/640 kB Progress (4): 134 kB | 340/358 kB | 45 kB | 82/640 kB Progress (4): 134 kB | 344/358 kB | 45 kB | 82/640 kB Progress (4): 134 kB | 348/358 kB | 45 kB | 82/640 kB Progress (4): 134 kB | 348/358 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 352/358 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 352/358 kB | 45 kB | 90/640 kB Progress (4): 134 kB | 352/358 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 356/358 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 356/358 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 102/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 106/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 111/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 115/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 119/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 123/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 127/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 529 kB/s) Progress (3): 358 kB | 45 kB | 131/640 kB Progress (3): 358 kB | 45 kB | 135/640 kB Progress (3): 358 kB | 45 kB | 139/640 kB Progress (3): 358 kB | 45 kB | 143/640 kB Progress (3): 358 kB | 45 kB | 147/640 kB Progress (3): 358 kB | 45 kB | 152/640 kB Progress (3): 358 kB | 45 kB | 156/640 kB Progress (3): 358 kB | 45 kB | 160/640 kB Progress (3): 358 kB | 45 kB | 164/640 kB Progress (3): 358 kB | 45 kB | 168/640 kB Progress (3): 358 kB | 45 kB | 172/640 kB Progress (3): 358 kB | 45 kB | 176/640 kB Progress (3): 358 kB | 45 kB | 180/640 kB Progress (3): 358 kB | 45 kB | 184/640 kB Progress (3): 358 kB | 45 kB | 188/640 kB Progress (3): 358 kB | 45 kB | 193/640 kB Progress (3): 358 kB | 45 kB | 197/640 kB Progress (3): 358 kB | 45 kB | 201/640 kB Progress (3): 358 kB | 45 kB | 205/640 kB Progress (3): 358 kB | 45 kB | 209/640 kB Progress (3): 358 kB | 45 kB | 213/640 kB Progress (3): 358 kB | 45 kB | 217/640 kB Progress (3): 358 kB | 45 kB | 221/640 kB Progress (3): 358 kB | 45 kB | 225/640 kB Progress (3): 358 kB | 45 kB | 229/640 kB Progress (3): 358 kB | 45 kB | 233/640 kB Progress (3): 358 kB | 45 kB | 238/640 kB Progress (3): 358 kB | 45 kB | 242/640 kB Progress (3): 358 kB | 45 kB | 246/640 kB Progress (3): 358 kB | 45 kB | 250/640 kB Progress (3): 358 kB | 45 kB | 254/640 kB Progress (3): 358 kB | 45 kB | 258/640 kB Progress (3): 358 kB | 45 kB | 262/640 kB Progress (3): 358 kB | 45 kB | 266/640 kB Progress (3): 358 kB | 45 kB | 270/640 kB Progress (3): 358 kB | 45 kB | 274/640 kB Progress (3): 358 kB | 45 kB | 279/640 kB Progress (3): 358 kB | 45 kB | 283/640 kB Progress (3): 358 kB | 45 kB | 287/640 kB Progress (3): 358 kB | 45 kB | 291/640 kB Progress (3): 358 kB | 45 kB | 295/640 kB Progress (3): 358 kB | 45 kB | 299/640 kB Progress (3): 358 kB | 45 kB | 303/640 kB Progress (3): 358 kB | 45 kB | 307/640 kB Progress (3): 358 kB | 45 kB | 311/640 kB Progress (3): 358 kB | 45 kB | 315/640 kB Progress (3): 358 kB | 45 kB | 319/640 kB Progress (3): 358 kB | 45 kB | 324/640 kB Progress (3): 358 kB | 45 kB | 328/640 kB Progress (3): 358 kB | 45 kB | 332/640 kB Progress (3): 358 kB | 45 kB | 336/640 kB Progress (3): 358 kB | 45 kB | 340/640 kB Progress (3): 358 kB | 45 kB | 344/640 kB Progress (3): 358 kB | 45 kB | 348/640 kB Progress (3): 358 kB | 45 kB | 352/640 kB Progress (3): 358 kB | 45 kB | 356/640 kB Progress (3): 358 kB | 45 kB | 360/640 kB Progress (3): 358 kB | 45 kB | 365/640 kB Progress (3): 358 kB | 45 kB | 369/640 kB Progress (3): 358 kB | 45 kB | 373/640 kB Progress (3): 358 kB | 45 kB | 377/640 kB Progress (3): 358 kB | 45 kB | 381/640 kB Progress (3): 358 kB | 45 kB | 385/640 kB Progress (3): 358 kB | 45 kB | 389/640 kB Progress (3): 358 kB | 45 kB | 393/640 kB Progress (3): 358 kB | 45 kB | 397/640 kB Progress (3): 358 kB | 45 kB | 401/640 kB Progress (3): 358 kB | 45 kB | 406/640 kB Progress (3): 358 kB | 45 kB | 410/640 kB Progress (3): 358 kB | 45 kB | 414/640 kB Progress (3): 358 kB | 45 kB | 418/640 kB Progress (3): 358 kB | 45 kB | 422/640 kB Progress (3): 358 kB | 45 kB | 426/640 kB Progress (3): 358 kB | 45 kB | 430/640 kB Progress (3): 358 kB | 45 kB | 434/640 kB Progress (3): 358 kB | 45 kB | 438/640 kB Progress (3): 358 kB | 45 kB | 442/640 kB Progress (3): 358 kB | 45 kB | 446/640 kB Progress (3): 358 kB | 45 kB | 451/640 kB Progress (3): 358 kB | 45 kB | 455/640 kB Progress (3): 358 kB | 45 kB | 459/640 kB Progress (3): 358 kB | 45 kB | 463/640 kB Progress (3): 358 kB | 45 kB | 467/640 kB Progress (3): 358 kB | 45 kB | 471/640 kB Progress (3): 358 kB | 45 kB | 475/640 kB Progress (3): 358 kB | 45 kB | 479/640 kB Progress (3): 358 kB | 45 kB | 483/640 kB Progress (3): 358 kB | 45 kB | 487/640 kB Progress (3): 358 kB | 45 kB | 492/640 kB Progress (3): 358 kB | 45 kB | 496/640 kB Progress (3): 358 kB | 45 kB | 500/640 kB Progress (3): 358 kB | 45 kB | 504/640 kB Progress (3): 358 kB | 45 kB | 508/640 kB Progress (3): 358 kB | 45 kB | 512/640 kB Progress (3): 358 kB | 45 kB | 516/640 kB Progress (3): 358 kB | 45 kB | 520/640 kB Progress (3): 358 kB | 45 kB | 524/640 kB Progress (3): 358 kB | 45 kB | 528/640 kB Progress (3): 358 kB | 45 kB | 532/640 kB Progress (3): 358 kB | 45 kB | 537/640 kB Progress (3): 358 kB | 45 kB | 541/640 kB Progress (3): 358 kB | 45 kB | 545/640 kB Progress (3): 358 kB | 45 kB | 549/640 kB Progress (3): 358 kB | 45 kB | 553/640 kB Progress (3): 358 kB | 45 kB | 557/640 kB Progress (3): 358 kB | 45 kB | 561/640 kB Progress (3): 358 kB | 45 kB | 565/640 kB Progress (3): 358 kB | 45 kB | 569/640 kB Progress (3): 358 kB | 45 kB | 573/640 kB Progress (3): 358 kB | 45 kB | 578/640 kB Progress (3): 358 kB | 45 kB | 582/640 kB Progress (3): 358 kB | 45 kB | 586/640 kB Progress (3): 358 kB | 45 kB | 590/640 kB Progress (3): 358 kB | 45 kB | 594/640 kB Progress (3): 358 kB | 45 kB | 598/640 kB Progress (3): 358 kB | 45 kB | 602/640 kB Progress (3): 358 kB | 45 kB | 606/640 kB Progress (3): 358 kB | 45 kB | 610/640 kB Progress (3): 358 kB | 45 kB | 614/640 kB Progress (3): 358 kB | 45 kB | 618/640 kB Progress (3): 358 kB | 45 kB | 623/640 kB Progress (3): 358 kB | 45 kB | 627/640 kB Progress (3): 358 kB | 45 kB | 631/640 kB Progress (3): 358 kB | 45 kB | 635/640 kB Progress (3): 358 kB | 45 kB | 639/640 kB Progress (3): 358 kB | 45 kB | 640 kB Progress (4): 358 kB | 45 kB | 640 kB | 4.1/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 7.7/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 12/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 16/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 20/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 24/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 28/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 32/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 36/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 41/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 45/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 49/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 53/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 57/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 61/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 65/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 69/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 73/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 77/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 81/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 86/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 90/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 94/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 98/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 102/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 106/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 110/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 114/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 118/121 kB Progress (4): 358 kB | 45 kB | 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 169 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 428 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.3 MB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 154 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 452 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 459 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 93 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 239 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 596 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/31 kB Progress (1): 7.7/31 kB Progress (1): 12/31 kB Progress (1): 16/31 kB Progress (1): 20/31 kB Progress (1): 24/31 kB Progress (1): 28/31 kB Progress (1): 31 kB Progress (2): 31 kB | 4.1/263 kB Progress (2): 31 kB | 7.7/263 kB Progress (2): 31 kB | 12/263 kB Progress (2): 31 kB | 16/263 kB Progress (3): 31 kB | 16/263 kB | 4.1/316 kB Progress (3): 31 kB | 20/263 kB | 4.1/316 kB Progress (3): 31 kB | 24/263 kB | 4.1/316 kB Progress (3): 31 kB | 24/263 kB | 7.7/316 kB Progress (3): 31 kB | 28/263 kB | 7.7/316 kB Progress (4): 31 kB | 28/263 kB | 7.7/316 kB | 4.1/118 kB Progress (4): 31 kB | 28/263 kB | 12/316 kB | 4.1/118 kB Progress (4): 31 kB | 32/263 kB | 12/316 kB | 4.1/118 kB Progress (4): 31 kB | 32/263 kB | 16/316 kB | 4.1/118 kB Progress (4): 31 kB | 36/263 kB | 16/316 kB | 4.1/118 kB Progress (4): 31 kB | 41/263 kB | 16/316 kB | 4.1/118 kB Progress (4): 31 kB | 41/263 kB | 16/316 kB | 7.7/118 kB Progress (4): 31 kB | 41/263 kB | 20/316 kB | 7.7/118 kB Progress (4): 31 kB | 45/263 kB | 20/316 kB | 7.7/118 kB Progress (4): 31 kB | 45/263 kB | 24/316 kB | 7.7/118 kB Progress (4): 31 kB | 45/263 kB | 24/316 kB | 12/118 kB Progress (4): 31 kB | 45/263 kB | 28/316 kB | 12/118 kB Progress (4): 31 kB | 49/263 kB | 28/316 kB | 12/118 kB Progress (4): 31 kB | 49/263 kB | 32/316 kB | 12/118 kB Progress (4): 31 kB | 49/263 kB | 32/316 kB | 16/118 kB Progress (4): 31 kB | 53/263 kB | 32/316 kB | 16/118 kB Progress (4): 31 kB | 57/263 kB | 32/316 kB | 16/118 kB Progress (4): 31 kB | 61/263 kB | 32/316 kB | 16/118 kB Progress (4): 31 kB | 61/263 kB | 32/316 kB | 20/118 kB Progress (4): 31 kB | 61/263 kB | 36/316 kB | 20/118 kB Progress (4): 31 kB | 65/263 kB | 36/316 kB | 20/118 kB Progress (4): 31 kB | 65/263 kB | 41/316 kB | 20/118 kB Progress (4): 31 kB | 65/263 kB | 41/316 kB | 24/118 kB Progress (4): 31 kB | 69/263 kB | 41/316 kB | 24/118 kB Progress (4): 31 kB | 69/263 kB | 45/316 kB | 24/118 kB Progress (4): 31 kB | 73/263 kB | 45/316 kB | 24/118 kB Progress (4): 31 kB | 73/263 kB | 45/316 kB | 28/118 kB Progress (4): 31 kB | 77/263 kB | 45/316 kB | 28/118 kB Progress (4): 31 kB | 77/263 kB | 49/316 kB | 28/118 kB Progress (4): 31 kB | 81/263 kB | 49/316 kB | 28/118 kB Progress (4): 31 kB | 81/263 kB | 49/316 kB | 32/118 kB Progress (4): 31 kB | 81/263 kB | 53/316 kB | 32/118 kB Progress (4): 31 kB | 86/263 kB | 53/316 kB | 32/118 kB Progress (4): 31 kB | 86/263 kB | 57/316 kB | 32/118 kB Progress (4): 31 kB | 90/263 kB | 57/316 kB | 32/118 kB Progress (4): 31 kB | 90/263 kB | 57/316 kB | 36/118 kB Progress (4): 31 kB | 94/263 kB | 57/316 kB | 36/118 kB Progress (4): 31 kB | 94/263 kB | 61/316 kB | 36/118 kB Progress (4): 31 kB | 98/263 kB | 61/316 kB | 36/118 kB Progress (4): 31 kB | 98/263 kB | 61/316 kB | 41/118 kB Progress (4): 31 kB | 98/263 kB | 65/316 kB | 41/118 kB Progress (4): 31 kB | 102/263 kB | 65/316 kB | 41/118 kB Progress (4): 31 kB | 102/263 kB | 65/316 kB | 45/118 kB Progress (5): 31 kB | 102/263 kB | 65/316 kB | 45/118 kB | 4.1/35 kB Progress (5): 31 kB | 106/263 kB | 65/316 kB | 45/118 kB | 4.1/35 kB Progress (5): 31 kB | 106/263 kB | 65/316 kB | 49/118 kB | 4.1/35 kB Progress (5): 31 kB | 106/263 kB | 69/316 kB | 49/118 kB | 4.1/35 kB Progress (5): 31 kB | 110/263 kB | 69/316 kB | 49/118 kB | 4.1/35 kB Progress (5): 31 kB | 110/263 kB | 69/316 kB | 49/118 kB | 7.7/35 kB Progress (5): 31 kB | 114/263 kB | 69/316 kB | 49/118 kB | 7.7/35 kB Progress (5): 31 kB | 114/263 kB | 69/316 kB | 53/118 kB | 7.7/35 kB Progress (5): 31 kB | 114/263 kB | 73/316 kB | 53/118 kB | 7.7/35 kB Progress (5): 31 kB | 118/263 kB | 73/316 kB | 53/118 kB | 7.7/35 kB Progress (5): 31 kB | 118/263 kB | 73/316 kB | 57/118 kB | 7.7/35 kB Progress (5): 31 kB | 118/263 kB | 73/316 kB | 57/118 kB | 12/35 kB Progress (5): 31 kB | 118/263 kB | 73/316 kB | 61/118 kB | 12/35 kB Progress (5): 31 kB | 122/263 kB | 73/316 kB | 61/118 kB | 12/35 kB Progress (5): 31 kB | 122/263 kB | 77/316 kB | 61/118 kB | 12/35 kB Progress (5): 31 kB | 127/263 kB | 77/316 kB | 61/118 kB | 12/35 kB Progress (5): 31 kB | 127/263 kB | 77/316 kB | 65/118 kB | 12/35 kB Progress (5): 31 kB | 127/263 kB | 77/316 kB | 65/118 kB | 16/35 kB Progress (5): 31 kB | 131/263 kB | 77/316 kB | 65/118 kB | 16/35 kB Progress (5): 31 kB | 131/263 kB | 81/316 kB | 65/118 kB | 16/35 kB Progress (5): 31 kB | 131/263 kB | 81/316 kB | 69/118 kB | 16/35 kB Progress (5): 31 kB | 131/263 kB | 81/316 kB | 69/118 kB | 20/35 kB Progress (5): 31 kB | 131/263 kB | 86/316 kB | 69/118 kB | 20/35 kB Progress (5): 31 kB | 135/263 kB | 86/316 kB | 69/118 kB | 20/35 kB Progress (5): 31 kB | 135/263 kB | 90/316 kB | 69/118 kB | 20/35 kB Progress (5): 31 kB | 135/263 kB | 90/316 kB | 69/118 kB | 24/35 kB Progress (5): 31 kB | 135/263 kB | 90/316 kB | 73/118 kB | 24/35 kB Progress (5): 31 kB | 135/263 kB | 90/316 kB | 73/118 kB | 28/35 kB Progress (5): 31 kB | 135/263 kB | 94/316 kB | 73/118 kB | 28/35 kB Progress (5): 31 kB | 139/263 kB | 94/316 kB | 73/118 kB | 28/35 kB Progress (5): 31 kB | 139/263 kB | 98/316 kB | 73/118 kB | 28/35 kB Progress (5): 31 kB | 139/263 kB | 98/316 kB | 73/118 kB | 32/35 kB Progress (5): 31 kB | 139/263 kB | 98/316 kB | 77/118 kB | 32/35 kB Progress (5): 31 kB | 139/263 kB | 102/316 kB | 77/118 kB | 32/35 kB Progress (5): 31 kB | 143/263 kB | 102/316 kB | 77/118 kB | 32/35 kB Progress (5): 31 kB | 143/263 kB | 106/316 kB | 77/118 kB | 32/35 kB Progress (5): 31 kB | 143/263 kB | 106/316 kB | 81/118 kB | 32/35 kB Progress (5): 31 kB | 143/263 kB | 106/316 kB | 81/118 kB | 35 kB Progress (5): 31 kB | 143/263 kB | 110/316 kB | 81/118 kB | 35 kB Progress (5): 31 kB | 147/263 kB | 110/316 kB | 81/118 kB | 35 kB Progress (5): 31 kB | 147/263 kB | 114/316 kB | 81/118 kB | 35 kB Progress (5): 31 kB | 147/263 kB | 114/316 kB | 86/118 kB | 35 kB Progress (5): 31 kB | 151/263 kB | 114/316 kB | 86/118 kB | 35 kB Progress (5): 31 kB | 151/263 kB | 114/316 kB | 90/118 kB | 35 kB Progress (5): 31 kB | 151/263 kB | 118/316 kB | 90/118 kB | 35 kB Progress (5): 31 kB | 155/263 kB | 118/316 kB | 90/118 kB | 35 kB Progress (5): 31 kB | 155/263 kB | 122/316 kB | 90/118 kB | 35 kB Progress (5): 31 kB | 155/263 kB | 122/316 kB | 94/118 kB | 35 kB Progress (5): 31 kB | 155/263 kB | 127/316 kB | 94/118 kB | 35 kB Progress (5): 31 kB | 159/263 kB | 127/316 kB | 94/118 kB | 35 kB Progress (5): 31 kB | 159/263 kB | 131/316 kB | 94/118 kB | 35 kB Progress (5): 31 kB | 159/263 kB | 131/316 kB | 98/118 kB | 35 kB Progress (5): 31 kB | 163/263 kB | 131/316 kB | 98/118 kB | 35 kB Progress (5): 31 kB | 163/263 kB | 135/316 kB | 98/118 kB | 35 kB Progress (5): 31 kB | 167/263 kB | 135/316 kB | 98/118 kB | 35 kB Progress (5): 31 kB | 167/263 kB | 135/316 kB | 102/118 kB | 35 kB Progress (5): 31 kB | 172/263 kB | 135/316 kB | 102/118 kB | 35 kB Progress (5): 31 kB | 172/263 kB | 139/316 kB | 102/118 kB | 35 kB Progress (5): 31 kB | 172/263 kB | 139/316 kB | 106/118 kB | 35 kB Progress (5): 31 kB | 172/263 kB | 143/316 kB | 106/118 kB | 35 kB Progress (5): 31 kB | 176/263 kB | 143/316 kB | 106/118 kB | 35 kB Progress (5): 31 kB | 176/263 kB | 147/316 kB | 106/118 kB | 35 kB Progress (5): 31 kB | 176/263 kB | 147/316 kB | 110/118 kB | 35 kB Progress (5): 31 kB | 180/263 kB | 147/316 kB | 110/118 kB | 35 kB Progress (5): 31 kB | 180/263 kB | 147/316 kB | 114/118 kB | 35 kB Progress (5): 31 kB | 180/263 kB | 151/316 kB | 114/118 kB | 35 kB Progress (5): 31 kB | 184/263 kB | 151/316 kB | 114/118 kB | 35 kB Progress (5): 31 kB | 184/263 kB | 155/316 kB | 114/118 kB | 35 kB Progress (5): 31 kB | 184/263 kB | 155/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 184/263 kB | 159/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 188/263 kB | 159/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 188/263 kB | 163/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 192/263 kB | 163/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 196/263 kB | 163/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 196/263 kB | 167/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 200/263 kB | 167/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 200/263 kB | 172/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 204/263 kB | 172/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 204/263 kB | 176/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 208/263 kB | 176/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 208/263 kB | 180/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 213/263 kB | 180/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 213/263 kB | 184/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 217/263 kB | 184/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 217/263 kB | 188/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 221/263 kB | 188/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 221/263 kB | 192/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 225/263 kB | 192/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 225/263 kB | 196/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 229/263 kB | 196/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 229/263 kB | 200/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 233/263 kB | 200/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 233/263 kB | 204/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 237/263 kB | 204/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 237/263 kB | 208/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 241/263 kB | 208/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 241/263 kB | 213/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 245/263 kB | 213/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 245/263 kB | 217/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 249/263 kB | 217/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 249/263 kB | 221/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 254/263 kB | 221/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 254/263 kB | 225/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 258/263 kB | 225/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 258/263 kB | 229/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 262/263 kB | 229/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 262/263 kB | 233/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 233/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 237/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 241/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 245/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 249/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 253/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 257/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 261/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 265/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 269/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 273/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 278/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 282/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 286/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 290/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 294/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 298/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 302/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 306/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 310/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 314/316 kB | 118 kB | 35 kB Progress (5): 31 kB | 263 kB | 316 kB | 118 kB | 35 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 771 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 5.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 634 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 6.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 2.4 MB/s) Progress (1): 3.4/38 kB Progress (1): 7.5/38 kB Progress (1): 12/38 kB Progress (1): 16/38 kB Progress (1): 20/38 kB Progress (1): 24/38 kB Progress (1): 28/38 kB Progress (1): 32/38 kB Progress (1): 36/38 kB Progress (1): 38 kB Progress (2): 38 kB | 4.1/232 kB Progress (2): 38 kB | 7.7/232 kB Progress (2): 38 kB | 12/232 kB Progress (2): 38 kB | 16/232 kB Progress (2): 38 kB | 20/232 kB Progress (2): 38 kB | 24/232 kB Progress (2): 38 kB | 28/232 kB Progress (2): 38 kB | 32/232 kB Progress (2): 38 kB | 36/232 kB Progress (2): 38 kB | 41/232 kB Progress (2): 38 kB | 45/232 kB Progress (2): 38 kB | 49/232 kB Progress (3): 38 kB | 49/232 kB | 4.1/10 kB Progress (3): 38 kB | 53/232 kB | 4.1/10 kB Progress (3): 38 kB | 53/232 kB | 7.7/10 kB Progress (3): 38 kB | 57/232 kB | 7.7/10 kB Progress (3): 38 kB | 57/232 kB | 10 kB Progress (3): 38 kB | 61/232 kB | 10 kB Progress (3): 38 kB | 65/232 kB | 10 kB Progress (4): 38 kB | 65/232 kB | 10 kB | 4.1/14 kB Progress (4): 38 kB | 65/232 kB | 10 kB | 7.7/14 kB Progress (4): 38 kB | 69/232 kB | 10 kB | 7.7/14 kB Progress (4): 38 kB | 69/232 kB | 10 kB | 12/14 kB Progress (4): 38 kB | 73/232 kB | 10 kB | 12/14 kB Progress (4): 38 kB | 73/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 77/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 81/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 86/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 90/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 94/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 98/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 102/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 106/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 110/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 114/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 118/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 122/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 127/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 131/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 135/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 139/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 143/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 147/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 151/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 155/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 159/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 163/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 167/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 172/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 176/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 180/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 184/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 188/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 192/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 196/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 200/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 204/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 208/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 213/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 217/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 221/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 225/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 229/232 kB | 10 kB | 14 kB Progress (4): 38 kB | 232 kB | 10 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 396 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 102 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.3 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 134 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 125 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 909 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 336 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 433 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 448 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 134 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 498 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 518 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 330 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 578 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/41 kB Progress (1): 7.7/41 kB Progress (1): 12/41 kB Progress (1): 16/41 kB Progress (1): 20/41 kB Progress (1): 24/41 kB Progress (1): 28/41 kB Progress (1): 32/41 kB Progress (1): 36/41 kB Progress (1): 41/41 kB Progress (1): 41 kB Progress (2): 41 kB | 4.1/327 kB Progress (2): 41 kB | 7.7/327 kB Progress (2): 41 kB | 12/327 kB Progress (2): 41 kB | 16/327 kB Progress (2): 41 kB | 20/327 kB Progress (2): 41 kB | 24/327 kB Progress (2): 41 kB | 28/327 kB Progress (2): 41 kB | 32/327 kB Progress (2): 41 kB | 36/327 kB Progress (2): 41 kB | 41/327 kB Progress (2): 41 kB | 45/327 kB Progress (2): 41 kB | 49/327 kB Progress (2): 41 kB | 53/327 kB Progress (2): 41 kB | 57/327 kB Progress (2): 41 kB | 61/327 kB Progress (2): 41 kB | 65/327 kB Progress (3): 41 kB | 65/327 kB | 4.1/36 kB Progress (3): 41 kB | 69/327 kB | 4.1/36 kB Progress (3): 41 kB | 69/327 kB | 7.7/36 kB Progress (3): 41 kB | 73/327 kB | 7.7/36 kB Progress (3): 41 kB | 73/327 kB | 12/36 kB Progress (3): 41 kB | 77/327 kB | 12/36 kB Progress (3): 41 kB | 77/327 kB | 16/36 kB Progress (3): 41 kB | 81/327 kB | 16/36 kB Progress (3): 41 kB | 81/327 kB | 20/36 kB Progress (3): 41 kB | 81/327 kB | 24/36 kB Progress (3): 41 kB | 86/327 kB | 24/36 kB Progress (3): 41 kB | 86/327 kB | 28/36 kB Progress (3): 41 kB | 90/327 kB | 28/36 kB Progress (3): 41 kB | 90/327 kB | 32/36 kB Progress (3): 41 kB | 94/327 kB | 32/36 kB Progress (4): 41 kB | 94/327 kB | 32/36 kB | 4.1/26 kB Progress (4): 41 kB | 94/327 kB | 36 kB | 4.1/26 kB Progress (4): 41 kB | 98/327 kB | 36 kB | 4.1/26 kB Progress (4): 41 kB | 98/327 kB | 36 kB | 7.7/26 kB Progress (4): 41 kB | 98/327 kB | 36 kB | 12/26 kB Progress (4): 41 kB | 98/327 kB | 36 kB | 16/26 kB Progress (4): 41 kB | 102/327 kB | 36 kB | 16/26 kB Progress (4): 41 kB | 102/327 kB | 36 kB | 20/26 kB Progress (4): 41 kB | 106/327 kB | 36 kB | 20/26 kB Progress (4): 41 kB | 106/327 kB | 36 kB | 24/26 kB Progress (4): 41 kB | 110/327 kB | 36 kB | 24/26 kB Progress (4): 41 kB | 110/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 114/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 118/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 122/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 127/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 131/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 135/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 139/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 143/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 147/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 151/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 155/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 159/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 163/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 167/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 172/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 176/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 180/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 184/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 188/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 192/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 196/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 200/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 204/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 208/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 213/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 217/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 221/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 225/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 229/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 233/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 237/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 241/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 245/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 249/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 254/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 258/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 262/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 266/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 270/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 274/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 278/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 282/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 286/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 290/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 294/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 299/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 303/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 307/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 311/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 315/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 319/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 323/327 kB | 36 kB | 26 kB Progress (4): 41 kB | 327 kB | 36 kB | 26 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 4.1/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 7.7/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 12/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 16/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 20/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 24/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 28/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 32/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 36/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 41/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 45/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 49/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 53/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 57/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 61/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 65/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 69/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 73/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 77/79 kB Progress (5): 41 kB | 327 kB | 36 kB | 26 kB | 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 640 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 979 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 757 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 6.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.6 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (1): 4.1/211 kB Progress (1): 7.7/211 kB Progress (1): 12/211 kB Progress (1): 16/211 kB Progress (1): 20/211 kB Progress (1): 24/211 kB Progress (1): 28/211 kB Progress (1): 32/211 kB Progress (1): 36/211 kB Progress (1): 41/211 kB Progress (1): 45/211 kB Progress (1): 49/211 kB Progress (1): 53/211 kB Progress (1): 57/211 kB Progress (1): 61/211 kB Progress (1): 65/211 kB Progress (1): 69/211 kB Progress (1): 73/211 kB Progress (1): 77/211 kB Progress (1): 81/211 kB Progress (1): 86/211 kB Progress (1): 90/211 kB Progress (1): 94/211 kB Progress (1): 98/211 kB Progress (1): 102/211 kB Progress (1): 106/211 kB Progress (1): 110/211 kB Progress (1): 114/211 kB Progress (1): 118/211 kB Progress (1): 122/211 kB Progress (1): 127/211 kB Progress (1): 131/211 kB Progress (1): 135/211 kB Progress (1): 139/211 kB Progress (1): 143/211 kB Progress (1): 147/211 kB Progress (1): 151/211 kB Progress (1): 155/211 kB Progress (1): 159/211 kB Progress (1): 163/211 kB Progress (1): 167/211 kB Progress (1): 172/211 kB Progress (1): 176/211 kB Progress (1): 180/211 kB Progress (1): 184/211 kB Progress (1): 188/211 kB Progress (1): 192/211 kB Progress (1): 196/211 kB Progress (2): 196/211 kB | 2.5 kB Progress (2): 200/211 kB | 2.5 kB Progress (2): 204/211 kB | 2.5 kB Progress (2): 208/211 kB | 2.5 kB Progress (2): 211 kB | 2.5 kB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.2/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.3/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.4/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.5/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.6/1.0 MB Progress (3): 211 kB | 2.5 kB | 0.6/1.0 MB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 4.1/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 4.1/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 7.7/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 12/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 12/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 16/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 16/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 16/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 20/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 20/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 24/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 28/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 28/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 32/116 kB Progress (4): 211 kB | 2.5 kB | 0.6/1.0 MB | 32/116 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 32/116 kB | 4.1/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 32/116 kB | 4.1/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 36/116 kB | 4.1/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 36/116 kB | 7.7/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 41/116 kB | 7.7/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 41/116 kB | 7.7/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 45/116 kB | 7.7/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 45/116 kB | 12/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 45/116 kB | 12/58 kB Progress (5): 211 kB | 2.5 kB | 0.6/1.0 MB | 49/116 kB | 12/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 12/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 16/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 16/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 16/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 20/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 49/116 kB | 24/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 53/116 kB | 24/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 53/116 kB | 28/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 53/116 kB | 28/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 53/116 kB | 32/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 57/116 kB | 32/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 57/116 kB | 32/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 61/116 kB | 32/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 61/116 kB | 36/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 65/116 kB | 36/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 65/116 kB | 36/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 65/116 kB | 41/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 65/116 kB | 41/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 65/116 kB | 45/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 69/116 kB | 45/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 69/116 kB | 49/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 69/116 kB | 49/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 73/116 kB | 49/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 73/116 kB | 53/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 73/116 kB | 53/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 73/116 kB | 57/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 77/116 kB | 57/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 77/116 kB | 57/58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 77/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 77/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 81/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.7/1.0 MB | 81/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 81/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 86/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 90/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 94/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 94/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 98/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 98/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 102/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 106/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 106/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 110/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 110/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 114/116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.8/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (5): 211 kB | 2.5 kB | 0.9/1.0 MB | 116 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 30 kB/s) Progress (4): 211 kB | 0.9/1.0 MB | 116 kB | 58 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (4): 211 kB | 0.9/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0/1.0 MB | 116 kB | 58 kB Progress (4): 211 kB | 1.0 MB | 116 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 610 kB/s) Progress (3): 1.0 MB | 116 kB | 4.1/85 kB Progress (3): 1.0 MB | 116 kB | 7.7/85 kB Progress (3): 1.0 MB | 116 kB | 12/85 kB Progress (3): 1.0 MB | 116 kB | 16/85 kB Progress (3): 1.0 MB | 116 kB | 20/85 kB Progress (3): 1.0 MB | 116 kB | 24/85 kB Progress (3): 1.0 MB | 116 kB | 28/85 kB Progress (3): 1.0 MB | 116 kB | 32/85 kB Progress (3): 1.0 MB | 116 kB | 36/85 kB Progress (3): 1.0 MB | 116 kB | 41/85 kB Progress (3): 1.0 MB | 116 kB | 45/85 kB Progress (3): 1.0 MB | 116 kB | 49/85 kB Progress (3): 1.0 MB | 116 kB | 53/85 kB Progress (3): 1.0 MB | 116 kB | 57/85 kB Progress (3): 1.0 MB | 116 kB | 61/85 kB Progress (3): 1.0 MB | 116 kB | 65/85 kB Progress (3): 1.0 MB | 116 kB | 69/85 kB Progress (3): 1.0 MB | 116 kB | 73/85 kB Progress (3): 1.0 MB | 116 kB | 77/85 kB Progress (3): 1.0 MB | 116 kB | 81/85 kB Progress (3): 1.0 MB | 116 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 1.1 MB/s) Progress (2): 85 kB | 4.1/267 kB Progress (2): 85 kB | 7.7/267 kB Progress (2): 85 kB | 12/267 kB Progress (2): 85 kB | 16/267 kB Progress (2): 85 kB | 20/267 kB Progress (2): 85 kB | 24/267 kB Progress (2): 85 kB | 28/267 kB Progress (2): 85 kB | 32/267 kB Progress (2): 85 kB | 36/267 kB Progress (2): 85 kB | 41/267 kB Progress (2): 85 kB | 45/267 kB Progress (2): 85 kB | 49/267 kB Progress (2): 85 kB | 53/267 kB Progress (2): 85 kB | 57/267 kB Progress (2): 85 kB | 61/267 kB Progress (2): 85 kB | 65/267 kB Progress (2): 85 kB | 69/267 kB Progress (2): 85 kB | 73/267 kB Progress (2): 85 kB | 77/267 kB Progress (2): 85 kB | 81/267 kB Progress (2): 85 kB | 86/267 kB Progress (2): 85 kB | 90/267 kB Progress (2): 85 kB | 94/267 kB Progress (2): 85 kB | 98/267 kB Progress (2): 85 kB | 102/267 kB Progress (2): 85 kB | 106/267 kB Progress (2): 85 kB | 110/267 kB Progress (2): 85 kB | 114/267 kB Progress (2): 85 kB | 118/267 kB Progress (2): 85 kB | 122/267 kB Progress (2): 85 kB | 127/267 kB Progress (2): 85 kB | 131/267 kB Progress (2): 85 kB | 135/267 kB Progress (2): 85 kB | 139/267 kB Progress (2): 85 kB | 143/267 kB Progress (2): 85 kB | 147/267 kB Progress (2): 85 kB | 151/267 kB Progress (2): 85 kB | 155/267 kB Progress (2): 85 kB | 159/267 kB Progress (2): 85 kB | 163/267 kB Progress (2): 85 kB | 167/267 kB Progress (2): 85 kB | 172/267 kB Progress (2): 85 kB | 176/267 kB Progress (2): 85 kB | 180/267 kB Progress (2): 85 kB | 184/267 kB Progress (2): 85 kB | 188/267 kB Progress (2): 85 kB | 192/267 kB Progress (2): 85 kB | 196/267 kB Progress (2): 85 kB | 200/267 kB Progress (2): 85 kB | 204/267 kB Progress (2): 85 kB | 208/267 kB Progress (2): 85 kB | 213/267 kB Progress (2): 85 kB | 217/267 kB Progress (2): 85 kB | 221/267 kB Progress (2): 85 kB | 225/267 kB Progress (2): 85 kB | 229/267 kB Progress (2): 85 kB | 233/267 kB Progress (2): 85 kB | 237/267 kB Progress (2): 85 kB | 241/267 kB Progress (2): 85 kB | 245/267 kB Progress (2): 85 kB | 249/267 kB Progress (2): 85 kB | 254/267 kB Progress (2): 85 kB | 258/267 kB Progress (2): 85 kB | 262/267 kB Progress (2): 85 kB | 266/267 kB Progress (2): 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 705 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 2.0 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 490 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 210 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 239 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 213 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 127 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 203 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 96 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 775 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 349 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 765 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 392 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 291 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 478 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 259 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 442 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 264 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 275 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 167 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 143 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 126 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 612 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.7/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 41/49 kB Progress (1): 45/49 kB Progress (1): 49/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/165 kB Progress (2): 49 kB | 7.7/165 kB Progress (2): 49 kB | 12/165 kB Progress (2): 49 kB | 16/165 kB Progress (2): 49 kB | 20/165 kB Progress (2): 49 kB | 24/165 kB Progress (2): 49 kB | 28/165 kB Progress (2): 49 kB | 32/165 kB Progress (2): 49 kB | 36/165 kB Progress (2): 49 kB | 41/165 kB Progress (2): 49 kB | 45/165 kB Progress (2): 49 kB | 49/165 kB Progress (2): 49 kB | 53/165 kB Progress (2): 49 kB | 57/165 kB Progress (2): 49 kB | 61/165 kB Progress (2): 49 kB | 65/165 kB Progress (2): 49 kB | 69/165 kB Progress (2): 49 kB | 73/165 kB Progress (2): 49 kB | 77/165 kB Progress (2): 49 kB | 81/165 kB Progress (2): 49 kB | 86/165 kB Progress (2): 49 kB | 90/165 kB Progress (2): 49 kB | 94/165 kB Progress (2): 49 kB | 98/165 kB Progress (2): 49 kB | 102/165 kB Progress (2): 49 kB | 106/165 kB Progress (2): 49 kB | 110/165 kB Progress (2): 49 kB | 114/165 kB Progress (2): 49 kB | 118/165 kB Progress (2): 49 kB | 122/165 kB Progress (2): 49 kB | 127/165 kB Progress (2): 49 kB | 131/165 kB Progress (2): 49 kB | 135/165 kB Progress (2): 49 kB | 139/165 kB Progress (2): 49 kB | 143/165 kB Progress (2): 49 kB | 147/165 kB Progress (2): 49 kB | 151/165 kB Progress (2): 49 kB | 155/165 kB Progress (2): 49 kB | 159/165 kB Progress (2): 49 kB | 163/165 kB Progress (2): 49 kB | 165 kB Progress (3): 49 kB | 165 kB | 4.1/472 kB Progress (3): 49 kB | 165 kB | 7.7/472 kB Progress (3): 49 kB | 165 kB | 12/472 kB Progress (3): 49 kB | 165 kB | 16/472 kB Progress (3): 49 kB | 165 kB | 20/472 kB Progress (3): 49 kB | 165 kB | 24/472 kB Progress (3): 49 kB | 165 kB | 28/472 kB Progress (3): 49 kB | 165 kB | 32/472 kB Progress (3): 49 kB | 165 kB | 36/472 kB Progress (3): 49 kB | 165 kB | 41/472 kB Progress (3): 49 kB | 165 kB | 45/472 kB Progress (3): 49 kB | 165 kB | 49/472 kB Progress (3): 49 kB | 165 kB | 53/472 kB Progress (3): 49 kB | 165 kB | 57/472 kB Progress (3): 49 kB | 165 kB | 61/472 kB Progress (3): 49 kB | 165 kB | 65/472 kB Progress (3): 49 kB | 165 kB | 69/472 kB Progress (3): 49 kB | 165 kB | 73/472 kB Progress (3): 49 kB | 165 kB | 77/472 kB Progress (3): 49 kB | 165 kB | 81/472 kB Progress (3): 49 kB | 165 kB | 86/472 kB Progress (3): 49 kB | 165 kB | 90/472 kB Progress (3): 49 kB | 165 kB | 94/472 kB Progress (3): 49 kB | 165 kB | 98/472 kB Progress (3): 49 kB | 165 kB | 102/472 kB Progress (3): 49 kB | 165 kB | 106/472 kB Progress (3): 49 kB | 165 kB | 110/472 kB Progress (3): 49 kB | 165 kB | 114/472 kB Progress (3): 49 kB | 165 kB | 118/472 kB Progress (3): 49 kB | 165 kB | 122/472 kB Progress (3): 49 kB | 165 kB | 127/472 kB Progress (3): 49 kB | 165 kB | 131/472 kB Progress (3): 49 kB | 165 kB | 135/472 kB Progress (3): 49 kB | 165 kB | 139/472 kB Progress (3): 49 kB | 165 kB | 143/472 kB Progress (3): 49 kB | 165 kB | 147/472 kB Progress (3): 49 kB | 165 kB | 151/472 kB Progress (3): 49 kB | 165 kB | 155/472 kB Progress (3): 49 kB | 165 kB | 159/472 kB Progress (3): 49 kB | 165 kB | 163/472 kB Progress (3): 49 kB | 165 kB | 167/472 kB Progress (3): 49 kB | 165 kB | 172/472 kB Progress (3): 49 kB | 165 kB | 176/472 kB Progress (3): 49 kB | 165 kB | 180/472 kB Progress (3): 49 kB | 165 kB | 184/472 kB Progress (3): 49 kB | 165 kB | 188/472 kB Progress (3): 49 kB | 165 kB | 192/472 kB Progress (3): 49 kB | 165 kB | 196/472 kB Progress (3): 49 kB | 165 kB | 200/472 kB Progress (3): 49 kB | 165 kB | 204/472 kB Progress (3): 49 kB | 165 kB | 208/472 kB Progress (3): 49 kB | 165 kB | 213/472 kB Progress (3): 49 kB | 165 kB | 217/472 kB Progress (4): 49 kB | 165 kB | 217/472 kB | 4.1/153 kB Progress (4): 49 kB | 165 kB | 221/472 kB | 4.1/153 kB Progress (4): 49 kB | 165 kB | 225/472 kB | 4.1/153 kB Progress (4): 49 kB | 165 kB | 225/472 kB | 7.7/153 kB Progress (4): 49 kB | 165 kB | 229/472 kB | 7.7/153 kB Progress (4): 49 kB | 165 kB | 229/472 kB | 12/153 kB Progress (4): 49 kB | 165 kB | 233/472 kB | 12/153 kB Progress (4): 49 kB | 165 kB | 233/472 kB | 16/153 kB Progress (4): 49 kB | 165 kB | 237/472 kB | 16/153 kB Progress (4): 49 kB | 165 kB | 241/472 kB | 16/153 kB Progress (4): 49 kB | 165 kB | 241/472 kB | 20/153 kB Progress (4): 49 kB | 165 kB | 245/472 kB | 20/153 kB Progress (4): 49 kB | 165 kB | 245/472 kB | 24/153 kB Progress (4): 49 kB | 165 kB | 249/472 kB | 24/153 kB Progress (4): 49 kB | 165 kB | 249/472 kB | 28/153 kB Progress (4): 49 kB | 165 kB | 254/472 kB | 28/153 kB Progress (4): 49 kB | 165 kB | 254/472 kB | 32/153 kB Progress (4): 49 kB | 165 kB | 258/472 kB | 32/153 kB Progress (4): 49 kB | 165 kB | 258/472 kB | 36/153 kB Progress (4): 49 kB | 165 kB | 262/472 kB | 36/153 kB Progress (4): 49 kB | 165 kB | 262/472 kB | 41/153 kB Progress (4): 49 kB | 165 kB | 266/472 kB | 41/153 kB Progress (4): 49 kB | 165 kB | 266/472 kB | 45/153 kB Progress (4): 49 kB | 165 kB | 270/472 kB | 45/153 kB Progress (4): 49 kB | 165 kB | 270/472 kB | 49/153 kB Progress (4): 49 kB | 165 kB | 274/472 kB | 49/153 kB Progress (4): 49 kB | 165 kB | 274/472 kB | 53/153 kB Progress (4): 49 kB | 165 kB | 278/472 kB | 53/153 kB Progress (4): 49 kB | 165 kB | 278/472 kB | 57/153 kB Progress (4): 49 kB | 165 kB | 282/472 kB | 57/153 kB Progress (4): 49 kB | 165 kB | 282/472 kB | 61/153 kB Progress (4): 49 kB | 165 kB | 286/472 kB | 61/153 kB Progress (4): 49 kB | 165 kB | 286/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 290/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 294/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 299/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 303/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 307/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 311/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 315/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 319/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 323/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 327/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 331/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 335/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 340/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 344/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 348/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 352/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 356/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 360/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 364/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 368/472 kB | 65/153 kB Progress (4): 49 kB | 165 kB | 368/472 kB | 69/153 kB Progress (4): 49 kB | 165 kB | 372/472 kB | 69/153 kB Progress (4): 49 kB | 165 kB | 372/472 kB | 73/153 kB Progress (4): 49 kB | 165 kB | 376/472 kB | 73/153 kB Progress (4): 49 kB | 165 kB | 376/472 kB | 77/153 kB Progress (4): 49 kB | 165 kB | 380/472 kB | 77/153 kB Progress (4): 49 kB | 165 kB | 380/472 kB | 81/153 kB Progress (4): 49 kB | 165 kB | 385/472 kB | 81/153 kB Progress (4): 49 kB | 165 kB | 389/472 kB | 81/153 kB Progress (4): 49 kB | 165 kB | 389/472 kB | 86/153 kB Progress (4): 49 kB | 165 kB | 393/472 kB | 86/153 kB Progress (4): 49 kB | 165 kB | 393/472 kB | 90/153 kB Progress (4): 49 kB | 165 kB | 397/472 kB | 90/153 kB Progress (4): 49 kB | 165 kB | 397/472 kB | 94/153 kB Progress (4): 49 kB | 165 kB | 401/472 kB | 94/153 kB Progress (4): 49 kB | 165 kB | 401/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 405/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 409/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 413/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 417/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 421/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 426/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 430/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 434/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 438/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 442/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 446/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 450/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 454/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 458/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 462/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 466/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 471/472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 98/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 102/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 106/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 110/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 114/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 118/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 122/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 127/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 131/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 135/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 139/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 143/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 147/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 151/153 kB Progress (4): 49 kB | 165 kB | 472 kB | 153 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 4.1/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 7.7/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 12/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 16/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 20/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 24/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 28/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 32/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 36/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 41/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 45/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 49/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 53/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 57/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 61/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 65/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 69/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 73/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 77/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 81/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 86/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 90/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 94/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 98/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 102/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 106/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 110/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 114/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 118/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 122/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 127/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 131/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 135/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 139/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 143/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 147/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 151/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 155/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 159/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 163/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 167/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 172/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 176/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 180/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 184/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 188/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 192/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 196/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 200/202 kB Progress (5): 49 kB | 165 kB | 472 kB | 153 kB | 202 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 9.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 3.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (1): 4.1/47 kB Progress (1): 8.2/47 kB Progress (1): 12/47 kB Progress (1): 16/47 kB Progress (1): 20/47 kB Progress (1): 25/47 kB Progress (1): 29/47 kB Progress (1): 33/47 kB Progress (1): 37/47 kB Progress (1): 41/47 kB Progress (1): 45/47 kB Progress (1): 47 kB Progress (2): 47 kB | 4.1/38 kB Progress (2): 47 kB | 7.7/38 kB Progress (2): 47 kB | 12/38 kB Progress (2): 47 kB | 16/38 kB Progress (3): 47 kB | 16/38 kB | 4.1/30 kB Progress (3): 47 kB | 20/38 kB | 4.1/30 kB Progress (3): 47 kB | 24/38 kB | 4.1/30 kB Progress (3): 47 kB | 24/38 kB | 7.7/30 kB Progress (3): 47 kB | 28/38 kB | 7.7/30 kB Progress (3): 47 kB | 28/38 kB | 12/30 kB Progress (3): 47 kB | 32/38 kB | 12/30 kB Progress (3): 47 kB | 32/38 kB | 16/30 kB Progress (3): 47 kB | 32/38 kB | 20/30 kB Progress (3): 47 kB | 32/38 kB | 24/30 kB Progress (3): 47 kB | 32/38 kB | 28/30 kB Progress (3): 47 kB | 32/38 kB | 30 kB Progress (3): 47 kB | 36/38 kB | 30 kB Progress (3): 47 kB | 38 kB | 30 kB Progress (4): 47 kB | 38 kB | 30 kB | 4.1/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 7.7/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 12/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 16/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 20/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 24/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 28/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 32/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 36/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 41/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 45/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 49/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 53/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 57/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 61/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 65/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 69/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 73/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 77/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 81/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 86/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 90/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 94/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 98/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 102/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 106/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 110/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 114/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 118/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 122/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 127/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 131/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 135/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 139/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 143/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 147/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 151/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 155/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 159/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 163/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 167/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 172/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 176/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 180/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 184/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 188/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 192/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 196/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 200/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 204/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 208/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 213/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 217/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 221/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 225/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 229/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 233/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 237/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 241/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 245/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 249/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 253/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 257/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 262/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 266/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 270/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 274/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 278/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 282/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 286/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 290/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 294/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 298/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 302/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 307/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 311/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 315/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 319/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 323/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 327/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 331/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 335/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 339/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 343/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 348/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 352/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 356/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 360/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 364/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 368/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 372/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 376/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 380/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 384/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 388/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 393/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 397/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 401/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 405/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 409/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 413/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 417/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 421/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 425/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 429/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 434/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 438/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 442/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 446/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 450/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 454/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 458/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 462/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 466/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 470/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 474/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 479/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 483/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 487/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 491/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 495/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 499/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 503/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 507/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 511/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 515/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 520/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 524/527 kB Progress (4): 47 kB | 38 kB | 30 kB | 527 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 4.1/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 7.7/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 12/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 16/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 20/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 24/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 28/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 32/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 36/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 41/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 45/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 49/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 53/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 57/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 61/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 65/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 69/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 73/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 77/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 81/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 86/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 90/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 94/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 98/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 102/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 106/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 110/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 114/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 118/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 122/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 127/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 131/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 135/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 139/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 143/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 147/148 kB Progress (5): 47 kB | 38 kB | 30 kB | 527 kB | 148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 543 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 402 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 313 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 4.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (1): 4.1/51 kB Progress (1): 7.7/51 kB Progress (1): 12/51 kB Progress (1): 16/51 kB Progress (1): 20/51 kB Progress (1): 24/51 kB Progress (1): 28/51 kB Progress (1): 32/51 kB Progress (1): 36/51 kB Progress (1): 41/51 kB Progress (1): 45/51 kB Progress (1): 49/51 kB Progress (1): 51 kB Progress (2): 51 kB | 4.1/106 kB Progress (2): 51 kB | 7.7/106 kB Progress (2): 51 kB | 12/106 kB Progress (2): 51 kB | 16/106 kB Progress (2): 51 kB | 20/106 kB Progress (2): 51 kB | 24/106 kB Progress (2): 51 kB | 28/106 kB Progress (2): 51 kB | 32/106 kB Progress (2): 51 kB | 36/106 kB Progress (2): 51 kB | 41/106 kB Progress (2): 51 kB | 45/106 kB Progress (2): 51 kB | 49/106 kB Progress (2): 51 kB | 53/106 kB Progress (2): 51 kB | 57/106 kB Progress (2): 51 kB | 61/106 kB Progress (2): 51 kB | 65/106 kB Progress (2): 51 kB | 69/106 kB Progress (2): 51 kB | 73/106 kB Progress (2): 51 kB | 77/106 kB Progress (2): 51 kB | 81/106 kB Progress (2): 51 kB | 86/106 kB Progress (2): 51 kB | 90/106 kB Progress (2): 51 kB | 94/106 kB Progress (2): 51 kB | 98/106 kB Progress (2): 51 kB | 102/106 kB Progress (2): 51 kB | 106/106 kB Progress (2): 51 kB | 106 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 400 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Progress (2): 106 kB | 4.1/14 kB Progress (2): 106 kB | 7.7/14 kB Progress (2): 106 kB | 12/14 kB Progress (2): 106 kB | 14 kB Progress (3): 106 kB | 14 kB | 4.1/108 kB Progress (3): 106 kB | 14 kB | 7.7/108 kB Progress (4): 106 kB | 14 kB | 7.7/108 kB | 4.1/74 kB Progress (4): 106 kB | 14 kB | 12/108 kB | 4.1/74 kB Progress (4): 106 kB | 14 kB | 12/108 kB | 7.7/74 kB Progress (4): 106 kB | 14 kB | 16/108 kB | 7.7/74 kB Progress (4): 106 kB | 14 kB | 16/108 kB | 12/74 kB Progress (4): 106 kB | 14 kB | 16/108 kB | 16/74 kB Progress (4): 106 kB | 14 kB | 20/108 kB | 16/74 kB Progress (4): 106 kB | 14 kB | 24/108 kB | 16/74 kB Progress (4): 106 kB | 14 kB | 24/108 kB | 20/74 kB Progress (4): 106 kB | 14 kB | 28/108 kB | 20/74 kB Progress (4): 106 kB | 14 kB | 28/108 kB | 24/74 kB Progress (4): 106 kB | 14 kB | 32/108 kB | 24/74 kB Progress (4): 106 kB | 14 kB | 32/108 kB | 28/74 kB Progress (4): 106 kB | 14 kB | 36/108 kB | 28/74 kB Progress (4): 106 kB | 14 kB | 36/108 kB | 32/74 kB Progress (4): 106 kB | 14 kB | 41/108 kB | 32/74 kB Progress (4): 106 kB | 14 kB | 41/108 kB | 36/74 kB Progress (4): 106 kB | 14 kB | 45/108 kB | 36/74 kB Progress (4): 106 kB | 14 kB | 45/108 kB | 40/74 kB Progress (4): 106 kB | 14 kB | 49/108 kB | 40/74 kB Progress (4): 106 kB | 14 kB | 49/108 kB | 44/74 kB Progress (4): 106 kB | 14 kB | 53/108 kB | 44/74 kB Progress (4): 106 kB | 14 kB | 53/108 kB | 48/74 kB Progress (4): 106 kB | 14 kB | 57/108 kB | 48/74 kB Progress (4): 106 kB | 14 kB | 57/108 kB | 53/74 kB Progress (4): 106 kB | 14 kB | 61/108 kB | 53/74 kB Progress (4): 106 kB | 14 kB | 61/108 kB | 57/74 kB Progress (4): 106 kB | 14 kB | 65/108 kB | 57/74 kB Progress (4): 106 kB | 14 kB | 65/108 kB | 61/74 kB Progress (4): 106 kB | 14 kB | 69/108 kB | 61/74 kB Progress (4): 106 kB | 14 kB | 69/108 kB | 65/74 kB Progress (4): 106 kB | 14 kB | 73/108 kB | 65/74 kB Progress (4): 106 kB | 14 kB | 73/108 kB | 69/74 kB Progress (4): 106 kB | 14 kB | 77/108 kB | 69/74 kB Progress (4): 106 kB | 14 kB | 77/108 kB | 73/74 kB Progress (4): 106 kB | 14 kB | 81/108 kB | 73/74 kB Progress (4): 106 kB | 14 kB | 81/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 86/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 90/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 94/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 98/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 102/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 106/108 kB | 74 kB Progress (4): 106 kB | 14 kB | 108 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 728 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (4): 14 kB | 108 kB | 74 kB | 4.1/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 7.7/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 12/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 16/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 20/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 24/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 28/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 32/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 36/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 41/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 45/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 49/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 53/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 57/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 61/61 kB Progress (4): 14 kB | 108 kB | 74 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 461 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 666 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (2): 61 kB | 4.1/46 kB Progress (2): 61 kB | 7.7/46 kB Progress (2): 61 kB | 12/46 kB Progress (2): 61 kB | 16/46 kB Progress (2): 61 kB | 20/46 kB Progress (2): 61 kB | 24/46 kB Progress (2): 61 kB | 28/46 kB Progress (2): 61 kB | 32/46 kB Progress (2): 61 kB | 36/46 kB Progress (2): 61 kB | 41/46 kB Progress (2): 61 kB | 45/46 kB Progress (2): 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 355 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (2): 46 kB | 4.1/4.2 kB Progress (2): 46 kB | 4.2 kB Progress (3): 46 kB | 4.2 kB | 4.1/29 kB Progress (3): 46 kB | 4.2 kB | 7.7/29 kB Progress (3): 46 kB | 4.2 kB | 12/29 kB Progress (3): 46 kB | 4.2 kB | 16/29 kB Progress (3): 46 kB | 4.2 kB | 20/29 kB Progress (3): 46 kB | 4.2 kB | 24/29 kB Progress (3): 46 kB | 4.2 kB | 28/29 kB Progress (3): 46 kB | 4.2 kB | 29 kB Progress (4): 46 kB | 4.2 kB | 29 kB | 4.1/13 kB Progress (4): 46 kB | 4.2 kB | 29 kB | 7.7/13 kB Progress (4): 46 kB | 4.2 kB | 29 kB | 12/13 kB Progress (4): 46 kB | 4.2 kB | 29 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Progress (4): 4.2 kB | 29 kB | 13 kB | 4.1/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 7.7/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 12/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 16/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 20/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 24/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 28/52 kB Progress (4): 4.2 kB | 29 kB | 13 kB | 32/52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (3): 29 kB | 13 kB | 36/52 kB Progress (3): 29 kB | 13 kB | 41/52 kB Progress (3): 29 kB | 13 kB | 45/52 kB Progress (3): 29 kB | 13 kB | 49/52 kB Progress (3): 29 kB | 13 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 140 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (2): 52 kB | 4.1/263 kB Progress (2): 52 kB | 7.7/263 kB Progress (2): 52 kB | 12/263 kB Progress (2): 52 kB | 16/263 kB Progress (2): 52 kB | 20/263 kB Progress (2): 52 kB | 24/263 kB Progress (2): 52 kB | 28/263 kB Progress (2): 52 kB | 32/263 kB Progress (2): 52 kB | 36/263 kB Progress (2): 52 kB | 41/263 kB Progress (2): 52 kB | 45/263 kB Progress (2): 52 kB | 49/263 kB Progress (2): 52 kB | 53/263 kB Progress (2): 52 kB | 57/263 kB Progress (2): 52 kB | 61/263 kB Progress (2): 52 kB | 65/263 kB Progress (2): 52 kB | 69/263 kB Progress (2): 52 kB | 73/263 kB Progress (2): 52 kB | 77/263 kB Progress (2): 52 kB | 81/263 kB Progress (2): 52 kB | 85/263 kB Progress (2): 52 kB | 89/263 kB Progress (2): 52 kB | 94/263 kB Progress (2): 52 kB | 98/263 kB Progress (2): 52 kB | 102/263 kB Progress (2): 52 kB | 106/263 kB Progress (2): 52 kB | 110/263 kB Progress (2): 52 kB | 114/263 kB Progress (2): 52 kB | 118/263 kB Progress (2): 52 kB | 122/263 kB Progress (2): 52 kB | 126/263 kB Progress (2): 52 kB | 130/263 kB Progress (2): 52 kB | 134/263 kB Progress (2): 52 kB | 139/263 kB Progress (2): 52 kB | 143/263 kB Progress (2): 52 kB | 147/263 kB Progress (2): 52 kB | 151/263 kB Progress (2): 52 kB | 155/263 kB Progress (2): 52 kB | 159/263 kB Progress (2): 52 kB | 163/263 kB Progress (2): 52 kB | 167/263 kB Progress (2): 52 kB | 171/263 kB Progress (2): 52 kB | 175/263 kB Progress (2): 52 kB | 180/263 kB Progress (2): 52 kB | 184/263 kB Progress (2): 52 kB | 188/263 kB Progress (2): 52 kB | 192/263 kB Progress (2): 52 kB | 196/263 kB Progress (2): 52 kB | 200/263 kB Progress (2): 52 kB | 204/263 kB Progress (2): 52 kB | 208/263 kB Progress (2): 52 kB | 212/263 kB Progress (2): 52 kB | 216/263 kB Progress (2): 52 kB | 220/263 kB Progress (2): 52 kB | 225/263 kB Progress (2): 52 kB | 229/263 kB Progress (2): 52 kB | 233/263 kB Progress (2): 52 kB | 237/263 kB Progress (2): 52 kB | 241/263 kB Progress (2): 52 kB | 245/263 kB Progress (2): 52 kB | 249/263 kB Progress (2): 52 kB | 253/263 kB Progress (2): 52 kB | 257/263 kB Progress (2): 52 kB | 261/263 kB Progress (2): 52 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 246 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (2): 263 kB | 4.1/120 kB Progress (2): 263 kB | 7.7/120 kB Progress (2): 263 kB | 12/120 kB Progress (2): 263 kB | 16/120 kB Progress (2): 263 kB | 20/120 kB Progress (2): 263 kB | 24/120 kB Progress (2): 263 kB | 28/120 kB Progress (2): 263 kB | 32/120 kB Progress (2): 263 kB | 36/120 kB Progress (2): 263 kB | 41/120 kB Progress (2): 263 kB | 45/120 kB Progress (2): 263 kB | 49/120 kB Progress (2): 263 kB | 53/120 kB Progress (2): 263 kB | 57/120 kB Progress (2): 263 kB | 61/120 kB Progress (2): 263 kB | 65/120 kB Progress (2): 263 kB | 69/120 kB Progress (2): 263 kB | 73/120 kB Progress (2): 263 kB | 77/120 kB Progress (2): 263 kB | 81/120 kB Progress (2): 263 kB | 86/120 kB Progress (2): 263 kB | 90/120 kB Progress (2): 263 kB | 94/120 kB Progress (2): 263 kB | 98/120 kB Progress (2): 263 kB | 102/120 kB Progress (2): 263 kB | 106/120 kB Progress (2): 263 kB | 110/120 kB Progress (2): 263 kB | 114/120 kB Progress (2): 263 kB | 118/120 kB Progress (2): 263 kB | 120 kB Progress (3): 263 kB | 120 kB | 4.1/164 kB Progress (3): 263 kB | 120 kB | 7.7/164 kB Progress (3): 263 kB | 120 kB | 12/164 kB Progress (3): 263 kB | 120 kB | 16/164 kB Progress (3): 263 kB | 120 kB | 20/164 kB Progress (3): 263 kB | 120 kB | 24/164 kB Progress (3): 263 kB | 120 kB | 28/164 kB Progress (3): 263 kB | 120 kB | 32/164 kB Progress (3): 263 kB | 120 kB | 36/164 kB Progress (3): 263 kB | 120 kB | 41/164 kB Progress (3): 263 kB | 120 kB | 45/164 kB Progress (3): 263 kB | 120 kB | 49/164 kB Progress (3): 263 kB | 120 kB | 53/164 kB Progress (3): 263 kB | 120 kB | 57/164 kB Progress (3): 263 kB | 120 kB | 61/164 kB Progress (3): 263 kB | 120 kB | 65/164 kB Progress (3): 263 kB | 120 kB | 69/164 kB Progress (3): 263 kB | 120 kB | 73/164 kB Progress (3): 263 kB | 120 kB | 77/164 kB Progress (3): 263 kB | 120 kB | 81/164 kB Progress (3): 263 kB | 120 kB | 86/164 kB Progress (3): 263 kB | 120 kB | 90/164 kB Progress (3): 263 kB | 120 kB | 94/164 kB Progress (3): 263 kB | 120 kB | 98/164 kB Progress (3): 263 kB | 120 kB | 102/164 kB Progress (3): 263 kB | 120 kB | 106/164 kB Progress (3): 263 kB | 120 kB | 110/164 kB Progress (3): 263 kB | 120 kB | 114/164 kB Progress (3): 263 kB | 120 kB | 118/164 kB Progress (3): 263 kB | 120 kB | 122/164 kB Progress (3): 263 kB | 120 kB | 127/164 kB Progress (3): 263 kB | 120 kB | 131/164 kB Progress (3): 263 kB | 120 kB | 135/164 kB Progress (3): 263 kB | 120 kB | 139/164 kB Progress (3): 263 kB | 120 kB | 143/164 kB Progress (3): 263 kB | 120 kB | 147/164 kB Progress (3): 263 kB | 120 kB | 151/164 kB Progress (3): 263 kB | 120 kB | 155/164 kB Progress (3): 263 kB | 120 kB | 159/164 kB Progress (3): 263 kB | 120 kB | 163/164 kB Progress (3): 263 kB | 120 kB | 164 kB Progress (4): 263 kB | 120 kB | 164 kB | 4.1/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 7.7/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 12/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 16/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 20/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 24/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 28/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 32/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 36/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 41/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 45/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 49/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 53/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 57/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 61/61 kB Progress (4): 263 kB | 120 kB | 164 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 521 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (3): 164 kB | 61 kB | 4.1/335 kB Progress (3): 164 kB | 61 kB | 7.7/335 kB Progress (3): 164 kB | 61 kB | 12/335 kB Progress (3): 164 kB | 61 kB | 16/335 kB Progress (3): 164 kB | 61 kB | 20/335 kB Progress (3): 164 kB | 61 kB | 24/335 kB Progress (3): 164 kB | 61 kB | 28/335 kB Progress (3): 164 kB | 61 kB | 32/335 kB Progress (3): 164 kB | 61 kB | 36/335 kB Progress (3): 164 kB | 61 kB | 41/335 kB Progress (3): 164 kB | 61 kB | 45/335 kB Progress (3): 164 kB | 61 kB | 49/335 kB Progress (3): 164 kB | 61 kB | 53/335 kB Progress (3): 164 kB | 61 kB | 57/335 kB Progress (3): 164 kB | 61 kB | 61/335 kB Progress (3): 164 kB | 61 kB | 65/335 kB Progress (3): 164 kB | 61 kB | 69/335 kB Progress (3): 164 kB | 61 kB | 73/335 kB Progress (3): 164 kB | 61 kB | 77/335 kB Progress (3): 164 kB | 61 kB | 81/335 kB Progress (3): 164 kB | 61 kB | 86/335 kB Progress (3): 164 kB | 61 kB | 90/335 kB Progress (3): 164 kB | 61 kB | 94/335 kB Progress (3): 164 kB | 61 kB | 98/335 kB Progress (3): 164 kB | 61 kB | 102/335 kB Progress (3): 164 kB | 61 kB | 106/335 kB Progress (3): 164 kB | 61 kB | 110/335 kB Progress (3): 164 kB | 61 kB | 114/335 kB Progress (3): 164 kB | 61 kB | 118/335 kB Progress (3): 164 kB | 61 kB | 122/335 kB Progress (3): 164 kB | 61 kB | 127/335 kB Progress (3): 164 kB | 61 kB | 131/335 kB Progress (3): 164 kB | 61 kB | 135/335 kB Progress (3): 164 kB | 61 kB | 139/335 kB Progress (3): 164 kB | 61 kB | 143/335 kB Progress (3): 164 kB | 61 kB | 147/335 kB Progress (3): 164 kB | 61 kB | 151/335 kB Progress (3): 164 kB | 61 kB | 155/335 kB Progress (3): 164 kB | 61 kB | 159/335 kB Progress (3): 164 kB | 61 kB | 163/335 kB Progress (3): 164 kB | 61 kB | 167/335 kB Progress (3): 164 kB | 61 kB | 172/335 kB Progress (3): 164 kB | 61 kB | 176/335 kB Progress (3): 164 kB | 61 kB | 180/335 kB Progress (3): 164 kB | 61 kB | 184/335 kB Progress (3): 164 kB | 61 kB | 188/335 kB Progress (3): 164 kB | 61 kB | 192/335 kB Progress (3): 164 kB | 61 kB | 196/335 kB Progress (3): 164 kB | 61 kB | 200/335 kB Progress (3): 164 kB | 61 kB | 204/335 kB Progress (3): 164 kB | 61 kB | 208/335 kB Progress (3): 164 kB | 61 kB | 213/335 kB Progress (3): 164 kB | 61 kB | 217/335 kB Progress (3): 164 kB | 61 kB | 221/335 kB Progress (3): 164 kB | 61 kB | 225/335 kB Progress (3): 164 kB | 61 kB | 229/335 kB Progress (3): 164 kB | 61 kB | 233/335 kB Progress (3): 164 kB | 61 kB | 237/335 kB Progress (3): 164 kB | 61 kB | 241/335 kB Progress (3): 164 kB | 61 kB | 245/335 kB Progress (3): 164 kB | 61 kB | 249/335 kB Progress (3): 164 kB | 61 kB | 254/335 kB Progress (3): 164 kB | 61 kB | 258/335 kB Progress (3): 164 kB | 61 kB | 262/335 kB Progress (3): 164 kB | 61 kB | 266/335 kB Progress (3): 164 kB | 61 kB | 270/335 kB Progress (3): 164 kB | 61 kB | 274/335 kB Progress (3): 164 kB | 61 kB | 278/335 kB Progress (3): 164 kB | 61 kB | 282/335 kB Progress (3): 164 kB | 61 kB | 286/335 kB Progress (3): 164 kB | 61 kB | 290/335 kB Progress (3): 164 kB | 61 kB | 294/335 kB Progress (3): 164 kB | 61 kB | 299/335 kB Progress (3): 164 kB | 61 kB | 303/335 kB Progress (3): 164 kB | 61 kB | 307/335 kB Progress (3): 164 kB | 61 kB | 311/335 kB Progress (3): 164 kB | 61 kB | 315/335 kB Progress (3): 164 kB | 61 kB | 319/335 kB Progress (3): 164 kB | 61 kB | 323/335 kB Progress (3): 164 kB | 61 kB | 327/335 kB Progress (3): 164 kB | 61 kB | 331/335 kB Progress (3): 164 kB | 61 kB | 335 kB Progress (4): 164 kB | 61 kB | 335 kB | 4.1/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 7.7/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 12/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 16/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 20/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 24/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 28/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 32/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 36/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 41/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 45/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 49/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 53/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 57/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 61/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 65/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 69/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 73/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 77/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 81/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 86/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 90/122 kB Progress (4): 164 kB | 61 kB | 335 kB | 94/122 kB Progress (5): 164 kB | 61 kB | 335 kB | 94/122 kB | 4.1/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 98/122 kB | 4.1/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 98/122 kB | 7.7/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 102/122 kB | 7.7/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 102/122 kB | 12/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 106/122 kB | 12/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 106/122 kB | 16/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 110/122 kB | 16/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 114/122 kB | 16/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 118/122 kB | 16/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 118/122 kB | 20/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 122 kB | 20/26 kB Progress (5): 164 kB | 61 kB | 335 kB | 122 kB | 24/26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 247 kB/s) Progress (4): 164 kB | 335 kB | 122 kB | 26 kB Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 647 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 444 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (1): 4.1/72 kB Progress (1): 7.7/72 kB Progress (1): 12/72 kB Progress (1): 16/72 kB Progress (1): 20/72 kB Progress (1): 24/72 kB Progress (1): 28/72 kB Progress (1): 32/72 kB Progress (1): 36/72 kB Progress (1): 41/72 kB Progress (1): 45/72 kB Progress (1): 49/72 kB Progress (1): 53/72 kB Progress (1): 57/72 kB Progress (1): 61/72 kB Progress (1): 65/72 kB Progress (1): 69/72 kB Progress (1): 72 kB Progress (2): 72 kB | 4.1/53 kB Progress (2): 72 kB | 7.7/53 kB Progress (2): 72 kB | 12/53 kB Progress (2): 72 kB | 16/53 kB Progress (2): 72 kB | 20/53 kB Progress (2): 72 kB | 24/53 kB Progress (2): 72 kB | 28/53 kB Progress (2): 72 kB | 32/53 kB Progress (2): 72 kB | 36/53 kB Progress (2): 72 kB | 41/53 kB Progress (2): 72 kB | 45/53 kB Progress (2): 72 kB | 49/53 kB Progress (3): 72 kB | 49/53 kB | 4.1/33 kB Progress (3): 72 kB | 49/53 kB | 7.7/33 kB Progress (3): 72 kB | 53 kB | 7.7/33 kB Progress (3): 72 kB | 53 kB | 12/33 kB Progress (3): 72 kB | 53 kB | 16/33 kB Progress (3): 72 kB | 53 kB | 20/33 kB Progress (3): 72 kB | 53 kB | 24/33 kB Progress (3): 72 kB | 53 kB | 28/33 kB Progress (3): 72 kB | 53 kB | 32/33 kB Progress (3): 72 kB | 53 kB | 33 kB Progress (4): 72 kB | 53 kB | 33 kB | 4.1/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 7.7/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 12/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 16/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 20/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 24/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 28/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 32/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 36/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 41/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 45/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 49/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 53/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 57/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 61/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 65/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 69/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 73/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 77/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 81/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 86/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 90/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 94/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 98/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 102/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 106/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 110/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 114/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 118/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 122/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 127/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 131/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 135/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 139/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 143/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 147/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 151/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 155/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 159/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 163/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 167/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 172/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 176/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 180/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 184/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 188/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 192/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 196/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 200/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 204/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 208/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 213/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 217/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 221/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 225/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 229/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 233/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 237/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 241/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 245/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 249/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 254/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 258/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 262/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 266/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 270/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 274/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 278/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 282/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 286/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 290/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 294/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 299/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 303/305 kB Progress (4): 72 kB | 53 kB | 33 kB | 305 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 4.1/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 7.7/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 12/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 16/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 20/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 24/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 28/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 32/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 36/37 kB Progress (5): 72 kB | 53 kB | 33 kB | 305 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 172 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 965 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (1): 4.1/215 kB Progress (1): 7.7/215 kB Progress (1): 12/215 kB Progress (1): 16/215 kB Progress (1): 20/215 kB Progress (2): 20/215 kB | 4.1/180 kB Progress (2): 24/215 kB | 4.1/180 kB Progress (2): 28/215 kB | 4.1/180 kB Progress (2): 28/215 kB | 7.7/180 kB Progress (2): 32/215 kB | 7.7/180 kB Progress (2): 32/215 kB | 12/180 kB Progress (2): 32/215 kB | 16/180 kB Progress (2): 36/215 kB | 16/180 kB Progress (2): 41/215 kB | 16/180 kB Progress (2): 41/215 kB | 20/180 kB Progress (2): 45/215 kB | 20/180 kB Progress (2): 45/215 kB | 24/180 kB Progress (2): 49/215 kB | 24/180 kB Progress (2): 53/215 kB | 24/180 kB Progress (2): 53/215 kB | 28/180 kB Progress (2): 57/215 kB | 28/180 kB Progress (2): 57/215 kB | 32/180 kB Progress (2): 61/215 kB | 32/180 kB Progress (2): 61/215 kB | 36/180 kB Progress (2): 65/215 kB | 36/180 kB Progress (2): 65/215 kB | 41/180 kB Progress (2): 69/215 kB | 41/180 kB Progress (2): 73/215 kB | 41/180 kB Progress (2): 73/215 kB | 45/180 kB Progress (2): 77/215 kB | 45/180 kB Progress (2): 77/215 kB | 49/180 kB Progress (2): 77/215 kB | 53/180 kB Progress (2): 81/215 kB | 53/180 kB Progress (2): 81/215 kB | 57/180 kB Progress (2): 86/215 kB | 57/180 kB Progress (2): 90/215 kB | 57/180 kB Progress (2): 90/215 kB | 61/180 kB Progress (2): 94/215 kB | 61/180 kB Progress (2): 94/215 kB | 65/180 kB Progress (2): 98/215 kB | 65/180 kB Progress (2): 98/215 kB | 69/180 kB Progress (2): 102/215 kB | 69/180 kB Progress (2): 102/215 kB | 73/180 kB Progress (2): 106/215 kB | 73/180 kB Progress (2): 106/215 kB | 77/180 kB Progress (2): 110/215 kB | 77/180 kB Progress (3): 110/215 kB | 77/180 kB | 4.1/134 kB Progress (3): 114/215 kB | 77/180 kB | 4.1/134 kB Progress (3): 114/215 kB | 81/180 kB | 4.1/134 kB Progress (3): 118/215 kB | 81/180 kB | 4.1/134 kB Progress (3): 118/215 kB | 81/180 kB | 7.7/134 kB Progress (3): 118/215 kB | 86/180 kB | 7.7/134 kB Progress (3): 118/215 kB | 86/180 kB | 12/134 kB Progress (3): 122/215 kB | 86/180 kB | 12/134 kB Progress (3): 122/215 kB | 86/180 kB | 16/134 kB Progress (3): 127/215 kB | 86/180 kB | 16/134 kB Progress (3): 127/215 kB | 90/180 kB | 16/134 kB Progress (3): 131/215 kB | 90/180 kB | 16/134 kB Progress (3): 131/215 kB | 90/180 kB | 20/134 kB Progress (3): 131/215 kB | 94/180 kB | 20/134 kB Progress (3): 131/215 kB | 94/180 kB | 24/134 kB Progress (3): 135/215 kB | 94/180 kB | 24/134 kB Progress (3): 135/215 kB | 94/180 kB | 28/134 kB Progress (3): 139/215 kB | 94/180 kB | 28/134 kB Progress (3): 139/215 kB | 98/180 kB | 28/134 kB Progress (3): 139/215 kB | 102/180 kB | 28/134 kB Progress (3): 143/215 kB | 102/180 kB | 28/134 kB Progress (3): 143/215 kB | 102/180 kB | 32/134 kB Progress (3): 147/215 kB | 102/180 kB | 32/134 kB Progress (3): 147/215 kB | 106/180 kB | 32/134 kB Progress (3): 151/215 kB | 106/180 kB | 32/134 kB Progress (3): 151/215 kB | 106/180 kB | 36/134 kB Progress (3): 151/215 kB | 110/180 kB | 36/134 kB Progress (3): 155/215 kB | 110/180 kB | 36/134 kB Progress (3): 155/215 kB | 114/180 kB | 36/134 kB Progress (3): 155/215 kB | 114/180 kB | 41/134 kB Progress (3): 155/215 kB | 118/180 kB | 41/134 kB Progress (3): 159/215 kB | 118/180 kB | 41/134 kB Progress (3): 159/215 kB | 122/180 kB | 41/134 kB Progress (3): 159/215 kB | 122/180 kB | 45/134 kB Progress (3): 159/215 kB | 127/180 kB | 45/134 kB Progress (3): 163/215 kB | 127/180 kB | 45/134 kB Progress (3): 163/215 kB | 131/180 kB | 45/134 kB Progress (3): 167/215 kB | 131/180 kB | 45/134 kB Progress (3): 167/215 kB | 135/180 kB | 45/134 kB Progress (3): 167/215 kB | 135/180 kB | 49/134 kB Progress (3): 167/215 kB | 139/180 kB | 49/134 kB Progress (3): 172/215 kB | 139/180 kB | 49/134 kB Progress (3): 172/215 kB | 139/180 kB | 53/134 kB Progress (3): 172/215 kB | 143/180 kB | 53/134 kB Progress (3): 176/215 kB | 143/180 kB | 53/134 kB Progress (3): 176/215 kB | 143/180 kB | 57/134 kB Progress (3): 180/215 kB | 143/180 kB | 57/134 kB Progress (3): 180/215 kB | 143/180 kB | 61/134 kB Progress (3): 180/215 kB | 147/180 kB | 61/134 kB Progress (3): 180/215 kB | 147/180 kB | 65/134 kB Progress (3): 184/215 kB | 147/180 kB | 65/134 kB Progress (3): 184/215 kB | 151/180 kB | 65/134 kB Progress (3): 188/215 kB | 151/180 kB | 65/134 kB Progress (3): 188/215 kB | 155/180 kB | 65/134 kB Progress (3): 192/215 kB | 155/180 kB | 65/134 kB Progress (3): 192/215 kB | 159/180 kB | 65/134 kB Progress (3): 196/215 kB | 159/180 kB | 65/134 kB Progress (3): 196/215 kB | 163/180 kB | 65/134 kB Progress (3): 200/215 kB | 163/180 kB | 65/134 kB Progress (3): 200/215 kB | 167/180 kB | 65/134 kB Progress (3): 204/215 kB | 167/180 kB | 65/134 kB Progress (3): 204/215 kB | 172/180 kB | 65/134 kB Progress (3): 208/215 kB | 172/180 kB | 65/134 kB Progress (3): 213/215 kB | 172/180 kB | 65/134 kB Progress (3): 213/215 kB | 172/180 kB | 69/134 kB Progress (3): 215 kB | 172/180 kB | 69/134 kB Progress (3): 215 kB | 176/180 kB | 69/134 kB Progress (3): 215 kB | 176/180 kB | 73/134 kB Progress (3): 215 kB | 180/180 kB | 73/134 kB Progress (3): 215 kB | 180/180 kB | 77/134 kB Progress (3): 215 kB | 180 kB | 77/134 kB Progress (3): 215 kB | 180 kB | 81/134 kB Progress (3): 215 kB | 180 kB | 86/134 kB Progress (3): 215 kB | 180 kB | 90/134 kB Progress (3): 215 kB | 180 kB | 94/134 kB Progress (3): 215 kB | 180 kB | 98/134 kB Progress (3): 215 kB | 180 kB | 102/134 kB Progress (3): 215 kB | 180 kB | 106/134 kB Progress (3): 215 kB | 180 kB | 110/134 kB Progress (3): 215 kB | 180 kB | 114/134 kB Progress (3): 215 kB | 180 kB | 118/134 kB Progress (3): 215 kB | 180 kB | 122/134 kB Progress (3): 215 kB | 180 kB | 127/134 kB Progress (3): 215 kB | 180 kB | 131/134 kB Progress (3): 215 kB | 180 kB | 134 kB Progress (4): 215 kB | 180 kB | 134 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (4): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB Progress (5): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB | 4.1/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.1/2.6 MB | 7.7/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 7.7/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 12/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 16/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 16/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 20/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 24/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 28/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 28/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 32/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 36/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 41/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 41/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 45/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 49/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 49/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 53/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 57/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 61/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 61/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 65/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.2/2.6 MB | 69/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 69/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 73/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 77/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 81/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 81/85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.3/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Progress (5): 215 kB | 180 kB | 134 kB | 0.4/2.6 MB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 384 kB/s) Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.5/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.6/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.7/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.8/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 0.9/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.0/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.1/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.2/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.2/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.2/2.6 MB | 85 kB Progress (4): 215 kB | 180 kB | 1.2/2.6 MB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 608 kB/s) Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 180 kB | 1.2/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.3/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.4/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.5/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.6/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.7/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.8/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 1.9/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.0/2.6 MB | 85 kB Progress (3): 180 kB | 2.1/2.6 MB | 85 kB Progress (3): 180 kB | 2.1/2.6 MB | 85 kB Progress (3): 180 kB | 2.1/2.6 MB | 85 kB Progress (3): 180 kB | 2.1/2.6 MB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 503 kB/s) Progress (2): 2.1/2.6 MB | 85 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 2.1/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.2/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.3/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.4/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.5/2.6 MB | 85 kB Progress (2): 2.6/2.6 MB | 85 kB Progress (2): 2.6/2.6 MB | 85 kB Progress (2): 2.6/2.6 MB | 85 kB Progress (2): 2.6/2.6 MB | 85 kB Progress (2): 2.6/2.6 MB | 85 kB Progress (2): 2.6 MB | 85 kB Progress (3): 2.6 MB | 85 kB | 4.1/4.6 kB Progress (3): 2.6 MB | 85 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 229 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (3): 2.6 MB | 4.6 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (3): 4.6 kB | 2.2 kB | 4.1/20 kB Progress (3): 4.6 kB | 2.2 kB | 7.7/20 kB Progress (3): 4.6 kB | 2.2 kB | 12/20 kB Progress (3): 4.6 kB | 2.2 kB | 16/20 kB Progress (3): 4.6 kB | 2.2 kB | 20 kB Progress (4): 4.6 kB | 2.2 kB | 20 kB | 4.1/5.9 kB Progress (4): 4.6 kB | 2.2 kB | 20 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.5 kB/s) Progress (3): 20 kB | 5.9 kB | 4.1/14 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Progress (3): 20 kB | 5.9 kB | 7.7/14 kB Progress (3): 20 kB | 5.9 kB | 12/14 kB Progress (3): 20 kB | 5.9 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 50 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 14 kB/s) Progress (2): 14 kB | 4.1/8.8 kB Progress (2): 14 kB | 7.7/8.8 kB Progress (2): 14 kB | 8.8 kB Progress (3): 14 kB | 8.8 kB | 4.1/500 kB Progress (3): 14 kB | 8.8 kB | 7.7/500 kB Progress (3): 14 kB | 8.8 kB | 12/500 kB Progress (3): 14 kB | 8.8 kB | 16/500 kB Progress (3): 14 kB | 8.8 kB | 20/500 kB Progress (3): 14 kB | 8.8 kB | 24/500 kB Progress (3): 14 kB | 8.8 kB | 28/500 kB Progress (3): 14 kB | 8.8 kB | 32/500 kB Progress (3): 14 kB | 8.8 kB | 36/500 kB Progress (3): 14 kB | 8.8 kB | 41/500 kB Progress (3): 14 kB | 8.8 kB | 45/500 kB Progress (3): 14 kB | 8.8 kB | 49/500 kB Progress (3): 14 kB | 8.8 kB | 53/500 kB Progress (3): 14 kB | 8.8 kB | 57/500 kB Progress (3): 14 kB | 8.8 kB | 61/500 kB Progress (3): 14 kB | 8.8 kB | 65/500 kB Progress (3): 14 kB | 8.8 kB | 69/500 kB Progress (3): 14 kB | 8.8 kB | 73/500 kB Progress (3): 14 kB | 8.8 kB | 77/500 kB Progress (3): 14 kB | 8.8 kB | 81/500 kB Progress (3): 14 kB | 8.8 kB | 86/500 kB Progress (3): 14 kB | 8.8 kB | 90/500 kB Progress (3): 14 kB | 8.8 kB | 94/500 kB Progress (3): 14 kB | 8.8 kB | 98/500 kB Progress (3): 14 kB | 8.8 kB | 102/500 kB Progress (3): 14 kB | 8.8 kB | 106/500 kB Progress (3): 14 kB | 8.8 kB | 110/500 kB Progress (3): 14 kB | 8.8 kB | 114/500 kB Progress (3): 14 kB | 8.8 kB | 118/500 kB Progress (3): 14 kB | 8.8 kB | 122/500 kB Progress (3): 14 kB | 8.8 kB | 127/500 kB Progress (3): 14 kB | 8.8 kB | 131/500 kB Progress (3): 14 kB | 8.8 kB | 135/500 kB Progress (3): 14 kB | 8.8 kB | 139/500 kB Progress (3): 14 kB | 8.8 kB | 143/500 kB Progress (3): 14 kB | 8.8 kB | 147/500 kB Progress (3): 14 kB | 8.8 kB | 151/500 kB Progress (3): 14 kB | 8.8 kB | 155/500 kB Progress (3): 14 kB | 8.8 kB | 159/500 kB Progress (3): 14 kB | 8.8 kB | 163/500 kB Progress (3): 14 kB | 8.8 kB | 167/500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 33 kB/s) Progress (2): 8.8 kB | 172/500 kB Progress (2): 8.8 kB | 176/500 kB Progress (2): 8.8 kB | 180/500 kB Progress (2): 8.8 kB | 184/500 kB Progress (2): 8.8 kB | 188/500 kB Progress (2): 8.8 kB | 192/500 kB Progress (2): 8.8 kB | 196/500 kB Progress (2): 8.8 kB | 200/500 kB Progress (2): 8.8 kB | 204/500 kB Progress (2): 8.8 kB | 208/500 kB Progress (2): 8.8 kB | 213/500 kB Progress (2): 8.8 kB | 217/500 kB Progress (2): 8.8 kB | 221/500 kB Progress (2): 8.8 kB | 225/500 kB Progress (2): 8.8 kB | 229/500 kB Progress (2): 8.8 kB | 233/500 kB Progress (2): 8.8 kB | 237/500 kB Progress (2): 8.8 kB | 241/500 kB Progress (2): 8.8 kB | 245/500 kB Progress (2): 8.8 kB | 249/500 kB Progress (2): 8.8 kB | 254/500 kB Progress (2): 8.8 kB | 258/500 kB Progress (2): 8.8 kB | 262/500 kB Progress (2): 8.8 kB | 266/500 kB Progress (2): 8.8 kB | 270/500 kB Progress (2): 8.8 kB | 274/500 kB Progress (2): 8.8 kB | 278/500 kB Progress (2): 8.8 kB | 282/500 kB Progress (2): 8.8 kB | 286/500 kB Progress (2): 8.8 kB | 290/500 kB Progress (2): 8.8 kB | 294/500 kB Progress (2): 8.8 kB | 299/500 kB Progress (2): 8.8 kB | 303/500 kB Progress (2): 8.8 kB | 307/500 kB Progress (2): 8.8 kB | 311/500 kB Progress (2): 8.8 kB | 315/500 kB Progress (2): 8.8 kB | 319/500 kB Progress (2): 8.8 kB | 323/500 kB Progress (2): 8.8 kB | 327/500 kB Progress (2): 8.8 kB | 331/500 kB Progress (2): 8.8 kB | 335/500 kB Progress (2): 8.8 kB | 340/500 kB Progress (2): 8.8 kB | 344/500 kB Progress (2): 8.8 kB | 348/500 kB Progress (2): 8.8 kB | 352/500 kB Progress (2): 8.8 kB | 356/500 kB Progress (2): 8.8 kB | 360/500 kB Progress (2): 8.8 kB | 364/500 kB Progress (2): 8.8 kB | 368/500 kB Progress (2): 8.8 kB | 372/500 kB Progress (2): 8.8 kB | 376/500 kB Progress (2): 8.8 kB | 380/500 kB Progress (2): 8.8 kB | 385/500 kB Progress (2): 8.8 kB | 389/500 kB Progress (2): 8.8 kB | 393/500 kB Progress (2): 8.8 kB | 397/500 kB Progress (2): 8.8 kB | 401/500 kB Progress (2): 8.8 kB | 405/500 kB Progress (2): 8.8 kB | 409/500 kB Progress (2): 8.8 kB | 413/500 kB Progress (2): 8.8 kB | 417/500 kB Progress (2): 8.8 kB | 421/500 kB Progress (2): 8.8 kB | 426/500 kB Progress (2): 8.8 kB | 430/500 kB Progress (2): 8.8 kB | 434/500 kB Progress (2): 8.8 kB | 438/500 kB Progress (2): 8.8 kB | 442/500 kB Progress (2): 8.8 kB | 446/500 kB Progress (2): 8.8 kB | 450/500 kB Progress (2): 8.8 kB | 454/500 kB Progress (2): 8.8 kB | 458/500 kB Progress (2): 8.8 kB | 462/500 kB Progress (2): 8.8 kB | 466/500 kB Progress (2): 8.8 kB | 471/500 kB Progress (2): 8.8 kB | 475/500 kB Progress (2): 8.8 kB | 479/500 kB Progress (2): 8.8 kB | 483/500 kB Progress (2): 8.8 kB | 487/500 kB Progress (2): 8.8 kB | 491/500 kB Progress (2): 8.8 kB | 495/500 kB Progress (2): 8.8 kB | 499/500 kB Progress (2): 8.8 kB | 500 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 16.013 s [INFO] Finished at: 2026-02-10T22:20:13Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="77169bc89c21f13d10579dae80d1ac4578ad720c" "org.opencontainers.image.revision"="77169bc89c21f13d10579dae80d1ac4578ad720c" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:19:46Z" "org.opencontainers.image.created"="2026-02-10T22:19:46Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c --> 8175ff2a46a1 Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c 8175ff2a46a19ec02defe29e30707e7b2b01acfc207d71653b5059dbbf52bbc8 [2026-02-10T22:20:15,104245432+00:00] Unsetting proxy [2026-02-10T22:20:15,105372966+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:bd5c433cb8352897efefc5581486b84d530e3184875149b6c9d3222a69682309 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:8175ff2a46a19ec02defe29e30707e7b2b01acfc207d71653b5059dbbf52bbc8 Writing manifest to image destination [2026-02-10T22:20:17,164029005+00:00] End build pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-push: [2026-02-10T22:20:17,207843219+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:20:20,542614096+00:00] Convert image [2026-02-10T22:20:20,586501462+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-vj8dh-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-vj8dh-build-container Getting image source signatures Copying blob sha256:bd5c433cb8352897efefc5581486b84d530e3184875149b6c9d3222a69682309 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:8175ff2a46a19ec02defe29e30707e7b2b01acfc207d71653b5059dbbf52bbc8 Writing manifest to image destination [2026-02-10T22:20:25,512271421+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Getting image source signatures Copying blob sha256:bd5c433cb8352897efefc5581486b84d530e3184875149b6c9d3222a69682309 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:8175ff2a46a19ec02defe29e30707e7b2b01acfc207d71653b5059dbbf52bbc8 Writing manifest to image destination sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c [2026-02-10T22:20:26,523788636+00:00] End push pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:20:27,297941114+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:20:36,223181098+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-prepare-sboms: [2026-02-10T22:20:36,534028585+00:00] Prepare SBOM [2026-02-10T22:20:36,538488951+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:20:48,492 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:20:49,795 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:20:53,923 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:20:53,923 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:20:53,924 [INFO] mobster.log: Contextual workflow completed in 4.24s 2026-02-10 22:20:54,192 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:20:55,190952352+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-vj8dh-build-container-pod | container step-upload-sbom: [2026-02-10T22:20:55,738072948+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:57e91b1c4d4ea69f085290bd26d7b387730c9e73030efa947f90f67a237738b7 [2026-02-10T22:21:06,346192109+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-vj8dh-build-image-index-pod | init container: prepare 2026/02/10 22:21:08 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-build-image-index-pod | init container: place-scripts 2026/02/10 22:21:08 Decoded script /tekton/scripts/script-0-hxt6p 2026/02/10 22:21:08 Decoded script /tekton/scripts/script-1-nsrv5 2026/02/10 22:21:08 Decoded script /tekton/scripts/script-2-qgwfx pod: konflux-demo-component-tfry-on-push-vj8dh-build-image-index-pod | container step-build: [2026-02-10T22:21:11,545301116+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 2decf2eb575e283d8bb826bdba1131613f1b672f0aeab25837c78e44cdc4396f Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90. pod: konflux-demo-component-tfry-on-push-vj8dh-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-vj8dh-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:21:13,762692968+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | init container: place-scripts 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-0-q2xtj 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-1-psmwr 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-2-5ns95 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-3-f7t8x pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90. pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:21:24Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"}] 2026-02-10T22:21:24Z INF libvuln initialized component=libvuln/New 2026-02-10T22:21:25Z INF registered configured scanners component=libindex/New 2026-02-10T22:21:25Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:21:25Z INF index request start component=libindex/Libindex.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 2026-02-10T22:21:25Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 2026-02-10T22:21:25Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=CheckManifest 2026-02-10T22:21:25Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=FetchLayers 2026-02-10T22:21:28Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=FetchLayers 2026-02-10T22:21:28Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=FetchLayers 2026-02-10T22:21:28Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=ScanLayers 2026-02-10T22:21:28Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:21:28Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:21:29Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=ScanLayers 2026-02-10T22:21:29Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=IndexManifest 2026-02-10T22:21:29Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=IndexFinished 2026-02-10T22:21:29Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 state=IndexFinished 2026-02-10T22:21:29Z INF index request done component=libindex/Libindex.Index manifest=sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 { "manifest_hash": "sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba": { "id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0": { "id": "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "6f7b5024-4cbd-44e2-b63e-ff0c3093f949": { "id": "6f7b5024-4cbd-44e2-b63e-ff0c3093f949", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "7e36860b-6e77-482e-b64d-d631bd9410c4": { "id": "7e36860b-6e77-482e-b64d-d631bd9410c4", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6": { "id": "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "effd4da5-99c8-4268-b194-d268b5c8400a": { "id": "effd4da5-99c8-4268-b194-d268b5c8400a", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "ffa28c40-3317-4613-b2bf-0147d9dda730": { "id": "ffa28c40-3317-4613-b2bf-0147d9dda730", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:4616420bd29612f49eab88617576453f32cadf554ea13b45ecc6e70eca1f6b87", "distribution_id": "", "repository_ids": [ "ffa28c40-3317-4613-b2bf-0147d9dda730" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:4616420bd29612f49eab88617576453f32cadf554ea13b45ecc6e70eca1f6b87", "distribution_id": "", "repository_ids": [ "ffa28c40-3317-4613-b2bf-0147d9dda730" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "effd4da5-99c8-4268-b194-d268b5c8400a", "effd4da5-99c8-4268-b194-d268b5c8400a" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:4616420bd29612f49eab88617576453f32cadf554ea13b45ecc6e70eca1f6b87", "distribution_id": "", "repository_ids": [ "ffa28c40-3317-4613-b2bf-0147d9dda730" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "effd4da5-99c8-4268-b194-d268b5c8400a", "effd4da5-99c8-4268-b194-d268b5c8400a" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:4616420bd29612f49eab88617576453f32cadf554ea13b45ecc6e70eca1f6b87", "distribution_id": "", "repository_ids": [ "ffa28c40-3317-4613-b2bf-0147d9dda730" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "dc6ce7d8-8f42-42dd-9ba3-e39b4d57eae6", "6f7b5024-4cbd-44e2-b63e-ff0c3093f949" ] } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "8dfd2c1d-5eed-4ad9-975b-e9da6d00a8ba", "repository_ids": [ "7e36860b-6e77-482e-b64d-d631bd9410c4", "0e7a48a6-cebe-4db3-adf7-d74e3e3a48c0" ] } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-vj8dh-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), libzstd-1.4.4-1.el8 (CVE-2022-4899), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), tar-2:1.30-11.el8_10 (CVE-2025-45582), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), expat-2.5.0-1.el8_10 (CVE-2024-28757), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), file-libs-5.33-27.el8_10 (CVE-2019-8905), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), libzstd-1.4.4-1.el8 (CVE-2021-24032), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), gawk-4.2.1-4.el8 (CVE-2023-4156), pcre2-10.32-3.el8_6 (CVE-2022-41409), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), file-libs-5.33-27.el8_10 (CVE-2019-8906), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c", "digests": ["sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:21:43+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-vj8dh-clamav-scan-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-clamav-scan-pod | init container: place-scripts 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-0-rdzl5 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-1-z4vgp pod: konflux-demo-component-tfry-on-push-vj8dh-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 17.823 sec (0 m 17 s) Start Date: 2026:02:10 22:21:35 End Date: 2026:02:10 22:21:53 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770762113","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762113","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762113","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c", "digests": ["sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90"]}} pod: konflux-demo-component-tfry-on-push-vj8dh-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading d9ce90034ff1 clamscan-result-amd64.log Uploading 2241fc25697e clamscan-ec-test-amd64.json Uploaded 2241fc25697e clamscan-ec-test-amd64.json Uploaded d9ce90034ff1 clamscan-result-amd64.log Uploading 745705c8782c application/vnd.oci.image.manifest.v1+json Uploaded 745705c8782c application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 Digest: sha256:745705c8782c8b1073540c95a42933cd0192daa3ed14839661f999dd060629d1 pod: konflux-demo-component-tfry-on-push-vj8dh-clone-repository-pod | init container: prepare 2026/02/10 22:19:22 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-clone-repository-pod | init container: place-scripts 2026/02/10 22:19:22 Decoded script /tekton/scripts/script-0-nr9zd 2026/02/10 22:19:22 Decoded script /tekton/scripts/script-1-mrgt2 pod: konflux-demo-component-tfry-on-push-vj8dh-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770761966.9094813,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761967.1056817,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ 77169bc89c21f13d10579dae80d1ac4578ad720c (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770761967.105733,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770761967.1292427,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision 77169bc89c21f13d10579dae80d1ac4578ad720c directly. pod: konflux-demo-component-tfry-on-push-vj8dh-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-vj8dh-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.x4KHJf/auth-2bJFFm.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c.git SOURCE_ARTIFACT Uploading 22e1f76479c6 SOURCE_ARTIFACT Uploaded 22e1f76479c6 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:62e1f590321bd070e5edc12177be5025f8c11ce7fe275272fd83dc8f0ce19982 Artifacts created pod: konflux-demo-component-tfry-on-push-vj8dh-init-pod | init container: prepare 2026/02/10 22:19:14 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-init-pod | init container: place-scripts 2026/02/10 22:19:14 Decoded script /tekton/scripts/script-0-5d6jn pod: konflux-demo-component-tfry-on-push-vj8dh-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-vj8dh-push-dockerfile-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-1-7t827 pod: konflux-demo-component-tfry-on-push-vj8dh-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.37BDCZ/auth-2AT7xj.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 to /var/workdir/source pod: konflux-demo-component-tfry-on-push-vj8dh-push-dockerfile-pod | container step-push: [2026-02-10T22:21:22,782793897+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.39qVFuEpnF --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-vj8dh-sast-shell-check-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-1-tr947 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-2-tvf8q pod: konflux-demo-component-tfry-on-push-vj8dh-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.8SAEjD/auth-tDwsy0.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vj8dh-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-124.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-84.json ./shellcheck-results/sc-86.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:21:24+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-vj8dh-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading d4f178dc5bbd application/vnd.oci.image.manifest.v1+json Uploaded d4f178dc5bbd application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 Digest: sha256:d4f178dc5bbd72330c7207052efac15edf22ab44e1f49990c2e373f1e4237524 No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-vj8dh-sast-snyk-check-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vj8dh-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-1-g29fk 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-2-zqkxn pod: konflux-demo-component-tfry-on-push-vj8dh-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.MUr9UY/auth-5MfzFX.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vj8dh-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:21:22+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-vj8dh-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | init container: place-scripts 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-0-wlzcr 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-1-v9nwl 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-2-g52ws 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-3-v54bj 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-4-6swxs 2026/02/10 22:21:17 Decoded script /tekton/scripts/script-5-b7mgm pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-set-skip-for-bundles: 2026/02/10 22:21:21 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-app-check: time="2026-02-10T22:21:22Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:21:22Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c for platform amd64" time="2026-02-10T22:21:22Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c" time="2026-02-10T22:21:30Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:21:30Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:21:30Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:21:30Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:21:30Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:21:30Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:21:30Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:21:39Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:21:39Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:21:39Z" level=info msg="This image's tag 77169bc89c21f13d10579dae80d1ac4578ad720c will be paired with digest sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 34, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8424, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 164, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:21:39Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770762100","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c pod: konflux-demo-component-tfry62bc95a5aede6f5e12fdf05f3de0dd8c-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770762100","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | init container: prepare 2026/02/10 22:19:31 Entrypoint initialization pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | init container: place-scripts 2026/02/10 22:19:31 Decoded script /tekton/scripts/script-0-txqz8 2026/02/10 22:19:31 Decoded script /tekton/scripts/script-2-bffn9 2026/02/10 22:19:31 Decoded script /tekton/scripts/script-3-b8hvq pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | container step-skip-ta: pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfry6624b8a94599b55eec99c752337f8ed3-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfry8ee9ae1e97f9e3c81829607fe03d962c-pod | init container: prepare 2026/02/10 22:21:17 Entrypoint initialization pod: konflux-demo-component-tfry8ee9ae1e97f9e3c81829607fe03d962c-pod | init container: place-scripts 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-1-kcbtt 2026/02/10 22:21:18 Decoded script /tekton/scripts/script-2-vskbl pod: konflux-demo-component-tfry8ee9ae1e97f9e3c81829607fe03d962c-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.vAhPua/auth-NZo6Zi.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:22e1f76479c6e181f0c941e296294d9300229af4ba36b6ffbb822e4f6429e276 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry8ee9ae1e97f9e3c81829607fe03d962c-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:21:24+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:21:24+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry8ee9ae1e97f9e3c81829607fe03d962c-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 818a02e77952 application/vnd.oci.image.manifest.v1+json Uploaded 818a02e77952 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:77169bc89c21f13d10579dae80d1ac4578ad720c@sha256:8e441169777553711c745f5c113e5cc05c977147e7c387d6e65fcb5055773b90 Digest: sha256:818a02e77952b7da028ecf9b83ba06571018fa9726810caa6842a462bffae0d6 No excluded-findings.json exists. Skipping upload. PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Running PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-vnm54 reason: Failed attempt 5/6: PipelineRun "konflux-demo-component-tfry-on-push-vnm54" failed: pod: konflux-demo-component-tfry-on-push-vnm54-apply-tags-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:24:25Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d" time="2026-02-10T22:24:25Z" level=info msg="[param] Image digest: sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c" time="2026-02-10T22:24:25Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:24:26Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | init container: prepare 2026/02/10 22:22:42 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | init container: place-scripts 2026/02/10 22:22:43 Decoded script /tekton/scripts/script-1-bl2zp 2026/02/10 22:22:43 Decoded script /tekton/scripts/script-2-5q8zl 2026/02/10 22:22:43 Decoded script /tekton/scripts/script-3-tzs86 2026/02/10 22:22:43 Decoded script /tekton/scripts/script-4-vck7t 2026/02/10 22:22:43 Decoded script /tekton/scripts/script-5-nvcvb pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.ZxJwcu/auth-1JLVS7.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-build: [2026-02-10T22:22:48,206761570+00:00] Validate context path [2026-02-10T22:22:48,209961380+00:00] Update CA trust [2026-02-10T22:22:48,211002716+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:22:50,142906974+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:22:50,148576471+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:22:50,275322260+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:22:55,281589771+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:22:50Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:22:50Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:22:55,325374473+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:22:55,328702532+00:00] Add secrets [2026-02-10T22:22:55,335793467+00:00] Run buildah build [2026-02-10T22:22:55,336852453+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d --label org.opencontainers.image.revision=a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:22:50Z --label org.opencontainers.image.created=2026-02-10T22:22:50Z --annotation org.opencontainers.image.revision=a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:22:50Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.VAE4U3 -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 549 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 227 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 165 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 321 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 151 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 300 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 119 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 320 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 165 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 120 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 466 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 233 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 41/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 614 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 508 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 130 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 144 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 652 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 427 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.0 kB Progress (3): 3.6 kB | 2.0 kB | 2.3/7.1 kB Progress (3): 3.6 kB | 2.0 kB | 5.0/7.1 kB Progress (3): 3.6 kB | 2.0 kB | 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 27 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 48 kB/s) Progress (2): 7.1 kB | 2.3/3.6 kB Progress (2): 7.1 kB | 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 76 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 31 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 153 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 250 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (2): 7.8/226 kB | 2.3/13 kB Progress (2): 11/226 kB | 2.3/13 kB Progress (2): 11/226 kB | 5.0/13 kB Progress (2): 13/226 kB | 5.0/13 kB Progress (2): 13/226 kB | 7.8/13 kB Progress (2): 16/226 kB | 7.8/13 kB Progress (2): 16/226 kB | 12/13 kB Progress (2): 19/226 kB | 12/13 kB Progress (2): 19/226 kB | 13 kB Progress (2): 21/226 kB | 13 kB Progress (2): 24/226 kB | 13 kB Progress (2): 27/226 kB | 13 kB Progress (2): 30/226 kB | 13 kB Progress (2): 33/226 kB | 13 kB Progress (2): 36/226 kB | 13 kB Progress (2): 38/226 kB | 13 kB Progress (2): 41/226 kB | 13 kB Progress (2): 44/226 kB | 13 kB Progress (2): 48/226 kB | 13 kB Progress (2): 52/226 kB | 13 kB Progress (2): 56/226 kB | 13 kB Progress (2): 60/226 kB | 13 kB Progress (2): 64/226 kB | 13 kB Progress (2): 68/226 kB | 13 kB Progress (2): 72/226 kB | 13 kB Progress (2): 77/226 kB | 13 kB Progress (2): 81/226 kB | 13 kB Progress (2): 85/226 kB | 13 kB Progress (2): 89/226 kB | 13 kB Progress (2): 93/226 kB | 13 kB Progress (2): 97/226 kB | 13 kB Progress (2): 101/226 kB | 13 kB Progress (2): 105/226 kB | 13 kB Progress (2): 109/226 kB | 13 kB Progress (2): 111/226 kB | 13 kB Progress (2): 116/226 kB | 13 kB Progress (2): 120/226 kB | 13 kB Progress (2): 124/226 kB | 13 kB Progress (2): 128/226 kB | 13 kB Progress (2): 131/226 kB | 13 kB Progress (2): 135/226 kB | 13 kB Progress (2): 139/226 kB | 13 kB Progress (2): 143/226 kB | 13 kB Progress (2): 147/226 kB | 13 kB Progress (2): 152/226 kB | 13 kB Progress (2): 156/226 kB | 13 kB Progress (2): 160/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 193/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 199/226 kB | 13 kB Progress (2): 203/226 kB | 13 kB Progress (2): 207/226 kB | 13 kB Progress (2): 211/226 kB | 13 kB Progress (2): 215/226 kB | 13 kB Progress (2): 219/226 kB | 13 kB Progress (2): 223/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 207 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 3.6 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 8.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 143 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 9.2 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 79 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 69 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 294 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 232 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 168 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.7/57 kB Progress (1): 5.5/57 kB Progress (1): 8.2/57 kB Progress (1): 11/57 kB Progress (1): 14/57 kB Progress (1): 16/57 kB Progress (1): 19/57 kB Progress (1): 22/57 kB Progress (1): 25/57 kB Progress (1): 27/57 kB Progress (1): 30/57 kB Progress (1): 33/57 kB Progress (1): 36/57 kB Progress (1): 38/57 kB Progress (1): 41/57 kB Progress (1): 44/57 kB Progress (1): 47/57 kB Progress (1): 49/57 kB Progress (1): 53/57 kB Progress (1): 57 kB Progress (2): 57 kB | 4.1/116 kB Progress (2): 57 kB | 7.7/116 kB Progress (2): 57 kB | 12/116 kB Progress (2): 57 kB | 16/116 kB Progress (2): 57 kB | 20/116 kB Progress (2): 57 kB | 24/116 kB Progress (2): 57 kB | 28/116 kB Progress (2): 57 kB | 32/116 kB Progress (2): 57 kB | 36/116 kB Progress (2): 57 kB | 41/116 kB Progress (2): 57 kB | 45/116 kB Progress (2): 57 kB | 49/116 kB Progress (2): 57 kB | 53/116 kB Progress (2): 57 kB | 57/116 kB Progress (2): 57 kB | 61/116 kB Progress (2): 57 kB | 65/116 kB Progress (2): 57 kB | 69/116 kB Progress (2): 57 kB | 73/116 kB Progress (2): 57 kB | 77/116 kB Progress (2): 57 kB | 81/116 kB Progress (2): 57 kB | 86/116 kB Progress (2): 57 kB | 90/116 kB Progress (2): 57 kB | 94/116 kB Progress (2): 57 kB | 98/116 kB Progress (2): 57 kB | 102/116 kB Progress (2): 57 kB | 106/116 kB Progress (2): 57 kB | 110/116 kB Progress (2): 57 kB | 114/116 kB Progress (2): 57 kB | 116 kB Progress (3): 57 kB | 116 kB | 4.1/29 kB Progress (3): 57 kB | 116 kB | 7.7/29 kB Progress (3): 57 kB | 116 kB | 12/29 kB Progress (3): 57 kB | 116 kB | 16/29 kB Progress (3): 57 kB | 116 kB | 20/29 kB Progress (3): 57 kB | 116 kB | 24/29 kB Progress (3): 57 kB | 116 kB | 28/29 kB Progress (3): 57 kB | 116 kB | 29 kB Progress (4): 57 kB | 116 kB | 29 kB | 3.8/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 7.9/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 12/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 16/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 20/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 24/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 28/35 kB Progress (4): 57 kB | 116 kB | 29 kB | 32/35 kB Progress (5): 57 kB | 116 kB | 29 kB | 32/35 kB | 2.3/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 2.3/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 5.0/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 7.8/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 11/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 13/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 16/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 18/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 21/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 24/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 27/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 29/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 32/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 35/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 38/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 40/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 43/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 46/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 49/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 51/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 54/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 58/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 62/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 66/152 kB Progress (5): 57 kB | 116 kB | 29 kB | 35 kB | 70/152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 1.4 MB/s) Progress (4): 116 kB | 29 kB | 35 kB | 74/152 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Progress (4): 116 kB | 29 kB | 35 kB | 79/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 81/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 85/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 89/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 93/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 97/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 101/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 105/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 109/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 114/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 118/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 122/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 126/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 130/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 134/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 138/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 142/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 146/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 150/152 kB Progress (4): 116 kB | 29 kB | 35 kB | 152 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Progress (4): 29 kB | 35 kB | 152 kB | 3.8/21 kB Progress (4): 29 kB | 35 kB | 152 kB | 7.9/21 kB Progress (4): 29 kB | 35 kB | 152 kB | 12/21 kB Progress (4): 29 kB | 35 kB | 152 kB | 16/21 kB Progress (4): 29 kB | 35 kB | 152 kB | 20/21 kB Progress (4): 29 kB | 35 kB | 152 kB | 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 526 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (3): 29 kB | 21 kB | 4.1/9.9 kB Progress (3): 29 kB | 21 kB | 7.7/9.9 kB Progress (3): 29 kB | 21 kB | 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 391 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (2): 9.9 kB | 3.4/5.9 kB Progress (2): 9.9 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Progress (2): 5.9 kB | 3.8/24 kB Progress (2): 5.9 kB | 7.9/24 kB Progress (2): 5.9 kB | 12/24 kB Progress (2): 5.9 kB | 16/24 kB Progress (2): 5.9 kB | 20/24 kB Progress (2): 5.9 kB | 24/24 kB Progress (2): 5.9 kB | 24 kB Progress (3): 5.9 kB | 24 kB | 3.8/30 kB Progress (3): 5.9 kB | 24 kB | 7.9/30 kB Progress (3): 5.9 kB | 24 kB | 12/30 kB Progress (3): 5.9 kB | 24 kB | 16/30 kB Progress (3): 5.9 kB | 24 kB | 20/30 kB Progress (3): 5.9 kB | 24 kB | 24/30 kB Progress (3): 5.9 kB | 24 kB | 28/30 kB Progress (3): 5.9 kB | 24 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 58 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Progress (3): 24 kB | 30 kB | 4.1/14 kB Progress (3): 24 kB | 30 kB | 7.7/14 kB Progress (3): 24 kB | 30 kB | 12/14 kB Progress (3): 24 kB | 30 kB | 14 kB Progress (4): 24 kB | 30 kB | 14 kB | 4.1/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 7.7/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 12/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 16/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 20/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 24/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 28/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 32/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 36/37 kB Progress (4): 24 kB | 30 kB | 14 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 247 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (4): 24 kB | 14 kB | 37 kB | 3.8/13 kB Progress (4): 24 kB | 14 kB | 37 kB | 7.9/13 kB Progress (4): 24 kB | 14 kB | 37 kB | 12/13 kB Progress (4): 24 kB | 14 kB | 37 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 277 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 184 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (2): 13 kB | 3.8/38 kB Progress (2): 13 kB | 7.9/38 kB Progress (2): 13 kB | 12/38 kB Progress (2): 13 kB | 16/38 kB Progress (2): 13 kB | 20/38 kB Progress (2): 13 kB | 24/38 kB Progress (2): 13 kB | 28/38 kB Progress (2): 13 kB | 32/38 kB Progress (2): 13 kB | 37/38 kB Progress (2): 13 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Progress (2): 38 kB | 4.1/49 kB Progress (2): 38 kB | 7.7/49 kB Progress (2): 38 kB | 12/49 kB Progress (2): 38 kB | 16/49 kB Progress (2): 38 kB | 20/49 kB Progress (2): 38 kB | 24/49 kB Progress (2): 38 kB | 28/49 kB Progress (2): 38 kB | 32/49 kB Progress (2): 38 kB | 36/49 kB Progress (2): 38 kB | 41/49 kB Progress (2): 38 kB | 45/49 kB Progress (2): 38 kB | 49/49 kB Progress (2): 38 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 231 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (2): 49 kB | 4.1/86 kB Progress (2): 49 kB | 7.7/86 kB Progress (2): 49 kB | 12/86 kB Progress (2): 49 kB | 16/86 kB Progress (2): 49 kB | 20/86 kB Progress (2): 49 kB | 24/86 kB Progress (2): 49 kB | 28/86 kB Progress (2): 49 kB | 32/86 kB Progress (2): 49 kB | 36/86 kB Progress (2): 49 kB | 40/86 kB Progress (2): 49 kB | 44/86 kB Progress (2): 49 kB | 48/86 kB Progress (2): 49 kB | 53/86 kB Progress (2): 49 kB | 57/86 kB Progress (2): 49 kB | 61/86 kB Progress (2): 49 kB | 65/86 kB Progress (2): 49 kB | 69/86 kB Progress (2): 49 kB | 73/86 kB Progress (2): 49 kB | 77/86 kB Progress (2): 49 kB | 81/86 kB Progress (2): 49 kB | 85/86 kB Progress (2): 49 kB | 86 kB Progress (3): 49 kB | 86 kB | 3.8/10 kB Progress (3): 49 kB | 86 kB | 7.9/10 kB Progress (3): 49 kB | 86 kB | 10 kB Progress (4): 49 kB | 86 kB | 10 kB | 3.8/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 7.9/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 12/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 16/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 20/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 24/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 28/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 32/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 36/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 40/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 44/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 48/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 53/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 57/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 61/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 65/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 69/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 73/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 77/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 81/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 85/87 kB Progress (4): 49 kB | 86 kB | 10 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (4): 86 kB | 10 kB | 87 kB | 3.8/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 7.9/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 12/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 16/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 20/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 24/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 28/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 32/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 37/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 41/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 45/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 49/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 53/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 57/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 61/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 65/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 69/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 73/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 78/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 82/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 86/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 90/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 94/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 98/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 102/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 106/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 110/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 114/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 118/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 123/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 127/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 131/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 135/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 139/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 143/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 147/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 151/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 155/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 159/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 164/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 168/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 172/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 176/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 180/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 184/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 188/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 192/194 kB Progress (4): 86 kB | 10 kB | 87 kB | 194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 432 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (3): 87 kB | 194 kB | 4.1/121 kB Progress (3): 87 kB | 194 kB | 7.7/121 kB Progress (3): 87 kB | 194 kB | 12/121 kB Progress (3): 87 kB | 194 kB | 16/121 kB Progress (3): 87 kB | 194 kB | 20/121 kB Progress (3): 87 kB | 194 kB | 24/121 kB Progress (3): 87 kB | 194 kB | 28/121 kB Progress (3): 87 kB | 194 kB | 32/121 kB Progress (3): 87 kB | 194 kB | 36/121 kB Progress (3): 87 kB | 194 kB | 41/121 kB Progress (3): 87 kB | 194 kB | 45/121 kB Progress (3): 87 kB | 194 kB | 49/121 kB Progress (3): 87 kB | 194 kB | 53/121 kB Progress (3): 87 kB | 194 kB | 57/121 kB Progress (3): 87 kB | 194 kB | 61/121 kB Progress (3): 87 kB | 194 kB | 65/121 kB Progress (3): 87 kB | 194 kB | 69/121 kB Progress (3): 87 kB | 194 kB | 73/121 kB Progress (3): 87 kB | 194 kB | 77/121 kB Progress (3): 87 kB | 194 kB | 81/121 kB Progress (3): 87 kB | 194 kB | 86/121 kB Progress (3): 87 kB | 194 kB | 90/121 kB Progress (3): 87 kB | 194 kB | 94/121 kB Progress (3): 87 kB | 194 kB | 98/121 kB Progress (3): 87 kB | 194 kB | 102/121 kB Progress (3): 87 kB | 194 kB | 106/121 kB Progress (3): 87 kB | 194 kB | 110/121 kB Progress (3): 87 kB | 194 kB | 114/121 kB Progress (3): 87 kB | 194 kB | 118/121 kB Progress (3): 87 kB | 194 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 920 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 410 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Progress (2): 121 kB | 3.8/223 kB Progress (2): 121 kB | 7.9/223 kB Progress (2): 121 kB | 12/223 kB Progress (2): 121 kB | 16/223 kB Progress (2): 121 kB | 20/223 kB Progress (2): 121 kB | 24/223 kB Progress (2): 121 kB | 28/223 kB Progress (2): 121 kB | 32/223 kB Progress (2): 121 kB | 37/223 kB Progress (2): 121 kB | 41/223 kB Progress (2): 121 kB | 45/223 kB Progress (2): 121 kB | 49/223 kB Progress (2): 121 kB | 53/223 kB Progress (2): 121 kB | 57/223 kB Progress (2): 121 kB | 61/223 kB Progress (2): 121 kB | 65/223 kB Progress (2): 121 kB | 69/223 kB Progress (2): 121 kB | 73/223 kB Progress (2): 121 kB | 78/223 kB Progress (2): 121 kB | 82/223 kB Progress (2): 121 kB | 86/223 kB Progress (2): 121 kB | 90/223 kB Progress (2): 121 kB | 94/223 kB Progress (2): 121 kB | 98/223 kB Progress (2): 121 kB | 102/223 kB Progress (2): 121 kB | 106/223 kB Progress (2): 121 kB | 110/223 kB Progress (2): 121 kB | 114/223 kB Progress (2): 121 kB | 118/223 kB Progress (2): 121 kB | 123/223 kB Progress (2): 121 kB | 127/223 kB Progress (2): 121 kB | 131/223 kB Progress (2): 121 kB | 135/223 kB Progress (2): 121 kB | 139/223 kB Progress (2): 121 kB | 143/223 kB Progress (2): 121 kB | 147/223 kB Progress (2): 121 kB | 151/223 kB Progress (2): 121 kB | 155/223 kB Progress (2): 121 kB | 159/223 kB Progress (2): 121 kB | 164/223 kB Progress (2): 121 kB | 168/223 kB Progress (2): 121 kB | 172/223 kB Progress (2): 121 kB | 176/223 kB Progress (2): 121 kB | 180/223 kB Progress (2): 121 kB | 184/223 kB Progress (2): 121 kB | 188/223 kB Progress (2): 121 kB | 192/223 kB Progress (2): 121 kB | 196/223 kB Progress (2): 121 kB | 200/223 kB Progress (2): 121 kB | 204/223 kB Progress (2): 121 kB | 209/223 kB Progress (2): 121 kB | 213/223 kB Progress (2): 121 kB | 217/223 kB Progress (2): 121 kB | 221/223 kB Progress (2): 121 kB | 223 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 529 kB/s) Progress (2): 223 kB | 4.1/43 kB Progress (2): 223 kB | 7.7/43 kB Progress (2): 223 kB | 12/43 kB Progress (2): 223 kB | 16/43 kB Progress (2): 223 kB | 20/43 kB Progress (2): 223 kB | 24/43 kB Progress (2): 223 kB | 28/43 kB Progress (2): 223 kB | 32/43 kB Progress (2): 223 kB | 36/43 kB Progress (2): 223 kB | 41/43 kB Progress (2): 223 kB | 43 kB Progress (3): 223 kB | 43 kB | 4.1/6.8 kB Progress (3): 223 kB | 43 kB | 6.8 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 4.1/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 7.7/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 12/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 16/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 20/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 24/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 28/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 32/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 36/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 41/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 45/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 49/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 53/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 57/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61/61 kB Progress (4): 223 kB | 43 kB | 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 896 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 26 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 161 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 220 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 350 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 124 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 7.0 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 393 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 559 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 28 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 131 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 258 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 365 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 266 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 318 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 14 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 29 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 659 B/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 9.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/211 kB Progress (1): 7.7/211 kB Progress (1): 12/211 kB Progress (1): 16/211 kB Progress (1): 20/211 kB Progress (1): 24/211 kB Progress (1): 28/211 kB Progress (1): 32/211 kB Progress (1): 36/211 kB Progress (1): 40/211 kB Progress (1): 44/211 kB Progress (1): 48/211 kB Progress (1): 53/211 kB Progress (1): 57/211 kB Progress (1): 61/211 kB Progress (1): 65/211 kB Progress (1): 69/211 kB Progress (1): 73/211 kB Progress (1): 77/211 kB Progress (1): 81/211 kB Progress (1): 85/211 kB Progress (1): 89/211 kB Progress (1): 94/211 kB Progress (1): 98/211 kB Progress (1): 102/211 kB Progress (1): 106/211 kB Progress (1): 110/211 kB Progress (1): 114/211 kB Progress (1): 118/211 kB Progress (1): 122/211 kB Progress (1): 126/211 kB Progress (1): 130/211 kB Progress (1): 134/211 kB Progress (1): 139/211 kB Progress (1): 143/211 kB Progress (1): 147/211 kB Progress (1): 151/211 kB Progress (1): 155/211 kB Progress (1): 159/211 kB Progress (1): 163/211 kB Progress (1): 167/211 kB Progress (1): 171/211 kB Progress (1): 175/211 kB Progress (1): 180/211 kB Progress (1): 184/211 kB Progress (1): 188/211 kB Progress (1): 192/211 kB Progress (1): 196/211 kB Progress (1): 200/211 kB Progress (1): 204/211 kB Progress (2): 204/211 kB | 4.1/160 kB Progress (2): 208/211 kB | 4.1/160 kB Progress (2): 208/211 kB | 7.7/160 kB Progress (2): 211 kB | 7.7/160 kB Progress (2): 211 kB | 12/160 kB Progress (2): 211 kB | 16/160 kB Progress (2): 211 kB | 20/160 kB Progress (2): 211 kB | 24/160 kB Progress (2): 211 kB | 28/160 kB Progress (2): 211 kB | 32/160 kB Progress (2): 211 kB | 36/160 kB Progress (2): 211 kB | 41/160 kB Progress (2): 211 kB | 45/160 kB Progress (2): 211 kB | 49/160 kB Progress (2): 211 kB | 53/160 kB Progress (2): 211 kB | 57/160 kB Progress (2): 211 kB | 61/160 kB Progress (2): 211 kB | 65/160 kB Progress (2): 211 kB | 69/160 kB Progress (2): 211 kB | 73/160 kB Progress (2): 211 kB | 77/160 kB Progress (2): 211 kB | 81/160 kB Progress (2): 211 kB | 86/160 kB Progress (2): 211 kB | 90/160 kB Progress (2): 211 kB | 94/160 kB Progress (2): 211 kB | 98/160 kB Progress (2): 211 kB | 102/160 kB Progress (2): 211 kB | 106/160 kB Progress (2): 211 kB | 110/160 kB Progress (2): 211 kB | 114/160 kB Progress (2): 211 kB | 118/160 kB Progress (2): 211 kB | 122/160 kB Progress (2): 211 kB | 127/160 kB Progress (2): 211 kB | 131/160 kB Progress (2): 211 kB | 135/160 kB Progress (2): 211 kB | 139/160 kB Progress (2): 211 kB | 143/160 kB Progress (2): 211 kB | 147/160 kB Progress (2): 211 kB | 151/160 kB Progress (2): 211 kB | 155/160 kB Progress (2): 211 kB | 159/160 kB Progress (2): 211 kB | 160 kB Progress (3): 211 kB | 160 kB | 3.4/13 kB Progress (3): 211 kB | 160 kB | 7.5/13 kB Progress (3): 211 kB | 160 kB | 12/13 kB Progress (3): 211 kB | 160 kB | 13 kB Progress (4): 211 kB | 160 kB | 13 kB | 4.1/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 7.7/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 12/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 16/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 20/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 24/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 28/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 32/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 36/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 41/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 45/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 49/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 53/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 57/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 61/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 65/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 69/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 73/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 77/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 81/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 86/89 kB Progress (4): 211 kB | 160 kB | 13 kB | 89 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 4.1/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 7.7/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 12/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 16/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 20/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 24/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 28/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 32/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 36/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 41/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 45/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 49/49 kB Progress (5): 211 kB | 160 kB | 13 kB | 89 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 4.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 832 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.5 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 205 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/35 kB Progress (1): 7.7/35 kB Progress (1): 12/35 kB Progress (1): 16/35 kB Progress (1): 20/35 kB Progress (1): 24/35 kB Progress (1): 28/35 kB Progress (1): 32/35 kB Progress (1): 35 kB Progress (2): 35 kB | 4.1/21 kB Progress (2): 35 kB | 7.7/21 kB Progress (2): 35 kB | 12/21 kB Progress (2): 35 kB | 16/21 kB Progress (2): 35 kB | 20/21 kB Progress (2): 35 kB | 21 kB Progress (3): 35 kB | 21 kB | 4.1/25 kB Progress (3): 35 kB | 21 kB | 7.7/25 kB Progress (3): 35 kB | 21 kB | 12/25 kB Progress (3): 35 kB | 21 kB | 16/25 kB Progress (3): 35 kB | 21 kB | 20/25 kB Progress (3): 35 kB | 21 kB | 24/25 kB Progress (3): 35 kB | 21 kB | 25 kB Progress (4): 35 kB | 21 kB | 25 kB | 4.1/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 7.7/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 12/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 16/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 20/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 24/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 28/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 32/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 36/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 41/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 45/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 49/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 53/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 57/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 61/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 65/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 69/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 73/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 77/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 81/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 86/87 kB Progress (4): 35 kB | 21 kB | 25 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 406 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (4): 21 kB | 25 kB | 87 kB | 4.1/14 kB Progress (4): 21 kB | 25 kB | 87 kB | 7.7/14 kB Progress (4): 21 kB | 25 kB | 87 kB | 12/14 kB Progress (4): 21 kB | 25 kB | 87 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 220 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 238 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (3): 87 kB | 14 kB | 4.1/122 kB Progress (3): 87 kB | 14 kB | 7.7/122 kB Progress (3): 87 kB | 14 kB | 12/122 kB Progress (3): 87 kB | 14 kB | 16/122 kB Progress (3): 87 kB | 14 kB | 20/122 kB Progress (3): 87 kB | 14 kB | 24/122 kB Progress (3): 87 kB | 14 kB | 28/122 kB Progress (3): 87 kB | 14 kB | 32/122 kB Progress (3): 87 kB | 14 kB | 36/122 kB Progress (3): 87 kB | 14 kB | 41/122 kB Progress (3): 87 kB | 14 kB | 45/122 kB Progress (3): 87 kB | 14 kB | 49/122 kB Progress (3): 87 kB | 14 kB | 53/122 kB Progress (3): 87 kB | 14 kB | 57/122 kB Progress (3): 87 kB | 14 kB | 61/122 kB Progress (3): 87 kB | 14 kB | 65/122 kB Progress (3): 87 kB | 14 kB | 69/122 kB Progress (3): 87 kB | 14 kB | 73/122 kB Progress (3): 87 kB | 14 kB | 77/122 kB Progress (3): 87 kB | 14 kB | 81/122 kB Progress (3): 87 kB | 14 kB | 86/122 kB Progress (3): 87 kB | 14 kB | 90/122 kB Progress (3): 87 kB | 14 kB | 94/122 kB Progress (3): 87 kB | 14 kB | 98/122 kB Progress (3): 87 kB | 14 kB | 102/122 kB Progress (3): 87 kB | 14 kB | 106/122 kB Progress (3): 87 kB | 14 kB | 110/122 kB Progress (3): 87 kB | 14 kB | 114/122 kB Progress (3): 87 kB | 14 kB | 118/122 kB Progress (3): 87 kB | 14 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 787 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Progress (2): 122 kB | 4.1/29 kB Progress (2): 122 kB | 7.7/29 kB Progress (2): 122 kB | 12/29 kB Progress (2): 122 kB | 16/29 kB Progress (2): 122 kB | 20/29 kB Progress (2): 122 kB | 24/29 kB Progress (2): 122 kB | 28/29 kB Progress (2): 122 kB | 29 kB Progress (3): 122 kB | 29 kB | 4.1/37 kB Progress (3): 122 kB | 29 kB | 7.7/37 kB Progress (3): 122 kB | 29 kB | 12/37 kB Progress (3): 122 kB | 29 kB | 16/37 kB Progress (3): 122 kB | 29 kB | 20/37 kB Progress (3): 122 kB | 29 kB | 24/37 kB Progress (3): 122 kB | 29 kB | 28/37 kB Progress (3): 122 kB | 29 kB | 32/37 kB Progress (3): 122 kB | 29 kB | 36/37 kB Progress (3): 122 kB | 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 937 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Progress (3): 29 kB | 37 kB | 4.1/58 kB Progress (3): 29 kB | 37 kB | 7.7/58 kB Progress (3): 29 kB | 37 kB | 12/58 kB Progress (3): 29 kB | 37 kB | 16/58 kB Progress (3): 29 kB | 37 kB | 20/58 kB Progress (3): 29 kB | 37 kB | 24/58 kB Progress (3): 29 kB | 37 kB | 28/58 kB Progress (3): 29 kB | 37 kB | 32/58 kB Progress (3): 29 kB | 37 kB | 36/58 kB Progress (3): 29 kB | 37 kB | 41/58 kB Progress (3): 29 kB | 37 kB | 45/58 kB Progress (3): 29 kB | 37 kB | 49/58 kB Progress (3): 29 kB | 37 kB | 53/58 kB Progress (3): 29 kB | 37 kB | 57/58 kB Progress (3): 29 kB | 37 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 252 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (3): 29 kB | 58 kB | 4.1/33 kB Progress (3): 29 kB | 58 kB | 7.7/33 kB Progress (3): 29 kB | 58 kB | 12/33 kB Progress (3): 29 kB | 58 kB | 16/33 kB Progress (3): 29 kB | 58 kB | 20/33 kB Progress (3): 29 kB | 58 kB | 24/33 kB Progress (3): 29 kB | 58 kB | 28/33 kB Progress (3): 29 kB | 58 kB | 32/33 kB Progress (3): 29 kB | 58 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 191 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 58 kB | 33 kB | 4.1/155 kB Progress (3): 58 kB | 33 kB | 7.7/155 kB Progress (3): 58 kB | 33 kB | 12/155 kB Progress (3): 58 kB | 33 kB | 16/155 kB Progress (3): 58 kB | 33 kB | 20/155 kB Progress (3): 58 kB | 33 kB | 24/155 kB Progress (3): 58 kB | 33 kB | 28/155 kB Progress (3): 58 kB | 33 kB | 32/155 kB Progress (3): 58 kB | 33 kB | 36/155 kB Progress (3): 58 kB | 33 kB | 41/155 kB Progress (3): 58 kB | 33 kB | 45/155 kB Progress (3): 58 kB | 33 kB | 49/155 kB Progress (3): 58 kB | 33 kB | 53/155 kB Progress (3): 58 kB | 33 kB | 57/155 kB Progress (3): 58 kB | 33 kB | 61/155 kB Progress (3): 58 kB | 33 kB | 65/155 kB Progress (3): 58 kB | 33 kB | 69/155 kB Progress (3): 58 kB | 33 kB | 73/155 kB Progress (3): 58 kB | 33 kB | 77/155 kB Progress (3): 58 kB | 33 kB | 81/155 kB Progress (3): 58 kB | 33 kB | 86/155 kB Progress (3): 58 kB | 33 kB | 90/155 kB Progress (3): 58 kB | 33 kB | 93/155 kB Progress (3): 58 kB | 33 kB | 98/155 kB Progress (3): 58 kB | 33 kB | 102/155 kB Progress (3): 58 kB | 33 kB | 106/155 kB Progress (3): 58 kB | 33 kB | 110/155 kB Progress (3): 58 kB | 33 kB | 114/155 kB Progress (3): 58 kB | 33 kB | 118/155 kB Progress (3): 58 kB | 33 kB | 122/155 kB Progress (3): 58 kB | 33 kB | 126/155 kB Progress (3): 58 kB | 33 kB | 130/155 kB Progress (3): 58 kB | 33 kB | 134/155 kB Progress (3): 58 kB | 33 kB | 139/155 kB Progress (3): 58 kB | 33 kB | 143/155 kB Progress (3): 58 kB | 33 kB | 147/155 kB Progress (3): 58 kB | 33 kB | 151/155 kB Progress (3): 58 kB | 33 kB | 155 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 340 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Progress (3): 33 kB | 155 kB | 4.1/10 kB Progress (3): 33 kB | 155 kB | 7.7/10 kB Progress (3): 33 kB | 155 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 192 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Progress (3): 155 kB | 10 kB | 4.1/32 kB Progress (3): 155 kB | 10 kB | 7.7/32 kB Progress (3): 155 kB | 10 kB | 12/32 kB Progress (3): 155 kB | 10 kB | 16/32 kB Progress (3): 155 kB | 10 kB | 20/32 kB Progress (3): 155 kB | 10 kB | 24/32 kB Progress (3): 155 kB | 10 kB | 28/32 kB Progress (3): 155 kB | 10 kB | 32 kB Progress (4): 155 kB | 10 kB | 32 kB | 4.1/4.2 kB Progress (4): 155 kB | 10 kB | 32 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 163 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (4): 155 kB | 10 kB | 4.2 kB | 4.1/14 kB Progress (4): 155 kB | 10 kB | 4.2 kB | 7.5/14 kB Progress (4): 155 kB | 10 kB | 4.2 kB | 12/14 kB Progress (4): 155 kB | 10 kB | 4.2 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 761 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Progress (2): 25 kB | 4.1/217 kB Progress (2): 25 kB | 7.7/217 kB Progress (2): 25 kB | 12/217 kB Progress (2): 25 kB | 16/217 kB Progress (2): 25 kB | 20/217 kB Progress (2): 25 kB | 24/217 kB Progress (2): 25 kB | 28/217 kB Progress (2): 25 kB | 32/217 kB Progress (2): 25 kB | 36/217 kB Progress (2): 25 kB | 41/217 kB Progress (2): 25 kB | 45/217 kB Progress (2): 25 kB | 49/217 kB Progress (2): 25 kB | 53/217 kB Progress (2): 25 kB | 57/217 kB Progress (2): 25 kB | 61/217 kB Progress (2): 25 kB | 65/217 kB Progress (2): 25 kB | 69/217 kB Progress (2): 25 kB | 73/217 kB Progress (2): 25 kB | 77/217 kB Progress (2): 25 kB | 81/217 kB Progress (2): 25 kB | 86/217 kB Progress (2): 25 kB | 90/217 kB Progress (2): 25 kB | 94/217 kB Progress (2): 25 kB | 98/217 kB Progress (2): 25 kB | 102/217 kB Progress (2): 25 kB | 106/217 kB Progress (2): 25 kB | 110/217 kB Progress (2): 25 kB | 114/217 kB Progress (2): 25 kB | 118/217 kB Progress (2): 25 kB | 122/217 kB Progress (2): 25 kB | 127/217 kB Progress (2): 25 kB | 131/217 kB Progress (2): 25 kB | 135/217 kB Progress (2): 25 kB | 139/217 kB Progress (2): 25 kB | 143/217 kB Progress (2): 25 kB | 147/217 kB Progress (2): 25 kB | 151/217 kB Progress (2): 25 kB | 155/217 kB Progress (2): 25 kB | 159/217 kB Progress (2): 25 kB | 163/217 kB Progress (2): 25 kB | 167/217 kB Progress (2): 25 kB | 172/217 kB Progress (2): 25 kB | 176/217 kB Progress (2): 25 kB | 180/217 kB Progress (2): 25 kB | 184/217 kB Progress (2): 25 kB | 188/217 kB Progress (2): 25 kB | 192/217 kB Progress (2): 25 kB | 196/217 kB Progress (2): 25 kB | 200/217 kB Progress (2): 25 kB | 204/217 kB Progress (2): 25 kB | 208/217 kB Progress (2): 25 kB | 213/217 kB Progress (2): 25 kB | 217/217 kB Progress (2): 25 kB | 217 kB Progress (3): 25 kB | 217 kB | 4.1/19 kB Progress (3): 25 kB | 217 kB | 7.7/19 kB Progress (3): 25 kB | 217 kB | 12/19 kB Progress (3): 25 kB | 217 kB | 16/19 kB Progress (3): 25 kB | 217 kB | 19 kB Progress (4): 25 kB | 217 kB | 19 kB | 4.1/4.6 kB Progress (4): 25 kB | 217 kB | 19 kB | 4.6 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 4.1/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 7.7/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 12/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 16/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 20/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 24/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 28/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 32/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 36/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 41/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 45/46 kB Progress (5): 25 kB | 217 kB | 19 kB | 4.6 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 874 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 175 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (1): 4.1/134 kB Progress (1): 7.7/134 kB Progress (1): 12/134 kB Progress (1): 16/134 kB Progress (1): 20/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 81/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 94/134 kB Progress (1): 98/134 kB Progress (1): 102/134 kB Progress (1): 106/134 kB Progress (1): 110/134 kB Progress (1): 114/134 kB Progress (1): 118/134 kB Progress (1): 122/134 kB Progress (1): 127/134 kB Progress (1): 131/134 kB Progress (1): 134 kB Progress (2): 134 kB | 4.1/358 kB Progress (2): 134 kB | 7.7/358 kB Progress (2): 134 kB | 12/358 kB Progress (2): 134 kB | 16/358 kB Progress (2): 134 kB | 20/358 kB Progress (2): 134 kB | 24/358 kB Progress (2): 134 kB | 28/358 kB Progress (2): 134 kB | 32/358 kB Progress (2): 134 kB | 36/358 kB Progress (2): 134 kB | 41/358 kB Progress (2): 134 kB | 45/358 kB Progress (2): 134 kB | 49/358 kB Progress (2): 134 kB | 53/358 kB Progress (2): 134 kB | 57/358 kB Progress (2): 134 kB | 61/358 kB Progress (2): 134 kB | 65/358 kB Progress (2): 134 kB | 69/358 kB Progress (2): 134 kB | 73/358 kB Progress (2): 134 kB | 77/358 kB Progress (2): 134 kB | 81/358 kB Progress (2): 134 kB | 86/358 kB Progress (2): 134 kB | 90/358 kB Progress (2): 134 kB | 94/358 kB Progress (2): 134 kB | 98/358 kB Progress (2): 134 kB | 102/358 kB Progress (2): 134 kB | 106/358 kB Progress (2): 134 kB | 110/358 kB Progress (2): 134 kB | 114/358 kB Progress (2): 134 kB | 118/358 kB Progress (2): 134 kB | 122/358 kB Progress (2): 134 kB | 127/358 kB Progress (2): 134 kB | 131/358 kB Progress (2): 134 kB | 135/358 kB Progress (2): 134 kB | 139/358 kB Progress (2): 134 kB | 143/358 kB Progress (2): 134 kB | 147/358 kB Progress (2): 134 kB | 151/358 kB Progress (2): 134 kB | 155/358 kB Progress (2): 134 kB | 159/358 kB Progress (2): 134 kB | 163/358 kB Progress (2): 134 kB | 167/358 kB Progress (2): 134 kB | 172/358 kB Progress (2): 134 kB | 176/358 kB Progress (2): 134 kB | 180/358 kB Progress (2): 134 kB | 184/358 kB Progress (2): 134 kB | 188/358 kB Progress (2): 134 kB | 192/358 kB Progress (2): 134 kB | 196/358 kB Progress (2): 134 kB | 200/358 kB Progress (2): 134 kB | 204/358 kB Progress (2): 134 kB | 208/358 kB Progress (2): 134 kB | 213/358 kB Progress (2): 134 kB | 217/358 kB Progress (2): 134 kB | 221/358 kB Progress (2): 134 kB | 225/358 kB Progress (2): 134 kB | 229/358 kB Progress (2): 134 kB | 233/358 kB Progress (2): 134 kB | 237/358 kB Progress (2): 134 kB | 241/358 kB Progress (2): 134 kB | 245/358 kB Progress (2): 134 kB | 249/358 kB Progress (2): 134 kB | 254/358 kB Progress (2): 134 kB | 258/358 kB Progress (2): 134 kB | 262/358 kB Progress (2): 134 kB | 266/358 kB Progress (2): 134 kB | 270/358 kB Progress (2): 134 kB | 274/358 kB Progress (2): 134 kB | 278/358 kB Progress (2): 134 kB | 282/358 kB Progress (2): 134 kB | 286/358 kB Progress (2): 134 kB | 290/358 kB Progress (2): 134 kB | 294/358 kB Progress (2): 134 kB | 299/358 kB Progress (2): 134 kB | 303/358 kB Progress (2): 134 kB | 307/358 kB Progress (2): 134 kB | 311/358 kB Progress (2): 134 kB | 315/358 kB Progress (2): 134 kB | 319/358 kB Progress (2): 134 kB | 323/358 kB Progress (2): 134 kB | 327/358 kB Progress (2): 134 kB | 331/358 kB Progress (2): 134 kB | 335/358 kB Progress (2): 134 kB | 340/358 kB Progress (2): 134 kB | 344/358 kB Progress (2): 134 kB | 348/358 kB Progress (2): 134 kB | 352/358 kB Progress (2): 134 kB | 356/358 kB Progress (2): 134 kB | 358 kB Progress (3): 134 kB | 358 kB | 4.1/121 kB Progress (3): 134 kB | 358 kB | 7.7/121 kB Progress (3): 134 kB | 358 kB | 12/121 kB Progress (3): 134 kB | 358 kB | 16/121 kB Progress (3): 134 kB | 358 kB | 20/121 kB Progress (3): 134 kB | 358 kB | 24/121 kB Progress (3): 134 kB | 358 kB | 28/121 kB Progress (3): 134 kB | 358 kB | 32/121 kB Progress (3): 134 kB | 358 kB | 36/121 kB Progress (3): 134 kB | 358 kB | 41/121 kB Progress (3): 134 kB | 358 kB | 45/121 kB Progress (3): 134 kB | 358 kB | 49/121 kB Progress (3): 134 kB | 358 kB | 53/121 kB Progress (3): 134 kB | 358 kB | 57/121 kB Progress (3): 134 kB | 358 kB | 61/121 kB Progress (3): 134 kB | 358 kB | 65/121 kB Progress (3): 134 kB | 358 kB | 69/121 kB Progress (3): 134 kB | 358 kB | 73/121 kB Progress (3): 134 kB | 358 kB | 77/121 kB Progress (3): 134 kB | 358 kB | 81/121 kB Progress (3): 134 kB | 358 kB | 86/121 kB Progress (3): 134 kB | 358 kB | 90/121 kB Progress (3): 134 kB | 358 kB | 94/121 kB Progress (3): 134 kB | 358 kB | 98/121 kB Progress (3): 134 kB | 358 kB | 102/121 kB Progress (3): 134 kB | 358 kB | 106/121 kB Progress (3): 134 kB | 358 kB | 110/121 kB Progress (3): 134 kB | 358 kB | 114/121 kB Progress (3): 134 kB | 358 kB | 118/121 kB Progress (3): 134 kB | 358 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 463 kB/s) Progress (3): 358 kB | 121 kB | 4.1/45 kB Progress (3): 358 kB | 121 kB | 7.7/45 kB Progress (3): 358 kB | 121 kB | 12/45 kB Progress (3): 358 kB | 121 kB | 16/45 kB Progress (3): 358 kB | 121 kB | 20/45 kB Progress (3): 358 kB | 121 kB | 24/45 kB Progress (3): 358 kB | 121 kB | 28/45 kB Progress (3): 358 kB | 121 kB | 32/45 kB Progress (3): 358 kB | 121 kB | 36/45 kB Progress (3): 358 kB | 121 kB | 41/45 kB Progress (3): 358 kB | 121 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.2 MB/s) Progress (3): 121 kB | 45 kB | 4.1/640 kB Progress (3): 121 kB | 45 kB | 7.7/640 kB Progress (3): 121 kB | 45 kB | 12/640 kB Progress (3): 121 kB | 45 kB | 16/640 kB Progress (3): 121 kB | 45 kB | 20/640 kB Progress (3): 121 kB | 45 kB | 24/640 kB Progress (3): 121 kB | 45 kB | 28/640 kB Progress (3): 121 kB | 45 kB | 32/640 kB Progress (3): 121 kB | 45 kB | 36/640 kB Progress (3): 121 kB | 45 kB | 41/640 kB Progress (3): 121 kB | 45 kB | 45/640 kB Progress (3): 121 kB | 45 kB | 49/640 kB Progress (3): 121 kB | 45 kB | 53/640 kB Progress (3): 121 kB | 45 kB | 57/640 kB Progress (3): 121 kB | 45 kB | 61/640 kB Progress (3): 121 kB | 45 kB | 65/640 kB Progress (3): 121 kB | 45 kB | 69/640 kB Progress (3): 121 kB | 45 kB | 73/640 kB Progress (3): 121 kB | 45 kB | 77/640 kB Progress (3): 121 kB | 45 kB | 81/640 kB Progress (3): 121 kB | 45 kB | 86/640 kB Progress (3): 121 kB | 45 kB | 90/640 kB Progress (3): 121 kB | 45 kB | 94/640 kB Progress (3): 121 kB | 45 kB | 98/640 kB Progress (3): 121 kB | 45 kB | 102/640 kB Progress (3): 121 kB | 45 kB | 106/640 kB Progress (3): 121 kB | 45 kB | 110/640 kB Progress (3): 121 kB | 45 kB | 114/640 kB Progress (3): 121 kB | 45 kB | 118/640 kB Progress (3): 121 kB | 45 kB | 122/640 kB Progress (3): 121 kB | 45 kB | 127/640 kB Progress (3): 121 kB | 45 kB | 131/640 kB Progress (3): 121 kB | 45 kB | 135/640 kB Progress (3): 121 kB | 45 kB | 139/640 kB Progress (3): 121 kB | 45 kB | 143/640 kB Progress (3): 121 kB | 45 kB | 147/640 kB Progress (3): 121 kB | 45 kB | 151/640 kB Progress (3): 121 kB | 45 kB | 155/640 kB Progress (3): 121 kB | 45 kB | 159/640 kB Progress (3): 121 kB | 45 kB | 163/640 kB Progress (3): 121 kB | 45 kB | 167/640 kB Progress (3): 121 kB | 45 kB | 172/640 kB Progress (3): 121 kB | 45 kB | 176/640 kB Progress (3): 121 kB | 45 kB | 180/640 kB Progress (3): 121 kB | 45 kB | 184/640 kB Progress (3): 121 kB | 45 kB | 188/640 kB Progress (3): 121 kB | 45 kB | 192/640 kB Progress (3): 121 kB | 45 kB | 196/640 kB Progress (3): 121 kB | 45 kB | 200/640 kB Progress (3): 121 kB | 45 kB | 204/640 kB Progress (3): 121 kB | 45 kB | 208/640 kB Progress (3): 121 kB | 45 kB | 213/640 kB Progress (3): 121 kB | 45 kB | 217/640 kB Progress (3): 121 kB | 45 kB | 221/640 kB Progress (3): 121 kB | 45 kB | 225/640 kB Progress (3): 121 kB | 45 kB | 229/640 kB Progress (3): 121 kB | 45 kB | 233/640 kB Progress (3): 121 kB | 45 kB | 237/640 kB Progress (3): 121 kB | 45 kB | 241/640 kB Progress (3): 121 kB | 45 kB | 245/640 kB Progress (3): 121 kB | 45 kB | 249/640 kB Progress (3): 121 kB | 45 kB | 253/640 kB Progress (3): 121 kB | 45 kB | 257/640 kB Progress (3): 121 kB | 45 kB | 261/640 kB Progress (3): 121 kB | 45 kB | 265/640 kB Progress (3): 121 kB | 45 kB | 269/640 kB Progress (3): 121 kB | 45 kB | 273/640 kB Progress (3): 121 kB | 45 kB | 278/640 kB Progress (3): 121 kB | 45 kB | 282/640 kB Progress (3): 121 kB | 45 kB | 286/640 kB Progress (3): 121 kB | 45 kB | 290/640 kB Progress (3): 121 kB | 45 kB | 294/640 kB Progress (3): 121 kB | 45 kB | 298/640 kB Progress (3): 121 kB | 45 kB | 302/640 kB Progress (3): 121 kB | 45 kB | 306/640 kB Progress (3): 121 kB | 45 kB | 310/640 kB Progress (3): 121 kB | 45 kB | 314/640 kB Progress (3): 121 kB | 45 kB | 319/640 kB Progress (3): 121 kB | 45 kB | 323/640 kB Progress (3): 121 kB | 45 kB | 327/640 kB Progress (3): 121 kB | 45 kB | 331/640 kB Progress (3): 121 kB | 45 kB | 335/640 kB Progress (3): 121 kB | 45 kB | 339/640 kB Progress (3): 121 kB | 45 kB | 343/640 kB Progress (3): 121 kB | 45 kB | 347/640 kB Progress (3): 121 kB | 45 kB | 351/640 kB Progress (3): 121 kB | 45 kB | 355/640 kB Progress (3): 121 kB | 45 kB | 359/640 kB Progress (3): 121 kB | 45 kB | 364/640 kB Progress (3): 121 kB | 45 kB | 368/640 kB Progress (3): 121 kB | 45 kB | 372/640 kB Progress (3): 121 kB | 45 kB | 376/640 kB Progress (3): 121 kB | 45 kB | 380/640 kB Progress (3): 121 kB | 45 kB | 384/640 kB Progress (3): 121 kB | 45 kB | 388/640 kB Progress (3): 121 kB | 45 kB | 392/640 kB Progress (3): 121 kB | 45 kB | 396/640 kB Progress (3): 121 kB | 45 kB | 400/640 kB Progress (3): 121 kB | 45 kB | 405/640 kB Progress (3): 121 kB | 45 kB | 409/640 kB Progress (3): 121 kB | 45 kB | 413/640 kB Progress (3): 121 kB | 45 kB | 417/640 kB Progress (3): 121 kB | 45 kB | 421/640 kB Progress (3): 121 kB | 45 kB | 425/640 kB Progress (3): 121 kB | 45 kB | 429/640 kB Progress (3): 121 kB | 45 kB | 433/640 kB Progress (3): 121 kB | 45 kB | 437/640 kB Progress (3): 121 kB | 45 kB | 441/640 kB Progress (3): 121 kB | 45 kB | 446/640 kB Progress (3): 121 kB | 45 kB | 450/640 kB Progress (3): 121 kB | 45 kB | 454/640 kB Progress (3): 121 kB | 45 kB | 458/640 kB Progress (3): 121 kB | 45 kB | 462/640 kB Progress (3): 121 kB | 45 kB | 466/640 kB Progress (3): 121 kB | 45 kB | 470/640 kB Progress (3): 121 kB | 45 kB | 474/640 kB Progress (3): 121 kB | 45 kB | 478/640 kB Progress (3): 121 kB | 45 kB | 482/640 kB Progress (3): 121 kB | 45 kB | 486/640 kB Progress (3): 121 kB | 45 kB | 491/640 kB Progress (3): 121 kB | 45 kB | 495/640 kB Progress (3): 121 kB | 45 kB | 499/640 kB Progress (3): 121 kB | 45 kB | 503/640 kB Progress (3): 121 kB | 45 kB | 507/640 kB Progress (3): 121 kB | 45 kB | 511/640 kB Progress (3): 121 kB | 45 kB | 515/640 kB Progress (3): 121 kB | 45 kB | 519/640 kB Progress (3): 121 kB | 45 kB | 523/640 kB Progress (3): 121 kB | 45 kB | 527/640 kB Progress (3): 121 kB | 45 kB | 532/640 kB Progress (3): 121 kB | 45 kB | 534/640 kB Progress (3): 121 kB | 45 kB | 538/640 kB Progress (3): 121 kB | 45 kB | 542/640 kB Progress (3): 121 kB | 45 kB | 546/640 kB Progress (3): 121 kB | 45 kB | 550/640 kB Progress (3): 121 kB | 45 kB | 554/640 kB Progress (3): 121 kB | 45 kB | 558/640 kB Progress (3): 121 kB | 45 kB | 562/640 kB Progress (3): 121 kB | 45 kB | 566/640 kB Progress (3): 121 kB | 45 kB | 571/640 kB Progress (3): 121 kB | 45 kB | 575/640 kB Progress (3): 121 kB | 45 kB | 579/640 kB Progress (3): 121 kB | 45 kB | 583/640 kB Progress (3): 121 kB | 45 kB | 587/640 kB Progress (3): 121 kB | 45 kB | 591/640 kB Progress (3): 121 kB | 45 kB | 595/640 kB Progress (3): 121 kB | 45 kB | 599/640 kB Progress (3): 121 kB | 45 kB | 603/640 kB Progress (3): 121 kB | 45 kB | 607/640 kB Progress (3): 121 kB | 45 kB | 612/640 kB Progress (3): 121 kB | 45 kB | 616/640 kB Progress (3): 121 kB | 45 kB | 620/640 kB Progress (3): 121 kB | 45 kB | 624/640 kB Progress (3): 121 kB | 45 kB | 628/640 kB Progress (3): 121 kB | 45 kB | 632/640 kB Progress (3): 121 kB | 45 kB | 636/640 kB Progress (3): 121 kB | 45 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 393 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 142 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 1.9 MB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 78 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 279 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 321 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 776 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 164 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 371 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 213 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/263 kB Progress (1): 7.7/263 kB Progress (1): 12/263 kB Progress (1): 16/263 kB Progress (1): 20/263 kB Progress (1): 24/263 kB Progress (1): 28/263 kB Progress (1): 32/263 kB Progress (1): 36/263 kB Progress (1): 41/263 kB Progress (1): 45/263 kB Progress (1): 49/263 kB Progress (1): 53/263 kB Progress (1): 57/263 kB Progress (1): 61/263 kB Progress (1): 65/263 kB Progress (1): 69/263 kB Progress (1): 73/263 kB Progress (1): 77/263 kB Progress (1): 81/263 kB Progress (1): 86/263 kB Progress (1): 90/263 kB Progress (1): 94/263 kB Progress (1): 98/263 kB Progress (1): 102/263 kB Progress (1): 106/263 kB Progress (1): 110/263 kB Progress (1): 114/263 kB Progress (1): 118/263 kB Progress (1): 122/263 kB Progress (1): 127/263 kB Progress (1): 131/263 kB Progress (1): 135/263 kB Progress (1): 139/263 kB Progress (1): 143/263 kB Progress (1): 147/263 kB Progress (1): 151/263 kB Progress (1): 155/263 kB Progress (2): 155/263 kB | 4.1/31 kB Progress (2): 159/263 kB | 4.1/31 kB Progress (2): 163/263 kB | 4.1/31 kB Progress (2): 163/263 kB | 7.7/31 kB Progress (2): 167/263 kB | 7.7/31 kB Progress (2): 167/263 kB | 12/31 kB Progress (2): 172/263 kB | 12/31 kB Progress (2): 172/263 kB | 16/31 kB Progress (2): 176/263 kB | 16/31 kB Progress (2): 180/263 kB | 16/31 kB Progress (2): 180/263 kB | 20/31 kB Progress (2): 180/263 kB | 24/31 kB Progress (2): 184/263 kB | 24/31 kB Progress (2): 184/263 kB | 28/31 kB Progress (2): 188/263 kB | 28/31 kB Progress (2): 188/263 kB | 31 kB Progress (2): 192/263 kB | 31 kB Progress (2): 196/263 kB | 31 kB Progress (2): 200/263 kB | 31 kB Progress (2): 204/263 kB | 31 kB Progress (2): 208/263 kB | 31 kB Progress (2): 213/263 kB | 31 kB Progress (2): 217/263 kB | 31 kB Progress (2): 221/263 kB | 31 kB Progress (2): 225/263 kB | 31 kB Progress (2): 229/263 kB | 31 kB Progress (2): 233/263 kB | 31 kB Progress (2): 237/263 kB | 31 kB Progress (2): 241/263 kB | 31 kB Progress (2): 245/263 kB | 31 kB Progress (2): 249/263 kB | 31 kB Progress (2): 254/263 kB | 31 kB Progress (2): 258/263 kB | 31 kB Progress (2): 262/263 kB | 31 kB Progress (2): 263 kB | 31 kB Progress (3): 263 kB | 31 kB | 4.1/35 kB Progress (3): 263 kB | 31 kB | 7.7/35 kB Progress (3): 263 kB | 31 kB | 12/35 kB Progress (3): 263 kB | 31 kB | 16/35 kB Progress (3): 263 kB | 31 kB | 20/35 kB Progress (3): 263 kB | 31 kB | 24/35 kB Progress (3): 263 kB | 31 kB | 28/35 kB Progress (3): 263 kB | 31 kB | 32/35 kB Progress (3): 263 kB | 31 kB | 35 kB Progress (4): 263 kB | 31 kB | 35 kB | 4.1/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 8.2/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 12/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 16/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 20/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 25/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 29/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 33/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 37/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 41/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 45/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 49/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 53/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 57/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 61/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 66/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 70/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 74/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 78/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 82/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 86/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 90/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 94/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 98/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 102/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 106/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 111/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 115/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 119/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 123/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 127/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 131/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 135/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 139/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 143/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 147/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 152/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 156/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 160/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 164/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 168/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 172/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 176/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 180/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 184/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 188/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 193/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 197/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 201/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 205/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 209/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 213/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 217/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 221/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 225/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 229/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 233/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 238/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 242/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 246/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 250/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 254/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 258/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 262/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 266/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 270/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 274/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 279/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 283/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 287/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 291/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 295/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 299/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 303/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 307/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 311/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 315/316 kB Progress (4): 263 kB | 31 kB | 35 kB | 316 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 4.1/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 7.7/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 12/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 16/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 20/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 24/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 28/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 32/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 36/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 41/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 45/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 49/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 53/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 57/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 61/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 65/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 69/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 73/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 77/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 81/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 86/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 90/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 94/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 98/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 102/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 106/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 110/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 114/118 kB Progress (5): 263 kB | 31 kB | 35 kB | 316 kB | 118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 7.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 675 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 6.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Progress (3): 35 kB | 118 kB | 4.1/232 kB Progress (3): 35 kB | 118 kB | 7.7/232 kB Progress (3): 35 kB | 118 kB | 12/232 kB Progress (3): 35 kB | 118 kB | 16/232 kB Progress (3): 35 kB | 118 kB | 20/232 kB Progress (3): 35 kB | 118 kB | 24/232 kB Progress (3): 35 kB | 118 kB | 28/232 kB Progress (3): 35 kB | 118 kB | 32/232 kB Progress (3): 35 kB | 118 kB | 36/232 kB Progress (3): 35 kB | 118 kB | 41/232 kB Progress (3): 35 kB | 118 kB | 45/232 kB Progress (3): 35 kB | 118 kB | 49/232 kB Progress (3): 35 kB | 118 kB | 53/232 kB Progress (3): 35 kB | 118 kB | 57/232 kB Progress (3): 35 kB | 118 kB | 61/232 kB Progress (3): 35 kB | 118 kB | 65/232 kB Progress (3): 35 kB | 118 kB | 69/232 kB Progress (3): 35 kB | 118 kB | 73/232 kB Progress (3): 35 kB | 118 kB | 77/232 kB Progress (3): 35 kB | 118 kB | 81/232 kB Progress (3): 35 kB | 118 kB | 86/232 kB Progress (3): 35 kB | 118 kB | 90/232 kB Progress (3): 35 kB | 118 kB | 94/232 kB Progress (3): 35 kB | 118 kB | 98/232 kB Progress (3): 35 kB | 118 kB | 102/232 kB Progress (3): 35 kB | 118 kB | 106/232 kB Progress (3): 35 kB | 118 kB | 110/232 kB Progress (3): 35 kB | 118 kB | 114/232 kB Progress (3): 35 kB | 118 kB | 118/232 kB Progress (3): 35 kB | 118 kB | 122/232 kB Progress (3): 35 kB | 118 kB | 127/232 kB Progress (3): 35 kB | 118 kB | 131/232 kB Progress (3): 35 kB | 118 kB | 135/232 kB Progress (3): 35 kB | 118 kB | 139/232 kB Progress (3): 35 kB | 118 kB | 143/232 kB Progress (3): 35 kB | 118 kB | 147/232 kB Progress (3): 35 kB | 118 kB | 151/232 kB Progress (3): 35 kB | 118 kB | 155/232 kB Progress (3): 35 kB | 118 kB | 159/232 kB Progress (3): 35 kB | 118 kB | 163/232 kB Progress (3): 35 kB | 118 kB | 167/232 kB Progress (3): 35 kB | 118 kB | 172/232 kB Progress (3): 35 kB | 118 kB | 176/232 kB Progress (3): 35 kB | 118 kB | 180/232 kB Progress (3): 35 kB | 118 kB | 184/232 kB Progress (3): 35 kB | 118 kB | 188/232 kB Progress (3): 35 kB | 118 kB | 192/232 kB Progress (3): 35 kB | 118 kB | 196/232 kB Progress (3): 35 kB | 118 kB | 200/232 kB Progress (3): 35 kB | 118 kB | 204/232 kB Progress (3): 35 kB | 118 kB | 208/232 kB Progress (3): 35 kB | 118 kB | 213/232 kB Progress (3): 35 kB | 118 kB | 217/232 kB Progress (3): 35 kB | 118 kB | 221/232 kB Progress (3): 35 kB | 118 kB | 225/232 kB Progress (3): 35 kB | 118 kB | 229/232 kB Progress (3): 35 kB | 118 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 1.7 MB/s) Progress (2): 232 kB | 4.1/10 kB Progress (2): 232 kB | 7.7/10 kB Progress (2): 232 kB | 10 kB Progress (3): 232 kB | 10 kB | 4.1/38 kB Progress (3): 232 kB | 10 kB | 7.7/38 kB Progress (3): 232 kB | 10 kB | 12/38 kB Progress (3): 232 kB | 10 kB | 16/38 kB Progress (3): 232 kB | 10 kB | 20/38 kB Progress (3): 232 kB | 10 kB | 24/38 kB Progress (3): 232 kB | 10 kB | 28/38 kB Progress (3): 232 kB | 10 kB | 32/38 kB Progress (3): 232 kB | 10 kB | 36/38 kB Progress (3): 232 kB | 10 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 114 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 400 kB/s) Progress (1): 4.1/14 kB Progress (1): 7.7/14 kB Progress (1): 12/14 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 104 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 771 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 342 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 271 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 336 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 340 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 95 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 423 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 7.9 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 82 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 308 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 242 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 398 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/41 kB Progress (1): 7.7/41 kB Progress (1): 12/41 kB Progress (1): 16/41 kB Progress (1): 20/41 kB Progress (1): 24/41 kB Progress (1): 28/41 kB Progress (1): 32/41 kB Progress (1): 36/41 kB Progress (1): 41/41 kB Progress (1): 41 kB Progress (2): 41 kB | 4.1/26 kB Progress (2): 41 kB | 7.7/26 kB Progress (2): 41 kB | 12/26 kB Progress (2): 41 kB | 16/26 kB Progress (2): 41 kB | 20/26 kB Progress (2): 41 kB | 24/26 kB Progress (2): 41 kB | 26 kB Progress (3): 41 kB | 26 kB | 4.1/36 kB Progress (3): 41 kB | 26 kB | 7.7/36 kB Progress (3): 41 kB | 26 kB | 12/36 kB Progress (3): 41 kB | 26 kB | 16/36 kB Progress (3): 41 kB | 26 kB | 20/36 kB Progress (3): 41 kB | 26 kB | 24/36 kB Progress (3): 41 kB | 26 kB | 28/36 kB Progress (3): 41 kB | 26 kB | 32/36 kB Progress (3): 41 kB | 26 kB | 36 kB Progress (4): 41 kB | 26 kB | 36 kB | 3.4/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 7.5/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 12/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 16/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 20/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 24/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 28/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 32/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 36/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 40/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 44/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 48/79 kB Progress (4): 41 kB | 26 kB | 36 kB | 53/79 kB Progress (5): 41 kB | 26 kB | 36 kB | 53/79 kB | 4.1/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 57/79 kB | 4.1/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 57/79 kB | 7.7/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 61/79 kB | 7.7/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 61/79 kB | 12/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 65/79 kB | 12/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 65/79 kB | 16/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 69/79 kB | 16/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 69/79 kB | 20/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 73/79 kB | 20/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 73/79 kB | 24/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 77/79 kB | 24/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 77/79 kB | 28/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 28/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 32/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 36/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 41/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 45/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 49/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 53/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 57/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 61/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 65/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 69/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 73/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 77/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 81/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 86/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 90/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 94/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 98/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 102/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 106/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 110/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 114/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 118/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 122/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 127/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 131/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 135/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 139/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 143/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 147/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 151/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 155/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 159/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 163/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 167/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 172/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 176/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 180/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 184/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 188/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 192/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 196/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 200/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 204/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 208/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 213/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 217/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 221/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 225/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 229/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 233/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 237/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 241/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 245/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 249/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 254/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 258/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 262/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 266/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 270/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 274/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 278/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 282/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 286/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 290/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 294/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 299/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 303/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 307/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 311/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 315/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 319/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 323/327 kB Progress (5): 41 kB | 26 kB | 36 kB | 79 kB | 327 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 625 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 822 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 5.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 637 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (1): 2.5 kB Progress (2): 2.5 kB | 4.1/211 kB Progress (2): 2.5 kB | 7.7/211 kB Progress (2): 2.5 kB | 12/211 kB Progress (2): 2.5 kB | 16/211 kB Progress (2): 2.5 kB | 20/211 kB Progress (2): 2.5 kB | 24/211 kB Progress (2): 2.5 kB | 28/211 kB Progress (2): 2.5 kB | 32/211 kB Progress (2): 2.5 kB | 36/211 kB Progress (2): 2.5 kB | 41/211 kB Progress (2): 2.5 kB | 45/211 kB Progress (2): 2.5 kB | 49/211 kB Progress (2): 2.5 kB | 53/211 kB Progress (2): 2.5 kB | 57/211 kB Progress (2): 2.5 kB | 61/211 kB Progress (2): 2.5 kB | 65/211 kB Progress (2): 2.5 kB | 69/211 kB Progress (2): 2.5 kB | 73/211 kB Progress (2): 2.5 kB | 77/211 kB Progress (2): 2.5 kB | 81/211 kB Progress (2): 2.5 kB | 86/211 kB Progress (2): 2.5 kB | 90/211 kB Progress (2): 2.5 kB | 94/211 kB Progress (2): 2.5 kB | 98/211 kB Progress (2): 2.5 kB | 102/211 kB Progress (2): 2.5 kB | 106/211 kB Progress (2): 2.5 kB | 110/211 kB Progress (2): 2.5 kB | 114/211 kB Progress (2): 2.5 kB | 118/211 kB Progress (2): 2.5 kB | 122/211 kB Progress (2): 2.5 kB | 127/211 kB Progress (2): 2.5 kB | 131/211 kB Progress (2): 2.5 kB | 135/211 kB Progress (2): 2.5 kB | 139/211 kB Progress (2): 2.5 kB | 143/211 kB Progress (2): 2.5 kB | 147/211 kB Progress (2): 2.5 kB | 151/211 kB Progress (2): 2.5 kB | 155/211 kB Progress (2): 2.5 kB | 159/211 kB Progress (2): 2.5 kB | 163/211 kB Progress (2): 2.5 kB | 167/211 kB Progress (2): 2.5 kB | 172/211 kB Progress (2): 2.5 kB | 176/211 kB Progress (2): 2.5 kB | 180/211 kB Progress (2): 2.5 kB | 184/211 kB Progress (2): 2.5 kB | 188/211 kB Progress (2): 2.5 kB | 192/211 kB Progress (2): 2.5 kB | 196/211 kB Progress (2): 2.5 kB | 200/211 kB Progress (2): 2.5 kB | 204/211 kB Progress (2): 2.5 kB | 208/211 kB Progress (2): 2.5 kB | 211 kB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.1/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.2/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.4/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.5/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (3): 2.5 kB | 211 kB | 0.6/1.0 MB Progress (4): 2.5 kB | 211 kB | 0.6/1.0 MB | 4.1/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 4.1/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 7.7/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 7.7/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 12/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 12/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 16/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 16/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 20/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 20/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 24/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 24/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 28/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 28/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 32/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 32/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 36/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 36/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 41/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 41/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 45/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 45/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 49/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 49/58 kB Progress (4): 2.5 kB | 211 kB | 0.7/1.0 MB | 53/58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 53/58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 57/58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 57/58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.8/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 0.9/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0/1.0 MB | 58 kB Progress (4): 2.5 kB | 211 kB | 1.0 MB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (4): 211 kB | 1.0 MB | 58 kB | 4.1/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 7.7/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 12/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 16/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 20/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 24/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 28/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 32/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 36/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 41/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 45/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 49/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 53/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 57/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 61/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 65/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 69/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 73/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 77/116 kB Progress (4): 211 kB | 1.0 MB | 58 kB | 81/116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.1 MB/s) Progress (3): 1.0 MB | 58 kB | 86/116 kB Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (3): 1.0 MB | 58 kB | 90/116 kB Progress (3): 1.0 MB | 58 kB | 94/116 kB Progress (3): 1.0 MB | 58 kB | 98/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 527 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.2 MB/s) Progress (2): 116 kB | 4.1/85 kB Progress (2): 116 kB | 7.7/85 kB Progress (2): 116 kB | 12/85 kB Progress (2): 116 kB | 16/85 kB Progress (2): 116 kB | 20/85 kB Progress (2): 116 kB | 24/85 kB Progress (2): 116 kB | 28/85 kB Progress (2): 116 kB | 32/85 kB Progress (2): 116 kB | 36/85 kB Progress (2): 116 kB | 41/85 kB Progress (2): 116 kB | 45/85 kB Progress (2): 116 kB | 49/85 kB Progress (2): 116 kB | 53/85 kB Progress (2): 116 kB | 57/85 kB Progress (2): 116 kB | 61/85 kB Progress (2): 116 kB | 65/85 kB Progress (2): 116 kB | 69/85 kB Progress (2): 116 kB | 73/85 kB Progress (2): 116 kB | 77/85 kB Progress (2): 116 kB | 81/85 kB Progress (2): 116 kB | 85 kB Progress (3): 116 kB | 85 kB | 4.1/267 kB Progress (3): 116 kB | 85 kB | 7.7/267 kB Progress (3): 116 kB | 85 kB | 12/267 kB Progress (3): 116 kB | 85 kB | 16/267 kB Progress (3): 116 kB | 85 kB | 20/267 kB Progress (3): 116 kB | 85 kB | 24/267 kB Progress (3): 116 kB | 85 kB | 28/267 kB Progress (3): 116 kB | 85 kB | 32/267 kB Progress (3): 116 kB | 85 kB | 36/267 kB Progress (3): 116 kB | 85 kB | 41/267 kB Progress (3): 116 kB | 85 kB | 45/267 kB Progress (3): 116 kB | 85 kB | 49/267 kB Progress (3): 116 kB | 85 kB | 53/267 kB Progress (3): 116 kB | 85 kB | 57/267 kB Progress (3): 116 kB | 85 kB | 61/267 kB Progress (3): 116 kB | 85 kB | 65/267 kB Progress (3): 116 kB | 85 kB | 69/267 kB Progress (3): 116 kB | 85 kB | 73/267 kB Progress (3): 116 kB | 85 kB | 77/267 kB Progress (3): 116 kB | 85 kB | 81/267 kB Progress (3): 116 kB | 85 kB | 86/267 kB Progress (3): 116 kB | 85 kB | 90/267 kB Progress (3): 116 kB | 85 kB | 94/267 kB Progress (3): 116 kB | 85 kB | 98/267 kB Progress (3): 116 kB | 85 kB | 102/267 kB Progress (3): 116 kB | 85 kB | 106/267 kB Progress (3): 116 kB | 85 kB | 110/267 kB Progress (3): 116 kB | 85 kB | 114/267 kB Progress (3): 116 kB | 85 kB | 118/267 kB Progress (3): 116 kB | 85 kB | 122/267 kB Progress (3): 116 kB | 85 kB | 127/267 kB Progress (3): 116 kB | 85 kB | 131/267 kB Progress (3): 116 kB | 85 kB | 135/267 kB Progress (3): 116 kB | 85 kB | 139/267 kB Progress (3): 116 kB | 85 kB | 143/267 kB Progress (3): 116 kB | 85 kB | 147/267 kB Progress (3): 116 kB | 85 kB | 151/267 kB Progress (3): 116 kB | 85 kB | 155/267 kB Progress (3): 116 kB | 85 kB | 159/267 kB Progress (3): 116 kB | 85 kB | 163/267 kB Progress (3): 116 kB | 85 kB | 167/267 kB Progress (3): 116 kB | 85 kB | 172/267 kB Progress (3): 116 kB | 85 kB | 176/267 kB Progress (3): 116 kB | 85 kB | 180/267 kB Progress (3): 116 kB | 85 kB | 184/267 kB Progress (3): 116 kB | 85 kB | 188/267 kB Progress (3): 116 kB | 85 kB | 192/267 kB Progress (3): 116 kB | 85 kB | 196/267 kB Progress (3): 116 kB | 85 kB | 200/267 kB Progress (3): 116 kB | 85 kB | 204/267 kB Progress (3): 116 kB | 85 kB | 208/267 kB Progress (3): 116 kB | 85 kB | 213/267 kB Progress (3): 116 kB | 85 kB | 217/267 kB Progress (3): 116 kB | 85 kB | 221/267 kB Progress (3): 116 kB | 85 kB | 225/267 kB Progress (3): 116 kB | 85 kB | 229/267 kB Progress (3): 116 kB | 85 kB | 233/267 kB Progress (3): 116 kB | 85 kB | 237/267 kB Progress (3): 116 kB | 85 kB | 241/267 kB Progress (3): 116 kB | 85 kB | 245/267 kB Progress (3): 116 kB | 85 kB | 249/267 kB Progress (3): 116 kB | 85 kB | 254/267 kB Progress (3): 116 kB | 85 kB | 258/267 kB Progress (3): 116 kB | 85 kB | 262/267 kB Progress (3): 116 kB | 85 kB | 266/267 kB Progress (3): 116 kB | 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 647 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 847 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.8 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 39 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 561 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 414 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 194 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 244 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 91 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 213 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 135 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 52 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 158 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 960 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 389 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 879 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 256 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 385 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 352 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 254 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 109 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 569 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 348 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 359 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 248 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 212 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 599 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/49 kB Progress (1): 7.5/49 kB Progress (1): 12/49 kB Progress (1): 16/49 kB Progress (1): 20/49 kB Progress (1): 24/49 kB Progress (1): 28/49 kB Progress (1): 32/49 kB Progress (1): 36/49 kB Progress (1): 40/49 kB Progress (1): 44/49 kB Progress (1): 48/49 kB Progress (1): 49 kB Progress (2): 49 kB | 4.1/153 kB Progress (3): 49 kB | 4.1/153 kB | 4.1/165 kB Progress (3): 49 kB | 7.7/153 kB | 4.1/165 kB Progress (3): 49 kB | 7.7/153 kB | 7.7/165 kB Progress (3): 49 kB | 12/153 kB | 7.7/165 kB Progress (3): 49 kB | 12/153 kB | 12/165 kB Progress (3): 49 kB | 16/153 kB | 12/165 kB Progress (3): 49 kB | 20/153 kB | 12/165 kB Progress (3): 49 kB | 24/153 kB | 12/165 kB Progress (3): 49 kB | 28/153 kB | 12/165 kB Progress (3): 49 kB | 32/153 kB | 12/165 kB Progress (3): 49 kB | 36/153 kB | 12/165 kB Progress (3): 49 kB | 36/153 kB | 16/165 kB Progress (3): 49 kB | 36/153 kB | 20/165 kB Progress (3): 49 kB | 40/153 kB | 20/165 kB Progress (3): 49 kB | 40/153 kB | 24/165 kB Progress (3): 49 kB | 44/153 kB | 24/165 kB Progress (3): 49 kB | 44/153 kB | 28/165 kB Progress (3): 49 kB | 48/153 kB | 28/165 kB Progress (3): 49 kB | 48/153 kB | 32/165 kB Progress (3): 49 kB | 53/153 kB | 32/165 kB Progress (3): 49 kB | 53/153 kB | 36/165 kB Progress (3): 49 kB | 57/153 kB | 36/165 kB Progress (3): 49 kB | 57/153 kB | 40/165 kB Progress (3): 49 kB | 61/153 kB | 40/165 kB Progress (3): 49 kB | 61/153 kB | 44/165 kB Progress (3): 49 kB | 65/153 kB | 44/165 kB Progress (3): 49 kB | 65/153 kB | 48/165 kB Progress (3): 49 kB | 69/153 kB | 48/165 kB Progress (3): 49 kB | 69/153 kB | 53/165 kB Progress (3): 49 kB | 73/153 kB | 53/165 kB Progress (3): 49 kB | 73/153 kB | 57/165 kB Progress (3): 49 kB | 77/153 kB | 57/165 kB Progress (3): 49 kB | 77/153 kB | 61/165 kB Progress (3): 49 kB | 81/153 kB | 61/165 kB Progress (3): 49 kB | 81/153 kB | 65/165 kB Progress (3): 49 kB | 85/153 kB | 65/165 kB Progress (3): 49 kB | 85/153 kB | 69/165 kB Progress (3): 49 kB | 89/153 kB | 69/165 kB Progress (3): 49 kB | 89/153 kB | 73/165 kB Progress (3): 49 kB | 94/153 kB | 73/165 kB Progress (3): 49 kB | 94/153 kB | 77/165 kB Progress (3): 49 kB | 98/153 kB | 77/165 kB Progress (3): 49 kB | 98/153 kB | 81/165 kB Progress (3): 49 kB | 102/153 kB | 81/165 kB Progress (3): 49 kB | 102/153 kB | 85/165 kB Progress (3): 49 kB | 106/153 kB | 85/165 kB Progress (3): 49 kB | 106/153 kB | 89/165 kB Progress (3): 49 kB | 110/153 kB | 89/165 kB Progress (3): 49 kB | 110/153 kB | 93/165 kB Progress (3): 49 kB | 114/153 kB | 93/165 kB Progress (3): 49 kB | 114/153 kB | 98/165 kB Progress (3): 49 kB | 118/153 kB | 98/165 kB Progress (3): 49 kB | 118/153 kB | 102/165 kB Progress (3): 49 kB | 122/153 kB | 102/165 kB Progress (3): 49 kB | 122/153 kB | 106/165 kB Progress (3): 49 kB | 126/153 kB | 106/165 kB Progress (3): 49 kB | 126/153 kB | 110/165 kB Progress (3): 49 kB | 130/153 kB | 110/165 kB Progress (3): 49 kB | 130/153 kB | 114/165 kB Progress (3): 49 kB | 134/153 kB | 114/165 kB Progress (3): 49 kB | 134/153 kB | 118/165 kB Progress (3): 49 kB | 134/153 kB | 122/165 kB Progress (3): 49 kB | 134/153 kB | 126/165 kB Progress (3): 49 kB | 134/153 kB | 130/165 kB Progress (3): 49 kB | 134/153 kB | 134/165 kB Progress (3): 49 kB | 139/153 kB | 134/165 kB Progress (3): 49 kB | 139/153 kB | 139/165 kB Progress (3): 49 kB | 143/153 kB | 139/165 kB Progress (3): 49 kB | 143/153 kB | 143/165 kB Progress (3): 49 kB | 147/153 kB | 143/165 kB Progress (3): 49 kB | 147/153 kB | 147/165 kB Progress (3): 49 kB | 151/153 kB | 147/165 kB Progress (3): 49 kB | 151/153 kB | 151/165 kB Progress (3): 49 kB | 153 kB | 151/165 kB Progress (3): 49 kB | 153 kB | 155/165 kB Progress (3): 49 kB | 153 kB | 159/165 kB Progress (3): 49 kB | 153 kB | 163/165 kB Progress (3): 49 kB | 153 kB | 165 kB Progress (4): 49 kB | 153 kB | 165 kB | 4.1/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 7.7/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 12/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 16/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 20/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 24/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 28/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 32/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 36/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 41/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 45/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 49/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 53/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 57/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 61/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 65/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 69/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 73/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 77/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 81/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 86/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 90/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 94/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 98/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 102/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 106/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 110/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 114/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 118/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 122/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 127/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 131/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 135/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 139/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 143/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 147/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 151/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 155/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 159/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 163/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 167/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 172/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 176/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 180/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 184/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 188/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 192/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 196/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 200/202 kB Progress (4): 49 kB | 153 kB | 165 kB | 202 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 4.1/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 8.2/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 12/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 16/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 20/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 25/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 29/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 33/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 37/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 41/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 45/472 kB Progress (5): 49 kB | 153 kB | 165 kB | 202 kB | 49/472 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Progress (4): 153 kB | 165 kB | 202 kB | 53/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 57/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 61/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 66/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 70/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 74/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 78/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 82/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 86/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 90/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 94/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 98/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 102/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 106/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 111/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 115/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 119/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 123/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 127/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 131/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 135/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 139/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 143/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 147/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 152/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 156/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 160/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 164/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 168/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 172/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 176/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 180/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 184/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 188/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 193/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 197/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 201/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 205/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 209/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 213/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 217/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 221/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 225/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 229/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 233/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 238/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 242/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 246/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 250/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 254/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 258/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 262/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 266/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 270/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 274/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 279/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 283/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 286/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 290/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 294/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 298/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 302/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 307/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 311/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 315/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 319/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 323/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 327/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 331/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 335/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 339/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 343/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 348/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 352/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 356/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 360/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 364/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 368/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 372/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 376/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 380/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 384/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 388/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 393/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 397/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 401/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 405/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 409/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 413/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 417/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 421/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 425/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 429/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 434/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 438/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 442/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 446/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 450/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 454/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 458/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 462/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 466/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 470/472 kB Progress (4): 153 kB | 165 kB | 202 kB | 472 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 2.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Progress (3): 202 kB | 472 kB | 4.1/527 kB Progress (3): 202 kB | 472 kB | 7.7/527 kB Progress (3): 202 kB | 472 kB | 12/527 kB Progress (3): 202 kB | 472 kB | 16/527 kB Progress (3): 202 kB | 472 kB | 20/527 kB Progress (3): 202 kB | 472 kB | 24/527 kB Progress (3): 202 kB | 472 kB | 28/527 kB Progress (3): 202 kB | 472 kB | 32/527 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 7.3 MB/s) Progress (2): 202 kB | 36/527 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Progress (2): 202 kB | 41/527 kB Progress (2): 202 kB | 45/527 kB Progress (2): 202 kB | 49/527 kB Progress (2): 202 kB | 53/527 kB Progress (2): 202 kB | 57/527 kB Progress (2): 202 kB | 61/527 kB Progress (2): 202 kB | 65/527 kB Progress (2): 202 kB | 69/527 kB Progress (2): 202 kB | 73/527 kB Progress (2): 202 kB | 77/527 kB Progress (2): 202 kB | 81/527 kB Progress (2): 202 kB | 86/527 kB Progress (2): 202 kB | 90/527 kB Progress (2): 202 kB | 94/527 kB Progress (2): 202 kB | 98/527 kB Progress (2): 202 kB | 102/527 kB Progress (2): 202 kB | 106/527 kB Progress (2): 202 kB | 110/527 kB Progress (2): 202 kB | 114/527 kB Progress (2): 202 kB | 118/527 kB Progress (2): 202 kB | 122/527 kB Progress (2): 202 kB | 127/527 kB Progress (2): 202 kB | 131/527 kB Progress (2): 202 kB | 135/527 kB Progress (2): 202 kB | 139/527 kB Progress (2): 202 kB | 143/527 kB Progress (2): 202 kB | 147/527 kB Progress (2): 202 kB | 151/527 kB Progress (2): 202 kB | 155/527 kB Progress (2): 202 kB | 159/527 kB Progress (2): 202 kB | 163/527 kB Progress (2): 202 kB | 167/527 kB Progress (2): 202 kB | 172/527 kB Progress (2): 202 kB | 176/527 kB Progress (2): 202 kB | 180/527 kB Progress (2): 202 kB | 184/527 kB Progress (2): 202 kB | 188/527 kB Progress (2): 202 kB | 192/527 kB Progress (2): 202 kB | 196/527 kB Progress (2): 202 kB | 200/527 kB Progress (2): 202 kB | 204/527 kB Progress (2): 202 kB | 208/527 kB Progress (2): 202 kB | 213/527 kB Progress (2): 202 kB | 217/527 kB Progress (2): 202 kB | 221/527 kB Progress (2): 202 kB | 225/527 kB Progress (2): 202 kB | 229/527 kB Progress (2): 202 kB | 233/527 kB Progress (2): 202 kB | 237/527 kB Progress (2): 202 kB | 241/527 kB Progress (2): 202 kB | 245/527 kB Progress (2): 202 kB | 249/527 kB Progress (2): 202 kB | 254/527 kB Progress (2): 202 kB | 258/527 kB Progress (2): 202 kB | 262/527 kB Progress (2): 202 kB | 266/527 kB Progress (2): 202 kB | 270/527 kB Progress (2): 202 kB | 274/527 kB Progress (2): 202 kB | 278/527 kB Progress (2): 202 kB | 282/527 kB Progress (2): 202 kB | 286/527 kB Progress (2): 202 kB | 290/527 kB Progress (2): 202 kB | 294/527 kB Progress (2): 202 kB | 299/527 kB Progress (2): 202 kB | 303/527 kB Progress (2): 202 kB | 307/527 kB Progress (2): 202 kB | 311/527 kB Progress (2): 202 kB | 315/527 kB Progress (2): 202 kB | 319/527 kB Progress (2): 202 kB | 323/527 kB Progress (2): 202 kB | 327/527 kB Progress (2): 202 kB | 331/527 kB Progress (2): 202 kB | 335/527 kB Progress (2): 202 kB | 340/527 kB Progress (2): 202 kB | 344/527 kB Progress (2): 202 kB | 348/527 kB Progress (2): 202 kB | 352/527 kB Progress (2): 202 kB | 356/527 kB Progress (2): 202 kB | 360/527 kB Progress (2): 202 kB | 364/527 kB Progress (2): 202 kB | 368/527 kB Progress (2): 202 kB | 372/527 kB Progress (2): 202 kB | 376/527 kB Progress (2): 202 kB | 380/527 kB Progress (2): 202 kB | 385/527 kB Progress (2): 202 kB | 389/527 kB Progress (2): 202 kB | 393/527 kB Progress (2): 202 kB | 397/527 kB Progress (2): 202 kB | 401/527 kB Progress (2): 202 kB | 405/527 kB Progress (2): 202 kB | 409/527 kB Progress (2): 202 kB | 413/527 kB Progress (2): 202 kB | 417/527 kB Progress (2): 202 kB | 421/527 kB Progress (2): 202 kB | 426/527 kB Progress (2): 202 kB | 430/527 kB Progress (2): 202 kB | 434/527 kB Progress (2): 202 kB | 438/527 kB Progress (2): 202 kB | 442/527 kB Progress (2): 202 kB | 446/527 kB Progress (2): 202 kB | 450/527 kB Progress (2): 202 kB | 454/527 kB Progress (2): 202 kB | 458/527 kB Progress (2): 202 kB | 462/527 kB Progress (2): 202 kB | 466/527 kB Progress (2): 202 kB | 471/527 kB Progress (2): 202 kB | 475/527 kB Progress (2): 202 kB | 479/527 kB Progress (2): 202 kB | 483/527 kB Progress (2): 202 kB | 487/527 kB Progress (2): 202 kB | 491/527 kB Progress (2): 202 kB | 495/527 kB Progress (2): 202 kB | 499/527 kB Progress (2): 202 kB | 503/527 kB Progress (2): 202 kB | 507/527 kB Progress (2): 202 kB | 512/527 kB Progress (2): 202 kB | 516/527 kB Progress (2): 202 kB | 520/527 kB Progress (2): 202 kB | 524/527 kB Progress (2): 202 kB | 527 kB Progress (3): 202 kB | 527 kB | 4.1/47 kB Progress (3): 202 kB | 527 kB | 7.7/47 kB Progress (3): 202 kB | 527 kB | 12/47 kB Progress (3): 202 kB | 527 kB | 16/47 kB Progress (3): 202 kB | 527 kB | 20/47 kB Progress (3): 202 kB | 527 kB | 24/47 kB Progress (3): 202 kB | 527 kB | 28/47 kB Progress (3): 202 kB | 527 kB | 32/47 kB Progress (3): 202 kB | 527 kB | 36/47 kB Progress (3): 202 kB | 527 kB | 41/47 kB Progress (3): 202 kB | 527 kB | 45/47 kB Progress (3): 202 kB | 527 kB | 47 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 2.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (3): 527 kB | 47 kB | 4.1/30 kB Progress (3): 527 kB | 47 kB | 7.7/30 kB Progress (3): 527 kB | 47 kB | 12/30 kB Progress (3): 527 kB | 47 kB | 16/30 kB Progress (3): 527 kB | 47 kB | 20/30 kB Progress (3): 527 kB | 47 kB | 24/30 kB Progress (3): 527 kB | 47 kB | 28/30 kB Progress (3): 527 kB | 47 kB | 30 kB Progress (4): 527 kB | 47 kB | 30 kB | 4.1/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 7.7/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 12/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 16/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 20/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 24/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 28/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 32/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 36/38 kB Progress (4): 527 kB | 47 kB | 30 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 524 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 5.8 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 289 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Progress (2): 38 kB | 4.1/51 kB Progress (2): 38 kB | 7.7/51 kB Progress (2): 38 kB | 12/51 kB Progress (2): 38 kB | 16/51 kB Progress (2): 38 kB | 20/51 kB Progress (2): 38 kB | 24/51 kB Progress (2): 38 kB | 28/51 kB Progress (2): 38 kB | 32/51 kB Progress (2): 38 kB | 36/51 kB Progress (2): 38 kB | 40/51 kB Progress (2): 38 kB | 44/51 kB Progress (2): 38 kB | 48/51 kB Progress (2): 38 kB | 51 kB Progress (3): 38 kB | 51 kB | 4.1/106 kB Progress (3): 38 kB | 51 kB | 7.7/106 kB Progress (3): 38 kB | 51 kB | 12/106 kB Progress (3): 38 kB | 51 kB | 16/106 kB Progress (3): 38 kB | 51 kB | 20/106 kB Progress (3): 38 kB | 51 kB | 24/106 kB Progress (3): 38 kB | 51 kB | 28/106 kB Progress (3): 38 kB | 51 kB | 32/106 kB Progress (3): 38 kB | 51 kB | 36/106 kB Progress (3): 38 kB | 51 kB | 40/106 kB Progress (3): 38 kB | 51 kB | 44/106 kB Progress (3): 38 kB | 51 kB | 48/106 kB Progress (3): 38 kB | 51 kB | 53/106 kB Progress (3): 38 kB | 51 kB | 57/106 kB Progress (3): 38 kB | 51 kB | 61/106 kB Progress (3): 38 kB | 51 kB | 65/106 kB Progress (3): 38 kB | 51 kB | 69/106 kB Progress (3): 38 kB | 51 kB | 73/106 kB Progress (3): 38 kB | 51 kB | 77/106 kB Progress (3): 38 kB | 51 kB | 81/106 kB Progress (3): 38 kB | 51 kB | 85/106 kB Progress (3): 38 kB | 51 kB | 89/106 kB Progress (3): 38 kB | 51 kB | 94/106 kB Progress (3): 38 kB | 51 kB | 98/106 kB Progress (3): 38 kB | 51 kB | 102/106 kB Progress (3): 38 kB | 51 kB | 106/106 kB Progress (3): 38 kB | 51 kB | 106 kB Progress (4): 38 kB | 51 kB | 106 kB | 4.1/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 7.7/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 12/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 16/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 20/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 24/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 28/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 32/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 36/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 41/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 45/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 49/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 53/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 57/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 61/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 65/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 69/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 73/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 77/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 81/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 86/148 kB Progress (4): 38 kB | 51 kB | 106 kB | 90/148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 317 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (3): 51 kB | 106 kB | 94/148 kB Progress (3): 51 kB | 106 kB | 98/148 kB Progress (3): 51 kB | 106 kB | 102/148 kB Progress (3): 51 kB | 106 kB | 106/148 kB Progress (3): 51 kB | 106 kB | 110/148 kB Progress (3): 51 kB | 106 kB | 114/148 kB Progress (3): 51 kB | 106 kB | 118/148 kB Progress (3): 51 kB | 106 kB | 122/148 kB Progress (3): 51 kB | 106 kB | 127/148 kB Progress (3): 51 kB | 106 kB | 131/148 kB Progress (3): 51 kB | 106 kB | 135/148 kB Progress (3): 51 kB | 106 kB | 139/148 kB Progress (3): 51 kB | 106 kB | 143/148 kB Progress (3): 51 kB | 106 kB | 147/148 kB Progress (3): 51 kB | 106 kB | 148 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 413 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 824 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Progress (2): 148 kB | 4.1/14 kB Progress (2): 148 kB | 7.7/14 kB Progress (2): 148 kB | 12/14 kB Progress (2): 148 kB | 14 kB Progress (3): 148 kB | 14 kB | 4.1/108 kB Progress (3): 148 kB | 14 kB | 7.7/108 kB Progress (3): 148 kB | 14 kB | 12/108 kB Progress (3): 148 kB | 14 kB | 16/108 kB Progress (3): 148 kB | 14 kB | 20/108 kB Progress (3): 148 kB | 14 kB | 24/108 kB Progress (3): 148 kB | 14 kB | 28/108 kB Progress (3): 148 kB | 14 kB | 32/108 kB Progress (3): 148 kB | 14 kB | 36/108 kB Progress (3): 148 kB | 14 kB | 41/108 kB Progress (3): 148 kB | 14 kB | 45/108 kB Progress (3): 148 kB | 14 kB | 49/108 kB Progress (3): 148 kB | 14 kB | 53/108 kB Progress (3): 148 kB | 14 kB | 57/108 kB Progress (3): 148 kB | 14 kB | 61/108 kB Progress (3): 148 kB | 14 kB | 65/108 kB Progress (3): 148 kB | 14 kB | 69/108 kB Progress (3): 148 kB | 14 kB | 73/108 kB Progress (3): 148 kB | 14 kB | 77/108 kB Progress (3): 148 kB | 14 kB | 81/108 kB Progress (3): 148 kB | 14 kB | 86/108 kB Progress (3): 148 kB | 14 kB | 90/108 kB Progress (3): 148 kB | 14 kB | 94/108 kB Progress (3): 148 kB | 14 kB | 98/108 kB Progress (3): 148 kB | 14 kB | 102/108 kB Progress (3): 148 kB | 14 kB | 106/108 kB Progress (3): 148 kB | 14 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 92 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Progress (3): 148 kB | 108 kB | 4.1/74 kB Progress (3): 148 kB | 108 kB | 7.7/74 kB Progress (3): 148 kB | 108 kB | 12/74 kB Progress (3): 148 kB | 108 kB | 16/74 kB Progress (3): 148 kB | 108 kB | 20/74 kB Progress (3): 148 kB | 108 kB | 24/74 kB Progress (3): 148 kB | 108 kB | 28/74 kB Progress (3): 148 kB | 108 kB | 32/74 kB Progress (3): 148 kB | 108 kB | 36/74 kB Progress (3): 148 kB | 108 kB | 41/74 kB Progress (3): 148 kB | 108 kB | 45/74 kB Progress (3): 148 kB | 108 kB | 49/74 kB Progress (3): 148 kB | 108 kB | 53/74 kB Progress (3): 148 kB | 108 kB | 57/74 kB Progress (3): 148 kB | 108 kB | 61/74 kB Progress (3): 148 kB | 108 kB | 65/74 kB Progress (3): 148 kB | 108 kB | 69/74 kB Progress (3): 148 kB | 108 kB | 73/74 kB Progress (3): 148 kB | 108 kB | 74 kB Progress (4): 148 kB | 108 kB | 74 kB | 4.1/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 7.7/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 12/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 16/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 20/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 24/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 28/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 32/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 36/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 41/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 45/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 49/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 53/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 57/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 61/61 kB Progress (4): 148 kB | 108 kB | 74 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 955 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 662 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (3): 74 kB | 61 kB | 4.1/46 kB Progress (3): 74 kB | 61 kB | 7.7/46 kB Progress (3): 74 kB | 61 kB | 12/46 kB Progress (3): 74 kB | 61 kB | 16/46 kB Progress (3): 74 kB | 61 kB | 20/46 kB Progress (3): 74 kB | 61 kB | 24/46 kB Progress (3): 74 kB | 61 kB | 28/46 kB Progress (3): 74 kB | 61 kB | 32/46 kB Progress (3): 74 kB | 61 kB | 36/46 kB Progress (3): 74 kB | 61 kB | 41/46 kB Progress (3): 74 kB | 61 kB | 45/46 kB Progress (3): 74 kB | 61 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 339 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Progress (3): 74 kB | 46 kB | 4.1/29 kB Progress (3): 74 kB | 46 kB | 7.7/29 kB Progress (3): 74 kB | 46 kB | 12/29 kB Progress (3): 74 kB | 46 kB | 16/29 kB Progress (3): 74 kB | 46 kB | 20/29 kB Progress (3): 74 kB | 46 kB | 24/29 kB Progress (3): 74 kB | 46 kB | 28/29 kB Progress (3): 74 kB | 46 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 390 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 234 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 141 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (1): 4.1/4.2 kB Progress (1): 4.2 kB Progress (2): 4.2 kB | 4.1/13 kB Progress (2): 4.2 kB | 7.7/13 kB Progress (2): 4.2 kB | 12/13 kB Progress (2): 4.2 kB | 13 kB Progress (3): 4.2 kB | 13 kB | 4.1/120 kB Progress (3): 4.2 kB | 13 kB | 7.7/120 kB Progress (3): 4.2 kB | 13 kB | 12/120 kB Progress (3): 4.2 kB | 13 kB | 16/120 kB Progress (3): 4.2 kB | 13 kB | 20/120 kB Progress (3): 4.2 kB | 13 kB | 24/120 kB Progress (3): 4.2 kB | 13 kB | 28/120 kB Progress (3): 4.2 kB | 13 kB | 32/120 kB Progress (3): 4.2 kB | 13 kB | 36/120 kB Progress (3): 4.2 kB | 13 kB | 41/120 kB Progress (3): 4.2 kB | 13 kB | 45/120 kB Progress (3): 4.2 kB | 13 kB | 49/120 kB Progress (3): 4.2 kB | 13 kB | 53/120 kB Progress (3): 4.2 kB | 13 kB | 57/120 kB Progress (3): 4.2 kB | 13 kB | 61/120 kB Progress (3): 4.2 kB | 13 kB | 65/120 kB Progress (3): 4.2 kB | 13 kB | 69/120 kB Progress (3): 4.2 kB | 13 kB | 73/120 kB Progress (3): 4.2 kB | 13 kB | 77/120 kB Progress (3): 4.2 kB | 13 kB | 81/120 kB Progress (3): 4.2 kB | 13 kB | 86/120 kB Progress (3): 4.2 kB | 13 kB | 90/120 kB Progress (3): 4.2 kB | 13 kB | 94/120 kB Progress (3): 4.2 kB | 13 kB | 98/120 kB Progress (3): 4.2 kB | 13 kB | 102/120 kB Progress (3): 4.2 kB | 13 kB | 106/120 kB Progress (3): 4.2 kB | 13 kB | 110/120 kB Progress (3): 4.2 kB | 13 kB | 114/120 kB Progress (3): 4.2 kB | 13 kB | 118/120 kB Progress (3): 4.2 kB | 13 kB | 120 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 4.1/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 7.7/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 12/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 16/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 20/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 24/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 28/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 32/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 36/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 41/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 45/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 49/52 kB Progress (4): 4.2 kB | 13 kB | 120 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 59 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Progress (4): 4.2 kB | 120 kB | 52 kB | 4.1/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 7.7/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 12/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 16/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 20/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 24/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 28/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 32/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 36/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 41/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 45/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 49/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 53/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 57/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 61/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 65/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 69/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 73/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 77/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 81/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 86/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 90/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 94/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 98/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 102/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 106/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 110/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 114/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 118/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 122/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 127/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 131/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 135/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 139/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 143/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 147/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 151/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 155/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 159/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 163/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 167/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 172/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 176/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 180/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 184/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 188/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 192/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 196/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 200/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 204/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 208/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 213/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 217/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 221/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 225/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 229/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 233/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 237/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 241/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 245/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 249/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 254/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 258/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 262/263 kB Progress (4): 4.2 kB | 120 kB | 52 kB | 263 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 487 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Progress (3): 52 kB | 263 kB | 4.1/61 kB Progress (3): 52 kB | 263 kB | 7.7/61 kB Progress (3): 52 kB | 263 kB | 12/61 kB Progress (3): 52 kB | 263 kB | 16/61 kB Progress (3): 52 kB | 263 kB | 20/61 kB Progress (3): 52 kB | 263 kB | 24/61 kB Progress (3): 52 kB | 263 kB | 28/61 kB Progress (3): 52 kB | 263 kB | 32/61 kB Progress (3): 52 kB | 263 kB | 36/61 kB Progress (3): 52 kB | 263 kB | 41/61 kB Progress (3): 52 kB | 263 kB | 45/61 kB Progress (3): 52 kB | 263 kB | 49/61 kB Progress (3): 52 kB | 263 kB | 53/61 kB Progress (3): 52 kB | 263 kB | 57/61 kB Progress (3): 52 kB | 263 kB | 61/61 kB Progress (3): 52 kB | 263 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 199 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/335 kB Progress (2): 61 kB | 7.7/335 kB Progress (2): 61 kB | 12/335 kB Progress (2): 61 kB | 16/335 kB Progress (2): 61 kB | 20/335 kB Progress (2): 61 kB | 24/335 kB Progress (2): 61 kB | 28/335 kB Progress (2): 61 kB | 32/335 kB Progress (2): 61 kB | 36/335 kB Progress (2): 61 kB | 41/335 kB Progress (2): 61 kB | 45/335 kB Progress (2): 61 kB | 49/335 kB Progress (2): 61 kB | 53/335 kB Progress (2): 61 kB | 57/335 kB Progress (2): 61 kB | 61/335 kB Progress (2): 61 kB | 65/335 kB Progress (2): 61 kB | 69/335 kB Progress (2): 61 kB | 73/335 kB Progress (2): 61 kB | 77/335 kB Progress (2): 61 kB | 81/335 kB Progress (2): 61 kB | 86/335 kB Progress (2): 61 kB | 90/335 kB Progress (2): 61 kB | 94/335 kB Progress (2): 61 kB | 98/335 kB Progress (2): 61 kB | 102/335 kB Progress (2): 61 kB | 106/335 kB Progress (2): 61 kB | 110/335 kB Progress (2): 61 kB | 114/335 kB Progress (2): 61 kB | 118/335 kB Progress (2): 61 kB | 122/335 kB Progress (2): 61 kB | 127/335 kB Progress (2): 61 kB | 131/335 kB Progress (2): 61 kB | 135/335 kB Progress (2): 61 kB | 139/335 kB Progress (2): 61 kB | 143/335 kB Progress (2): 61 kB | 147/335 kB Progress (2): 61 kB | 151/335 kB Progress (2): 61 kB | 155/335 kB Progress (2): 61 kB | 159/335 kB Progress (2): 61 kB | 163/335 kB Progress (2): 61 kB | 167/335 kB Progress (2): 61 kB | 172/335 kB Progress (2): 61 kB | 176/335 kB Progress (2): 61 kB | 180/335 kB Progress (2): 61 kB | 184/335 kB Progress (2): 61 kB | 188/335 kB Progress (2): 61 kB | 192/335 kB Progress (2): 61 kB | 196/335 kB Progress (2): 61 kB | 200/335 kB Progress (2): 61 kB | 204/335 kB Progress (2): 61 kB | 208/335 kB Progress (2): 61 kB | 213/335 kB Progress (2): 61 kB | 217/335 kB Progress (2): 61 kB | 221/335 kB Progress (2): 61 kB | 225/335 kB Progress (2): 61 kB | 229/335 kB Progress (2): 61 kB | 233/335 kB Progress (2): 61 kB | 237/335 kB Progress (2): 61 kB | 241/335 kB Progress (2): 61 kB | 245/335 kB Progress (2): 61 kB | 249/335 kB Progress (2): 61 kB | 254/335 kB Progress (2): 61 kB | 258/335 kB Progress (2): 61 kB | 262/335 kB Progress (2): 61 kB | 266/335 kB Progress (2): 61 kB | 270/335 kB Progress (2): 61 kB | 274/335 kB Progress (2): 61 kB | 278/335 kB Progress (2): 61 kB | 282/335 kB Progress (2): 61 kB | 286/335 kB Progress (2): 61 kB | 290/335 kB Progress (2): 61 kB | 294/335 kB Progress (2): 61 kB | 299/335 kB Progress (2): 61 kB | 303/335 kB Progress (2): 61 kB | 307/335 kB Progress (2): 61 kB | 311/335 kB Progress (2): 61 kB | 315/335 kB Progress (2): 61 kB | 319/335 kB Progress (2): 61 kB | 323/335 kB Progress (2): 61 kB | 327/335 kB Progress (2): 61 kB | 331/335 kB Progress (2): 61 kB | 335 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 223 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 335 kB | 3.4/164 kB Progress (2): 335 kB | 7.5/164 kB Progress (2): 335 kB | 12/164 kB Progress (2): 335 kB | 16/164 kB Progress (2): 335 kB | 20/164 kB Progress (2): 335 kB | 24/164 kB Progress (2): 335 kB | 28/164 kB Progress (2): 335 kB | 32/164 kB Progress (2): 335 kB | 36/164 kB Progress (2): 335 kB | 40/164 kB Progress (2): 335 kB | 44/164 kB Progress (2): 335 kB | 48/164 kB Progress (2): 335 kB | 53/164 kB Progress (2): 335 kB | 57/164 kB Progress (2): 335 kB | 61/164 kB Progress (2): 335 kB | 65/164 kB Progress (2): 335 kB | 69/164 kB Progress (2): 335 kB | 73/164 kB Progress (2): 335 kB | 77/164 kB Progress (2): 335 kB | 81/164 kB Progress (2): 335 kB | 85/164 kB Progress (2): 335 kB | 89/164 kB Progress (2): 335 kB | 94/164 kB Progress (2): 335 kB | 97/164 kB Progress (2): 335 kB | 101/164 kB Progress (2): 335 kB | 105/164 kB Progress (2): 335 kB | 110/164 kB Progress (2): 335 kB | 114/164 kB Progress (2): 335 kB | 118/164 kB Progress (2): 335 kB | 122/164 kB Progress (2): 335 kB | 126/164 kB Progress (2): 335 kB | 130/164 kB Progress (2): 335 kB | 134/164 kB Progress (2): 335 kB | 138/164 kB Progress (2): 335 kB | 142/164 kB Progress (2): 335 kB | 146/164 kB Progress (2): 335 kB | 151/164 kB Progress (2): 335 kB | 155/164 kB Progress (2): 335 kB | 159/164 kB Progress (2): 335 kB | 163/164 kB Progress (2): 335 kB | 164 kB Progress (3): 335 kB | 164 kB | 4.1/26 kB Progress (3): 335 kB | 164 kB | 7.7/26 kB Progress (3): 335 kB | 164 kB | 12/26 kB Progress (3): 335 kB | 164 kB | 16/26 kB Progress (3): 335 kB | 164 kB | 20/26 kB Progress (3): 335 kB | 164 kB | 24/26 kB Progress (3): 335 kB | 164 kB | 26 kB Progress (4): 335 kB | 164 kB | 26 kB | 4.1/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 7.7/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 12/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 16/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 20/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 24/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 28/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 32/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 36/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 41/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 45/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 49/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 53/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 57/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 61/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 65/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 69/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 73/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 77/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 81/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 86/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 90/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 94/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 98/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 102/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 106/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 110/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 114/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 118/122 kB Progress (4): 335 kB | 164 kB | 26 kB | 122 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (4): 164 kB | 26 kB | 122 kB | 4.1/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 7.7/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 12/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 16/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 20/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 24/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 28/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 32/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 36/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 41/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 45/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 49/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 53/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 57/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 61/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 65/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 69/72 kB Progress (4): 164 kB | 26 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 513 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 224 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 122 kB | 4.1/53 kB Progress (2): 122 kB | 7.7/53 kB Progress (2): 122 kB | 12/53 kB Progress (2): 122 kB | 16/53 kB Progress (2): 122 kB | 20/53 kB Progress (2): 122 kB | 24/53 kB Progress (2): 122 kB | 28/53 kB Progress (2): 122 kB | 32/53 kB Progress (2): 122 kB | 36/53 kB Progress (2): 122 kB | 41/53 kB Progress (2): 122 kB | 45/53 kB Progress (2): 122 kB | 49/53 kB Progress (2): 122 kB | 53 kB Progress (3): 122 kB | 53 kB | 4.1/33 kB Progress (3): 122 kB | 53 kB | 7.7/33 kB Progress (3): 122 kB | 53 kB | 12/33 kB Progress (3): 122 kB | 53 kB | 16/33 kB Progress (3): 122 kB | 53 kB | 20/33 kB Progress (3): 122 kB | 53 kB | 24/33 kB Progress (3): 122 kB | 53 kB | 28/33 kB Progress (3): 122 kB | 53 kB | 32/33 kB Progress (3): 122 kB | 53 kB | 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (3): 122 kB | 33 kB | 4.1/37 kB Progress (3): 122 kB | 33 kB | 7.7/37 kB Progress (3): 122 kB | 33 kB | 12/37 kB Progress (3): 122 kB | 33 kB | 16/37 kB Progress (3): 122 kB | 33 kB | 20/37 kB Progress (3): 122 kB | 33 kB | 24/37 kB Progress (3): 122 kB | 33 kB | 28/37 kB Progress (3): 122 kB | 33 kB | 32/37 kB Progress (3): 122 kB | 33 kB | 36/37 kB Progress (3): 122 kB | 33 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (3): 122 kB | 37 kB | 4.1/134 kB Progress (3): 122 kB | 37 kB | 7.7/134 kB Progress (3): 122 kB | 37 kB | 12/134 kB Progress (3): 122 kB | 37 kB | 16/134 kB Progress (3): 122 kB | 37 kB | 20/134 kB Progress (3): 122 kB | 37 kB | 24/134 kB Progress (3): 122 kB | 37 kB | 28/134 kB Progress (3): 122 kB | 37 kB | 32/134 kB Progress (3): 122 kB | 37 kB | 36/134 kB Progress (3): 122 kB | 37 kB | 41/134 kB Progress (3): 122 kB | 37 kB | 45/134 kB Progress (3): 122 kB | 37 kB | 49/134 kB Progress (3): 122 kB | 37 kB | 53/134 kB Progress (3): 122 kB | 37 kB | 57/134 kB Progress (3): 122 kB | 37 kB | 61/134 kB Progress (3): 122 kB | 37 kB | 65/134 kB Progress (3): 122 kB | 37 kB | 69/134 kB Progress (3): 122 kB | 37 kB | 73/134 kB Progress (3): 122 kB | 37 kB | 77/134 kB Progress (3): 122 kB | 37 kB | 81/134 kB Progress (3): 122 kB | 37 kB | 86/134 kB Progress (3): 122 kB | 37 kB | 90/134 kB Progress (3): 122 kB | 37 kB | 94/134 kB Progress (3): 122 kB | 37 kB | 98/134 kB Progress (3): 122 kB | 37 kB | 102/134 kB Progress (3): 122 kB | 37 kB | 106/134 kB Progress (3): 122 kB | 37 kB | 110/134 kB Progress (3): 122 kB | 37 kB | 114/134 kB Progress (3): 122 kB | 37 kB | 118/134 kB Progress (3): 122 kB | 37 kB | 122/134 kB Progress (3): 122 kB | 37 kB | 127/134 kB Progress (3): 122 kB | 37 kB | 131/134 kB Progress (3): 122 kB | 37 kB | 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 100 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 321 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Progress (2): 134 kB | 4.1/215 kB Progress (2): 134 kB | 7.7/215 kB Progress (2): 134 kB | 12/215 kB Progress (2): 134 kB | 16/215 kB Progress (2): 134 kB | 20/215 kB Progress (2): 134 kB | 24/215 kB Progress (2): 134 kB | 28/215 kB Progress (2): 134 kB | 32/215 kB Progress (2): 134 kB | 36/215 kB Progress (2): 134 kB | 40/215 kB Progress (2): 134 kB | 44/215 kB Progress (2): 134 kB | 48/215 kB Progress (2): 134 kB | 53/215 kB Progress (2): 134 kB | 57/215 kB Progress (2): 134 kB | 61/215 kB Progress (2): 134 kB | 65/215 kB Progress (2): 134 kB | 69/215 kB Progress (2): 134 kB | 73/215 kB Progress (2): 134 kB | 77/215 kB Progress (2): 134 kB | 81/215 kB Progress (2): 134 kB | 85/215 kB Progress (2): 134 kB | 89/215 kB Progress (2): 134 kB | 94/215 kB Progress (2): 134 kB | 98/215 kB Progress (2): 134 kB | 102/215 kB Progress (2): 134 kB | 106/215 kB Progress (2): 134 kB | 110/215 kB Progress (2): 134 kB | 114/215 kB Progress (2): 134 kB | 118/215 kB Progress (2): 134 kB | 122/215 kB Progress (2): 134 kB | 126/215 kB Progress (2): 134 kB | 130/215 kB Progress (2): 134 kB | 134/215 kB Progress (2): 134 kB | 139/215 kB Progress (2): 134 kB | 143/215 kB Progress (2): 134 kB | 147/215 kB Progress (2): 134 kB | 151/215 kB Progress (2): 134 kB | 155/215 kB Progress (2): 134 kB | 159/215 kB Progress (2): 134 kB | 163/215 kB Progress (2): 134 kB | 167/215 kB Progress (2): 134 kB | 171/215 kB Progress (2): 134 kB | 175/215 kB Progress (2): 134 kB | 180/215 kB Progress (2): 134 kB | 184/215 kB Progress (2): 134 kB | 188/215 kB Progress (2): 134 kB | 192/215 kB Progress (2): 134 kB | 196/215 kB Progress (2): 134 kB | 200/215 kB Progress (2): 134 kB | 204/215 kB Progress (2): 134 kB | 208/215 kB Progress (2): 134 kB | 212/215 kB Progress (2): 134 kB | 215 kB Progress (3): 134 kB | 215 kB | 4.1/305 kB Progress (4): 134 kB | 215 kB | 4.1/305 kB | 4.1/180 kB Progress (4): 134 kB | 215 kB | 7.7/305 kB | 4.1/180 kB Progress (4): 134 kB | 215 kB | 7.7/305 kB | 7.7/180 kB Progress (4): 134 kB | 215 kB | 12/305 kB | 7.7/180 kB Progress (4): 134 kB | 215 kB | 12/305 kB | 12/180 kB Progress (4): 134 kB | 215 kB | 16/305 kB | 12/180 kB Progress (4): 134 kB | 215 kB | 16/305 kB | 16/180 kB Progress (4): 134 kB | 215 kB | 20/305 kB | 16/180 kB Progress (4): 134 kB | 215 kB | 20/305 kB | 20/180 kB Progress (4): 134 kB | 215 kB | 24/305 kB | 20/180 kB Progress (4): 134 kB | 215 kB | 24/305 kB | 24/180 kB Progress (4): 134 kB | 215 kB | 28/305 kB | 24/180 kB Progress (4): 134 kB | 215 kB | 32/305 kB | 24/180 kB Progress (4): 134 kB | 215 kB | 32/305 kB | 28/180 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 343 kB/s) Progress (3): 215 kB | 32/305 kB | 32/180 kB Progress (3): 215 kB | 36/305 kB | 32/180 kB Progress (3): 215 kB | 36/305 kB | 36/180 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (3): 215 kB | 36/305 kB | 41/180 kB Progress (3): 215 kB | 41/305 kB | 41/180 kB Progress (3): 215 kB | 41/305 kB | 45/180 kB Progress (3): 215 kB | 45/305 kB | 45/180 kB Progress (3): 215 kB | 45/305 kB | 49/180 kB Progress (3): 215 kB | 49/305 kB | 49/180 kB Progress (3): 215 kB | 49/305 kB | 53/180 kB Progress (3): 215 kB | 49/305 kB | 57/180 kB Progress (3): 215 kB | 53/305 kB | 57/180 kB Progress (3): 215 kB | 53/305 kB | 61/180 kB Progress (3): 215 kB | 57/305 kB | 61/180 kB Progress (3): 215 kB | 57/305 kB | 65/180 kB Progress (3): 215 kB | 61/305 kB | 65/180 kB Progress (3): 215 kB | 61/305 kB | 69/180 kB Progress (3): 215 kB | 65/305 kB | 69/180 kB Progress (3): 215 kB | 65/305 kB | 73/180 kB Progress (3): 215 kB | 65/305 kB | 77/180 kB Progress (3): 215 kB | 69/305 kB | 77/180 kB Progress (3): 215 kB | 69/305 kB | 81/180 kB Progress (3): 215 kB | 73/305 kB | 81/180 kB Progress (3): 215 kB | 73/305 kB | 86/180 kB Progress (3): 215 kB | 77/305 kB | 86/180 kB Progress (3): 215 kB | 77/305 kB | 90/180 kB Progress (3): 215 kB | 81/305 kB | 90/180 kB Progress (3): 215 kB | 81/305 kB | 94/180 kB Progress (3): 215 kB | 81/305 kB | 98/180 kB Progress (3): 215 kB | 86/305 kB | 98/180 kB Progress (3): 215 kB | 86/305 kB | 102/180 kB Progress (3): 215 kB | 90/305 kB | 102/180 kB Progress (3): 215 kB | 90/305 kB | 106/180 kB Progress (3): 215 kB | 94/305 kB | 106/180 kB Progress (3): 215 kB | 98/305 kB | 106/180 kB Progress (3): 215 kB | 98/305 kB | 110/180 kB Progress (3): 215 kB | 102/305 kB | 110/180 kB Progress (3): 215 kB | 102/305 kB | 114/180 kB Progress (3): 215 kB | 106/305 kB | 114/180 kB Progress (3): 215 kB | 106/305 kB | 118/180 kB Progress (3): 215 kB | 110/305 kB | 118/180 kB Progress (3): 215 kB | 110/305 kB | 122/180 kB Progress (3): 215 kB | 114/305 kB | 122/180 kB Progress (3): 215 kB | 114/305 kB | 127/180 kB Progress (3): 215 kB | 114/305 kB | 131/180 kB Progress (3): 215 kB | 114/305 kB | 135/180 kB Progress (3): 215 kB | 114/305 kB | 139/180 kB Progress (3): 215 kB | 114/305 kB | 143/180 kB Progress (3): 215 kB | 114/305 kB | 147/180 kB Progress (3): 215 kB | 114/305 kB | 151/180 kB Progress (3): 215 kB | 114/305 kB | 155/180 kB Progress (3): 215 kB | 114/305 kB | 159/180 kB Progress (3): 215 kB | 114/305 kB | 163/180 kB Progress (3): 215 kB | 114/305 kB | 167/180 kB Progress (3): 215 kB | 114/305 kB | 172/180 kB Progress (3): 215 kB | 114/305 kB | 176/180 kB Progress (3): 215 kB | 114/305 kB | 180/180 kB Progress (3): 215 kB | 114/305 kB | 180 kB Progress (3): 215 kB | 118/305 kB | 180 kB Progress (3): 215 kB | 122/305 kB | 180 kB Progress (3): 215 kB | 127/305 kB | 180 kB Progress (3): 215 kB | 131/305 kB | 180 kB Progress (3): 215 kB | 135/305 kB | 180 kB Progress (3): 215 kB | 139/305 kB | 180 kB Progress (3): 215 kB | 143/305 kB | 180 kB Progress (3): 215 kB | 147/305 kB | 180 kB Progress (3): 215 kB | 151/305 kB | 180 kB Progress (3): 215 kB | 155/305 kB | 180 kB Progress (3): 215 kB | 159/305 kB | 180 kB Progress (3): 215 kB | 163/305 kB | 180 kB Progress (3): 215 kB | 167/305 kB | 180 kB Progress (3): 215 kB | 172/305 kB | 180 kB Progress (3): 215 kB | 176/305 kB | 180 kB Progress (3): 215 kB | 180/305 kB | 180 kB Progress (3): 215 kB | 184/305 kB | 180 kB Progress (3): 215 kB | 188/305 kB | 180 kB Progress (3): 215 kB | 192/305 kB | 180 kB Progress (3): 215 kB | 196/305 kB | 180 kB Progress (3): 215 kB | 200/305 kB | 180 kB Progress (3): 215 kB | 204/305 kB | 180 kB Progress (3): 215 kB | 208/305 kB | 180 kB Progress (3): 215 kB | 213/305 kB | 180 kB Progress (3): 215 kB | 217/305 kB | 180 kB Progress (3): 215 kB | 221/305 kB | 180 kB Progress (3): 215 kB | 225/305 kB | 180 kB Progress (3): 215 kB | 229/305 kB | 180 kB Progress (3): 215 kB | 233/305 kB | 180 kB Progress (3): 215 kB | 237/305 kB | 180 kB Progress (3): 215 kB | 241/305 kB | 180 kB Progress (3): 215 kB | 245/305 kB | 180 kB Progress (3): 215 kB | 249/305 kB | 180 kB Progress (3): 215 kB | 254/305 kB | 180 kB Progress (3): 215 kB | 258/305 kB | 180 kB Progress (3): 215 kB | 262/305 kB | 180 kB Progress (3): 215 kB | 266/305 kB | 180 kB Progress (3): 215 kB | 270/305 kB | 180 kB Progress (3): 215 kB | 274/305 kB | 180 kB Progress (3): 215 kB | 278/305 kB | 180 kB Progress (3): 215 kB | 282/305 kB | 180 kB Progress (3): 215 kB | 286/305 kB | 180 kB Progress (3): 215 kB | 290/305 kB | 180 kB Progress (3): 215 kB | 294/305 kB | 180 kB Progress (3): 215 kB | 299/305 kB | 180 kB Progress (3): 215 kB | 303/305 kB | 180 kB Progress (3): 215 kB | 305 kB | 180 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 441 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (2): 305 kB | 0/2.6 MB Progress (2): 305 kB | 0/2.6 MB Progress (3): 305 kB | 0/2.6 MB | 4.1/85 kB Progress (3): 305 kB | 0/2.6 MB | 4.1/85 kB Progress (3): 305 kB | 0/2.6 MB | 7.7/85 kB Progress (3): 305 kB | 0/2.6 MB | 12/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 12/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 16/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 20/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 20/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 24/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 28/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 28/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 32/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 32/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 36/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 41/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 45/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 49/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 53/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 57/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 61/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 65/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 69/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 73/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 77/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 81/85 kB Progress (3): 305 kB | 0.1/2.6 MB | 85 kB Progress (3): 305 kB | 0.1/2.6 MB | 85 kB Progress (3): 305 kB | 0.1/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.2/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.3/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.4/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.5/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.6/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.7/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.8/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 0.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.0/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.1/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.2/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.3/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.4/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.5/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.6/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.7/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.8/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 1.9/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.0/2.6 MB | 85 kB Progress (3): 305 kB | 2.1/2.6 MB | 85 kB Progress (3): 305 kB | 2.1/2.6 MB | 85 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.1/4.6 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.1/4.6 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.1/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.2/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.3/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.4/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.5/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6/2.6 MB | 85 kB | 4.6 kB Progress (4): 305 kB | 2.6 MB | 85 kB | 4.6 kB Progress (5): 305 kB | 2.6 MB | 85 kB | 4.6 kB | 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 712 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 5.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 10 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 190 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 4.9 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Progress (1): 4.1/5.9 kB Progress (1): 5.9 kB Progress (2): 5.9 kB | 4.1/14 kB Progress (2): 5.9 kB | 7.5/14 kB Progress (2): 5.9 kB | 12/14 kB Progress (2): 5.9 kB | 14 kB Progress (3): 5.9 kB | 14 kB | 4.1/500 kB Progress (3): 5.9 kB | 14 kB | 7.7/500 kB Progress (3): 5.9 kB | 14 kB | 12/500 kB Progress (3): 5.9 kB | 14 kB | 16/500 kB Progress (3): 5.9 kB | 14 kB | 20/500 kB Progress (3): 5.9 kB | 14 kB | 24/500 kB Progress (3): 5.9 kB | 14 kB | 28/500 kB Progress (3): 5.9 kB | 14 kB | 32/500 kB Progress (3): 5.9 kB | 14 kB | 36/500 kB Progress (3): 5.9 kB | 14 kB | 41/500 kB Progress (3): 5.9 kB | 14 kB | 45/500 kB Progress (3): 5.9 kB | 14 kB | 49/500 kB Progress (3): 5.9 kB | 14 kB | 53/500 kB Progress (3): 5.9 kB | 14 kB | 57/500 kB Progress (3): 5.9 kB | 14 kB | 61/500 kB Progress (3): 5.9 kB | 14 kB | 65/500 kB Progress (3): 5.9 kB | 14 kB | 69/500 kB Progress (3): 5.9 kB | 14 kB | 73/500 kB Progress (3): 5.9 kB | 14 kB | 77/500 kB Progress (3): 5.9 kB | 14 kB | 81/500 kB Progress (3): 5.9 kB | 14 kB | 86/500 kB Progress (3): 5.9 kB | 14 kB | 90/500 kB Progress (3): 5.9 kB | 14 kB | 94/500 kB Progress (3): 5.9 kB | 14 kB | 98/500 kB Progress (3): 5.9 kB | 14 kB | 102/500 kB Progress (3): 5.9 kB | 14 kB | 106/500 kB Progress (3): 5.9 kB | 14 kB | 110/500 kB Progress (3): 5.9 kB | 14 kB | 114/500 kB Progress (3): 5.9 kB | 14 kB | 118/500 kB Progress (3): 5.9 kB | 14 kB | 122/500 kB Progress (4): 5.9 kB | 14 kB | 122/500 kB | 4.1/20 kB Progress (4): 5.9 kB | 14 kB | 127/500 kB | 4.1/20 kB Progress (4): 5.9 kB | 14 kB | 131/500 kB | 4.1/20 kB Progress (4): 5.9 kB | 14 kB | 131/500 kB | 7.7/20 kB Progress (4): 5.9 kB | 14 kB | 135/500 kB | 7.7/20 kB Progress (4): 5.9 kB | 14 kB | 135/500 kB | 12/20 kB Progress (4): 5.9 kB | 14 kB | 139/500 kB | 12/20 kB Progress (4): 5.9 kB | 14 kB | 139/500 kB | 16/20 kB Progress (4): 5.9 kB | 14 kB | 143/500 kB | 16/20 kB Progress (4): 5.9 kB | 14 kB | 147/500 kB | 16/20 kB Progress (4): 5.9 kB | 14 kB | 147/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 151/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 155/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 159/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 163/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 167/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 172/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 176/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 180/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 184/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 188/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 192/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 196/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 200/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 204/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 208/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 213/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 217/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 221/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 225/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 229/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 233/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 237/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 241/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 245/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 249/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 254/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 258/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 262/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 266/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 270/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 274/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 278/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 282/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 286/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 290/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 294/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 299/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 303/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 307/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 311/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 315/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 319/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 323/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 327/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 331/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 335/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 340/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 344/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 348/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 352/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 356/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 360/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 364/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 368/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 372/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 376/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 380/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 385/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 389/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 393/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 397/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 401/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 405/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 409/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 413/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 417/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 421/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 426/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 430/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 434/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 438/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 442/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 446/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 450/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 454/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 458/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 462/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 466/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 471/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 475/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 479/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 483/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 487/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 491/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 495/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 499/500 kB | 20 kB Progress (4): 5.9 kB | 14 kB | 500 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 12 kB/s) Progress (4): 14 kB | 500 kB | 20 kB | 4.1/8.8 kB Progress (4): 14 kB | 500 kB | 20 kB | 7.7/8.8 kB Progress (4): 14 kB | 500 kB | 20 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 28 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 991 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 39 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 17 kB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 19.871 s [INFO] Finished at: 2026-02-10T22:23:22Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d" "org.opencontainers.image.revision"="a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:22:50Z" "org.opencontainers.image.created"="2026-02-10T22:22:50Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d --> af727f577eec Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d af727f577eeccdba347a59d7012391dccc50128f29931b214df4469df3a2d320 [2026-02-10T22:23:23,236271052+00:00] Unsetting proxy [2026-02-10T22:23:23,237538103+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:c81eed1c9de6710207a0f0bbf46f312837efb09e9e6d42f5f8b44430f446633e Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:af727f577eeccdba347a59d7012391dccc50128f29931b214df4469df3a2d320 Writing manifest to image destination [2026-02-10T22:23:25,197795410+00:00] End build pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-push: [2026-02-10T22:23:25,315484294+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:23:28,494368427+00:00] Convert image [2026-02-10T22:23:28,495411657+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-vnm54-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-vnm54-build-container Getting image source signatures Copying blob sha256:c81eed1c9de6710207a0f0bbf46f312837efb09e9e6d42f5f8b44430f446633e Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:af727f577eeccdba347a59d7012391dccc50128f29931b214df4469df3a2d320 Writing manifest to image destination [2026-02-10T22:23:33,651132999+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Getting image source signatures Copying blob sha256:c81eed1c9de6710207a0f0bbf46f312837efb09e9e6d42f5f8b44430f446633e Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:af727f577eeccdba347a59d7012391dccc50128f29931b214df4469df3a2d320 Writing manifest to image destination sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67cquay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d [2026-02-10T22:23:34,503288702+00:00] End push pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:23:35,426044033+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:23:43,897710095+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-prepare-sboms: [2026-02-10T22:23:44,537699931+00:00] Prepare SBOM [2026-02-10T22:23:44,541387494+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:23:55,393 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:23:56,688 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:24:00,014 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:24:00,014 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:24:00,015 [INFO] mobster.log: Contextual workflow completed in 3.52s 2026-02-10 22:24:00,290 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:24:01,088221193+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-vnm54-build-container-pod | container step-upload-sbom: [2026-02-10T22:24:01,639798789+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:64e9c2cc62401685955dbbc78f35793aaf42f032d9581311bad971de823fbbda [2026-02-10T22:24:12,385986466+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-vnm54-build-image-index-pod | init container: prepare 2026/02/10 22:24:14 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-build-image-index-pod | init container: place-scripts 2026/02/10 22:24:14 Decoded script /tekton/scripts/script-0-7xjzf 2026/02/10 22:24:14 Decoded script /tekton/scripts/script-1-zkvwb 2026/02/10 22:24:14 Decoded script /tekton/scripts/script-2-4jlks pod: konflux-demo-component-tfry-on-push-vnm54-build-image-index-pod | container step-build: [2026-02-10T22:24:17,638124187+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' becbf6d87f823fd6a4e1fdc77863ae30e448dcfc8e41c383e3a06aa93f6948e4 Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c. pod: konflux-demo-component-tfry-on-push-vnm54-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-vnm54-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:24:19,827274960+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | init container: place-scripts 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-0-h7dqk 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-1-sfg56 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-2-c9k94 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-3-8qwjj pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c. pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:24:30Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"}] 2026-02-10T22:24:30Z INF libvuln initialized component=libvuln/New 2026-02-10T22:24:31Z INF registered configured scanners component=libindex/New 2026-02-10T22:24:31Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:24:31Z INF index request start component=libindex/Libindex.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c 2026-02-10T22:24:31Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c 2026-02-10T22:24:31Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=CheckManifest 2026-02-10T22:24:31Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=FetchLayers 2026-02-10T22:24:34Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=FetchLayers 2026-02-10T22:24:34Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=FetchLayers 2026-02-10T22:24:34Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=ScanLayers 2026-02-10T22:24:34Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:24:34Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:24:35Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=ScanLayers 2026-02-10T22:24:35Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=IndexManifest 2026-02-10T22:24:35Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=IndexFinished 2026-02-10T22:24:35Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c state=IndexFinished 2026-02-10T22:24:35Z INF index request done component=libindex/Libindex.Index manifest=sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c { "manifest_hash": "sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "052e11c4-ff7d-4b50-9890-5e39bae87fde": { "id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "13507c3e-08e7-426a-a5b3-07f4cde01a39": { "id": "13507c3e-08e7-426a-a5b3-07f4cde01a39", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "15b3cfb7-6ded-4f6f-874e-646131599e7c": { "id": "15b3cfb7-6ded-4f6f-874e-646131599e7c", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "306dc09a-c33f-478c-b878-39ff4a3a1380": { "id": "306dc09a-c33f-478c-b878-39ff4a3a1380", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "351c34f6-7d6c-47b8-8670-bed7a42863d0": { "id": "351c34f6-7d6c-47b8-8670-bed7a42863d0", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "b429bede-ca56-4f77-9493-497a9a9f2264": { "id": "b429bede-ca56-4f77-9493-497a9a9f2264", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "d7c7648d-6836-49c7-bdab-a7b391af6014": { "id": "d7c7648d-6836-49c7-bdab-a7b391af6014", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:0616a038ba55dfff744bc79523456289a3bd91ab3c67b6b1839daed42b81a0c7", "distribution_id": "", "repository_ids": [ "351c34f6-7d6c-47b8-8670-bed7a42863d0" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:0616a038ba55dfff744bc79523456289a3bd91ab3c67b6b1839daed42b81a0c7", "distribution_id": "", "repository_ids": [ "351c34f6-7d6c-47b8-8670-bed7a42863d0" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "306dc09a-c33f-478c-b878-39ff4a3a1380", "306dc09a-c33f-478c-b878-39ff4a3a1380" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:0616a038ba55dfff744bc79523456289a3bd91ab3c67b6b1839daed42b81a0c7", "distribution_id": "", "repository_ids": [ "351c34f6-7d6c-47b8-8670-bed7a42863d0" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "306dc09a-c33f-478c-b878-39ff4a3a1380", "306dc09a-c33f-478c-b878-39ff4a3a1380" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:0616a038ba55dfff744bc79523456289a3bd91ab3c67b6b1839daed42b81a0c7", "distribution_id": "", "repository_ids": [ "351c34f6-7d6c-47b8-8670-bed7a42863d0" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "b429bede-ca56-4f77-9493-497a9a9f2264", "15b3cfb7-6ded-4f6f-874e-646131599e7c" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "052e11c4-ff7d-4b50-9890-5e39bae87fde", "repository_ids": [ "13507c3e-08e7-426a-a5b3-07f4cde01a39", "d7c7648d-6836-49c7-bdab-a7b391af6014" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-vnm54-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), expat-2.5.0-1.el8_10 (CVE-2024-28757), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), libzstd-1.4.4-1.el8 (CVE-2022-4899), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182), tar-2:1.30-11.el8_10 (CVE-2025-45582), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), file-libs-5.33-27.el8_10 (CVE-2019-8905), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), elfutils-libelf-0.190-2.el8 (CVE-2021-33294)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), gawk-4.2.1-4.el8 (CVE-2023-4156), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libzstd-1.4.4-1.el8 (CVE-2021-24032), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), pcre2-10.32-3.el8_6 (CVE-2022-41409), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), file-libs-5.33-27.el8_10 (CVE-2019-8906), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d", "digests": ["sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:24:53+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-vnm54-clamav-scan-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-clamav-scan-pod | init container: place-scripts 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-0-kxtvf 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-1-9qm2c pod: konflux-demo-component-tfry-on-push-vnm54-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 18.754 sec (0 m 18 s) Start Date: 2026:02:10 22:24:40 End Date: 2026:02:10 22:24:59 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770762299","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762299","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762299","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d", "digests": ["sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c"]}} pod: konflux-demo-component-tfry-on-push-vnm54-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 8282cdbe2104 clamscan-ec-test-amd64.json Uploading 983a9c1393e8 clamscan-result-amd64.log Uploaded 983a9c1393e8 clamscan-result-amd64.log Uploaded 8282cdbe2104 clamscan-ec-test-amd64.json Uploading c3938c58848b application/vnd.oci.image.manifest.v1+json Uploaded c3938c58848b application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c Digest: sha256:c3938c58848bbef2049b16f08169fbe1697774d28d8ebd7f32a429dacab5b7e2 pod: konflux-demo-component-tfry-on-push-vnm54-clone-repository-pod | init container: prepare 2026/02/10 22:22:26 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-clone-repository-pod | init container: place-scripts 2026/02/10 22:22:26 Decoded script /tekton/scripts/script-0-f6ch7 2026/02/10 22:22:26 Decoded script /tekton/scripts/script-1-jgfp8 pod: konflux-demo-component-tfry-on-push-vnm54-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770762150.0180676,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762150.200388,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770762150.2004323,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762150.224226,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d directly. pod: konflux-demo-component-tfry-on-push-vnm54-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-vnm54-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.7Pn4tl/auth-XqRLd8.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d.git SOURCE_ARTIFACT Uploading 9f4cdacf8ea9 SOURCE_ARTIFACT Uploaded 9f4cdacf8ea9 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:70489a0cbfefb727611f76c4a80d904e81d56bb80c0c30ae882d2753722f77e7 Artifacts created pod: konflux-demo-component-tfry-on-push-vnm54-init-pod | init container: prepare 2026/02/10 22:22:19 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-init-pod | init container: place-scripts 2026/02/10 22:22:19 Decoded script /tekton/scripts/script-0-hgx9r pod: konflux-demo-component-tfry-on-push-vnm54-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-vnm54-push-dockerfile-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:24:24 Decoded script /tekton/scripts/script-1-j7pk4 pod: konflux-demo-component-tfry-on-push-vnm54-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.Nd9G0o/auth-zNqg3C.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 to /var/workdir/source pod: konflux-demo-component-tfry-on-push-vnm54-push-dockerfile-pod | container step-push: [2026-02-10T22:24:29,885252073+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.i2ypWT4C76 --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-vnm54-sast-shell-check-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:24:24 Decoded script /tekton/scripts/script-1-jwf5b 2026/02/10 22:24:24 Decoded script /tekton/scripts/script-2-tgzht pod: konflux-demo-component-tfry-on-push-vnm54-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.jlva90/auth-Hlspwf.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vnm54-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-119.json ./shellcheck-results/sc-120.json ./shellcheck-results/sc-122.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:24:29+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:24:29+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:24:29+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:24:29+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:24:29+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:24:29+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-vnm54-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 20f419d0613f application/vnd.oci.image.manifest.v1+json Uploaded 20f419d0613f application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c Digest: sha256:20f419d0613f9a1276c681ecc658774007ccb2e3f8fecc91b4dd3f404e60ce8a No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-vnm54-sast-snyk-check-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-vnm54-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-1-p62b7 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-2-5k779 pod: konflux-demo-component-tfry-on-push-vnm54-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.qNiyfJ/auth-P6Iypz.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-vnm54-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:24:28+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-vnm54-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry07ddea1935d4bd1af205d86bd95f95c0-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry07ddea1935d4bd1af205d86bd95f95c0-pod | init container: place-scripts 2026/02/10 22:24:24 Decoded script /tekton/scripts/script-1-22gnb 2026/02/10 22:24:24 Decoded script /tekton/scripts/script-2-fsj9k pod: konflux-demo-component-tfry07ddea1935d4bd1af205d86bd95f95c0-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.TXZ6Ps/auth-ZuZUnw.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:9f4cdacf8ea9cd0ccc8f853633dc9f43fb435715f38e16cb677eedc9e8c09488 to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry07ddea1935d4bd1af205d86bd95f95c0-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:24:30+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:24:30+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:24:30+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:24:30+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:24:30+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:24:30+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry07ddea1935d4bd1af205d86bd95f95c0-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 6a7ab1442ffd application/vnd.oci.image.manifest.v1+json Uploaded 6a7ab1442ffd application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d@sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c Digest: sha256:6a7ab1442ffdbe27b301231e3bd710358c92bf9c9f76b22ce8291b5873be48db No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | init container: prepare 2026/02/10 22:22:34 Entrypoint initialization pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | init container: place-scripts 2026/02/10 22:22:34 Decoded script /tekton/scripts/script-0-sc474 2026/02/10 22:22:34 Decoded script /tekton/scripts/script-2-vgs4h 2026/02/10 22:22:34 Decoded script /tekton/scripts/script-3-9tgtj pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | container step-skip-ta: pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfry6ffa5a2c2c81f920199c72ec50e3a27d-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | init container: prepare 2026/02/10 22:24:23 Entrypoint initialization pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | init container: place-scripts 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-0-96844 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-1-25mxz 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-2-vp4mc 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-3-wxjvw 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-4-9gzmx 2026/02/10 22:24:23 Decoded script /tekton/scripts/script-5-627p4 pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-set-skip-for-bundles: 2026/02/10 22:24:28 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-app-check: time="2026-02-10T22:24:28Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:24:29Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d for platform amd64" time="2026-02-10T22:24:29Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d" time="2026-02-10T22:24:37Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:24:37Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:24:37Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:24:37Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:24:37Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:24:37Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:24:37Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:24:45Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:24:45Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:24:45Z" level=info msg="This image's tag a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d will be paired with digest sha256:fbc785ba0e0be55f6e65fa30b59107f30b3f03d9a2a7c6b6ddc5201b9582e67c once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 34, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8263, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 183, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:24:45Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770762286","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:a4ba28265d3b226e06340c8cbbc3e3ec6f97b73d pod: konflux-demo-component-tfry9881b7fd456b043be021e4f677be02ce-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770762286","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Running PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: PipelineRunStopping PipelineRun konflux-demo-component-tfry-on-push-wvxrt reason: Failed attempt 6/6: PipelineRun "konflux-demo-component-tfry-on-push-wvxrt" failed: pod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:27:40Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" time="2026-02-10T22:27:40Z" level=info msg="[param] Image digest: sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d" time="2026-02-10T22:27:40Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:27:41Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: prepare 2026/02/10 22:25:53 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: place-scripts 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-1-j9qbd 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-2-94hmj 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-3-p8tql 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-4-vkd4v 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-5-vh2x5 pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.nFhA08/auth-lpIkpa.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-build: [2026-02-10T22:25:59,442179789+00:00] Validate context path [2026-02-10T22:25:59,445530460+00:00] Update CA trust [2026-02-10T22:25:59,446584915+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:26:01,395002767+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:26:01,400706034+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:26:01,506209053+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:26:10,113420562+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:26:01Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:26:01Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:26:10,165913857+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:26:10,169084262+00:00] Add secrets [2026-02-10T22:26:10,176187295+00:00] Run buildah build [2026-02-10T22:26:10,177229563+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --label org.opencontainers.image.revision=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:26:01Z --label org.opencontainers.image.created=2026-02-10T22:26:01Z --annotation org.opencontainers.image.revision=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:26:01Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.UHYqaW -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 911 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 376 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 573 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 783 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 628 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 758 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 304 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 781 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 622 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 133 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 443 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 636 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 82 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 46 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 79 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 21 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 282 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (2): 21/226 kB | 2.3/13 kB Progress (2): 24/226 kB | 2.3/13 kB Progress (2): 24/226 kB | 5.0/13 kB Progress (2): 27/226 kB | 5.0/13 kB Progress (2): 27/226 kB | 7.8/13 kB Progress (2): 30/226 kB | 7.8/13 kB Progress (2): 30/226 kB | 12/13 kB Progress (2): 33/226 kB | 12/13 kB Progress (2): 33/226 kB | 13 kB Progress (2): 36/226 kB | 13 kB Progress (2): 38/226 kB | 13 kB Progress (2): 41/226 kB | 13 kB Progress (2): 44/226 kB | 13 kB Progress (2): 48/226 kB | 13 kB Progress (2): 52/226 kB | 13 kB Progress (2): 56/226 kB | 13 kB Progress (2): 60/226 kB | 13 kB Progress (2): 64/226 kB | 13 kB Progress (2): 68/226 kB | 13 kB Progress (2): 72/226 kB | 13 kB Progress (2): 76/226 kB | 13 kB Progress (2): 81/226 kB | 13 kB Progress (2): 85/226 kB | 13 kB Progress (2): 89/226 kB | 13 kB Progress (2): 93/226 kB | 13 kB Progress (2): 97/226 kB | 13 kB Progress (2): 101/226 kB | 13 kB Progress (2): 105/226 kB | 13 kB Progress (2): 109/226 kB | 13 kB Progress (2): 111/226 kB | 13 kB Progress (2): 115/226 kB | 13 kB Progress (2): 120/226 kB | 13 kB Progress (2): 124/226 kB | 13 kB Progress (2): 128/226 kB | 13 kB Progress (2): 132/226 kB | 13 kB Progress (2): 136/226 kB | 13 kB Progress (2): 140/226 kB | 13 kB Progress (2): 144/226 kB | 13 kB Progress (2): 148/226 kB | 13 kB Progress (2): 152/226 kB | 13 kB Progress (2): 156/226 kB | 13 kB Progress (2): 160/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 193/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 201/226 kB | 13 kB Progress (2): 205/226 kB | 13 kB Progress (2): 209/226 kB | 13 kB Progress (2): 213/226 kB | 13 kB Progress (2): 217/226 kB | 13 kB Progress (2): 221/226 kB | 13 kB Progress (2): 225/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 234 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 3.7 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 8.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 342 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.3/29 kB Progress (1): 5.0/29 kB Progress (1): 7.8/29 kB Progress (1): 11/29 kB Progress (1): 13/29 kB Progress (1): 16/29 kB Progress (1): 19/29 kB Progress (1): 21/29 kB Progress (1): 24/29 kB Progress (1): 27/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/116 kB Progress (2): 29 kB | 7.7/116 kB Progress (2): 29 kB | 12/116 kB Progress (2): 29 kB | 16/116 kB Progress (2): 29 kB | 20/116 kB Progress (2): 29 kB | 24/116 kB Progress (2): 29 kB | 28/116 kB Progress (2): 29 kB | 32/116 kB Progress (2): 29 kB | 36/116 kB Progress (2): 29 kB | 41/116 kB Progress (2): 29 kB | 45/116 kB Progress (2): 29 kB | 49/116 kB Progress (2): 29 kB | 53/116 kB Progress (2): 29 kB | 57/116 kB Progress (2): 29 kB | 61/116 kB Progress (2): 29 kB | 65/116 kB Progress (2): 29 kB | 69/116 kB Progress (2): 29 kB | 73/116 kB Progress (2): 29 kB | 77/116 kB Progress (2): 29 kB | 81/116 kB Progress (2): 29 kB | 86/116 kB Progress (2): 29 kB | 90/116 kB Progress (2): 29 kB | 94/116 kB Progress (2): 29 kB | 98/116 kB Progress (2): 29 kB | 102/116 kB Progress (2): 29 kB | 106/116 kB Progress (2): 29 kB | 110/116 kB Progress (2): 29 kB | 114/116 kB Progress (2): 29 kB | 116 kB Progress (3): 29 kB | 116 kB | 3.8/35 kB Progress (3): 29 kB | 116 kB | 7.9/35 kB Progress (3): 29 kB | 116 kB | 12/35 kB Progress (3): 29 kB | 116 kB | 16/35 kB Progress (3): 29 kB | 116 kB | 20/35 kB Progress (3): 29 kB | 116 kB | 24/35 kB Progress (3): 29 kB | 116 kB | 28/35 kB Progress (3): 29 kB | 116 kB | 32/35 kB Progress (3): 29 kB | 116 kB | 35 kB Progress (4): 29 kB | 116 kB | 35 kB | 4.1/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 7.5/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 12/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 16/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 20/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 24/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 28/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 32/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 36/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 40/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 44/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 48/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 53/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 57/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 61/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 65/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 69/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 73/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 77/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 81/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 85/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 89/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 94/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 98/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 102/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 106/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 110/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 114/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 118/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 122/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 126/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 130/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 134/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 139/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 143/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 147/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 151/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 152 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 2.7/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 5.5/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 8.2/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 11/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 14/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 16/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 19/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 22/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 25/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 27/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 30/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 33/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 36/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 38/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 41/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 44/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 46/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 49/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 52/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 55/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 57 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 615 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 57 kB | 2.3/21 kB Progress (2): 57 kB | 5.0/21 kB Progress (2): 57 kB | 7.8/21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 807 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 11/21 kB Progress (1): 13/21 kB Progress (1): 16/21 kB Progress (1): 19/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/9.9 kB Progress (2): 21 kB | 7.7/9.9 kB Progress (2): 21 kB | 9.9 kB Progress (3): 21 kB | 9.9 kB | 4.1/24 kB Progress (3): 21 kB | 9.9 kB | 7.7/24 kB Progress (3): 21 kB | 9.9 kB | 12/24 kB Progress (3): 21 kB | 9.9 kB | 16/24 kB Progress (3): 21 kB | 9.9 kB | 20/24 kB Progress (3): 21 kB | 9.9 kB | 24/24 kB Progress (3): 21 kB | 9.9 kB | 24 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 3.8/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 7.9/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 12/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (4): 9.9 kB | 24 kB | 14 kB | 3.8/5.9 kB Progress (4): 9.9 kB | 24 kB | 14 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 217 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (2): 5.9 kB | 3.8/30 kB Progress (2): 5.9 kB | 7.9/30 kB Progress (2): 5.9 kB | 12/30 kB Progress (2): 5.9 kB | 16/30 kB Progress (2): 5.9 kB | 20/30 kB Progress (2): 5.9 kB | 24/30 kB Progress (2): 5.9 kB | 28/30 kB Progress (2): 5.9 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (2): 30 kB | 4.1/37 kB Progress (2): 30 kB | 7.7/37 kB Progress (2): 30 kB | 12/37 kB Progress (2): 30 kB | 16/37 kB Progress (2): 30 kB | 20/37 kB Progress (2): 30 kB | 24/37 kB Progress (2): 30 kB | 28/37 kB Progress (2): 30 kB | 32/37 kB Progress (2): 30 kB | 36/37 kB Progress (2): 30 kB | 37 kB Progress (3): 30 kB | 37 kB | 3.8/38 kB Progress (3): 30 kB | 37 kB | 7.9/38 kB Progress (3): 30 kB | 37 kB | 12/38 kB Progress (3): 30 kB | 37 kB | 16/38 kB Progress (3): 30 kB | 37 kB | 20/38 kB Progress (3): 30 kB | 37 kB | 24/38 kB Progress (3): 30 kB | 37 kB | 28/38 kB Progress (3): 30 kB | 37 kB | 32/38 kB Progress (3): 30 kB | 37 kB | 37/38 kB Progress (3): 30 kB | 37 kB | 38 kB Progress (4): 30 kB | 37 kB | 38 kB | 4.1/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 7.7/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 12/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 205 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (4): 37 kB | 38 kB | 13 kB | 3.8/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 7.9/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 12/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 240 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (3): 37 kB | 13 kB | 16/87 kB Progress (3): 37 kB | 13 kB | 20/87 kB Progress (3): 37 kB | 13 kB | 24/87 kB Progress (3): 37 kB | 13 kB | 28/87 kB Progress (3): 37 kB | 13 kB | 32/87 kB Progress (3): 37 kB | 13 kB | 36/87 kB Progress (3): 37 kB | 13 kB | 40/87 kB Progress (3): 37 kB | 13 kB | 44/87 kB Progress (3): 37 kB | 13 kB | 48/87 kB Progress (3): 37 kB | 13 kB | 53/87 kB Progress (3): 37 kB | 13 kB | 57/87 kB Progress (3): 37 kB | 13 kB | 61/87 kB Progress (3): 37 kB | 13 kB | 65/87 kB Progress (3): 37 kB | 13 kB | 69/87 kB Progress (3): 37 kB | 13 kB | 73/87 kB Progress (3): 37 kB | 13 kB | 77/87 kB Progress (3): 37 kB | 13 kB | 81/87 kB Progress (3): 37 kB | 13 kB | 85/87 kB Progress (3): 37 kB | 13 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (2): 87 kB | 3.8/49 kB Progress (2): 87 kB | 7.9/49 kB Progress (2): 87 kB | 12/49 kB Progress (2): 87 kB | 16/49 kB Progress (2): 87 kB | 20/49 kB Progress (2): 87 kB | 24/49 kB Progress (2): 87 kB | 28/49 kB Progress (2): 87 kB | 32/49 kB Progress (2): 87 kB | 37/49 kB Progress (2): 87 kB | 41/49 kB Progress (2): 87 kB | 45/49 kB Progress (2): 87 kB | 49/49 kB Progress (2): 87 kB | 49 kB Progress (3): 87 kB | 49 kB | 3.8/86 kB Progress (3): 87 kB | 49 kB | 7.9/86 kB Progress (3): 87 kB | 49 kB | 12/86 kB Progress (3): 87 kB | 49 kB | 16/86 kB Progress (3): 87 kB | 49 kB | 20/86 kB Progress (3): 87 kB | 49 kB | 24/86 kB Progress (3): 87 kB | 49 kB | 28/86 kB Progress (3): 87 kB | 49 kB | 32/86 kB Progress (3): 87 kB | 49 kB | 36/86 kB Progress (3): 87 kB | 49 kB | 40/86 kB Progress (3): 87 kB | 49 kB | 44/86 kB Progress (3): 87 kB | 49 kB | 48/86 kB Progress (3): 87 kB | 49 kB | 53/86 kB Progress (3): 87 kB | 49 kB | 57/86 kB Progress (3): 87 kB | 49 kB | 61/86 kB Progress (3): 87 kB | 49 kB | 65/86 kB Progress (3): 87 kB | 49 kB | 69/86 kB Progress (3): 87 kB | 49 kB | 73/86 kB Progress (3): 87 kB | 49 kB | 77/86 kB Progress (3): 87 kB | 49 kB | 81/86 kB Progress (3): 87 kB | 49 kB | 85/86 kB Progress (3): 87 kB | 49 kB | 86 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (3): 49 kB | 86 kB | 4.1/10 kB Progress (3): 49 kB | 86 kB | 7.7/10 kB Progress (3): 49 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 253 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (3): 86 kB | 10 kB | 4.1/194 kB Progress (3): 86 kB | 10 kB | 7.7/194 kB Progress (3): 86 kB | 10 kB | 12/194 kB Progress (3): 86 kB | 10 kB | 16/194 kB Progress (3): 86 kB | 10 kB | 20/194 kB Progress (3): 86 kB | 10 kB | 24/194 kB Progress (3): 86 kB | 10 kB | 28/194 kB Progress (3): 86 kB | 10 kB | 32/194 kB Progress (3): 86 kB | 10 kB | 36/194 kB Progress (3): 86 kB | 10 kB | 41/194 kB Progress (3): 86 kB | 10 kB | 45/194 kB Progress (3): 86 kB | 10 kB | 49/194 kB Progress (3): 86 kB | 10 kB | 53/194 kB Progress (3): 86 kB | 10 kB | 57/194 kB Progress (3): 86 kB | 10 kB | 61/194 kB Progress (3): 86 kB | 10 kB | 65/194 kB Progress (3): 86 kB | 10 kB | 69/194 kB Progress (3): 86 kB | 10 kB | 73/194 kB Progress (3): 86 kB | 10 kB | 77/194 kB Progress (3): 86 kB | 10 kB | 81/194 kB Progress (3): 86 kB | 10 kB | 86/194 kB Progress (3): 86 kB | 10 kB | 90/194 kB Progress (3): 86 kB | 10 kB | 94/194 kB Progress (3): 86 kB | 10 kB | 98/194 kB Progress (3): 86 kB | 10 kB | 102/194 kB Progress (3): 86 kB | 10 kB | 106/194 kB Progress (3): 86 kB | 10 kB | 110/194 kB Progress (3): 86 kB | 10 kB | 114/194 kB Progress (3): 86 kB | 10 kB | 118/194 kB Progress (3): 86 kB | 10 kB | 122/194 kB Progress (3): 86 kB | 10 kB | 127/194 kB Progress (3): 86 kB | 10 kB | 131/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 426 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (2): 10 kB | 135/194 kB Progress (2): 10 kB | 139/194 kB Progress (2): 10 kB | 143/194 kB Progress (2): 10 kB | 147/194 kB Progress (2): 10 kB | 151/194 kB Progress (2): 10 kB | 155/194 kB Progress (2): 10 kB | 159/194 kB Progress (2): 10 kB | 163/194 kB Progress (2): 10 kB | 167/194 kB Progress (2): 10 kB | 172/194 kB Progress (2): 10 kB | 176/194 kB Progress (2): 10 kB | 180/194 kB Progress (2): 10 kB | 184/194 kB Progress (2): 10 kB | 188/194 kB Progress (2): 10 kB | 192/194 kB Progress (2): 10 kB | 194 kB Progress (3): 10 kB | 194 kB | 4.1/121 kB Progress (3): 10 kB | 194 kB | 7.7/121 kB Progress (3): 10 kB | 194 kB | 12/121 kB Progress (3): 10 kB | 194 kB | 16/121 kB Progress (3): 10 kB | 194 kB | 20/121 kB Progress (3): 10 kB | 194 kB | 24/121 kB Progress (3): 10 kB | 194 kB | 28/121 kB Progress (3): 10 kB | 194 kB | 32/121 kB Progress (3): 10 kB | 194 kB | 36/121 kB Progress (3): 10 kB | 194 kB | 40/121 kB Progress (3): 10 kB | 194 kB | 44/121 kB Progress (3): 10 kB | 194 kB | 48/121 kB Progress (3): 10 kB | 194 kB | 53/121 kB Progress (3): 10 kB | 194 kB | 57/121 kB Progress (3): 10 kB | 194 kB | 61/121 kB Progress (3): 10 kB | 194 kB | 65/121 kB Progress (3): 10 kB | 194 kB | 69/121 kB Progress (3): 10 kB | 194 kB | 73/121 kB Progress (3): 10 kB | 194 kB | 77/121 kB Progress (3): 10 kB | 194 kB | 81/121 kB Progress (3): 10 kB | 194 kB | 85/121 kB Progress (3): 10 kB | 194 kB | 89/121 kB Progress (3): 10 kB | 194 kB | 93/121 kB Progress (3): 10 kB | 194 kB | 98/121 kB Progress (3): 10 kB | 194 kB | 102/121 kB Progress (3): 10 kB | 194 kB | 106/121 kB Progress (3): 10 kB | 194 kB | 110/121 kB Progress (3): 10 kB | 194 kB | 114/121 kB Progress (3): 10 kB | 194 kB | 118/121 kB Progress (3): 10 kB | 194 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (3): 194 kB | 121 kB | 3.8/223 kB Progress (3): 194 kB | 121 kB | 7.9/223 kB Progress (3): 194 kB | 121 kB | 12/223 kB Progress (3): 194 kB | 121 kB | 16/223 kB Progress (3): 194 kB | 121 kB | 20/223 kB Progress (3): 194 kB | 121 kB | 24/223 kB Progress (3): 194 kB | 121 kB | 28/223 kB Progress (3): 194 kB | 121 kB | 32/223 kB Progress (3): 194 kB | 121 kB | 37/223 kB Progress (4): 194 kB | 121 kB | 37/223 kB | 4.1/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 4.1/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 7.7/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 12/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 45/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 49/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 53/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 53/223 kB | 20/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 20/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 24/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 28/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 32/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 32/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 36/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 41/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 65/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 69/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 73/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 78/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 82/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 86/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 90/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 94/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 98/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 102/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 106/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 110/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 114/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 118/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 123/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 127/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 131/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 135/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 139/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 143/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 147/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 151/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 155/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 159/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 164/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 168/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 172/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 176/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 180/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 184/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 188/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 192/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 196/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 200/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 204/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 209/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 213/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 217/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 221/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 833 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 509 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 177 kB/s) Progress (2): 223 kB | 4.1/6.8 kB Progress (2): 223 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 889 kB/s) Progress (2): 6.8 kB | 4.1/61 kB Progress (2): 6.8 kB | 7.7/61 kB Progress (2): 6.8 kB | 12/61 kB Progress (2): 6.8 kB | 16/61 kB Progress (2): 6.8 kB | 20/61 kB Progress (2): 6.8 kB | 24/61 kB Progress (2): 6.8 kB | 28/61 kB Progress (2): 6.8 kB | 32/61 kB Progress (2): 6.8 kB | 36/61 kB Progress (2): 6.8 kB | 41/61 kB Progress (2): 6.8 kB | 45/61 kB Progress (2): 6.8 kB | 49/61 kB Progress (2): 6.8 kB | 53/61 kB Progress (2): 6.8 kB | 57/61 kB Progress (2): 6.8 kB | 61/61 kB Progress (2): 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 25 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 204 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 589 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 407 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 611 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 455 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 383 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 3.1 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/160 kB Progress (1): 7.7/160 kB Progress (1): 12/160 kB Progress (1): 16/160 kB Progress (1): 20/160 kB Progress (1): 24/160 kB Progress (1): 28/160 kB Progress (1): 32/160 kB Progress (1): 36/160 kB Progress (1): 40/160 kB Progress (1): 44/160 kB Progress (1): 48/160 kB Progress (1): 53/160 kB Progress (1): 57/160 kB Progress (1): 61/160 kB Progress (1): 65/160 kB Progress (1): 69/160 kB Progress (1): 73/160 kB Progress (1): 77/160 kB Progress (1): 81/160 kB Progress (1): 85/160 kB Progress (1): 89/160 kB Progress (1): 94/160 kB Progress (1): 98/160 kB Progress (1): 102/160 kB Progress (1): 106/160 kB Progress (1): 110/160 kB Progress (1): 114/160 kB Progress (1): 118/160 kB Progress (1): 122/160 kB Progress (1): 126/160 kB Progress (1): 130/160 kB Progress (1): 134/160 kB Progress (1): 139/160 kB Progress (1): 143/160 kB Progress (1): 147/160 kB Progress (1): 151/160 kB Progress (1): 155/160 kB Progress (1): 159/160 kB Progress (1): 160 kB Progress (2): 160 kB | 4.1/211 kB Progress (2): 160 kB | 8.2/211 kB Progress (2): 160 kB | 12/211 kB Progress (2): 160 kB | 16/211 kB Progress (3): 160 kB | 16/211 kB | 4.1/13 kB Progress (3): 160 kB | 20/211 kB | 4.1/13 kB Progress (3): 160 kB | 20/211 kB | 7.7/13 kB Progress (3): 160 kB | 25/211 kB | 7.7/13 kB Progress (3): 160 kB | 25/211 kB | 12/13 kB Progress (3): 160 kB | 25/211 kB | 13 kB Progress (3): 160 kB | 29/211 kB | 13 kB Progress (3): 160 kB | 33/211 kB | 13 kB Progress (3): 160 kB | 37/211 kB | 13 kB Progress (3): 160 kB | 41/211 kB | 13 kB Progress (3): 160 kB | 45/211 kB | 13 kB Progress (3): 160 kB | 49/211 kB | 13 kB Progress (3): 160 kB | 53/211 kB | 13 kB Progress (3): 160 kB | 57/211 kB | 13 kB Progress (3): 160 kB | 61/211 kB | 13 kB Progress (3): 160 kB | 66/211 kB | 13 kB Progress (3): 160 kB | 70/211 kB | 13 kB Progress (3): 160 kB | 74/211 kB | 13 kB Progress (3): 160 kB | 78/211 kB | 13 kB Progress (3): 160 kB | 82/211 kB | 13 kB Progress (3): 160 kB | 86/211 kB | 13 kB Progress (3): 160 kB | 90/211 kB | 13 kB Progress (3): 160 kB | 94/211 kB | 13 kB Progress (3): 160 kB | 98/211 kB | 13 kB Progress (3): 160 kB | 102/211 kB | 13 kB Progress (3): 160 kB | 106/211 kB | 13 kB Progress (3): 160 kB | 111/211 kB | 13 kB Progress (3): 160 kB | 115/211 kB | 13 kB Progress (3): 160 kB | 119/211 kB | 13 kB Progress (3): 160 kB | 123/211 kB | 13 kB Progress (3): 160 kB | 127/211 kB | 13 kB Progress (3): 160 kB | 131/211 kB | 13 kB Progress (3): 160 kB | 135/211 kB | 13 kB Progress (3): 160 kB | 139/211 kB | 13 kB Progress (3): 160 kB | 143/211 kB | 13 kB Progress (3): 160 kB | 147/211 kB | 13 kB Progress (3): 160 kB | 152/211 kB | 13 kB Progress (3): 160 kB | 156/211 kB | 13 kB Progress (3): 160 kB | 160/211 kB | 13 kB Progress (3): 160 kB | 164/211 kB | 13 kB Progress (3): 160 kB | 168/211 kB | 13 kB Progress (3): 160 kB | 172/211 kB | 13 kB Progress (3): 160 kB | 176/211 kB | 13 kB Progress (3): 160 kB | 180/211 kB | 13 kB Progress (3): 160 kB | 184/211 kB | 13 kB Progress (3): 160 kB | 188/211 kB | 13 kB Progress (3): 160 kB | 193/211 kB | 13 kB Progress (3): 160 kB | 197/211 kB | 13 kB Progress (3): 160 kB | 201/211 kB | 13 kB Progress (3): 160 kB | 205/211 kB | 13 kB Progress (3): 160 kB | 209/211 kB | 13 kB Progress (3): 160 kB | 211 kB | 13 kB Progress (4): 160 kB | 211 kB | 13 kB | 4.1/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 7.7/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 12/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 16/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 20/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 24/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 28/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 32/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 36/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 41/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 45/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 49/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 53/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 57/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 61/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 65/89 kB Progress (5): 160 kB | 211 kB | 13 kB | 65/89 kB | 4.1/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 65/89 kB | 7.7/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 69/89 kB | 7.7/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 69/89 kB | 12/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 73/89 kB | 12/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 73/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 77/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 20/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 24/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 86/89 kB | 24/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 86/89 kB | 28/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 28/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 32/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 36/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 41/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 45/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 49/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 832 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/21 kB Progress (1): 7.7/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/35 kB Progress (2): 21 kB | 7.7/35 kB Progress (2): 21 kB | 12/35 kB Progress (2): 21 kB | 16/35 kB Progress (2): 21 kB | 20/35 kB Progress (2): 21 kB | 24/35 kB Progress (2): 21 kB | 28/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Progress (3): 21 kB | 35 kB | 4.1/87 kB Progress (3): 21 kB | 35 kB | 7.7/87 kB Progress (3): 21 kB | 35 kB | 12/87 kB Progress (3): 21 kB | 35 kB | 16/87 kB Progress (3): 21 kB | 35 kB | 20/87 kB Progress (3): 21 kB | 35 kB | 24/87 kB Progress (3): 21 kB | 35 kB | 28/87 kB Progress (3): 21 kB | 35 kB | 32/87 kB Progress (3): 21 kB | 35 kB | 36/87 kB Progress (3): 21 kB | 35 kB | 41/87 kB Progress (3): 21 kB | 35 kB | 45/87 kB Progress (3): 21 kB | 35 kB | 49/87 kB Progress (3): 21 kB | 35 kB | 53/87 kB Progress (3): 21 kB | 35 kB | 57/87 kB Progress (3): 21 kB | 35 kB | 61/87 kB Progress (3): 21 kB | 35 kB | 65/87 kB Progress (3): 21 kB | 35 kB | 69/87 kB Progress (3): 21 kB | 35 kB | 73/87 kB Progress (3): 21 kB | 35 kB | 77/87 kB Progress (3): 21 kB | 35 kB | 81/87 kB Progress (3): 21 kB | 35 kB | 86/87 kB Progress (3): 21 kB | 35 kB | 87 kB Progress (4): 21 kB | 35 kB | 87 kB | 4.1/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 7.7/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 12/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 384 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (4): 21 kB | 87 kB | 14 kB | 4.1/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 7.7/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 12/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 16/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 20/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 24/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 801 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (3): 14 kB | 25 kB | 4.1/122 kB Progress (3): 14 kB | 25 kB | 7.7/122 kB Progress (3): 14 kB | 25 kB | 12/122 kB Progress (3): 14 kB | 25 kB | 16/122 kB Progress (3): 14 kB | 25 kB | 20/122 kB Progress (3): 14 kB | 25 kB | 24/122 kB Progress (3): 14 kB | 25 kB | 28/122 kB Progress (3): 14 kB | 25 kB | 32/122 kB Progress (3): 14 kB | 25 kB | 36/122 kB Progress (3): 14 kB | 25 kB | 41/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 121 kB/s) Progress (2): 25 kB | 45/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (2): 25 kB | 49/122 kB Progress (2): 25 kB | 53/122 kB Progress (2): 25 kB | 57/122 kB Progress (2): 25 kB | 61/122 kB Progress (2): 25 kB | 65/122 kB Progress (2): 25 kB | 69/122 kB Progress (2): 25 kB | 73/122 kB Progress (2): 25 kB | 77/122 kB Progress (2): 25 kB | 81/122 kB Progress (2): 25 kB | 86/122 kB Progress (2): 25 kB | 90/122 kB Progress (2): 25 kB | 94/122 kB Progress (2): 25 kB | 98/122 kB Progress (2): 25 kB | 102/122 kB Progress (2): 25 kB | 106/122 kB Progress (2): 25 kB | 110/122 kB Progress (2): 25 kB | 114/122 kB Progress (2): 25 kB | 118/122 kB Progress (2): 25 kB | 122 kB Progress (3): 25 kB | 122 kB | 4.1/29 kB Progress (3): 25 kB | 122 kB | 7.7/29 kB Progress (3): 25 kB | 122 kB | 12/29 kB Progress (3): 25 kB | 122 kB | 16/29 kB Progress (3): 25 kB | 122 kB | 20/29 kB Progress (3): 25 kB | 122 kB | 24/29 kB Progress (3): 25 kB | 122 kB | 28/29 kB Progress (3): 25 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 909 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Progress (2): 29 kB | 4.1/37 kB Progress (2): 29 kB | 7.7/37 kB Progress (2): 29 kB | 12/37 kB Progress (2): 29 kB | 16/37 kB Progress (2): 29 kB | 20/37 kB Progress (2): 29 kB | 24/37 kB Progress (2): 29 kB | 28/37 kB Progress (2): 29 kB | 32/37 kB Progress (2): 29 kB | 36/37 kB Progress (2): 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (2): 37 kB | 4.1/58 kB Progress (2): 37 kB | 7.7/58 kB Progress (2): 37 kB | 12/58 kB Progress (2): 37 kB | 16/58 kB Progress (2): 37 kB | 20/58 kB Progress (2): 37 kB | 24/58 kB Progress (2): 37 kB | 28/58 kB Progress (2): 37 kB | 32/58 kB Progress (2): 37 kB | 36/58 kB Progress (2): 37 kB | 41/58 kB Progress (2): 37 kB | 45/58 kB Progress (2): 37 kB | 49/58 kB Progress (2): 37 kB | 53/58 kB Progress (2): 37 kB | 57/58 kB Progress (2): 37 kB | 58 kB Progress (3): 37 kB | 58 kB | 4.1/33 kB Progress (3): 37 kB | 58 kB | 7.7/33 kB Progress (3): 37 kB | 58 kB | 12/33 kB Progress (3): 37 kB | 58 kB | 16/33 kB Progress (3): 37 kB | 58 kB | 20/33 kB Progress (3): 37 kB | 58 kB | 24/33 kB Progress (3): 37 kB | 58 kB | 28/33 kB Progress (3): 37 kB | 58 kB | 32/33 kB Progress (3): 37 kB | 58 kB | 33 kB Progress (4): 37 kB | 58 kB | 33 kB | 4.1/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 7.7/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 12/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 16/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 20/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 24/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 28/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 32/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 36/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 41/155 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 58 kB | 33 kB | 45/155 kB Progress (3): 58 kB | 33 kB | 49/155 kB Progress (3): 58 kB | 33 kB | 53/155 kB Progress (3): 58 kB | 33 kB | 57/155 kB Progress (3): 58 kB | 33 kB | 61/155 kB Progress (3): 58 kB | 33 kB | 65/155 kB Progress (3): 58 kB | 33 kB | 69/155 kB Progress (3): 58 kB | 33 kB | 73/155 kB Progress (3): 58 kB | 33 kB | 77/155 kB Progress (3): 58 kB | 33 kB | 81/155 kB Progress (3): 58 kB | 33 kB | 86/155 kB Progress (4): 58 kB | 33 kB | 86/155 kB | 4.1/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 4.1/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 7.7/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 94/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 98/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 102/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 106/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 110/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 114/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 118/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 122/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 127/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 131/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 135/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 139/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 143/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 147/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 151/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 155 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 338 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 844 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (2): 10 kB | 4.1/32 kB Progress (2): 10 kB | 7.7/32 kB Progress (2): 10 kB | 12/32 kB Progress (2): 10 kB | 16/32 kB Progress (2): 10 kB | 20/32 kB Progress (2): 10 kB | 24/32 kB Progress (2): 10 kB | 28/32 kB Progress (2): 10 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 32 kB | 4.1/4.2 kB Progress (2): 32 kB | 4.2 kB Progress (3): 32 kB | 4.2 kB | 4.1/14 kB Progress (3): 32 kB | 4.2 kB | 7.7/14 kB Progress (3): 32 kB | 4.2 kB | 12/14 kB Progress (3): 32 kB | 4.2 kB | 14 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 4.1/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 7.7/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 12/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 16/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 20/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 24/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (4): 4.2 kB | 14 kB | 25 kB | 4.1/4.6 kB Progress (4): 4.2 kB | 14 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (4): 14 kB | 25 kB | 4.6 kB | 4.1/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 8.2/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 12/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 16/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 60 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (3): 4.6 kB | 19 kB | 4.1/217 kB Progress (3): 4.6 kB | 19 kB | 7.7/217 kB Progress (3): 4.6 kB | 19 kB | 12/217 kB Progress (3): 4.6 kB | 19 kB | 16/217 kB Progress (3): 4.6 kB | 19 kB | 20/217 kB Progress (3): 4.6 kB | 19 kB | 24/217 kB Progress (3): 4.6 kB | 19 kB | 28/217 kB Progress (3): 4.6 kB | 19 kB | 32/217 kB Progress (3): 4.6 kB | 19 kB | 36/217 kB Progress (3): 4.6 kB | 19 kB | 41/217 kB Progress (3): 4.6 kB | 19 kB | 45/217 kB Progress (3): 4.6 kB | 19 kB | 49/217 kB Progress (3): 4.6 kB | 19 kB | 53/217 kB Progress (3): 4.6 kB | 19 kB | 57/217 kB Progress (3): 4.6 kB | 19 kB | 61/217 kB Progress (3): 4.6 kB | 19 kB | 65/217 kB Progress (3): 4.6 kB | 19 kB | 69/217 kB Progress (3): 4.6 kB | 19 kB | 73/217 kB Progress (3): 4.6 kB | 19 kB | 77/217 kB Progress (3): 4.6 kB | 19 kB | 81/217 kB Progress (3): 4.6 kB | 19 kB | 86/217 kB Progress (3): 4.6 kB | 19 kB | 90/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 20 kB/s) Progress (2): 19 kB | 94/217 kB Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (2): 19 kB | 98/217 kB Progress (2): 19 kB | 102/217 kB Progress (2): 19 kB | 106/217 kB Progress (2): 19 kB | 110/217 kB Progress (2): 19 kB | 114/217 kB Progress (2): 19 kB | 118/217 kB Progress (2): 19 kB | 122/217 kB Progress (2): 19 kB | 127/217 kB Progress (2): 19 kB | 131/217 kB Progress (2): 19 kB | 135/217 kB Progress (2): 19 kB | 139/217 kB Progress (2): 19 kB | 143/217 kB Progress (2): 19 kB | 147/217 kB Progress (2): 19 kB | 151/217 kB Progress (2): 19 kB | 155/217 kB Progress (2): 19 kB | 159/217 kB Progress (2): 19 kB | 163/217 kB Progress (2): 19 kB | 167/217 kB Progress (2): 19 kB | 172/217 kB Progress (2): 19 kB | 176/217 kB Progress (2): 19 kB | 180/217 kB Progress (2): 19 kB | 184/217 kB Progress (2): 19 kB | 188/217 kB Progress (2): 19 kB | 192/217 kB Progress (2): 19 kB | 196/217 kB Progress (2): 19 kB | 200/217 kB Progress (2): 19 kB | 204/217 kB Progress (2): 19 kB | 208/217 kB Progress (2): 19 kB | 213/217 kB Progress (2): 19 kB | 217/217 kB Progress (2): 19 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (2): 217 kB | 4.1/46 kB Progress (2): 217 kB | 7.7/46 kB Progress (2): 217 kB | 12/46 kB Progress (2): 217 kB | 16/46 kB Progress (2): 217 kB | 20/46 kB Progress (2): 217 kB | 24/46 kB Progress (2): 217 kB | 28/46 kB Progress (2): 217 kB | 32/46 kB Progress (2): 217 kB | 36/46 kB Progress (2): 217 kB | 41/46 kB Progress (2): 217 kB | 45/46 kB Progress (2): 217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 860 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (2): 46 kB | 4.1/134 kB Progress (2): 46 kB | 7.7/134 kB Progress (2): 46 kB | 12/134 kB Progress (2): 46 kB | 16/134 kB Progress (2): 46 kB | 20/134 kB Progress (2): 46 kB | 24/134 kB Progress (2): 46 kB | 28/134 kB Progress (2): 46 kB | 32/134 kB Progress (2): 46 kB | 36/134 kB Progress (2): 46 kB | 40/134 kB Progress (2): 46 kB | 44/134 kB Progress (2): 46 kB | 48/134 kB Progress (2): 46 kB | 53/134 kB Progress (2): 46 kB | 57/134 kB Progress (2): 46 kB | 61/134 kB Progress (2): 46 kB | 65/134 kB Progress (2): 46 kB | 69/134 kB Progress (2): 46 kB | 73/134 kB Progress (2): 46 kB | 77/134 kB Progress (2): 46 kB | 81/134 kB Progress (2): 46 kB | 85/134 kB Progress (2): 46 kB | 89/134 kB Progress (2): 46 kB | 93/134 kB Progress (2): 46 kB | 98/134 kB Progress (2): 46 kB | 102/134 kB Progress (2): 46 kB | 106/134 kB Progress (2): 46 kB | 110/134 kB Progress (2): 46 kB | 114/134 kB Progress (2): 46 kB | 118/134 kB Progress (2): 46 kB | 122/134 kB Progress (2): 46 kB | 126/134 kB Progress (2): 46 kB | 130/134 kB Progress (2): 46 kB | 134 kB Progress (3): 46 kB | 134 kB | 4.1/358 kB Progress (3): 46 kB | 134 kB | 7.7/358 kB Progress (3): 46 kB | 134 kB | 12/358 kB Progress (3): 46 kB | 134 kB | 16/358 kB Progress (3): 46 kB | 134 kB | 20/358 kB Progress (3): 46 kB | 134 kB | 24/358 kB Progress (3): 46 kB | 134 kB | 28/358 kB Progress (3): 46 kB | 134 kB | 32/358 kB Progress (3): 46 kB | 134 kB | 36/358 kB Progress (3): 46 kB | 134 kB | 41/358 kB Progress (4): 46 kB | 134 kB | 41/358 kB | 4.1/45 kB Progress (4): 46 kB | 134 kB | 41/358 kB | 7.7/45 kB Progress (4): 46 kB | 134 kB | 45/358 kB | 7.7/45 kB Progress (4): 46 kB | 134 kB | 45/358 kB | 12/45 kB Progress (4): 46 kB | 134 kB | 49/358 kB | 12/45 kB Progress (4): 46 kB | 134 kB | 49/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 53/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 20/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 24/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 28/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 61/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 65/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 65/358 kB | 36/45 kB Progress (4): 46 kB | 134 kB | 69/358 kB | 36/45 kB Progress (4): 46 kB | 134 kB | 69/358 kB | 41/45 kB Progress (4): 46 kB | 134 kB | 73/358 kB | 41/45 kB Progress (4): 46 kB | 134 kB | 73/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 77/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 81/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 86/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 90/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 94/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 98/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 102/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 106/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 110/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 114/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 118/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 122/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 127/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 131/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 135/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 139/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 143/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 147/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 151/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 155/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 159/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 163/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 167/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 172/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 176/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 180/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 184/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 188/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 192/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 196/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 200/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 204/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 208/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 213/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 217/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 221/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 225/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 229/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 233/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 237/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 241/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 245/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 249/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 254/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 258/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 262/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 266/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 270/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 274/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 278/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 282/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 286/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 290/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 294/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 299/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 303/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 307/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 311/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 315/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 319/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 323/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 327/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 331/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 335/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 340/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 344/358 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 169 kB/s) Progress (3): 134 kB | 348/358 kB | 45 kB Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (3): 134 kB | 352/358 kB | 45 kB Progress (3): 134 kB | 356/358 kB | 45 kB Progress (3): 134 kB | 358 kB | 45 kB Progress (4): 134 kB | 358 kB | 45 kB | 4.1/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 7.7/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 20/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 24/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 28/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 32/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 36/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 57/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 61/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 65/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 69/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 73/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 77/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 81/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 90/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 102/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 106/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 110/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 114/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 118/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 122/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 127/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 131/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 135/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 139/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 143/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 147/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 151/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 155/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 159/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 163/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 167/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 172/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 176/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 180/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 184/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 188/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 192/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 196/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 200/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 204/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 208/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 213/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 217/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 221/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 225/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 229/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 233/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 237/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 241/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 245/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 249/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 254/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 258/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 262/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 266/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 270/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 274/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 278/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 282/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 286/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 290/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 294/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 299/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 303/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 307/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 311/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 315/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 319/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 323/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 327/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 331/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 335/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 340/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 344/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 348/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 352/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 356/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 360/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 364/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 368/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 372/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 376/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 380/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 385/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 389/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 393/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 397/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 401/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 405/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 409/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 413/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 417/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 473 kB/s) Progress (3): 358 kB | 45 kB | 421/640 kB Progress (3): 358 kB | 45 kB | 426/640 kB Progress (3): 358 kB | 45 kB | 430/640 kB Progress (3): 358 kB | 45 kB | 434/640 kB Progress (3): 358 kB | 45 kB | 438/640 kB Progress (3): 358 kB | 45 kB | 442/640 kB Progress (3): 358 kB | 45 kB | 446/640 kB Progress (3): 358 kB | 45 kB | 450/640 kB Progress (3): 358 kB | 45 kB | 454/640 kB Progress (3): 358 kB | 45 kB | 458/640 kB Progress (3): 358 kB | 45 kB | 462/640 kB Progress (3): 358 kB | 45 kB | 466/640 kB Progress (3): 358 kB | 45 kB | 471/640 kB Progress (3): 358 kB | 45 kB | 475/640 kB Progress (3): 358 kB | 45 kB | 479/640 kB Progress (3): 358 kB | 45 kB | 481/640 kB Progress (3): 358 kB | 45 kB | 486/640 kB Progress (3): 358 kB | 45 kB | 490/640 kB Progress (3): 358 kB | 45 kB | 494/640 kB Progress (3): 358 kB | 45 kB | 498/640 kB Progress (3): 358 kB | 45 kB | 502/640 kB Progress (3): 358 kB | 45 kB | 506/640 kB Progress (3): 358 kB | 45 kB | 510/640 kB Progress (3): 358 kB | 45 kB | 514/640 kB Progress (3): 358 kB | 45 kB | 518/640 kB Progress (3): 358 kB | 45 kB | 522/640 kB Progress (3): 358 kB | 45 kB | 526/640 kB Progress (3): 358 kB | 45 kB | 531/640 kB Progress (3): 358 kB | 45 kB | 535/640 kB Progress (3): 358 kB | 45 kB | 539/640 kB Progress (3): 358 kB | 45 kB | 543/640 kB Progress (3): 358 kB | 45 kB | 547/640 kB Progress (3): 358 kB | 45 kB | 551/640 kB Progress (3): 358 kB | 45 kB | 555/640 kB Progress (3): 358 kB | 45 kB | 559/640 kB Progress (3): 358 kB | 45 kB | 563/640 kB Progress (3): 358 kB | 45 kB | 567/640 kB Progress (3): 358 kB | 45 kB | 572/640 kB Progress (3): 358 kB | 45 kB | 576/640 kB Progress (3): 358 kB | 45 kB | 580/640 kB Progress (3): 358 kB | 45 kB | 584/640 kB Progress (3): 358 kB | 45 kB | 588/640 kB Progress (3): 358 kB | 45 kB | 592/640 kB Progress (3): 358 kB | 45 kB | 596/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 156 kB/s) Progress (2): 358 kB | 600/640 kB Progress (2): 358 kB | 604/640 kB Progress (2): 358 kB | 608/640 kB Progress (2): 358 kB | 612/640 kB Progress (2): 358 kB | 617/640 kB Progress (2): 358 kB | 621/640 kB Progress (2): 358 kB | 625/640 kB Progress (2): 358 kB | 629/640 kB Progress (2): 358 kB | 633/640 kB Progress (2): 358 kB | 637/640 kB Progress (2): 358 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.2 MB/s) Progress (2): 640 kB | 4.1/121 kB Progress (2): 640 kB | 7.7/121 kB Progress (2): 640 kB | 12/121 kB Progress (2): 640 kB | 16/121 kB Progress (2): 640 kB | 20/121 kB Progress (2): 640 kB | 24/121 kB Progress (2): 640 kB | 28/121 kB Progress (2): 640 kB | 32/121 kB Progress (2): 640 kB | 36/121 kB Progress (2): 640 kB | 40/121 kB Progress (2): 640 kB | 44/121 kB Progress (2): 640 kB | 48/121 kB Progress (2): 640 kB | 53/121 kB Progress (2): 640 kB | 57/121 kB Progress (2): 640 kB | 61/121 kB Progress (2): 640 kB | 65/121 kB Progress (2): 640 kB | 69/121 kB Progress (2): 640 kB | 73/121 kB Progress (2): 640 kB | 77/121 kB Progress (2): 640 kB | 81/121 kB Progress (2): 640 kB | 85/121 kB Progress (2): 640 kB | 89/121 kB Progress (2): 640 kB | 94/121 kB Progress (2): 640 kB | 98/121 kB Progress (2): 640 kB | 102/121 kB Progress (2): 640 kB | 106/121 kB Progress (2): 640 kB | 110/121 kB Progress (2): 640 kB | 114/121 kB Progress (2): 640 kB | 118/121 kB Progress (2): 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 371 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 315 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 699 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 453 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/263 kB Progress (1): 7.7/263 kB Progress (1): 12/263 kB Progress (1): 16/263 kB Progress (1): 20/263 kB Progress (1): 24/263 kB Progress (1): 28/263 kB Progress (1): 32/263 kB Progress (1): 36/263 kB Progress (1): 41/263 kB Progress (1): 45/263 kB Progress (1): 49/263 kB Progress (1): 53/263 kB Progress (1): 57/263 kB Progress (1): 61/263 kB Progress (1): 65/263 kB Progress (1): 69/263 kB Progress (1): 73/263 kB Progress (1): 77/263 kB Progress (1): 81/263 kB Progress (1): 86/263 kB Progress (1): 90/263 kB Progress (1): 94/263 kB Progress (1): 98/263 kB Progress (1): 102/263 kB Progress (1): 106/263 kB Progress (1): 110/263 kB Progress (1): 114/263 kB Progress (1): 118/263 kB Progress (1): 122/263 kB Progress (1): 127/263 kB Progress (1): 131/263 kB Progress (1): 135/263 kB Progress (1): 139/263 kB Progress (1): 143/263 kB Progress (1): 147/263 kB Progress (1): 151/263 kB Progress (1): 155/263 kB Progress (2): 155/263 kB | 4.1/316 kB Progress (2): 159/263 kB | 4.1/316 kB Progress (2): 163/263 kB | 4.1/316 kB Progress (2): 163/263 kB | 7.7/316 kB Progress (2): 167/263 kB | 7.7/316 kB Progress (2): 167/263 kB | 12/316 kB Progress (2): 172/263 kB | 12/316 kB Progress (2): 176/263 kB | 12/316 kB Progress (2): 176/263 kB | 16/316 kB Progress (2): 180/263 kB | 16/316 kB Progress (2): 180/263 kB | 20/316 kB Progress (2): 184/263 kB | 20/316 kB Progress (2): 184/263 kB | 24/316 kB Progress (2): 188/263 kB | 24/316 kB Progress (2): 188/263 kB | 28/316 kB Progress (2): 192/263 kB | 28/316 kB Progress (2): 196/263 kB | 28/316 kB Progress (2): 200/263 kB | 28/316 kB Progress (2): 204/263 kB | 28/316 kB Progress (2): 204/263 kB | 32/316 kB Progress (2): 208/263 kB | 32/316 kB Progress (2): 208/263 kB | 36/316 kB Progress (2): 213/263 kB | 36/316 kB Progress (2): 213/263 kB | 40/316 kB Progress (2): 213/263 kB | 44/316 kB Progress (2): 217/263 kB | 44/316 kB Progress (2): 217/263 kB | 48/316 kB Progress (2): 221/263 kB | 48/316 kB Progress (2): 221/263 kB | 53/316 kB Progress (2): 225/263 kB | 53/316 kB Progress (2): 225/263 kB | 57/316 kB Progress (2): 229/263 kB | 57/316 kB Progress (2): 229/263 kB | 61/316 kB Progress (2): 233/263 kB | 61/316 kB Progress (2): 237/263 kB | 61/316 kB Progress (2): 241/263 kB | 61/316 kB Progress (2): 245/263 kB | 61/316 kB Progress (2): 249/263 kB | 61/316 kB Progress (2): 254/263 kB | 61/316 kB Progress (2): 258/263 kB | 61/316 kB Progress (2): 262/263 kB | 61/316 kB Progress (2): 263 kB | 61/316 kB Progress (2): 263 kB | 65/316 kB Progress (2): 263 kB | 69/316 kB Progress (2): 263 kB | 73/316 kB Progress (2): 263 kB | 77/316 kB Progress (2): 263 kB | 81/316 kB Progress (2): 263 kB | 85/316 kB Progress (2): 263 kB | 89/316 kB Progress (2): 263 kB | 94/316 kB Progress (2): 263 kB | 98/316 kB Progress (2): 263 kB | 102/316 kB Progress (2): 263 kB | 106/316 kB Progress (2): 263 kB | 110/316 kB Progress (2): 263 kB | 114/316 kB Progress (2): 263 kB | 118/316 kB Progress (2): 263 kB | 122/316 kB Progress (2): 263 kB | 126/316 kB Progress (2): 263 kB | 130/316 kB Progress (2): 263 kB | 134/316 kB Progress (2): 263 kB | 139/316 kB Progress (2): 263 kB | 143/316 kB Progress (3): 263 kB | 143/316 kB | 4.1/35 kB Progress (3): 263 kB | 143/316 kB | 7.7/35 kB Progress (3): 263 kB | 143/316 kB | 12/35 kB Progress (3): 263 kB | 143/316 kB | 16/35 kB Progress (3): 263 kB | 143/316 kB | 20/35 kB Progress (3): 263 kB | 143/316 kB | 24/35 kB Progress (3): 263 kB | 143/316 kB | 28/35 kB Progress (3): 263 kB | 143/316 kB | 32/35 kB Progress (3): 263 kB | 143/316 kB | 35 kB Progress (3): 263 kB | 147/316 kB | 35 kB Progress (3): 263 kB | 151/316 kB | 35 kB Progress (3): 263 kB | 155/316 kB | 35 kB Progress (3): 263 kB | 159/316 kB | 35 kB Progress (3): 263 kB | 163/316 kB | 35 kB Progress (3): 263 kB | 167/316 kB | 35 kB Progress (3): 263 kB | 171/316 kB | 35 kB Progress (3): 263 kB | 175/316 kB | 35 kB Progress (3): 263 kB | 180/316 kB | 35 kB Progress (3): 263 kB | 184/316 kB | 35 kB Progress (3): 263 kB | 188/316 kB | 35 kB Progress (3): 263 kB | 192/316 kB | 35 kB Progress (3): 263 kB | 196/316 kB | 35 kB Progress (3): 263 kB | 200/316 kB | 35 kB Progress (3): 263 kB | 204/316 kB | 35 kB Progress (3): 263 kB | 208/316 kB | 35 kB Progress (3): 263 kB | 212/316 kB | 35 kB Progress (3): 263 kB | 216/316 kB | 35 kB Progress (3): 263 kB | 220/316 kB | 35 kB Progress (3): 263 kB | 225/316 kB | 35 kB Progress (3): 263 kB | 229/316 kB | 35 kB Progress (3): 263 kB | 233/316 kB | 35 kB Progress (3): 263 kB | 237/316 kB | 35 kB Progress (3): 263 kB | 241/316 kB | 35 kB Progress (3): 263 kB | 245/316 kB | 35 kB Progress (3): 263 kB | 249/316 kB | 35 kB Progress (3): 263 kB | 253/316 kB | 35 kB Progress (3): 263 kB | 257/316 kB | 35 kB Progress (3): 263 kB | 261/316 kB | 35 kB Progress (3): 263 kB | 266/316 kB | 35 kB Progress (3): 263 kB | 270/316 kB | 35 kB Progress (3): 263 kB | 274/316 kB | 35 kB Progress (3): 263 kB | 278/316 kB | 35 kB Progress (3): 263 kB | 282/316 kB | 35 kB Progress (3): 263 kB | 286/316 kB | 35 kB Progress (3): 263 kB | 290/316 kB | 35 kB Progress (3): 263 kB | 294/316 kB | 35 kB Progress (3): 263 kB | 298/316 kB | 35 kB Progress (3): 263 kB | 302/316 kB | 35 kB Progress (3): 263 kB | 307/316 kB | 35 kB Progress (3): 263 kB | 311/316 kB | 35 kB Progress (3): 263 kB | 315/316 kB | 35 kB Progress (3): 263 kB | 316 kB | 35 kB Progress (4): 263 kB | 316 kB | 35 kB | 4.1/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 7.7/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 12/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 16/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 20/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 24/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 28/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 31 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 4.1/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 7.7/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 12/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 16/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 20/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 24/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 28/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 32/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 36/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 41/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 45/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 49/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 53/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 57/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 61/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 65/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 69/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 73/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 77/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 81/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 86/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 90/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 94/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 98/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 102/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 106/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 110/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 114/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 6.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 7.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 680 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 526 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 118 kB | 4.1/232 kB Progress (2): 118 kB | 7.7/232 kB Progress (2): 118 kB | 12/232 kB Progress (2): 118 kB | 16/232 kB Progress (2): 118 kB | 20/232 kB Progress (2): 118 kB | 24/232 kB Progress (2): 118 kB | 28/232 kB Progress (2): 118 kB | 32/232 kB Progress (2): 118 kB | 36/232 kB Progress (2): 118 kB | 41/232 kB Progress (2): 118 kB | 45/232 kB Progress (2): 118 kB | 49/232 kB Progress (2): 118 kB | 53/232 kB Progress (2): 118 kB | 57/232 kB Progress (2): 118 kB | 61/232 kB Progress (2): 118 kB | 65/232 kB Progress (2): 118 kB | 69/232 kB Progress (2): 118 kB | 73/232 kB Progress (2): 118 kB | 77/232 kB Progress (2): 118 kB | 81/232 kB Progress (2): 118 kB | 86/232 kB Progress (2): 118 kB | 90/232 kB Progress (2): 118 kB | 94/232 kB Progress (2): 118 kB | 98/232 kB Progress (2): 118 kB | 102/232 kB Progress (2): 118 kB | 106/232 kB Progress (2): 118 kB | 110/232 kB Progress (2): 118 kB | 114/232 kB Progress (2): 118 kB | 118/232 kB Progress (2): 118 kB | 122/232 kB Progress (2): 118 kB | 127/232 kB Progress (2): 118 kB | 131/232 kB Progress (2): 118 kB | 135/232 kB Progress (2): 118 kB | 139/232 kB Progress (2): 118 kB | 143/232 kB Progress (2): 118 kB | 147/232 kB Progress (2): 118 kB | 151/232 kB Progress (2): 118 kB | 155/232 kB Progress (2): 118 kB | 159/232 kB Progress (2): 118 kB | 163/232 kB Progress (2): 118 kB | 167/232 kB Progress (2): 118 kB | 172/232 kB Progress (2): 118 kB | 176/232 kB Progress (2): 118 kB | 180/232 kB Progress (2): 118 kB | 184/232 kB Progress (2): 118 kB | 188/232 kB Progress (2): 118 kB | 192/232 kB Progress (2): 118 kB | 196/232 kB Progress (2): 118 kB | 200/232 kB Progress (2): 118 kB | 204/232 kB Progress (2): 118 kB | 208/232 kB Progress (2): 118 kB | 213/232 kB Progress (2): 118 kB | 217/232 kB Progress (2): 118 kB | 221/232 kB Progress (2): 118 kB | 225/232 kB Progress (2): 118 kB | 229/232 kB Progress (2): 118 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 1.8 MB/s) Progress (2): 232 kB | 4.1/10 kB Progress (2): 232 kB | 7.7/10 kB Progress (2): 232 kB | 10 kB Progress (3): 232 kB | 10 kB | 4.1/38 kB Progress (3): 232 kB | 10 kB | 7.7/38 kB Progress (3): 232 kB | 10 kB | 12/38 kB Progress (3): 232 kB | 10 kB | 16/38 kB Progress (3): 232 kB | 10 kB | 20/38 kB Progress (3): 232 kB | 10 kB | 24/38 kB Progress (3): 232 kB | 10 kB | 28/38 kB Progress (3): 232 kB | 10 kB | 32/38 kB Progress (3): 232 kB | 10 kB | 36/38 kB Progress (3): 232 kB | 10 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 110 kB/s) Progress (2): 38 kB | 4.1/14 kB Progress (2): 38 kB | 7.7/14 kB Progress (2): 38 kB | 12/14 kB Progress (2): 38 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 358 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 115 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 874 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 479 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 379 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 529 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 365 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 592 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/79 kB Progress (1): 7.7/79 kB Progress (1): 12/79 kB Progress (1): 16/79 kB Progress (1): 20/79 kB Progress (1): 24/79 kB Progress (1): 28/79 kB Progress (1): 32/79 kB Progress (1): 36/79 kB Progress (1): 41/79 kB Progress (1): 45/79 kB Progress (1): 49/79 kB Progress (1): 53/79 kB Progress (1): 57/79 kB Progress (1): 61/79 kB Progress (1): 65/79 kB Progress (1): 69/79 kB Progress (1): 73/79 kB Progress (1): 77/79 kB Progress (1): 79 kB Progress (2): 79 kB | 4.1/327 kB Progress (2): 79 kB | 7.7/327 kB Progress (2): 79 kB | 12/327 kB Progress (2): 79 kB | 16/327 kB Progress (3): 79 kB | 16/327 kB | 4.1/36 kB Progress (3): 79 kB | 20/327 kB | 4.1/36 kB Progress (3): 79 kB | 24/327 kB | 4.1/36 kB Progress (3): 79 kB | 24/327 kB | 7.7/36 kB Progress (3): 79 kB | 28/327 kB | 7.7/36 kB Progress (3): 79 kB | 28/327 kB | 12/36 kB Progress (3): 79 kB | 32/327 kB | 12/36 kB Progress (3): 79 kB | 32/327 kB | 16/36 kB Progress (3): 79 kB | 36/327 kB | 16/36 kB Progress (3): 79 kB | 41/327 kB | 16/36 kB Progress (3): 79 kB | 41/327 kB | 20/36 kB Progress (3): 79 kB | 45/327 kB | 20/36 kB Progress (3): 79 kB | 45/327 kB | 24/36 kB Progress (3): 79 kB | 49/327 kB | 24/36 kB Progress (3): 79 kB | 49/327 kB | 28/36 kB Progress (3): 79 kB | 49/327 kB | 32/36 kB Progress (3): 79 kB | 49/327 kB | 36 kB Progress (3): 79 kB | 53/327 kB | 36 kB Progress (3): 79 kB | 57/327 kB | 36 kB Progress (3): 79 kB | 61/327 kB | 36 kB Progress (3): 79 kB | 65/327 kB | 36 kB Progress (3): 79 kB | 69/327 kB | 36 kB Progress (3): 79 kB | 73/327 kB | 36 kB Progress (3): 79 kB | 77/327 kB | 36 kB Progress (3): 79 kB | 81/327 kB | 36 kB Progress (3): 79 kB | 86/327 kB | 36 kB Progress (3): 79 kB | 90/327 kB | 36 kB Progress (3): 79 kB | 94/327 kB | 36 kB Progress (3): 79 kB | 98/327 kB | 36 kB Progress (3): 79 kB | 102/327 kB | 36 kB Progress (3): 79 kB | 106/327 kB | 36 kB Progress (3): 79 kB | 110/327 kB | 36 kB Progress (3): 79 kB | 114/327 kB | 36 kB Progress (3): 79 kB | 118/327 kB | 36 kB Progress (3): 79 kB | 122/327 kB | 36 kB Progress (3): 79 kB | 127/327 kB | 36 kB Progress (3): 79 kB | 131/327 kB | 36 kB Progress (3): 79 kB | 135/327 kB | 36 kB Progress (3): 79 kB | 139/327 kB | 36 kB Progress (3): 79 kB | 143/327 kB | 36 kB Progress (3): 79 kB | 147/327 kB | 36 kB Progress (3): 79 kB | 151/327 kB | 36 kB Progress (3): 79 kB | 155/327 kB | 36 kB Progress (3): 79 kB | 159/327 kB | 36 kB Progress (3): 79 kB | 163/327 kB | 36 kB Progress (3): 79 kB | 167/327 kB | 36 kB Progress (3): 79 kB | 172/327 kB | 36 kB Progress (3): 79 kB | 176/327 kB | 36 kB Progress (3): 79 kB | 180/327 kB | 36 kB Progress (3): 79 kB | 184/327 kB | 36 kB Progress (3): 79 kB | 188/327 kB | 36 kB Progress (3): 79 kB | 192/327 kB | 36 kB Progress (3): 79 kB | 196/327 kB | 36 kB Progress (3): 79 kB | 200/327 kB | 36 kB Progress (3): 79 kB | 204/327 kB | 36 kB Progress (3): 79 kB | 208/327 kB | 36 kB Progress (3): 79 kB | 213/327 kB | 36 kB Progress (3): 79 kB | 217/327 kB | 36 kB Progress (3): 79 kB | 221/327 kB | 36 kB Progress (3): 79 kB | 225/327 kB | 36 kB Progress (3): 79 kB | 229/327 kB | 36 kB Progress (3): 79 kB | 233/327 kB | 36 kB Progress (3): 79 kB | 237/327 kB | 36 kB Progress (3): 79 kB | 241/327 kB | 36 kB Progress (3): 79 kB | 245/327 kB | 36 kB Progress (3): 79 kB | 249/327 kB | 36 kB Progress (3): 79 kB | 254/327 kB | 36 kB Progress (3): 79 kB | 258/327 kB | 36 kB Progress (3): 79 kB | 262/327 kB | 36 kB Progress (3): 79 kB | 266/327 kB | 36 kB Progress (3): 79 kB | 270/327 kB | 36 kB Progress (3): 79 kB | 274/327 kB | 36 kB Progress (3): 79 kB | 278/327 kB | 36 kB Progress (3): 79 kB | 282/327 kB | 36 kB Progress (3): 79 kB | 286/327 kB | 36 kB Progress (3): 79 kB | 290/327 kB | 36 kB Progress (3): 79 kB | 294/327 kB | 36 kB Progress (3): 79 kB | 299/327 kB | 36 kB Progress (3): 79 kB | 303/327 kB | 36 kB Progress (3): 79 kB | 307/327 kB | 36 kB Progress (3): 79 kB | 311/327 kB | 36 kB Progress (3): 79 kB | 315/327 kB | 36 kB Progress (3): 79 kB | 319/327 kB | 36 kB Progress (3): 79 kB | 323/327 kB | 36 kB Progress (3): 79 kB | 327 kB | 36 kB Progress (4): 79 kB | 327 kB | 36 kB | 4.1/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 7.7/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 12/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 16/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 20/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 24/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 28/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 32/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 36/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 4.1/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 7.7/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 12/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 16/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 20/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 24/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 790 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 7.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 748 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 26 kB | 2.5 kB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 404 kB/s) Progress (2): 2.5 kB | 0.1/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.3/1.0 MB Progress (2): 2.5 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 0.3/1.0 MB | 4.1/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 4.1/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 7.7/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 7.7/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 12/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 16/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 16/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 20/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 20/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 24/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 24/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 28/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 28/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 32/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 36/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 36/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 41/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 41/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 45/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 49/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 49/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 53/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 53/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 57/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 57/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 61/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 61/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 65/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 69/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 69/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 73/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 73/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 77/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 81/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 81/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 86/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 86/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 90/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 98/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 98/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 102/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 102/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 106/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 106/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 110/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 110/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 114/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 118/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 118/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 122/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 122/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 127/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 127/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 131/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 131/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 135/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 135/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 139/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 139/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 143/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 143/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 147/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 147/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 151/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 151/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 155/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 155/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 159/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 159/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 163/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 163/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 167/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 167/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 172/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 172/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 176/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 176/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 180/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 180/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 184/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 188/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 188/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 192/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 192/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 196/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 200/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 200/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 204/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 204/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 208/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0 MB | 211 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (3): 1.0 MB | 211 kB | 4.1/58 kB Progress (3): 1.0 MB | 211 kB | 7.7/58 kB Progress (3): 1.0 MB | 211 kB | 12/58 kB Progress (3): 1.0 MB | 211 kB | 16/58 kB Progress (3): 1.0 MB | 211 kB | 20/58 kB Progress (3): 1.0 MB | 211 kB | 24/58 kB Progress (3): 1.0 MB | 211 kB | 28/58 kB Progress (3): 1.0 MB | 211 kB | 32/58 kB Progress (3): 1.0 MB | 211 kB | 36/58 kB Progress (3): 1.0 MB | 211 kB | 41/58 kB Progress (3): 1.0 MB | 211 kB | 45/58 kB Progress (3): 1.0 MB | 211 kB | 49/58 kB Progress (3): 1.0 MB | 211 kB | 53/58 kB Progress (3): 1.0 MB | 211 kB | 57/58 kB Progress (3): 1.0 MB | 211 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (3): 1.0 MB | 58 kB | 4.1/116 kB Progress (3): 1.0 MB | 58 kB | 7.7/116 kB Progress (3): 1.0 MB | 58 kB | 12/116 kB Progress (3): 1.0 MB | 58 kB | 16/116 kB Progress (3): 1.0 MB | 58 kB | 20/116 kB Progress (3): 1.0 MB | 58 kB | 24/116 kB Progress (3): 1.0 MB | 58 kB | 28/116 kB Progress (3): 1.0 MB | 58 kB | 32/116 kB Progress (3): 1.0 MB | 58 kB | 36/116 kB Progress (3): 1.0 MB | 58 kB | 41/116 kB Progress (3): 1.0 MB | 58 kB | 45/116 kB Progress (3): 1.0 MB | 58 kB | 49/116 kB Progress (3): 1.0 MB | 58 kB | 53/116 kB Progress (3): 1.0 MB | 58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 61/116 kB Progress (3): 1.0 MB | 58 kB | 65/116 kB Progress (3): 1.0 MB | 58 kB | 69/116 kB Progress (3): 1.0 MB | 58 kB | 73/116 kB Progress (3): 1.0 MB | 58 kB | 77/116 kB Progress (3): 1.0 MB | 58 kB | 81/116 kB Progress (3): 1.0 MB | 58 kB | 86/116 kB Progress (3): 1.0 MB | 58 kB | 90/116 kB Progress (3): 1.0 MB | 58 kB | 94/116 kB Progress (3): 1.0 MB | 58 kB | 98/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 552 kB/s) Progress (3): 1.0 MB | 116 kB | 4.1/85 kB Progress (3): 1.0 MB | 116 kB | 7.7/85 kB Progress (3): 1.0 MB | 116 kB | 12/85 kB Progress (3): 1.0 MB | 116 kB | 16/85 kB Progress (3): 1.0 MB | 116 kB | 20/85 kB Progress (3): 1.0 MB | 116 kB | 24/85 kB Progress (3): 1.0 MB | 116 kB | 28/85 kB Progress (3): 1.0 MB | 116 kB | 32/85 kB Progress (3): 1.0 MB | 116 kB | 36/85 kB Progress (3): 1.0 MB | 116 kB | 41/85 kB Progress (3): 1.0 MB | 116 kB | 45/85 kB Progress (3): 1.0 MB | 116 kB | 49/85 kB Progress (3): 1.0 MB | 116 kB | 53/85 kB Progress (3): 1.0 MB | 116 kB | 57/85 kB Progress (3): 1.0 MB | 116 kB | 61/85 kB Progress (3): 1.0 MB | 116 kB | 65/85 kB Progress (3): 1.0 MB | 116 kB | 69/85 kB Progress (3): 1.0 MB | 116 kB | 73/85 kB Progress (3): 1.0 MB | 116 kB | 77/85 kB Progress (3): 1.0 MB | 116 kB | 81/85 kB Progress (3): 1.0 MB | 116 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.5 MB/s) Progress (3): 116 kB | 85 kB | 4.1/267 kB Progress (3): 116 kB | 85 kB | 7.7/267 kB Progress (3): 116 kB | 85 kB | 12/267 kB Progress (3): 116 kB | 85 kB | 16/267 kB Progress (3): 116 kB | 85 kB | 20/267 kB Progress (3): 116 kB | 85 kB | 24/267 kB Progress (3): 116 kB | 85 kB | 28/267 kB Progress (3): 116 kB | 85 kB | 32/267 kB Progress (3): 116 kB | 85 kB | 36/267 kB Progress (3): 116 kB | 85 kB | 41/267 kB Progress (3): 116 kB | 85 kB | 45/267 kB Progress (3): 116 kB | 85 kB | 49/267 kB Progress (3): 116 kB | 85 kB | 53/267 kB Progress (3): 116 kB | 85 kB | 57/267 kB Progress (3): 116 kB | 85 kB | 61/267 kB Progress (3): 116 kB | 85 kB | 65/267 kB Progress (3): 116 kB | 85 kB | 69/267 kB Progress (3): 116 kB | 85 kB | 73/267 kB Progress (3): 116 kB | 85 kB | 77/267 kB Progress (3): 116 kB | 85 kB | 81/267 kB Progress (3): 116 kB | 85 kB | 86/267 kB Progress (3): 116 kB | 85 kB | 90/267 kB Progress (3): 116 kB | 85 kB | 94/267 kB Progress (3): 116 kB | 85 kB | 98/267 kB Progress (3): 116 kB | 85 kB | 102/267 kB Progress (3): 116 kB | 85 kB | 106/267 kB Progress (3): 116 kB | 85 kB | 110/267 kB Progress (3): 116 kB | 85 kB | 114/267 kB Progress (3): 116 kB | 85 kB | 118/267 kB Progress (3): 116 kB | 85 kB | 122/267 kB Progress (3): 116 kB | 85 kB | 127/267 kB Progress (3): 116 kB | 85 kB | 131/267 kB Progress (3): 116 kB | 85 kB | 135/267 kB Progress (3): 116 kB | 85 kB | 139/267 kB Progress (3): 116 kB | 85 kB | 143/267 kB Progress (3): 116 kB | 85 kB | 147/267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 928 kB/s) Progress (2): 85 kB | 151/267 kB Progress (2): 85 kB | 155/267 kB Progress (2): 85 kB | 159/267 kB Progress (2): 85 kB | 163/267 kB Progress (2): 85 kB | 167/267 kB Progress (2): 85 kB | 172/267 kB Progress (2): 85 kB | 176/267 kB Progress (2): 85 kB | 180/267 kB Progress (2): 85 kB | 184/267 kB Progress (2): 85 kB | 188/267 kB Progress (2): 85 kB | 192/267 kB Progress (2): 85 kB | 196/267 kB Progress (2): 85 kB | 200/267 kB Progress (2): 85 kB | 204/267 kB Progress (2): 85 kB | 208/267 kB Progress (2): 85 kB | 213/267 kB Progress (2): 85 kB | 217/267 kB Progress (2): 85 kB | 221/267 kB Progress (2): 85 kB | 225/267 kB Progress (2): 85 kB | 229/267 kB Progress (2): 85 kB | 233/267 kB Progress (2): 85 kB | 237/267 kB Progress (2): 85 kB | 241/267 kB Progress (2): 85 kB | 245/267 kB Progress (2): 85 kB | 249/267 kB Progress (2): 85 kB | 254/267 kB Progress (2): 85 kB | 258/267 kB Progress (2): 85 kB | 262/267 kB Progress (2): 85 kB | 266/267 kB Progress (2): 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 637 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.8 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 456 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 572 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 211 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 960 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 439 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 348 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 566 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 489 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 368 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 295 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 149 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 656 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/153 kB Progress (1): 7.7/153 kB Progress (1): 12/153 kB Progress (1): 16/153 kB Progress (1): 20/153 kB Progress (1): 24/153 kB Progress (1): 28/153 kB Progress (1): 32/153 kB Progress (1): 36/153 kB Progress (1): 41/153 kB Progress (1): 45/153 kB Progress (1): 49/153 kB Progress (1): 53/153 kB Progress (1): 57/153 kB Progress (1): 61/153 kB Progress (2): 61/153 kB | 4.1/202 kB Progress (2): 65/153 kB | 4.1/202 kB Progress (2): 69/153 kB | 4.1/202 kB Progress (2): 69/153 kB | 7.7/202 kB Progress (2): 73/153 kB | 7.7/202 kB Progress (2): 73/153 kB | 12/202 kB Progress (2): 73/153 kB | 16/202 kB Progress (2): 77/153 kB | 16/202 kB Progress (2): 81/153 kB | 16/202 kB Progress (2): 81/153 kB | 20/202 kB Progress (2): 86/153 kB | 20/202 kB Progress (2): 86/153 kB | 24/202 kB Progress (2): 90/153 kB | 24/202 kB Progress (2): 90/153 kB | 28/202 kB Progress (2): 94/153 kB | 28/202 kB Progress (2): 94/153 kB | 32/202 kB Progress (2): 98/153 kB | 32/202 kB Progress (2): 98/153 kB | 36/202 kB Progress (2): 102/153 kB | 36/202 kB Progress (2): 102/153 kB | 41/202 kB Progress (2): 106/153 kB | 41/202 kB Progress (2): 106/153 kB | 45/202 kB Progress (2): 110/153 kB | 45/202 kB Progress (3): 110/153 kB | 45/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 45/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 49/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 49/202 kB | 7.7/49 kB Progress (3): 118/153 kB | 49/202 kB | 7.7/49 kB Progress (3): 118/153 kB | 49/202 kB | 12/49 kB Progress (3): 118/153 kB | 53/202 kB | 12/49 kB Progress (3): 118/153 kB | 53/202 kB | 16/49 kB Progress (3): 122/153 kB | 53/202 kB | 16/49 kB Progress (3): 122/153 kB | 57/202 kB | 16/49 kB Progress (3): 122/153 kB | 57/202 kB | 20/49 kB Progress (3): 127/153 kB | 57/202 kB | 20/49 kB Progress (3): 127/153 kB | 57/202 kB | 24/49 kB Progress (3): 127/153 kB | 61/202 kB | 24/49 kB Progress (3): 127/153 kB | 61/202 kB | 28/49 kB Progress (3): 131/153 kB | 61/202 kB | 28/49 kB Progress (3): 131/153 kB | 61/202 kB | 32/49 kB Progress (3): 131/153 kB | 65/202 kB | 32/49 kB Progress (3): 131/153 kB | 65/202 kB | 36/49 kB Progress (3): 135/153 kB | 65/202 kB | 36/49 kB Progress (3): 135/153 kB | 65/202 kB | 41/49 kB Progress (3): 135/153 kB | 69/202 kB | 41/49 kB Progress (3): 135/153 kB | 73/202 kB | 41/49 kB Progress (3): 135/153 kB | 73/202 kB | 45/49 kB Progress (3): 139/153 kB | 73/202 kB | 45/49 kB Progress (3): 139/153 kB | 73/202 kB | 49/49 kB Progress (3): 139/153 kB | 77/202 kB | 49/49 kB Progress (3): 139/153 kB | 77/202 kB | 49 kB Progress (3): 139/153 kB | 81/202 kB | 49 kB Progress (3): 143/153 kB | 81/202 kB | 49 kB Progress (3): 143/153 kB | 86/202 kB | 49 kB Progress (3): 147/153 kB | 86/202 kB | 49 kB Progress (3): 147/153 kB | 90/202 kB | 49 kB Progress (3): 151/153 kB | 90/202 kB | 49 kB Progress (3): 151/153 kB | 94/202 kB | 49 kB Progress (3): 153 kB | 94/202 kB | 49 kB Progress (3): 153 kB | 98/202 kB | 49 kB Progress (3): 153 kB | 102/202 kB | 49 kB Progress (3): 153 kB | 106/202 kB | 49 kB Progress (3): 153 kB | 110/202 kB | 49 kB Progress (3): 153 kB | 114/202 kB | 49 kB Progress (3): 153 kB | 118/202 kB | 49 kB Progress (3): 153 kB | 122/202 kB | 49 kB Progress (3): 153 kB | 127/202 kB | 49 kB Progress (3): 153 kB | 131/202 kB | 49 kB Progress (3): 153 kB | 135/202 kB | 49 kB Progress (3): 153 kB | 139/202 kB | 49 kB Progress (3): 153 kB | 143/202 kB | 49 kB Progress (3): 153 kB | 147/202 kB | 49 kB Progress (3): 153 kB | 151/202 kB | 49 kB Progress (3): 153 kB | 155/202 kB | 49 kB Progress (3): 153 kB | 159/202 kB | 49 kB Progress (3): 153 kB | 163/202 kB | 49 kB Progress (3): 153 kB | 167/202 kB | 49 kB Progress (3): 153 kB | 172/202 kB | 49 kB Progress (3): 153 kB | 176/202 kB | 49 kB Progress (3): 153 kB | 180/202 kB | 49 kB Progress (3): 153 kB | 184/202 kB | 49 kB Progress (3): 153 kB | 188/202 kB | 49 kB Progress (3): 153 kB | 192/202 kB | 49 kB Progress (3): 153 kB | 196/202 kB | 49 kB Progress (3): 153 kB | 200/202 kB | 49 kB Progress (3): 153 kB | 202 kB | 49 kB Progress (4): 153 kB | 202 kB | 49 kB | 4.1/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 7.7/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 12/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 16/472 kB Progress (5): 153 kB | 202 kB | 49 kB | 16/472 kB | 4.1/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 20/472 kB | 4.1/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 20/472 kB | 7.7/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 24/472 kB | 7.7/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 24/472 kB | 12/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 28/472 kB | 12/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 28/472 kB | 16/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 32/472 kB | 16/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 32/472 kB | 20/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 36/472 kB | 20/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 36/472 kB | 24/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 40/472 kB | 24/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 40/472 kB | 28/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 44/472 kB | 28/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 44/472 kB | 32/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 32/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 36/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 41/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 53/472 kB | 41/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 53/472 kB | 45/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 57/472 kB | 45/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 57/472 kB | 49/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 61/472 kB | 49/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 61/472 kB | 53/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 65/472 kB | 53/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 65/472 kB | 57/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 69/472 kB | 57/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 69/472 kB | 61/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 73/472 kB | 61/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 73/472 kB | 65/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 77/472 kB | 65/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 77/472 kB | 69/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 81/472 kB | 69/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 81/472 kB | 73/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 85/472 kB | 73/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 85/472 kB | 77/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 89/472 kB | 77/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 89/472 kB | 81/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 94/472 kB | 81/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 94/472 kB | 86/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 98/472 kB | 86/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 98/472 kB | 90/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 102/472 kB | 90/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 102/472 kB | 94/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 106/472 kB | 94/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 106/472 kB | 98/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 110/472 kB | 98/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 110/472 kB | 102/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 114/472 kB | 102/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 114/472 kB | 106/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 118/472 kB | 106/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 118/472 kB | 110/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 122/472 kB | 110/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 122/472 kB | 114/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 126/472 kB | 114/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 126/472 kB | 118/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 130/472 kB | 118/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 130/472 kB | 122/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 122/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 127/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 131/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 135/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 139/472 kB | 135/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 139/472 kB | 139/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 143/472 kB | 139/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 143/472 kB | 143/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 147/472 kB | 143/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 147/472 kB | 147/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 151/472 kB | 147/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 151/472 kB | 151/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 155/472 kB | 151/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 155/472 kB | 155/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 159/472 kB | 155/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 159/472 kB | 159/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 163/472 kB | 159/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 163/472 kB | 163/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 167/472 kB | 163/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 167/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 171/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 175/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 180/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 184/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 188/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 192/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 196/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 200/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 204/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 208/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 212/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 216/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 220/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 225/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 229/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 233/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 237/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 241/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 245/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 249/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 253/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 257/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 261/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 266/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 270/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 274/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 278/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 282/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 286/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 290/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 294/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 298/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 302/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 307/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 311/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 315/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 319/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 323/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 327/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 331/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 335/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 339/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 343/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 347/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 352/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 356/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 360/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 364/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 368/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 372/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 376/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 380/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 384/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 388/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 393/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 397/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 401/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 405/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 409/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 413/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 417/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 421/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 425/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 429/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 433/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 438/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 442/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 446/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 450/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 454/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 458/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 462/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 466/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 470/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 472 kB | 165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 4.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 9.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (1): 4.1/527 kB Progress (1): 7.7/527 kB Progress (1): 12/527 kB Progress (1): 16/527 kB Progress (1): 20/527 kB Progress (1): 24/527 kB Progress (1): 28/527 kB Progress (1): 32/527 kB Progress (1): 36/527 kB Progress (1): 40/527 kB Progress (1): 44/527 kB Progress (1): 48/527 kB Progress (1): 53/527 kB Progress (1): 57/527 kB Progress (1): 61/527 kB Progress (1): 65/527 kB Progress (1): 69/527 kB Progress (1): 73/527 kB Progress (1): 77/527 kB Progress (1): 81/527 kB Progress (1): 85/527 kB Progress (1): 89/527 kB Progress (1): 94/527 kB Progress (1): 98/527 kB Progress (1): 102/527 kB Progress (1): 106/527 kB Progress (1): 110/527 kB Progress (1): 114/527 kB Progress (1): 118/527 kB Progress (1): 122/527 kB Progress (1): 126/527 kB Progress (1): 130/527 kB Progress (1): 134/527 kB Progress (1): 139/527 kB Progress (1): 143/527 kB Progress (1): 147/527 kB Progress (1): 151/527 kB Progress (1): 155/527 kB Progress (1): 159/527 kB Progress (1): 163/527 kB Progress (1): 167/527 kB Progress (1): 171/527 kB Progress (1): 175/527 kB Progress (1): 180/527 kB Progress (1): 184/527 kB Progress (1): 188/527 kB Progress (1): 192/527 kB Progress (1): 196/527 kB Progress (1): 200/527 kB Progress (1): 204/527 kB Progress (1): 208/527 kB Progress (1): 212/527 kB Progress (1): 216/527 kB Progress (1): 220/527 kB Progress (1): 225/527 kB Progress (1): 229/527 kB Progress (1): 233/527 kB Progress (1): 237/527 kB Progress (1): 241/527 kB Progress (1): 245/527 kB Progress (1): 249/527 kB Progress (1): 253/527 kB Progress (1): 257/527 kB Progress (1): 261/527 kB Progress (1): 266/527 kB Progress (1): 270/527 kB Progress (1): 274/527 kB Progress (1): 278/527 kB Progress (1): 282/527 kB Progress (1): 286/527 kB Progress (1): 290/527 kB Progress (1): 294/527 kB Progress (1): 298/527 kB Progress (1): 302/527 kB Progress (1): 307/527 kB Progress (1): 311/527 kB Progress (1): 315/527 kB Progress (1): 319/527 kB Progress (1): 323/527 kB Progress (1): 327/527 kB Progress (1): 331/527 kB Progress (1): 335/527 kB Progress (1): 339/527 kB Progress (1): 343/527 kB Progress (1): 347/527 kB Progress (1): 352/527 kB Progress (1): 356/527 kB Progress (1): 360/527 kB Progress (1): 364/527 kB Progress (1): 368/527 kB Progress (1): 372/527 kB Progress (1): 376/527 kB Progress (1): 380/527 kB Progress (1): 384/527 kB Progress (1): 388/527 kB Progress (1): 393/527 kB Progress (1): 397/527 kB Progress (1): 401/527 kB Progress (1): 405/527 kB Progress (1): 409/527 kB Progress (1): 413/527 kB Progress (1): 417/527 kB Progress (1): 421/527 kB Progress (1): 425/527 kB Progress (1): 429/527 kB Progress (1): 433/527 kB Progress (1): 438/527 kB Progress (1): 442/527 kB Progress (1): 446/527 kB Progress (1): 450/527 kB Progress (1): 454/527 kB Progress (1): 458/527 kB Progress (1): 462/527 kB Progress (1): 466/527 kB Progress (1): 470/527 kB Progress (1): 474/527 kB Progress (1): 479/527 kB Progress (1): 483/527 kB Progress (1): 487/527 kB Progress (1): 491/527 kB Progress (1): 495/527 kB Progress (1): 499/527 kB Progress (1): 503/527 kB Progress (1): 507/527 kB Progress (1): 511/527 kB Progress (1): 515/527 kB Progress (1): 519/527 kB Progress (1): 524/527 kB Progress (1): 527 kB Progress (2): 527 kB | 4.1/38 kB Progress (2): 527 kB | 7.7/38 kB Progress (2): 527 kB | 12/38 kB Progress (3): 527 kB | 12/38 kB | 4.1/47 kB Progress (3): 527 kB | 16/38 kB | 4.1/47 kB Progress (3): 527 kB | 16/38 kB | 7.7/47 kB Progress (3): 527 kB | 20/38 kB | 7.7/47 kB Progress (3): 527 kB | 20/38 kB | 12/47 kB Progress (3): 527 kB | 24/38 kB | 12/47 kB Progress (3): 527 kB | 24/38 kB | 16/47 kB Progress (3): 527 kB | 28/38 kB | 16/47 kB Progress (3): 527 kB | 32/38 kB | 16/47 kB Progress (3): 527 kB | 32/38 kB | 20/47 kB Progress (3): 527 kB | 36/38 kB | 20/47 kB Progress (3): 527 kB | 36/38 kB | 24/47 kB Progress (3): 527 kB | 38 kB | 24/47 kB Progress (3): 527 kB | 38 kB | 28/47 kB Progress (3): 527 kB | 38 kB | 32/47 kB Progress (3): 527 kB | 38 kB | 36/47 kB Progress (3): 527 kB | 38 kB | 41/47 kB Progress (3): 527 kB | 38 kB | 45/47 kB Progress (3): 527 kB | 38 kB | 47 kB Progress (4): 527 kB | 38 kB | 47 kB | 4.1/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 7.7/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 12/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 16/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 20/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 24/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 28/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 32/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 36/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 40/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 44/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 48/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 53/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 57/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 61/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 65/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 69/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 73/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 77/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 81/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 85/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 89/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 94/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 98/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 102/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 106/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 110/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 114/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 118/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 122/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 126/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 130/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 134/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 139/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 143/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 147/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 148 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 4.1/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 7.7/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 12/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 16/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 20/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 24/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 28/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 502 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 406 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (2): 148 kB | 4.1/51 kB Progress (2): 148 kB | 7.7/51 kB Progress (2): 148 kB | 12/51 kB Progress (2): 148 kB | 16/51 kB Progress (2): 148 kB | 20/51 kB Progress (2): 148 kB | 24/51 kB Progress (2): 148 kB | 28/51 kB Progress (2): 148 kB | 32/51 kB Progress (2): 148 kB | 36/51 kB Progress (2): 148 kB | 41/51 kB Progress (2): 148 kB | 45/51 kB Progress (2): 148 kB | 49/51 kB Progress (2): 148 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (2): 51 kB | 4.1/106 kB Progress (2): 51 kB | 7.7/106 kB Progress (2): 51 kB | 12/106 kB Progress (2): 51 kB | 16/106 kB Progress (2): 51 kB | 20/106 kB Progress (2): 51 kB | 24/106 kB Progress (2): 51 kB | 28/106 kB Progress (2): 51 kB | 32/106 kB Progress (2): 51 kB | 36/106 kB Progress (2): 51 kB | 40/106 kB Progress (2): 51 kB | 44/106 kB Progress (2): 51 kB | 48/106 kB Progress (2): 51 kB | 53/106 kB Progress (2): 51 kB | 57/106 kB Progress (2): 51 kB | 61/106 kB Progress (2): 51 kB | 65/106 kB Progress (2): 51 kB | 69/106 kB Progress (2): 51 kB | 73/106 kB Progress (2): 51 kB | 77/106 kB Progress (2): 51 kB | 81/106 kB Progress (2): 51 kB | 85/106 kB Progress (2): 51 kB | 89/106 kB Progress (2): 51 kB | 94/106 kB Progress (2): 51 kB | 98/106 kB Progress (2): 51 kB | 102/106 kB Progress (2): 51 kB | 106/106 kB Progress (2): 51 kB | 106 kB Progress (3): 51 kB | 106 kB | 4.1/14 kB Progress (3): 51 kB | 106 kB | 7.7/14 kB Progress (3): 51 kB | 106 kB | 12/14 kB Progress (3): 51 kB | 106 kB | 14 kB Progress (4): 51 kB | 106 kB | 14 kB | 4.1/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 8.2/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 12/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 16/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 20/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 25/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 29/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 33/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 37/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 41/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 45/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 49/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 53/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 57/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 61/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 66/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 70/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 74/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 830 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (2): 74 kB | 4.1/108 kB Progress (2): 74 kB | 7.7/108 kB Progress (2): 74 kB | 12/108 kB Progress (2): 74 kB | 16/108 kB Progress (2): 74 kB | 20/108 kB Progress (2): 74 kB | 24/108 kB Progress (2): 74 kB | 28/108 kB Progress (2): 74 kB | 32/108 kB Progress (2): 74 kB | 36/108 kB Progress (2): 74 kB | 41/108 kB Progress (2): 74 kB | 45/108 kB Progress (2): 74 kB | 49/108 kB Progress (2): 74 kB | 53/108 kB Progress (2): 74 kB | 57/108 kB Progress (2): 74 kB | 61/108 kB Progress (2): 74 kB | 65/108 kB Progress (2): 74 kB | 69/108 kB Progress (2): 74 kB | 73/108 kB Progress (2): 74 kB | 77/108 kB Progress (2): 74 kB | 81/108 kB Progress (2): 74 kB | 86/108 kB Progress (2): 74 kB | 90/108 kB Progress (2): 74 kB | 94/108 kB Progress (2): 74 kB | 98/108 kB Progress (2): 74 kB | 102/108 kB Progress (2): 74 kB | 106/108 kB Progress (2): 74 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 519 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (2): 108 kB | 4.1/61 kB Progress (2): 108 kB | 7.7/61 kB Progress (2): 108 kB | 12/61 kB Progress (2): 108 kB | 16/61 kB Progress (2): 108 kB | 20/61 kB Progress (2): 108 kB | 24/61 kB Progress (2): 108 kB | 28/61 kB Progress (2): 108 kB | 32/61 kB Progress (2): 108 kB | 36/61 kB Progress (2): 108 kB | 41/61 kB Progress (2): 108 kB | 45/61 kB Progress (2): 108 kB | 49/61 kB Progress (2): 108 kB | 53/61 kB Progress (2): 108 kB | 57/61 kB Progress (2): 108 kB | 61/61 kB Progress (2): 108 kB | 61 kB Progress (3): 108 kB | 61 kB | 4.1/46 kB Progress (3): 108 kB | 61 kB | 7.7/46 kB Progress (3): 108 kB | 61 kB | 12/46 kB Progress (3): 108 kB | 61 kB | 16/46 kB Progress (3): 108 kB | 61 kB | 20/46 kB Progress (3): 108 kB | 61 kB | 24/46 kB Progress (3): 108 kB | 61 kB | 28/46 kB Progress (3): 108 kB | 61 kB | 32/46 kB Progress (3): 108 kB | 61 kB | 36/46 kB Progress (3): 108 kB | 61 kB | 41/46 kB Progress (3): 108 kB | 61 kB | 45/46 kB Progress (3): 108 kB | 61 kB | 46 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.1/4.2 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 366 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 646 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (3): 46 kB | 4.2 kB | 4.1/29 kB Progress (3): 46 kB | 4.2 kB | 7.7/29 kB Progress (3): 46 kB | 4.2 kB | 12/29 kB Progress (3): 46 kB | 4.2 kB | 16/29 kB Progress (3): 46 kB | 4.2 kB | 20/29 kB Progress (3): 46 kB | 4.2 kB | 24/29 kB Progress (3): 46 kB | 4.2 kB | 28/29 kB Progress (3): 46 kB | 4.2 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (2): 29 kB | 4.1/52 kB Progress (2): 29 kB | 7.7/52 kB Progress (2): 29 kB | 12/52 kB Progress (2): 29 kB | 16/52 kB Progress (2): 29 kB | 20/52 kB Progress (2): 29 kB | 24/52 kB Progress (2): 29 kB | 28/52 kB Progress (2): 29 kB | 32/52 kB Progress (2): 29 kB | 36/52 kB Progress (2): 29 kB | 41/52 kB Progress (2): 29 kB | 45/52 kB Progress (2): 29 kB | 49/52 kB Progress (2): 29 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 148 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Progress (2): 52 kB | 4.1/263 kB Progress (2): 52 kB | 7.7/263 kB Progress (2): 52 kB | 12/263 kB Progress (2): 52 kB | 16/263 kB Progress (2): 52 kB | 20/263 kB Progress (2): 52 kB | 24/263 kB Progress (2): 52 kB | 28/263 kB Progress (2): 52 kB | 32/263 kB Progress (2): 52 kB | 36/263 kB Progress (2): 52 kB | 40/263 kB Progress (2): 52 kB | 44/263 kB Progress (2): 52 kB | 48/263 kB Progress (2): 52 kB | 53/263 kB Progress (2): 52 kB | 57/263 kB Progress (2): 52 kB | 61/263 kB Progress (2): 52 kB | 65/263 kB Progress (2): 52 kB | 69/263 kB Progress (2): 52 kB | 73/263 kB Progress (2): 52 kB | 77/263 kB Progress (2): 52 kB | 81/263 kB Progress (2): 52 kB | 85/263 kB Progress (2): 52 kB | 89/263 kB Progress (2): 52 kB | 94/263 kB Progress (2): 52 kB | 98/263 kB Progress (2): 52 kB | 102/263 kB Progress (2): 52 kB | 106/263 kB Progress (2): 52 kB | 110/263 kB Progress (2): 52 kB | 114/263 kB Progress (2): 52 kB | 118/263 kB Progress (2): 52 kB | 122/263 kB Progress (2): 52 kB | 126/263 kB Progress (2): 52 kB | 130/263 kB Progress (2): 52 kB | 134/263 kB Progress (3): 52 kB | 134/263 kB | 4.1/120 kB Progress (3): 52 kB | 139/263 kB | 4.1/120 kB Progress (3): 52 kB | 143/263 kB | 4.1/120 kB Progress (3): 52 kB | 143/263 kB | 7.7/120 kB Progress (3): 52 kB | 147/263 kB | 7.7/120 kB Progress (3): 52 kB | 147/263 kB | 12/120 kB Progress (3): 52 kB | 151/263 kB | 12/120 kB Progress (3): 52 kB | 151/263 kB | 16/120 kB Progress (3): 52 kB | 155/263 kB | 16/120 kB Progress (3): 52 kB | 159/263 kB | 16/120 kB Progress (3): 52 kB | 163/263 kB | 16/120 kB Progress (3): 52 kB | 163/263 kB | 20/120 kB Progress (3): 52 kB | 167/263 kB | 20/120 kB Progress (4): 52 kB | 167/263 kB | 20/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 20/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 24/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 24/120 kB | 7.7/13 kB Progress (4): 52 kB | 175/263 kB | 24/120 kB | 7.7/13 kB Progress (4): 52 kB | 175/263 kB | 24/120 kB | 12/13 kB Progress (4): 52 kB | 175/263 kB | 28/120 kB | 12/13 kB Progress (4): 52 kB | 175/263 kB | 28/120 kB | 13 kB Progress (4): 52 kB | 180/263 kB | 28/120 kB | 13 kB Progress (4): 52 kB | 180/263 kB | 32/120 kB | 13 kB Progress (4): 52 kB | 184/263 kB | 32/120 kB | 13 kB Progress (4): 52 kB | 184/263 kB | 36/120 kB | 13 kB Progress (4): 52 kB | 188/263 kB | 36/120 kB | 13 kB Progress (4): 52 kB | 188/263 kB | 41/120 kB | 13 kB Progress (4): 52 kB | 192/263 kB | 41/120 kB | 13 kB Progress (4): 52 kB | 192/263 kB | 45/120 kB | 13 kB Progress (4): 52 kB | 196/263 kB | 45/120 kB | 13 kB Progress (4): 52 kB | 196/263 kB | 49/120 kB | 13 kB Progress (4): 52 kB | 200/263 kB | 49/120 kB | 13 kB Progress (4): 52 kB | 200/263 kB | 53/120 kB | 13 kB Progress (4): 52 kB | 204/263 kB | 53/120 kB | 13 kB Progress (4): 52 kB | 204/263 kB | 57/120 kB | 13 kB Progress (4): 52 kB | 208/263 kB | 57/120 kB | 13 kB Progress (4): 52 kB | 208/263 kB | 61/120 kB | 13 kB Progress (4): 52 kB | 212/263 kB | 61/120 kB | 13 kB Progress (4): 52 kB | 212/263 kB | 65/120 kB | 13 kB Progress (4): 52 kB | 216/263 kB | 65/120 kB | 13 kB Progress (4): 52 kB | 216/263 kB | 69/120 kB | 13 kB Progress (4): 52 kB | 220/263 kB | 69/120 kB | 13 kB Progress (4): 52 kB | 220/263 kB | 73/120 kB | 13 kB Progress (4): 52 kB | 225/263 kB | 73/120 kB | 13 kB Progress (4): 52 kB | 225/263 kB | 77/120 kB | 13 kB Progress (4): 52 kB | 229/263 kB | 77/120 kB | 13 kB Progress (4): 52 kB | 229/263 kB | 81/120 kB | 13 kB Progress (4): 52 kB | 233/263 kB | 81/120 kB | 13 kB Progress (4): 52 kB | 233/263 kB | 86/120 kB | 13 kB Progress (4): 52 kB | 237/263 kB | 86/120 kB | 13 kB Progress (4): 52 kB | 237/263 kB | 90/120 kB | 13 kB Progress (4): 52 kB | 241/263 kB | 90/120 kB | 13 kB Progress (4): 52 kB | 241/263 kB | 94/120 kB | 13 kB Progress (4): 52 kB | 245/263 kB | 94/120 kB | 13 kB Progress (4): 52 kB | 245/263 kB | 98/120 kB | 13 kB Progress (4): 52 kB | 249/263 kB | 98/120 kB | 13 kB Progress (4): 52 kB | 249/263 kB | 102/120 kB | 13 kB Progress (4): 52 kB | 253/263 kB | 102/120 kB | 13 kB Progress (4): 52 kB | 253/263 kB | 106/120 kB | 13 kB Progress (4): 52 kB | 257/263 kB | 106/120 kB | 13 kB Progress (4): 52 kB | 257/263 kB | 110/120 kB | 13 kB Progress (4): 52 kB | 261/263 kB | 110/120 kB | 13 kB Progress (4): 52 kB | 261/263 kB | 114/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 114/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 118/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 120 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (4): 263 kB | 120 kB | 13 kB | 4.1/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 7.7/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 12/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 16/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 20/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 24/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 28/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 32/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 36/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 41/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 45/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 49/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 53/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 57/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 61/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 542 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/164 kB Progress (2): 61 kB | 7.7/164 kB Progress (2): 61 kB | 12/164 kB Progress (2): 61 kB | 16/164 kB Progress (2): 61 kB | 20/164 kB Progress (2): 61 kB | 24/164 kB Progress (2): 61 kB | 28/164 kB Progress (2): 61 kB | 32/164 kB Progress (2): 61 kB | 36/164 kB Progress (2): 61 kB | 40/164 kB Progress (2): 61 kB | 44/164 kB Progress (2): 61 kB | 48/164 kB Progress (2): 61 kB | 53/164 kB Progress (2): 61 kB | 57/164 kB Progress (2): 61 kB | 61/164 kB Progress (2): 61 kB | 65/164 kB Progress (2): 61 kB | 69/164 kB Progress (2): 61 kB | 73/164 kB Progress (2): 61 kB | 77/164 kB Progress (2): 61 kB | 81/164 kB Progress (2): 61 kB | 85/164 kB Progress (2): 61 kB | 89/164 kB Progress (2): 61 kB | 94/164 kB Progress (2): 61 kB | 98/164 kB Progress (2): 61 kB | 102/164 kB Progress (2): 61 kB | 106/164 kB Progress (2): 61 kB | 110/164 kB Progress (2): 61 kB | 114/164 kB Progress (2): 61 kB | 118/164 kB Progress (2): 61 kB | 122/164 kB Progress (2): 61 kB | 126/164 kB Progress (2): 61 kB | 130/164 kB Progress (2): 61 kB | 134/164 kB Progress (2): 61 kB | 139/164 kB Progress (2): 61 kB | 143/164 kB Progress (2): 61 kB | 147/164 kB Progress (2): 61 kB | 151/164 kB Progress (2): 61 kB | 155/164 kB Progress (2): 61 kB | 159/164 kB Progress (2): 61 kB | 163/164 kB Progress (2): 61 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 267 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 4.1/26 kB Progress (2): 164 kB | 8.2/26 kB Progress (2): 164 kB | 12/26 kB Progress (2): 164 kB | 16/26 kB Progress (2): 164 kB | 20/26 kB Progress (2): 164 kB | 25/26 kB Progress (2): 164 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 668 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (2): 26 kB | 4.1/335 kB Progress (2): 26 kB | 7.7/335 kB Progress (2): 26 kB | 12/335 kB Progress (2): 26 kB | 16/335 kB Progress (2): 26 kB | 20/335 kB Progress (2): 26 kB | 24/335 kB Progress (2): 26 kB | 28/335 kB Progress (2): 26 kB | 32/335 kB Progress (2): 26 kB | 36/335 kB Progress (2): 26 kB | 41/335 kB Progress (2): 26 kB | 45/335 kB Progress (2): 26 kB | 49/335 kB Progress (2): 26 kB | 53/335 kB Progress (2): 26 kB | 57/335 kB Progress (2): 26 kB | 61/335 kB Progress (2): 26 kB | 65/335 kB Progress (2): 26 kB | 69/335 kB Progress (2): 26 kB | 73/335 kB Progress (2): 26 kB | 77/335 kB Progress (2): 26 kB | 81/335 kB Progress (2): 26 kB | 86/335 kB Progress (2): 26 kB | 90/335 kB Progress (2): 26 kB | 94/335 kB Progress (2): 26 kB | 98/335 kB Progress (2): 26 kB | 102/335 kB Progress (2): 26 kB | 106/335 kB Progress (2): 26 kB | 110/335 kB Progress (3): 26 kB | 110/335 kB | 3.4/122 kB Progress (3): 26 kB | 114/335 kB | 3.4/122 kB Progress (3): 26 kB | 118/335 kB | 3.4/122 kB Progress (3): 26 kB | 118/335 kB | 7.5/122 kB Progress (3): 26 kB | 122/335 kB | 7.5/122 kB Progress (3): 26 kB | 122/335 kB | 12/122 kB Progress (3): 26 kB | 127/335 kB | 12/122 kB Progress (3): 26 kB | 127/335 kB | 16/122 kB Progress (3): 26 kB | 131/335 kB | 16/122 kB Progress (3): 26 kB | 131/335 kB | 20/122 kB Progress (3): 26 kB | 135/335 kB | 20/122 kB Progress (3): 26 kB | 135/335 kB | 24/122 kB Progress (3): 26 kB | 139/335 kB | 24/122 kB Progress (3): 26 kB | 139/335 kB | 28/122 kB Progress (3): 26 kB | 143/335 kB | 28/122 kB Progress (3): 26 kB | 143/335 kB | 32/122 kB Progress (3): 26 kB | 147/335 kB | 32/122 kB Progress (3): 26 kB | 147/335 kB | 36/122 kB Progress (3): 26 kB | 151/335 kB | 36/122 kB Progress (3): 26 kB | 151/335 kB | 40/122 kB Progress (3): 26 kB | 155/335 kB | 40/122 kB Progress (3): 26 kB | 155/335 kB | 44/122 kB Progress (3): 26 kB | 155/335 kB | 48/122 kB Progress (3): 26 kB | 155/335 kB | 53/122 kB Progress (3): 26 kB | 155/335 kB | 57/122 kB Progress (3): 26 kB | 159/335 kB | 57/122 kB Progress (3): 26 kB | 159/335 kB | 61/122 kB Progress (3): 26 kB | 163/335 kB | 61/122 kB Progress (3): 26 kB | 163/335 kB | 65/122 kB Progress (3): 26 kB | 163/335 kB | 69/122 kB Progress (4): 26 kB | 163/335 kB | 69/122 kB | 4.1/72 kB Progress (4): 26 kB | 163/335 kB | 73/122 kB | 4.1/72 kB Progress (4): 26 kB | 167/335 kB | 73/122 kB | 4.1/72 kB Progress (4): 26 kB | 167/335 kB | 73/122 kB | 7.7/72 kB Progress (4): 26 kB | 167/335 kB | 77/122 kB | 7.7/72 kB Progress (4): 26 kB | 167/335 kB | 77/122 kB | 12/72 kB Progress (4): 26 kB | 172/335 kB | 77/122 kB | 12/72 kB Progress (4): 26 kB | 172/335 kB | 77/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 81/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 85/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 85/122 kB | 20/72 kB Progress (4): 26 kB | 176/335 kB | 85/122 kB | 20/72 kB Progress (4): 26 kB | 176/335 kB | 85/122 kB | 24/72 kB Progress (4): 26 kB | 180/335 kB | 85/122 kB | 24/72 kB Progress (4): 26 kB | 180/335 kB | 85/122 kB | 28/72 kB Progress (4): 26 kB | 180/335 kB | 89/122 kB | 28/72 kB Progress (4): 26 kB | 180/335 kB | 89/122 kB | 32/72 kB Progress (4): 26 kB | 180/335 kB | 94/122 kB | 32/72 kB Progress (4): 26 kB | 184/335 kB | 94/122 kB | 32/72 kB Progress (4): 26 kB | 184/335 kB | 94/122 kB | 36/72 kB Progress (4): 26 kB | 184/335 kB | 98/122 kB | 36/72 kB Progress (4): 26 kB | 184/335 kB | 98/122 kB | 41/72 kB Progress (4): 26 kB | 188/335 kB | 98/122 kB | 41/72 kB Progress (4): 26 kB | 188/335 kB | 98/122 kB | 45/72 kB Progress (4): 26 kB | 188/335 kB | 102/122 kB | 45/72 kB Progress (4): 26 kB | 188/335 kB | 102/122 kB | 49/72 kB Progress (4): 26 kB | 192/335 kB | 102/122 kB | 49/72 kB Progress (4): 26 kB | 192/335 kB | 102/122 kB | 53/72 kB Progress (4): 26 kB | 192/335 kB | 106/122 kB | 53/72 kB Progress (4): 26 kB | 192/335 kB | 106/122 kB | 57/72 kB Progress (4): 26 kB | 196/335 kB | 106/122 kB | 57/72 kB Progress (4): 26 kB | 196/335 kB | 106/122 kB | 61/72 kB Progress (4): 26 kB | 196/335 kB | 110/122 kB | 61/72 kB Progress (4): 26 kB | 196/335 kB | 110/122 kB | 65/72 kB Progress (4): 26 kB | 196/335 kB | 114/122 kB | 65/72 kB Progress (4): 26 kB | 200/335 kB | 114/122 kB | 65/72 kB Progress (4): 26 kB | 200/335 kB | 118/122 kB | 65/72 kB Progress (4): 26 kB | 204/335 kB | 118/122 kB | 65/72 kB Progress (4): 26 kB | 204/335 kB | 122 kB | 65/72 kB Progress (4): 26 kB | 208/335 kB | 122 kB | 65/72 kB Progress (4): 26 kB | 208/335 kB | 122 kB | 69/72 kB Progress (4): 26 kB | 213/335 kB | 122 kB | 69/72 kB Progress (4): 26 kB | 213/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 217/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 221/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 225/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 229/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 233/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 237/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 241/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 245/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 249/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 254/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 258/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 262/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 266/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 270/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 274/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 278/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 282/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 286/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 290/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 294/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 299/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 303/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 307/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 311/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 315/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 319/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 323/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 327/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 331/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 335 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 456 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 72 kB | 4.1/53 kB Progress (2): 72 kB | 7.7/53 kB Progress (2): 72 kB | 12/53 kB Progress (2): 72 kB | 16/53 kB Progress (2): 72 kB | 20/53 kB Progress (2): 72 kB | 24/53 kB Progress (2): 72 kB | 28/53 kB Progress (2): 72 kB | 32/53 kB Progress (2): 72 kB | 36/53 kB Progress (2): 72 kB | 41/53 kB Progress (2): 72 kB | 45/53 kB Progress (2): 72 kB | 49/53 kB Progress (2): 72 kB | 53 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (2): 53 kB | 4.1/33 kB Progress (2): 53 kB | 7.7/33 kB Progress (2): 53 kB | 12/33 kB Progress (2): 53 kB | 16/33 kB Progress (2): 53 kB | 20/33 kB Progress (2): 53 kB | 24/33 kB Progress (2): 53 kB | 28/33 kB Progress (2): 53 kB | 32/33 kB Progress (2): 53 kB | 33 kB Progress (3): 53 kB | 33 kB | 4.1/37 kB Progress (3): 53 kB | 33 kB | 7.7/37 kB Progress (3): 53 kB | 33 kB | 12/37 kB Progress (3): 53 kB | 33 kB | 16/37 kB Progress (3): 53 kB | 33 kB | 20/37 kB Progress (3): 53 kB | 33 kB | 24/37 kB Progress (3): 53 kB | 33 kB | 28/37 kB Progress (3): 53 kB | 33 kB | 32/37 kB Progress (3): 53 kB | 33 kB | 36/37 kB Progress (3): 53 kB | 33 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (3): 33 kB | 37 kB | 4.1/134 kB Progress (3): 33 kB | 37 kB | 7.7/134 kB Progress (3): 33 kB | 37 kB | 12/134 kB Progress (3): 33 kB | 37 kB | 16/134 kB Progress (3): 33 kB | 37 kB | 20/134 kB Progress (3): 33 kB | 37 kB | 24/134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 109 kB/s) Progress (2): 37 kB | 28/134 kB Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (2): 37 kB | 32/134 kB Progress (2): 37 kB | 36/134 kB Progress (2): 37 kB | 41/134 kB Progress (2): 37 kB | 45/134 kB Progress (2): 37 kB | 49/134 kB Progress (2): 37 kB | 53/134 kB Progress (2): 37 kB | 57/134 kB Progress (2): 37 kB | 61/134 kB Progress (2): 37 kB | 65/134 kB Progress (2): 37 kB | 69/134 kB Progress (2): 37 kB | 73/134 kB Progress (2): 37 kB | 77/134 kB Progress (2): 37 kB | 81/134 kB Progress (2): 37 kB | 86/134 kB Progress (2): 37 kB | 90/134 kB Progress (2): 37 kB | 94/134 kB Progress (2): 37 kB | 98/134 kB Progress (2): 37 kB | 102/134 kB Progress (2): 37 kB | 106/134 kB Progress (2): 37 kB | 110/134 kB Progress (2): 37 kB | 114/134 kB Progress (2): 37 kB | 118/134 kB Progress (2): 37 kB | 122/134 kB Progress (2): 37 kB | 127/134 kB Progress (2): 37 kB | 131/134 kB Progress (2): 37 kB | 134 kB Progress (3): 37 kB | 134 kB | 4.1/305 kB Progress (3): 37 kB | 134 kB | 7.7/305 kB Progress (3): 37 kB | 134 kB | 12/305 kB Progress (3): 37 kB | 134 kB | 16/305 kB Progress (3): 37 kB | 134 kB | 20/305 kB Progress (3): 37 kB | 134 kB | 24/305 kB Progress (3): 37 kB | 134 kB | 28/305 kB Progress (3): 37 kB | 134 kB | 32/305 kB Progress (3): 37 kB | 134 kB | 36/305 kB Progress (3): 37 kB | 134 kB | 41/305 kB Progress (3): 37 kB | 134 kB | 45/305 kB Progress (3): 37 kB | 134 kB | 49/305 kB Progress (3): 37 kB | 134 kB | 53/305 kB Progress (3): 37 kB | 134 kB | 57/305 kB Progress (3): 37 kB | 134 kB | 61/305 kB Progress (3): 37 kB | 134 kB | 65/305 kB Progress (3): 37 kB | 134 kB | 69/305 kB Progress (3): 37 kB | 134 kB | 73/305 kB Progress (3): 37 kB | 134 kB | 77/305 kB Progress (3): 37 kB | 134 kB | 81/305 kB Progress (3): 37 kB | 134 kB | 86/305 kB Progress (3): 37 kB | 134 kB | 90/305 kB Progress (3): 37 kB | 134 kB | 94/305 kB Progress (3): 37 kB | 134 kB | 98/305 kB Progress (3): 37 kB | 134 kB | 102/305 kB Progress (3): 37 kB | 134 kB | 106/305 kB Progress (3): 37 kB | 134 kB | 110/305 kB Progress (3): 37 kB | 134 kB | 114/305 kB Progress (3): 37 kB | 134 kB | 118/305 kB Progress (3): 37 kB | 134 kB | 122/305 kB Progress (3): 37 kB | 134 kB | 127/305 kB Progress (3): 37 kB | 134 kB | 131/305 kB Progress (3): 37 kB | 134 kB | 135/305 kB Progress (3): 37 kB | 134 kB | 139/305 kB Progress (3): 37 kB | 134 kB | 143/305 kB Progress (3): 37 kB | 134 kB | 147/305 kB Progress (3): 37 kB | 134 kB | 151/305 kB Progress (3): 37 kB | 134 kB | 155/305 kB Progress (3): 37 kB | 134 kB | 159/305 kB Progress (3): 37 kB | 134 kB | 163/305 kB Progress (3): 37 kB | 134 kB | 167/305 kB Progress (3): 37 kB | 134 kB | 172/305 kB Progress (3): 37 kB | 134 kB | 176/305 kB Progress (3): 37 kB | 134 kB | 180/305 kB Progress (3): 37 kB | 134 kB | 184/305 kB Progress (3): 37 kB | 134 kB | 188/305 kB Progress (3): 37 kB | 134 kB | 192/305 kB Progress (3): 37 kB | 134 kB | 196/305 kB Progress (3): 37 kB | 134 kB | 200/305 kB Progress (3): 37 kB | 134 kB | 204/305 kB Progress (3): 37 kB | 134 kB | 208/305 kB Progress (3): 37 kB | 134 kB | 213/305 kB Progress (3): 37 kB | 134 kB | 217/305 kB Progress (3): 37 kB | 134 kB | 221/305 kB Progress (3): 37 kB | 134 kB | 225/305 kB Progress (3): 37 kB | 134 kB | 229/305 kB Progress (3): 37 kB | 134 kB | 233/305 kB Progress (3): 37 kB | 134 kB | 237/305 kB Progress (3): 37 kB | 134 kB | 241/305 kB Progress (3): 37 kB | 134 kB | 245/305 kB Progress (3): 37 kB | 134 kB | 249/305 kB Progress (3): 37 kB | 134 kB | 254/305 kB Progress (3): 37 kB | 134 kB | 258/305 kB Progress (3): 37 kB | 134 kB | 262/305 kB Progress (3): 37 kB | 134 kB | 266/305 kB Progress (3): 37 kB | 134 kB | 270/305 kB Progress (3): 37 kB | 134 kB | 274/305 kB Progress (3): 37 kB | 134 kB | 278/305 kB Progress (3): 37 kB | 134 kB | 282/305 kB Progress (3): 37 kB | 134 kB | 286/305 kB Progress (3): 37 kB | 134 kB | 290/305 kB Progress (3): 37 kB | 134 kB | 294/305 kB Progress (3): 37 kB | 134 kB | 299/305 kB Progress (3): 37 kB | 134 kB | 303/305 kB Progress (3): 37 kB | 134 kB | 305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Progress (3): 134 kB | 305 kB | 4.1/215 kB Progress (3): 134 kB | 305 kB | 7.7/215 kB Progress (3): 134 kB | 305 kB | 12/215 kB Progress (3): 134 kB | 305 kB | 16/215 kB Progress (3): 134 kB | 305 kB | 20/215 kB Progress (3): 134 kB | 305 kB | 24/215 kB Progress (3): 134 kB | 305 kB | 28/215 kB Progress (3): 134 kB | 305 kB | 32/215 kB Progress (3): 134 kB | 305 kB | 36/215 kB Progress (3): 134 kB | 305 kB | 40/215 kB Progress (3): 134 kB | 305 kB | 44/215 kB Progress (3): 134 kB | 305 kB | 48/215 kB Progress (3): 134 kB | 305 kB | 53/215 kB Progress (3): 134 kB | 305 kB | 57/215 kB Progress (3): 134 kB | 305 kB | 61/215 kB Progress (3): 134 kB | 305 kB | 65/215 kB Progress (3): 134 kB | 305 kB | 69/215 kB Progress (3): 134 kB | 305 kB | 73/215 kB Progress (3): 134 kB | 305 kB | 77/215 kB Progress (3): 134 kB | 305 kB | 81/215 kB Progress (3): 134 kB | 305 kB | 85/215 kB Progress (3): 134 kB | 305 kB | 89/215 kB Progress (3): 134 kB | 305 kB | 94/215 kB Progress (3): 134 kB | 305 kB | 98/215 kB Progress (3): 134 kB | 305 kB | 102/215 kB Progress (3): 134 kB | 305 kB | 106/215 kB Progress (3): 134 kB | 305 kB | 110/215 kB Progress (3): 134 kB | 305 kB | 114/215 kB Progress (3): 134 kB | 305 kB | 118/215 kB Progress (3): 134 kB | 305 kB | 122/215 kB Progress (3): 134 kB | 305 kB | 126/215 kB Progress (3): 134 kB | 305 kB | 130/215 kB Progress (3): 134 kB | 305 kB | 134/215 kB Progress (3): 134 kB | 305 kB | 139/215 kB Progress (3): 134 kB | 305 kB | 143/215 kB Progress (3): 134 kB | 305 kB | 147/215 kB Progress (3): 134 kB | 305 kB | 151/215 kB Progress (3): 134 kB | 305 kB | 155/215 kB Progress (3): 134 kB | 305 kB | 159/215 kB Progress (3): 134 kB | 305 kB | 163/215 kB Progress (3): 134 kB | 305 kB | 167/215 kB Progress (3): 134 kB | 305 kB | 171/215 kB Progress (3): 134 kB | 305 kB | 175/215 kB Progress (3): 134 kB | 305 kB | 180/215 kB Progress (3): 134 kB | 305 kB | 184/215 kB Progress (3): 134 kB | 305 kB | 188/215 kB Progress (3): 134 kB | 305 kB | 192/215 kB Progress (3): 134 kB | 305 kB | 196/215 kB Progress (3): 134 kB | 305 kB | 200/215 kB Progress (3): 134 kB | 305 kB | 204/215 kB Progress (3): 134 kB | 305 kB | 208/215 kB Progress (3): 134 kB | 305 kB | 212/215 kB Progress (3): 134 kB | 305 kB | 215 kB Progress (4): 134 kB | 305 kB | 215 kB | 4.1/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 7.7/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 12/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 16/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 20/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 24/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 28/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 32/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 36/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 41/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 45/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 49/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 53/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 57/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 61/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 65/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 69/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 73/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 77/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 81/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 86/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 90/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 94/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 98/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 102/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 106/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 110/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 114/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 118/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 122/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 127/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 131/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 135/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 139/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 143/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 147/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 151/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 155/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 159/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 163/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 167/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 172/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 176/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 180/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 180 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 401 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (4): 305 kB | 215 kB | 180 kB | 4.1/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 7.7/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 12/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 16/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 20/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 24/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 28/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 32/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 36/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 41/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 45/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 49/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 53/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 57/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 61/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 65/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 69/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 73/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 77/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 81/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 884 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 510 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 600 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 236 kB/s) Progress (1): 0.2/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (1): 0.2/2.6 MB Progress (1): 0.2/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.6/2.6 MB Progress (2): 2.6/2.6 MB | 4.1/4.6 kB Progress (2): 2.6/2.6 MB | 4.1/4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6 MB | 4.6 kB Progress (3): 2.6 MB | 4.6 kB | 2.2 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 4.1/5.9 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 5.9 kB Progress (5): 2.6 MB | 4.6 kB | 2.2 kB | 5.9 kB | 4.1/20 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.6 MB/s) Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 7.7/20 kB Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 12/20 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 16/20 kB Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.5 kB/s) Progress (2): 20 kB | 4.1/14 kB Progress (2): 20 kB | 7.7/14 kB Progress (2): 20 kB | 12/14 kB Progress (2): 20 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 47 kB/s) Progress (2): 14 kB | 4.1/500 kB Progress (2): 14 kB | 7.7/500 kB Progress (2): 14 kB | 12/500 kB Progress (2): 14 kB | 16/500 kB Progress (2): 14 kB | 20/500 kB Progress (2): 14 kB | 24/500 kB Progress (2): 14 kB | 28/500 kB Progress (2): 14 kB | 32/500 kB Progress (3): 14 kB | 32/500 kB | 4.1/8.8 kB Progress (3): 14 kB | 36/500 kB | 4.1/8.8 kB Progress (3): 14 kB | 36/500 kB | 7.7/8.8 kB Progress (3): 14 kB | 41/500 kB | 7.7/8.8 kB Progress (3): 14 kB | 41/500 kB | 8.8 kB Progress (3): 14 kB | 45/500 kB | 8.8 kB Progress (3): 14 kB | 49/500 kB | 8.8 kB Progress (3): 14 kB | 53/500 kB | 8.8 kB Progress (3): 14 kB | 57/500 kB | 8.8 kB Progress (3): 14 kB | 61/500 kB | 8.8 kB Progress (3): 14 kB | 65/500 kB | 8.8 kB Progress (3): 14 kB | 69/500 kB | 8.8 kB Progress (3): 14 kB | 73/500 kB | 8.8 kB Progress (3): 14 kB | 77/500 kB | 8.8 kB Progress (3): 14 kB | 81/500 kB | 8.8 kB Progress (3): 14 kB | 86/500 kB | 8.8 kB Progress (3): 14 kB | 90/500 kB | 8.8 kB Progress (3): 14 kB | 94/500 kB | 8.8 kB Progress (3): 14 kB | 98/500 kB | 8.8 kB Progress (3): 14 kB | 102/500 kB | 8.8 kB Progress (3): 14 kB | 106/500 kB | 8.8 kB Progress (3): 14 kB | 110/500 kB | 8.8 kB Progress (3): 14 kB | 114/500 kB | 8.8 kB Progress (3): 14 kB | 118/500 kB | 8.8 kB Progress (3): 14 kB | 122/500 kB | 8.8 kB Progress (3): 14 kB | 127/500 kB | 8.8 kB Progress (3): 14 kB | 131/500 kB | 8.8 kB Progress (3): 14 kB | 135/500 kB | 8.8 kB Progress (3): 14 kB | 139/500 kB | 8.8 kB Progress (3): 14 kB | 143/500 kB | 8.8 kB Progress (3): 14 kB | 147/500 kB | 8.8 kB Progress (3): 14 kB | 151/500 kB | 8.8 kB Progress (3): 14 kB | 155/500 kB | 8.8 kB Progress (3): 14 kB | 159/500 kB | 8.8 kB Progress (3): 14 kB | 163/500 kB | 8.8 kB Progress (3): 14 kB | 167/500 kB | 8.8 kB Progress (3): 14 kB | 172/500 kB | 8.8 kB Progress (3): 14 kB | 176/500 kB | 8.8 kB Progress (3): 14 kB | 180/500 kB | 8.8 kB Progress (3): 14 kB | 184/500 kB | 8.8 kB Progress (3): 14 kB | 188/500 kB | 8.8 kB Progress (3): 14 kB | 192/500 kB | 8.8 kB Progress (3): 14 kB | 196/500 kB | 8.8 kB Progress (3): 14 kB | 200/500 kB | 8.8 kB Progress (3): 14 kB | 204/500 kB | 8.8 kB Progress (3): 14 kB | 208/500 kB | 8.8 kB Progress (3): 14 kB | 213/500 kB | 8.8 kB Progress (3): 14 kB | 217/500 kB | 8.8 kB Progress (3): 14 kB | 221/500 kB | 8.8 kB Progress (3): 14 kB | 225/500 kB | 8.8 kB Progress (3): 14 kB | 229/500 kB | 8.8 kB Progress (3): 14 kB | 233/500 kB | 8.8 kB Progress (3): 14 kB | 237/500 kB | 8.8 kB Progress (3): 14 kB | 241/500 kB | 8.8 kB Progress (3): 14 kB | 245/500 kB | 8.8 kB Progress (3): 14 kB | 249/500 kB | 8.8 kB Progress (3): 14 kB | 254/500 kB | 8.8 kB Progress (3): 14 kB | 258/500 kB | 8.8 kB Progress (3): 14 kB | 262/500 kB | 8.8 kB Progress (3): 14 kB | 266/500 kB | 8.8 kB Progress (3): 14 kB | 270/500 kB | 8.8 kB Progress (3): 14 kB | 274/500 kB | 8.8 kB Progress (3): 14 kB | 278/500 kB | 8.8 kB Progress (3): 14 kB | 282/500 kB | 8.8 kB Progress (3): 14 kB | 286/500 kB | 8.8 kB Progress (3): 14 kB | 290/500 kB | 8.8 kB Progress (3): 14 kB | 294/500 kB | 8.8 kB Progress (3): 14 kB | 299/500 kB | 8.8 kB Progress (3): 14 kB | 303/500 kB | 8.8 kB Progress (3): 14 kB | 307/500 kB | 8.8 kB Progress (3): 14 kB | 311/500 kB | 8.8 kB Progress (3): 14 kB | 315/500 kB | 8.8 kB Progress (3): 14 kB | 319/500 kB | 8.8 kB Progress (3): 14 kB | 323/500 kB | 8.8 kB Progress (3): 14 kB | 327/500 kB | 8.8 kB Progress (3): 14 kB | 331/500 kB | 8.8 kB Progress (3): 14 kB | 335/500 kB | 8.8 kB Progress (3): 14 kB | 340/500 kB | 8.8 kB Progress (3): 14 kB | 344/500 kB | 8.8 kB Progress (3): 14 kB | 348/500 kB | 8.8 kB Progress (3): 14 kB | 352/500 kB | 8.8 kB Progress (3): 14 kB | 356/500 kB | 8.8 kB Progress (3): 14 kB | 360/500 kB | 8.8 kB Progress (3): 14 kB | 364/500 kB | 8.8 kB Progress (3): 14 kB | 368/500 kB | 8.8 kB Progress (3): 14 kB | 372/500 kB | 8.8 kB Progress (3): 14 kB | 376/500 kB | 8.8 kB Progress (3): 14 kB | 380/500 kB | 8.8 kB Progress (3): 14 kB | 385/500 kB | 8.8 kB Progress (3): 14 kB | 389/500 kB | 8.8 kB Progress (3): 14 kB | 393/500 kB | 8.8 kB Progress (3): 14 kB | 397/500 kB | 8.8 kB Progress (3): 14 kB | 401/500 kB | 8.8 kB Progress (3): 14 kB | 405/500 kB | 8.8 kB Progress (3): 14 kB | 409/500 kB | 8.8 kB Progress (3): 14 kB | 413/500 kB | 8.8 kB Progress (3): 14 kB | 417/500 kB | 8.8 kB Progress (3): 14 kB | 421/500 kB | 8.8 kB Progress (3): 14 kB | 426/500 kB | 8.8 kB Progress (3): 14 kB | 430/500 kB | 8.8 kB Progress (3): 14 kB | 434/500 kB | 8.8 kB Progress (3): 14 kB | 438/500 kB | 8.8 kB Progress (3): 14 kB | 442/500 kB | 8.8 kB Progress (3): 14 kB | 446/500 kB | 8.8 kB Progress (3): 14 kB | 450/500 kB | 8.8 kB Progress (3): 14 kB | 454/500 kB | 8.8 kB Progress (3): 14 kB | 458/500 kB | 8.8 kB Progress (3): 14 kB | 462/500 kB | 8.8 kB Progress (3): 14 kB | 466/500 kB | 8.8 kB Progress (3): 14 kB | 471/500 kB | 8.8 kB Progress (3): 14 kB | 475/500 kB | 8.8 kB Progress (3): 14 kB | 479/500 kB | 8.8 kB Progress (3): 14 kB | 483/500 kB | 8.8 kB Progress (3): 14 kB | 487/500 kB | 8.8 kB Progress (3): 14 kB | 491/500 kB | 8.8 kB Progress (3): 14 kB | 495/500 kB | 8.8 kB Progress (3): 14 kB | 499/500 kB | 8.8 kB Progress (3): 14 kB | 500 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 31 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 17.044 s [INFO] Finished at: 2026-02-10T22:26:33Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" "org.opencontainers.image.revision"="e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:26:01Z" "org.opencontainers.image.created"="2026-02-10T22:26:01Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --> 4a04d4e24954 Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c [2026-02-10T22:26:34,126121967+00:00] Unsetting proxy [2026-02-10T22:26:34,127332838+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination [2026-02-10T22:26:36,097811874+00:00] End build pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-push: [2026-02-10T22:26:36,601365120+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:26:39,851392476+00:00] Convert image [2026-02-10T22:26:39,852430922+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-wvxrt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-wvxrt-build-container Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination [2026-02-10T22:26:46,604155827+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9dquay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 [2026-02-10T22:26:47,464023240+00:00] End push pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:26:47,718167696+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:26:56,153584392+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-prepare-sboms: [2026-02-10T22:26:56,883575195+00:00] Prepare SBOM [2026-02-10T22:26:56,887253701+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:27:08,329 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:27:09,628 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:27:13,111 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:27:13,111 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:27:13,112 [INFO] mobster.log: Contextual workflow completed in 3.68s 2026-02-10 22:27:13,325 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:27:14,227505671+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-upload-sbom: [2026-02-10T22:27:14,972454997+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:35167d1ec6dc689459086f2f31a1f964a05e73b5a82b5dcddc967a5d3c9c42d1 [2026-02-10T22:27:25,522474598+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | init container: prepare 2026/02/10 22:27:27 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | init container: place-scripts 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-0-frlqv 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-1-mjm8g 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-2-tdnqq pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-build: [2026-02-10T22:27:32,568458181+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 573053168e5505db4b414a0ead0415f903504d6398d112f9028d986f4ca882ce Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:27:34,741661028+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-0-wxdtz 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-m2ptb 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-9bv9s 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-3-xfzzx pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:27:46Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:27:46Z INF libvuln initialized component=libvuln/New 2026-02-10T22:27:46Z INF registered configured scanners component=libindex/New 2026-02-10T22:27:46Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:27:46Z INF index request start component=libindex/Libindex.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d 2026-02-10T22:27:46Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d 2026-02-10T22:27:46Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=CheckManifest 2026-02-10T22:27:46Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=ScanLayers 2026-02-10T22:27:49Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:27:49Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:27:50Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=ScanLayers 2026-02-10T22:27:50Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexManifest 2026-02-10T22:27:50Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexFinished 2026-02-10T22:27:50Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexFinished 2026-02-10T22:27:50Z INF index request done component=libindex/Libindex.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d { "manifest_hash": "sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9": { "id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "56ecf42d-cc44-4802-b194-644020d77c34": { "id": "56ecf42d-cc44-4802-b194-644020d77c34", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "684d4c10-a98d-4044-8590-e7b1adf5ab5a": { "id": "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "6dd856e4-b21f-4c79-990b-11a5c90c7833": { "id": "6dd856e4-b21f-4c79-990b-11a5c90c7833", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "b0970976-e9ca-4758-a4ed-28a5df5d7c3e": { "id": "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "d038f06a-bb91-4a15-83db-e348839f87be": { "id": "d038f06a-bb91-4a15-83db-e348839f87be", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "e2d30922-aa3c-4536-8a17-bf815a76ead2": { "id": "e2d30922-aa3c-4536-8a17-bf815a76ead2", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "b0970976-e9ca-4758-a4ed-28a5df5d7c3e" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "b0970976-e9ca-4758-a4ed-28a5df5d7c3e" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), file-libs-5.33-27.el8_10 (CVE-2019-8905), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), expat-2.5.0-1.el8_10 (CVE-2024-28757), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), tar-2:1.30-11.el8_10 (CVE-2025-45582), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libzstd-1.4.4-1.el8 (CVE-2022-4899), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), gawk-4.2.1-4.el8 (CVE-2023-4156), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), file-libs-5.33-27.el8_10 (CVE-2019-8906), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libzstd-1.4.4-1.el8 (CVE-2021-24032), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), pcre2-10.32-3.el8_6 (CVE-2022-41409), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "digests": ["sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:28:05+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | init container: place-scripts 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-0-tm4n8 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-1-57fvp pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 18.250 sec (0 m 18 s) Start Date: 2026:02:10 22:27:55 End Date: 2026:02:10 22:28:13 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "digests": ["sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d"]}} pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 4a7a758d91a7 clamscan-ec-test-amd64.json Uploading af950738c01d clamscan-result-amd64.log Uploaded af950738c01d clamscan-result-amd64.log Uploaded 4a7a758d91a7 clamscan-ec-test-amd64.json Uploading b383f3437e01 application/vnd.oci.image.manifest.v1+json Uploaded b383f3437e01 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:b383f3437e01c6beab68a8518834005e0e61a57ff635470af3d8786188c119a2 pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | init container: prepare 2026/02/10 22:25:37 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | init container: place-scripts 2026/02/10 22:25:38 Decoded script /tekton/scripts/script-0-xzrdp 2026/02/10 22:25:38 Decoded script /tekton/scripts/script-1-kvhcv pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770762342.2574856,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762342.4401124,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770762342.440163,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762342.4639735,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 directly. pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.dzvm6W/auth-okbCKs.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637.git SOURCE_ARTIFACT Uploading e29222012231 SOURCE_ARTIFACT Uploaded e29222012231 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:39626e614b4eb60339cb6d3b2e3f4019abdd200918498b145e0ec80b0c1bc303 Artifacts created pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | init container: prepare 2026/02/10 22:25:29 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | init container: place-scripts 2026/02/10 22:25:30 Decoded script /tekton/scripts/script-0-869mq pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-kttxs pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.TFexH6/auth-Jjw8S4.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | container step-push: [2026-02-10T22:27:43,826027760+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.5YnCL8SPdv --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-f29ht 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-js7qk pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.4hZesI/auth-ez8dIr.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-129.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:27:44+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading c7b1bdd4ee1c application/vnd.oci.image.manifest.v1+json Uploaded c7b1bdd4ee1c application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:c7b1bdd4ee1cc8f2a4174f967f7b42b217d3f8b52e1a7f209d4b91328ead9929 No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-jphtj 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-rzwbx pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.IrYrhJ/auth-DDPhlK.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-ffmbt 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-7g6nq pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.rXZiJH/auth-R3Y6S5.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:27:44+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 87fa7513c1ac application/vnd.oci.image.manifest.v1+json Uploaded 87fa7513c1ac application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:87fa7513c1acb8951910f4b0d0c0248ba7056a7b7698fcf181bf451a305d040d No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | init container: prepare 2026/02/10 22:25:46 Entrypoint initialization pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | init container: place-scripts 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-0-l6kkp 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-2-ctgsw 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-3-f6cpx pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-skip-ta: pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | init container: place-scripts 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-0-m2j7z 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-1-wrjhf 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-2-26l5z 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-3-x9gjz 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-4-7w75n 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-5-nvbfz pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-set-skip-for-bundles: 2026/02/10 22:27:43 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-app-check: time="2026-02-10T22:27:43Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:27:43Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 for platform amd64" time="2026-02-10T22:27:43Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:27:51Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:27:51Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:28:00Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:28:00Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:28:00Z" level=info msg="This image's tag e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 will be paired with digest sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 35, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8470, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 185, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:28:00Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770762481","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770762481","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} [FAILED] in [It] - /tmp/tmp.EaIZ2fdreL/tests/konflux-demo/konflux-demo.go:282 @ 02/10/26 22:28:25.147 << Timeline [FAILED] Expected success, but got an error: <*errors.errorString | 0xc002945e10>: pod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | container step-apply-additional-tags: time="2026-02-10T22:27:40Z" level=info msg="[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" time="2026-02-10T22:27:40Z" level=info msg="[param] Image digest: sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d" time="2026-02-10T22:27:40Z" level=info msg="[param] image label: konflux.additional-tags" time="2026-02-10T22:27:41Z" level=warning msg="No tags given in 'konflux.additional-tags' image label" {"tags":[]} pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: prepare 2026/02/10 22:25:53 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: place-scripts 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-1-j9qbd 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-2-94hmj 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-3-p8tql 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-4-vkd4v 2026/02/10 22:25:54 Decoded script /tekton/scripts/script-5-vh2x5 pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.nFhA08/auth-lpIkpa.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-build: [2026-02-10T22:25:59,442179789+00:00] Validate context path [2026-02-10T22:25:59,445530460+00:00] Update CA trust [2026-02-10T22:25:59,446584915+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:26:01,395002767+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2026-02-10T22:26:01,400706034+00:00] Prepare system (architecture: x86_64) [2026-02-10T22:26:01,506209053+00:00] Setup prefetched Trying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61 Writing manifest to image destination Storing signatures [2026-02-10T22:26:10,113420562+00:00] Unsetting proxy { "architecture": "x86_64", "build-date": "2026-02-10T22:26:01Z", "com.redhat.component": "openjdk-17-runtime-ubi8-container", "com.redhat.license_terms": "https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI", "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream", "description": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "distribution-scope": "public", "io.buildah.version": "1.42.2", "io.cekit.version": "4.13.0.dev0", "io.k8s.description": "Platform for running plain Java applications (fat-jar and flat classpath)", "io.k8s.display-name": "Java Applications", "io.openshift.expose-services": "", "io.openshift.tags": "java", "maintainer": "Red Hat OpenJDK ", "name": "ubi8/openjdk-17-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "17", "org.jboss.product.version": "17", "org.opencontainers.image.created": "2026-02-10T22:26:01Z", "org.opencontainers.image.documentation": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "org.opencontainers.image.revision": "e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "release": "4.1770204586", "summary": "Image for Red Hat OpenShift providing OpenJDK 17 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-17-runtime/images/1.23-4.1770204586", "usage": "https://rh-openjdk.github.io/redhat-openjdk-containers/", "vcs-ref": "e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.23", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" } [2026-02-10T22:26:10,165913857+00:00] Register sub-man Adding the entitlement to the build [2026-02-10T22:26:10,169084262+00:00] Add secrets [2026-02-10T22:26:10,176187295+00:00] Run buildah build [2026-02-10T22:26:10,177229563+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --label org.opencontainers.image.revision=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --label build-date=2026-02-10T22:26:01Z --label org.opencontainers.image.created=2026-02-10T22:26:01Z --annotation org.opencontainers.image.revision=e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo --annotation org.opencontainers.image.created=2026-02-10T22:26:01Z --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.UHYqaW -t quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 . [1/2] STEP 1/5: FROM registry.access.redhat.com/ubi8/openjdk-17:1.23 AS builder Trying to pull registry.access.redhat.com/ubi8/openjdk-17:1.23... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f Copying blob sha256:98f0daa60f004c9849d790eb5a75abe2210a47aec5664afd736a3f150f30e082 Copying config sha256:ea344e6c7c9b5b09d9000102158060eda2286ed1b8a3e26cb5ab5a310e8b4619 Writing manifest to image destination Storing signatures [1/2] STEP 2/5: WORKDIR /work [1/2] STEP 3/5: COPY . . [1/2] STEP 4/5: USER 0 [1/2] STEP 5/5: RUN mvn clean package -DskipTests -DskipDocsGen [INFO] Scanning for projects... [INFO] [INFO] ------------------< org.example:simple-java-project >------------------- [INFO] Building simple-java-project 1.0-SNAPSHOT [INFO] --------------------------------[ jar ]--------------------------------- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.pom (11 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/34/maven-plugins-34.pom (11 kB at 206 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/34/maven-parent-34.pom (43 kB at 911 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 18 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/23/apache-23.pom (18 kB at 376 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar Progress (1): 2.3/134 kB Progress (1): 5.0/134 kB Progress (1): 7.8/134 kB Progress (1): 11/134 kB Progress (1): 13/134 kB Progress (1): 16/134 kB Progress (1): 19/134 kB Progress (1): 21/134 kB Progress (1): 24/134 kB Progress (1): 28/134 kB Progress (1): 32/134 kB Progress (1): 36/134 kB Progress (1): 41/134 kB Progress (1): 45/134 kB Progress (1): 49/134 kB Progress (1): 53/134 kB Progress (1): 57/134 kB Progress (1): 61/134 kB Progress (1): 65/134 kB Progress (1): 69/134 kB Progress (1): 73/134 kB Progress (1): 77/134 kB Progress (1): 82/134 kB Progress (1): 86/134 kB Progress (1): 90/134 kB Progress (1): 92/134 kB Progress (1): 96/134 kB Progress (1): 100/134 kB Progress (1): 104/134 kB Progress (1): 108/134 kB Progress (1): 112/134 kB Progress (1): 116/134 kB Progress (1): 121/134 kB Progress (1): 125/134 kB Progress (1): 129/134 kB Progress (1): 133/134 kB Progress (1): 134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-shade-plugin/3.2.4/maven-shade-plugin-3.2.4.jar (134 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.pom (3.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/22/maven-plugins-22.pom (13 kB at 225 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/21/maven-parent-21.pom (26 kB at 573 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/10/apache-10.pom (15 kB at 296 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar Progress (1): 4.1/25 kB Progress (1): 7.7/25 kB Progress (1): 12/25 kB Progress (1): 16/25 kB Progress (1): 20/25 kB Progress (1): 24/25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.5/maven-clean-plugin-2.5.jar (25 kB at 536 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/23/maven-plugins-23.pom (9.2 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/22/maven-parent-22.pom (30 kB at 783 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/11/apache-11.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.jar (30 kB at 628 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.pom (10 kB at 208 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/24/maven-plugins-24.pom (11 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/23/maven-parent-23.pom (33 kB at 758 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/13/apache-13.pom (14 kB at 304 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar Progress (1): 4.1/43 kB Progress (1): 7.7/43 kB Progress (1): 12/43 kB Progress (1): 16/43 kB Progress (1): 20/43 kB Progress (1): 24/43 kB Progress (1): 28/43 kB Progress (1): 32/43 kB Progress (1): 36/43 kB Progress (1): 40/43 kB Progress (1): 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-compiler-plugin/3.1/maven-compiler-plugin-3.1.jar (43 kB at 781 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.pom (10 kB at 156 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire/2.12.4/surefire-2.12.4.pom (14 kB at 255 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar Progress (1): 4.1/30 kB Progress (1): 7.7/30 kB Progress (1): 12/30 kB Progress (1): 16/30 kB Progress (1): 20/30 kB Progress (1): 24/30 kB Progress (1): 28/30 kB Progress (1): 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-surefire-plugin/2.12.4/maven-surefire-plugin-2.12.4.jar (30 kB at 622 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.pom (6.8 kB at 133 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-plugins/37/maven-plugins-37.pom (9.9 kB at 198 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/37/maven-parent-37.pom (46 kB at 1.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/27/apache-27.pom (20 kB at 443 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar Progress (1): 4.1/27 kB Progress (1): 7.7/27 kB Progress (1): 12/27 kB Progress (1): 16/27 kB Progress (1): 20/27 kB Progress (1): 24/27 kB Progress (1): 27 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-jar-plugin/3.3.0/maven-jar-plugin-3.3.0.jar (27 kB at 636 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.pom (3.6 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.pom (5.0 kB at 98 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.pom (3.6 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.pom (1.8 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar Downloading from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk17/0.1.2/simple-jdk17-0.1.2.jar (3.6 kB at 82 kB/s) Progress (1): 2.3/3.6 kB Progress (1): 3.6 kB Progress (2): 3.6 kB | 2.3/7.1 kB Progress (2): 3.6 kB | 5.0/7.1 kB Progress (2): 3.6 kB | 7.1 kB Progress (3): 3.6 kB | 7.1 kB | 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/simple/simple-jdk8/1.2.4/simple-jdk8-1.2.4.jar (3.6 kB at 46 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/shaded/shaded-jdk11/1.9/shaded-jdk11-1.9.jar (7.1 kB at 79 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/io/github/stuartwdouglas/hacbs-test/gradle/hacbs-test-simple-gradle-jdk8/1.1/hacbs-test-simple-gradle-jdk8-1.1.jar (2.0 kB at 21 kB/s) [INFO] [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.pom (1.5 kB at 26 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.6/maven-2.0.6.pom (9.0 kB at 159 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/5/maven-parent-5.pom (15 kB at 282 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/3/apache-3.pom (3.4 kB at 62 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.pom (4.1 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/16/spice-parent-16.pom (8.4 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/5/forge-parent-5.pom (8.4 kB at 171 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar Progress (1): 2.3/226 kB Progress (1): 5.0/226 kB Progress (1): 7.8/226 kB Progress (1): 11/226 kB Progress (1): 13/226 kB Progress (1): 16/226 kB Progress (1): 19/226 kB Progress (1): 21/226 kB Progress (2): 21/226 kB | 2.3/13 kB Progress (2): 24/226 kB | 2.3/13 kB Progress (2): 24/226 kB | 5.0/13 kB Progress (2): 27/226 kB | 5.0/13 kB Progress (2): 27/226 kB | 7.8/13 kB Progress (2): 30/226 kB | 7.8/13 kB Progress (2): 30/226 kB | 12/13 kB Progress (2): 33/226 kB | 12/13 kB Progress (2): 33/226 kB | 13 kB Progress (2): 36/226 kB | 13 kB Progress (2): 38/226 kB | 13 kB Progress (2): 41/226 kB | 13 kB Progress (2): 44/226 kB | 13 kB Progress (2): 48/226 kB | 13 kB Progress (2): 52/226 kB | 13 kB Progress (2): 56/226 kB | 13 kB Progress (2): 60/226 kB | 13 kB Progress (2): 64/226 kB | 13 kB Progress (2): 68/226 kB | 13 kB Progress (2): 72/226 kB | 13 kB Progress (2): 76/226 kB | 13 kB Progress (2): 81/226 kB | 13 kB Progress (2): 85/226 kB | 13 kB Progress (2): 89/226 kB | 13 kB Progress (2): 93/226 kB | 13 kB Progress (2): 97/226 kB | 13 kB Progress (2): 101/226 kB | 13 kB Progress (2): 105/226 kB | 13 kB Progress (2): 109/226 kB | 13 kB Progress (2): 111/226 kB | 13 kB Progress (2): 115/226 kB | 13 kB Progress (2): 120/226 kB | 13 kB Progress (2): 124/226 kB | 13 kB Progress (2): 128/226 kB | 13 kB Progress (2): 132/226 kB | 13 kB Progress (2): 136/226 kB | 13 kB Progress (2): 140/226 kB | 13 kB Progress (2): 144/226 kB | 13 kB Progress (2): 148/226 kB | 13 kB Progress (2): 152/226 kB | 13 kB Progress (2): 156/226 kB | 13 kB Progress (2): 160/226 kB | 13 kB Progress (2): 164/226 kB | 13 kB Progress (2): 168/226 kB | 13 kB Progress (2): 172/226 kB | 13 kB Progress (2): 176/226 kB | 13 kB Progress (2): 180/226 kB | 13 kB Progress (2): 184/226 kB | 13 kB Progress (2): 188/226 kB | 13 kB Progress (2): 193/226 kB | 13 kB Progress (2): 197/226 kB | 13 kB Progress (2): 201/226 kB | 13 kB Progress (2): 205/226 kB | 13 kB Progress (2): 209/226 kB | 13 kB Progress (2): 213/226 kB | 13 kB Progress (2): 217/226 kB | 13 kB Progress (2): 221/226 kB | 13 kB Progress (2): 225/226 kB | 13 kB Progress (2): 226 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.6/maven-plugin-api-2.0.6.jar (13 kB at 234 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0/plexus-utils-3.0.jar (226 kB at 3.7 MB/s) [INFO] [INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.pom (2.6 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.pom (2.0 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.pom (3.0 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.1/plexus-utils-1.4.1.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.11/plexus-1.0.11.pom (9.0 kB at 142 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.pom (3.9 kB at 71 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom Progress (1): 492 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.0.3/plexus-containers-1.0.3.pom (492 B at 9.6 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom Progress (1): 4.1 kB Progress (1): 5.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/1.0.4/plexus-1.0.4.pom (5.7 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom Progress (1): 998 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.pom (998 B at 17 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom Progress (1): 4.1 kB Progress (1): 6.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.0.4/plexus-utils-1.0.4.pom (6.9 kB at 111 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1-alpha-2/classworlds-1.1-alpha-2.pom (3.1 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.pom (2.0 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.pom (2.6 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.pom (1.9 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.pom (1.6 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.pom (1.9 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom Progress (1): 4.1 kB Progress (1): 6.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.pom (6.7 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.pom (1.9 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.pom (1.8 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom Progress (1): 1.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.6/maven-reporting-2.0.6.pom (1.4 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom Progress (1): 424 B Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.pom (424 B at 8.5 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia/1.0-alpha-7/doxia-1.0-alpha-7.pom (3.9 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.pom (1.7 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom Progress (1): 4.1 kB Progress (1): 7.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.pom (7.1 kB at 118 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.pom (1.3 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.pom (3.3 kB at 72 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.pom (3.3 kB at 64 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.6/plexus-2.0.6.pom (17 kB at 342 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.pom (5.8 kB at 103 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/17/maven-shared-components-17.pom (8.7 kB at 174 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.15/plexus-utils-1.5.15.pom (6.8 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.2/plexus-2.0.2.pom (12 kB at 197 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.12/plexus-interpolation-1.12.pom (889 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom Progress (1): 4.1 kB Progress (1): 5.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.14/plexus-components-1.1.14.pom (5.8 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.pom (2.9 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/10/spice-parent-10.pom (3.0 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/3/forge-parent-3.pom (5.0 kB at 99 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom Progress (1): 4.1 kB Progress (1): 8.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.8/plexus-utils-1.5.8.pom (8.1 kB at 161 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom Progress (1): 890 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.pom (890 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.15/plexus-components-1.1.15.pom (2.8 kB at 55 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.3/plexus-2.0.3.pom (15 kB at 292 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar Progress (1): 2.3/29 kB Progress (1): 5.0/29 kB Progress (1): 7.8/29 kB Progress (1): 11/29 kB Progress (1): 13/29 kB Progress (1): 16/29 kB Progress (1): 19/29 kB Progress (1): 21/29 kB Progress (1): 24/29 kB Progress (1): 27/29 kB Progress (1): 29 kB Progress (2): 29 kB | 4.1/116 kB Progress (2): 29 kB | 7.7/116 kB Progress (2): 29 kB | 12/116 kB Progress (2): 29 kB | 16/116 kB Progress (2): 29 kB | 20/116 kB Progress (2): 29 kB | 24/116 kB Progress (2): 29 kB | 28/116 kB Progress (2): 29 kB | 32/116 kB Progress (2): 29 kB | 36/116 kB Progress (2): 29 kB | 41/116 kB Progress (2): 29 kB | 45/116 kB Progress (2): 29 kB | 49/116 kB Progress (2): 29 kB | 53/116 kB Progress (2): 29 kB | 57/116 kB Progress (2): 29 kB | 61/116 kB Progress (2): 29 kB | 65/116 kB Progress (2): 29 kB | 69/116 kB Progress (2): 29 kB | 73/116 kB Progress (2): 29 kB | 77/116 kB Progress (2): 29 kB | 81/116 kB Progress (2): 29 kB | 86/116 kB Progress (2): 29 kB | 90/116 kB Progress (2): 29 kB | 94/116 kB Progress (2): 29 kB | 98/116 kB Progress (2): 29 kB | 102/116 kB Progress (2): 29 kB | 106/116 kB Progress (2): 29 kB | 110/116 kB Progress (2): 29 kB | 114/116 kB Progress (2): 29 kB | 116 kB Progress (3): 29 kB | 116 kB | 3.8/35 kB Progress (3): 29 kB | 116 kB | 7.9/35 kB Progress (3): 29 kB | 116 kB | 12/35 kB Progress (3): 29 kB | 116 kB | 16/35 kB Progress (3): 29 kB | 116 kB | 20/35 kB Progress (3): 29 kB | 116 kB | 24/35 kB Progress (3): 29 kB | 116 kB | 28/35 kB Progress (3): 29 kB | 116 kB | 32/35 kB Progress (3): 29 kB | 116 kB | 35 kB Progress (4): 29 kB | 116 kB | 35 kB | 4.1/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 7.5/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 12/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 16/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 20/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 24/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 28/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 32/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 36/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 40/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 44/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 48/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 53/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 57/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 61/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 65/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 69/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 73/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 77/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 81/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 85/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 89/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 94/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 98/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 102/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 106/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 110/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 114/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 118/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 122/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 126/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 130/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 134/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 139/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 143/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 147/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 151/152 kB Progress (4): 29 kB | 116 kB | 35 kB | 152 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 2.7/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 5.5/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 8.2/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 11/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 14/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 16/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 19/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 22/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 25/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 27/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 30/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 33/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 36/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 38/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 41/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 44/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 46/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 49/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 52/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 55/57 kB Progress (5): 29 kB | 116 kB | 35 kB | 152 kB | 57 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.6/maven-plugin-registry-2.0.6.jar (29 kB at 615 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.6/maven-project-2.0.6.jar (116 kB at 2.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.6/maven-core-2.0.6.jar (152 kB at 2.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.6/maven-profile-2.0.6.jar (35 kB at 534 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar Progress (2): 57 kB | 2.3/21 kB Progress (2): 57 kB | 5.0/21 kB Progress (2): 57 kB | 7.8/21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.6/maven-artifact-manager-2.0.6.jar (57 kB at 807 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar Progress (1): 11/21 kB Progress (1): 13/21 kB Progress (1): 16/21 kB Progress (1): 19/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/9.9 kB Progress (2): 21 kB | 7.7/9.9 kB Progress (2): 21 kB | 9.9 kB Progress (3): 21 kB | 9.9 kB | 4.1/24 kB Progress (3): 21 kB | 9.9 kB | 7.7/24 kB Progress (3): 21 kB | 9.9 kB | 12/24 kB Progress (3): 21 kB | 9.9 kB | 16/24 kB Progress (3): 21 kB | 9.9 kB | 20/24 kB Progress (3): 21 kB | 9.9 kB | 24/24 kB Progress (3): 21 kB | 9.9 kB | 24 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 3.8/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 7.9/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 12/14 kB Progress (4): 21 kB | 9.9 kB | 24 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.6/maven-plugin-parameter-documenter-2.0.6.jar (21 kB at 214 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar Progress (4): 9.9 kB | 24 kB | 14 kB | 3.8/5.9 kB Progress (4): 9.9 kB | 24 kB | 14 kB | 5.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.6/maven-reporting-api-2.0.6.jar (9.9 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.6/maven-repository-metadata-2.0.6.jar (24 kB at 217 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.6/maven-error-diagnostics-2.0.6.jar (14 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar Progress (2): 5.9 kB | 3.8/30 kB Progress (2): 5.9 kB | 7.9/30 kB Progress (2): 5.9 kB | 12/30 kB Progress (2): 5.9 kB | 16/30 kB Progress (2): 5.9 kB | 20/30 kB Progress (2): 5.9 kB | 24/30 kB Progress (2): 5.9 kB | 28/30 kB Progress (2): 5.9 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/doxia/doxia-sink-api/1.0-alpha-7/doxia-sink-api-1.0-alpha-7.jar (5.9 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar Progress (2): 30 kB | 4.1/37 kB Progress (2): 30 kB | 7.7/37 kB Progress (2): 30 kB | 12/37 kB Progress (2): 30 kB | 16/37 kB Progress (2): 30 kB | 20/37 kB Progress (2): 30 kB | 24/37 kB Progress (2): 30 kB | 28/37 kB Progress (2): 30 kB | 32/37 kB Progress (2): 30 kB | 36/37 kB Progress (2): 30 kB | 37 kB Progress (3): 30 kB | 37 kB | 3.8/38 kB Progress (3): 30 kB | 37 kB | 7.9/38 kB Progress (3): 30 kB | 37 kB | 12/38 kB Progress (3): 30 kB | 37 kB | 16/38 kB Progress (3): 30 kB | 37 kB | 20/38 kB Progress (3): 30 kB | 37 kB | 24/38 kB Progress (3): 30 kB | 37 kB | 28/38 kB Progress (3): 30 kB | 37 kB | 32/38 kB Progress (3): 30 kB | 37 kB | 37/38 kB Progress (3): 30 kB | 37 kB | 38 kB Progress (4): 30 kB | 37 kB | 38 kB | 4.1/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 7.7/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 12/13 kB Progress (4): 30 kB | 37 kB | 38 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-cli/commons-cli/1.0/commons-cli-1.0.jar (30 kB at 205 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar Progress (4): 37 kB | 38 kB | 13 kB | 3.8/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 7.9/87 kB Progress (4): 37 kB | 38 kB | 13 kB | 12/87 kB Downloaded from central: https://repo.maven.apache.org/maven2/classworlds/classworlds/1.1/classworlds-1.1.jar (38 kB at 240 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar Progress (3): 37 kB | 13 kB | 16/87 kB Progress (3): 37 kB | 13 kB | 20/87 kB Progress (3): 37 kB | 13 kB | 24/87 kB Progress (3): 37 kB | 13 kB | 28/87 kB Progress (3): 37 kB | 13 kB | 32/87 kB Progress (3): 37 kB | 13 kB | 36/87 kB Progress (3): 37 kB | 13 kB | 40/87 kB Progress (3): 37 kB | 13 kB | 44/87 kB Progress (3): 37 kB | 13 kB | 48/87 kB Progress (3): 37 kB | 13 kB | 53/87 kB Progress (3): 37 kB | 13 kB | 57/87 kB Progress (3): 37 kB | 13 kB | 61/87 kB Progress (3): 37 kB | 13 kB | 65/87 kB Progress (3): 37 kB | 13 kB | 69/87 kB Progress (3): 37 kB | 13 kB | 73/87 kB Progress (3): 37 kB | 13 kB | 77/87 kB Progress (3): 37 kB | 13 kB | 81/87 kB Progress (3): 37 kB | 13 kB | 85/87 kB Progress (3): 37 kB | 13 kB | 87 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.6/maven-plugin-descriptor-2.0.6.jar (37 kB at 228 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interactivity-api/1.0-alpha-4/plexus-interactivity-api-1.0-alpha-4.jar (13 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar Progress (2): 87 kB | 3.8/49 kB Progress (2): 87 kB | 7.9/49 kB Progress (2): 87 kB | 12/49 kB Progress (2): 87 kB | 16/49 kB Progress (2): 87 kB | 20/49 kB Progress (2): 87 kB | 24/49 kB Progress (2): 87 kB | 28/49 kB Progress (2): 87 kB | 32/49 kB Progress (2): 87 kB | 37/49 kB Progress (2): 87 kB | 41/49 kB Progress (2): 87 kB | 45/49 kB Progress (2): 87 kB | 49/49 kB Progress (2): 87 kB | 49 kB Progress (3): 87 kB | 49 kB | 3.8/86 kB Progress (3): 87 kB | 49 kB | 7.9/86 kB Progress (3): 87 kB | 49 kB | 12/86 kB Progress (3): 87 kB | 49 kB | 16/86 kB Progress (3): 87 kB | 49 kB | 20/86 kB Progress (3): 87 kB | 49 kB | 24/86 kB Progress (3): 87 kB | 49 kB | 28/86 kB Progress (3): 87 kB | 49 kB | 32/86 kB Progress (3): 87 kB | 49 kB | 36/86 kB Progress (3): 87 kB | 49 kB | 40/86 kB Progress (3): 87 kB | 49 kB | 44/86 kB Progress (3): 87 kB | 49 kB | 48/86 kB Progress (3): 87 kB | 49 kB | 53/86 kB Progress (3): 87 kB | 49 kB | 57/86 kB Progress (3): 87 kB | 49 kB | 61/86 kB Progress (3): 87 kB | 49 kB | 65/86 kB Progress (3): 87 kB | 49 kB | 69/86 kB Progress (3): 87 kB | 49 kB | 73/86 kB Progress (3): 87 kB | 49 kB | 77/86 kB Progress (3): 87 kB | 49 kB | 81/86 kB Progress (3): 87 kB | 49 kB | 85/86 kB Progress (3): 87 kB | 49 kB | 86 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.6/maven-artifact-2.0.6.jar (87 kB at 470 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar Progress (3): 49 kB | 86 kB | 4.1/10 kB Progress (3): 49 kB | 86 kB | 7.7/10 kB Progress (3): 49 kB | 86 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.6/maven-settings-2.0.6.jar (49 kB at 253 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar Progress (3): 86 kB | 10 kB | 4.1/194 kB Progress (3): 86 kB | 10 kB | 7.7/194 kB Progress (3): 86 kB | 10 kB | 12/194 kB Progress (3): 86 kB | 10 kB | 16/194 kB Progress (3): 86 kB | 10 kB | 20/194 kB Progress (3): 86 kB | 10 kB | 24/194 kB Progress (3): 86 kB | 10 kB | 28/194 kB Progress (3): 86 kB | 10 kB | 32/194 kB Progress (3): 86 kB | 10 kB | 36/194 kB Progress (3): 86 kB | 10 kB | 41/194 kB Progress (3): 86 kB | 10 kB | 45/194 kB Progress (3): 86 kB | 10 kB | 49/194 kB Progress (3): 86 kB | 10 kB | 53/194 kB Progress (3): 86 kB | 10 kB | 57/194 kB Progress (3): 86 kB | 10 kB | 61/194 kB Progress (3): 86 kB | 10 kB | 65/194 kB Progress (3): 86 kB | 10 kB | 69/194 kB Progress (3): 86 kB | 10 kB | 73/194 kB Progress (3): 86 kB | 10 kB | 77/194 kB Progress (3): 86 kB | 10 kB | 81/194 kB Progress (3): 86 kB | 10 kB | 86/194 kB Progress (3): 86 kB | 10 kB | 90/194 kB Progress (3): 86 kB | 10 kB | 94/194 kB Progress (3): 86 kB | 10 kB | 98/194 kB Progress (3): 86 kB | 10 kB | 102/194 kB Progress (3): 86 kB | 10 kB | 106/194 kB Progress (3): 86 kB | 10 kB | 110/194 kB Progress (3): 86 kB | 10 kB | 114/194 kB Progress (3): 86 kB | 10 kB | 118/194 kB Progress (3): 86 kB | 10 kB | 122/194 kB Progress (3): 86 kB | 10 kB | 127/194 kB Progress (3): 86 kB | 10 kB | 131/194 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.6/maven-model-2.0.6.jar (86 kB at 426 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar Progress (2): 10 kB | 135/194 kB Progress (2): 10 kB | 139/194 kB Progress (2): 10 kB | 143/194 kB Progress (2): 10 kB | 147/194 kB Progress (2): 10 kB | 151/194 kB Progress (2): 10 kB | 155/194 kB Progress (2): 10 kB | 159/194 kB Progress (2): 10 kB | 163/194 kB Progress (2): 10 kB | 167/194 kB Progress (2): 10 kB | 172/194 kB Progress (2): 10 kB | 176/194 kB Progress (2): 10 kB | 180/194 kB Progress (2): 10 kB | 184/194 kB Progress (2): 10 kB | 188/194 kB Progress (2): 10 kB | 192/194 kB Progress (2): 10 kB | 194 kB Progress (3): 10 kB | 194 kB | 4.1/121 kB Progress (3): 10 kB | 194 kB | 7.7/121 kB Progress (3): 10 kB | 194 kB | 12/121 kB Progress (3): 10 kB | 194 kB | 16/121 kB Progress (3): 10 kB | 194 kB | 20/121 kB Progress (3): 10 kB | 194 kB | 24/121 kB Progress (3): 10 kB | 194 kB | 28/121 kB Progress (3): 10 kB | 194 kB | 32/121 kB Progress (3): 10 kB | 194 kB | 36/121 kB Progress (3): 10 kB | 194 kB | 40/121 kB Progress (3): 10 kB | 194 kB | 44/121 kB Progress (3): 10 kB | 194 kB | 48/121 kB Progress (3): 10 kB | 194 kB | 53/121 kB Progress (3): 10 kB | 194 kB | 57/121 kB Progress (3): 10 kB | 194 kB | 61/121 kB Progress (3): 10 kB | 194 kB | 65/121 kB Progress (3): 10 kB | 194 kB | 69/121 kB Progress (3): 10 kB | 194 kB | 73/121 kB Progress (3): 10 kB | 194 kB | 77/121 kB Progress (3): 10 kB | 194 kB | 81/121 kB Progress (3): 10 kB | 194 kB | 85/121 kB Progress (3): 10 kB | 194 kB | 89/121 kB Progress (3): 10 kB | 194 kB | 93/121 kB Progress (3): 10 kB | 194 kB | 98/121 kB Progress (3): 10 kB | 194 kB | 102/121 kB Progress (3): 10 kB | 194 kB | 106/121 kB Progress (3): 10 kB | 194 kB | 110/121 kB Progress (3): 10 kB | 194 kB | 114/121 kB Progress (3): 10 kB | 194 kB | 118/121 kB Progress (3): 10 kB | 194 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.6/maven-monitor-2.0.6.jar (10 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar Progress (3): 194 kB | 121 kB | 3.8/223 kB Progress (3): 194 kB | 121 kB | 7.9/223 kB Progress (3): 194 kB | 121 kB | 12/223 kB Progress (3): 194 kB | 121 kB | 16/223 kB Progress (3): 194 kB | 121 kB | 20/223 kB Progress (3): 194 kB | 121 kB | 24/223 kB Progress (3): 194 kB | 121 kB | 28/223 kB Progress (3): 194 kB | 121 kB | 32/223 kB Progress (3): 194 kB | 121 kB | 37/223 kB Progress (4): 194 kB | 121 kB | 37/223 kB | 4.1/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 4.1/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 7.7/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 12/43 kB Progress (4): 194 kB | 121 kB | 41/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 45/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 49/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 53/223 kB | 16/43 kB Progress (4): 194 kB | 121 kB | 53/223 kB | 20/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 20/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 24/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 28/43 kB Progress (4): 194 kB | 121 kB | 57/223 kB | 32/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 32/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 36/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 41/43 kB Progress (4): 194 kB | 121 kB | 61/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 65/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 69/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 73/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 78/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 82/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 86/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 90/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 94/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 98/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 102/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 106/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 110/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 114/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 118/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 123/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 127/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 131/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 135/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 139/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 143/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 147/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 151/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 155/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 159/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 164/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 168/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 172/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 176/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 180/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 184/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 188/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 192/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 196/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 200/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 204/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 209/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 213/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 217/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 221/223 kB | 43 kB Progress (4): 194 kB | 121 kB | 223 kB | 43 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9-stable-1/plexus-container-default-1.0-alpha-9-stable-1.jar (194 kB at 833 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.1/junit-3.8.1.jar (121 kB at 509 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-filtering/1.1/maven-filtering-1.1.jar (43 kB at 177 kB/s) Progress (2): 223 kB | 4.1/6.8 kB Progress (2): 223 kB | 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.5/plexus-utils-2.0.5.jar (223 kB at 889 kB/s) Progress (2): 6.8 kB | 4.1/61 kB Progress (2): 6.8 kB | 7.7/61 kB Progress (2): 6.8 kB | 12/61 kB Progress (2): 6.8 kB | 16/61 kB Progress (2): 6.8 kB | 20/61 kB Progress (2): 6.8 kB | 24/61 kB Progress (2): 6.8 kB | 28/61 kB Progress (2): 6.8 kB | 32/61 kB Progress (2): 6.8 kB | 36/61 kB Progress (2): 6.8 kB | 41/61 kB Progress (2): 6.8 kB | 45/61 kB Progress (2): 6.8 kB | 49/61 kB Progress (2): 6.8 kB | 53/61 kB Progress (2): 6.8 kB | 57/61 kB Progress (2): 6.8 kB | 61/61 kB Progress (2): 6.8 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-build-api/0.0.4/plexus-build-api-0.0.4.jar (6.8 kB at 25 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.13/plexus-interpolation-1.13.jar (61 kB at 204 kB/s) [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/main/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.pom (1.5 kB at 36 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.0.9/maven-2.0.9.pom (19 kB at 326 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/8/maven-parent-8.pom (24 kB at 589 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/4/apache-4.pom (4.5 kB at 105 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.pom (1.6 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.pom (2.3 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.pom (7.8 kB at 166 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.pom (2.1 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.pom (3.1 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.pom (2.0 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.pom (2.0 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.pom (1.9 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.pom (1.7 kB at 32 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.pom (2.7 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.pom (2.7 kB at 57 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.pom (2.0 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.pom (2.1 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.pom (1.3 kB at 23 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom Progress (1): 3.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.pom (3.4 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.pom (4.0 kB at 76 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/18/maven-shared-components-18.pom (4.9 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom Progress (1): 965 B Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.pom (965 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom Progress (1): 4.1 kB Progress (1): 4.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.pom (4.7 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom Progress (1): 4.1 kB Progress (1): 6.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/19/maven-shared-components-19.pom (6.4 kB at 132 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.2.1/maven-plugin-api-2.2.1.pom (1.5 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/2.2.1/maven-2.2.1.pom (22 kB at 407 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/11/maven-parent-11.pom (32 kB at 611 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom Progress (1): 4.1 kB Progress (1): 4.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/5/apache-5.pom (4.1 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.2.1/maven-core-2.2.1.pom (12 kB at 219 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.2.1/maven-settings-2.2.1.pom (2.2 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.2.1/maven-model-2.2.1.pom (3.2 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom Progress (1): 889 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.11/plexus-interpolation-1.11.pom (889 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.2.1/maven-plugin-parameter-documenter-2.2.1.pom (2.0 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-jdk14/1.5.6/slf4j-jdk14-1.5.6.pom (1.9 kB at 35 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom Progress (1): 4.1 kB Progress (1): 7.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.5.6/slf4j-parent-1.5.6.pom (7.9 kB at 137 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.5.6/slf4j-api-1.5.6.pom (3.0 kB at 73 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/jcl-over-slf4j/1.5.6/jcl-over-slf4j-1.5.6.pom (2.2 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.2.1/maven-profile-2.2.1.pom (2.2 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.2.1/maven-artifact-2.2.1.pom (1.6 kB at 38 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.2.1/maven-repository-metadata-2.2.1.pom (1.9 kB at 51 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.2.1/maven-error-diagnostics-2.2.1.pom (1.7 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.2.1/maven-project-2.2.1.pom (2.8 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.2.1/maven-artifact-manager-2.2.1.pom (3.1 kB at 80 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom Progress (1): 880 B Downloaded from central: https://repo.maven.apache.org/maven2/backport-util-concurrent/backport-util-concurrent/3.1/backport-util-concurrent-3.1.pom (880 B at 21 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.2.1/maven-plugin-registry-2.2.1.pom (1.9 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.2.1/maven-plugin-descriptor-2.2.1.pom (2.1 kB at 34 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom Progress (1): 1.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.2.1/maven-monitor-2.2.1.pom (1.3 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.pom (3.0 kB at 63 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/12/spice-parent-12.pom (6.8 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/4/forge-parent-4.pom (8.4 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.5/plexus-utils-1.5.5.pom (5.1 kB at 107 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.pom (2.1 kB at 45 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom Progress (1): 815 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom (815 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom Progress (1): 4.1 kB Progress (1): 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom (4.2 kB at 121 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom (17 kB at 455 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom Progress (1): 865 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.pom (865 B at 22 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom Progress (1): 3.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler/2.2/plexus-compiler-2.2.pom (3.6 kB at 75 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.3.1/plexus-components-1.3.1.pom (3.1 kB at 68 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom (20 kB at 499 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom Progress (1): 4.1 kB Progress (1): 6.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/spice/spice-parent/17/spice-parent-17.pom (6.8 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/10/forge-parent-10.pom (14 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.pom (3.1 kB at 70 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/3.2/plexus-3.2.pom (19 kB at 383 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom Progress (1): 690 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.pom (690 B at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom Progress (1): 769 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.pom (769 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compilers/2.2/plexus-compilers-2.2.pom (1.2 kB at 25 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.pom (2.8 kB at 66 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.4.5/plexus-utils-1.4.5.pom (2.3 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.pom (4.0 kB at 90 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.pom (2.8 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean/3.4/xbean-3.4.pom (19 kB at 343 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom Progress (1): 145 B Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.pom (145 B at 3.1 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom Progress (1): 4.1 kB Progress (1): 5.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.pom (5.3 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.pom (2.5 kB at 41 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/google/1/google-1.pom (1.6 kB at 27 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom Progress (1): 747 B Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.pom (747 B at 18 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar Progress (1): 4.1/160 kB Progress (1): 7.7/160 kB Progress (1): 12/160 kB Progress (1): 16/160 kB Progress (1): 20/160 kB Progress (1): 24/160 kB Progress (1): 28/160 kB Progress (1): 32/160 kB Progress (1): 36/160 kB Progress (1): 40/160 kB Progress (1): 44/160 kB Progress (1): 48/160 kB Progress (1): 53/160 kB Progress (1): 57/160 kB Progress (1): 61/160 kB Progress (1): 65/160 kB Progress (1): 69/160 kB Progress (1): 73/160 kB Progress (1): 77/160 kB Progress (1): 81/160 kB Progress (1): 85/160 kB Progress (1): 89/160 kB Progress (1): 94/160 kB Progress (1): 98/160 kB Progress (1): 102/160 kB Progress (1): 106/160 kB Progress (1): 110/160 kB Progress (1): 114/160 kB Progress (1): 118/160 kB Progress (1): 122/160 kB Progress (1): 126/160 kB Progress (1): 130/160 kB Progress (1): 134/160 kB Progress (1): 139/160 kB Progress (1): 143/160 kB Progress (1): 147/160 kB Progress (1): 151/160 kB Progress (1): 155/160 kB Progress (1): 159/160 kB Progress (1): 160 kB Progress (2): 160 kB | 4.1/211 kB Progress (2): 160 kB | 8.2/211 kB Progress (2): 160 kB | 12/211 kB Progress (2): 160 kB | 16/211 kB Progress (3): 160 kB | 16/211 kB | 4.1/13 kB Progress (3): 160 kB | 20/211 kB | 4.1/13 kB Progress (3): 160 kB | 20/211 kB | 7.7/13 kB Progress (3): 160 kB | 25/211 kB | 7.7/13 kB Progress (3): 160 kB | 25/211 kB | 12/13 kB Progress (3): 160 kB | 25/211 kB | 13 kB Progress (3): 160 kB | 29/211 kB | 13 kB Progress (3): 160 kB | 33/211 kB | 13 kB Progress (3): 160 kB | 37/211 kB | 13 kB Progress (3): 160 kB | 41/211 kB | 13 kB Progress (3): 160 kB | 45/211 kB | 13 kB Progress (3): 160 kB | 49/211 kB | 13 kB Progress (3): 160 kB | 53/211 kB | 13 kB Progress (3): 160 kB | 57/211 kB | 13 kB Progress (3): 160 kB | 61/211 kB | 13 kB Progress (3): 160 kB | 66/211 kB | 13 kB Progress (3): 160 kB | 70/211 kB | 13 kB Progress (3): 160 kB | 74/211 kB | 13 kB Progress (3): 160 kB | 78/211 kB | 13 kB Progress (3): 160 kB | 82/211 kB | 13 kB Progress (3): 160 kB | 86/211 kB | 13 kB Progress (3): 160 kB | 90/211 kB | 13 kB Progress (3): 160 kB | 94/211 kB | 13 kB Progress (3): 160 kB | 98/211 kB | 13 kB Progress (3): 160 kB | 102/211 kB | 13 kB Progress (3): 160 kB | 106/211 kB | 13 kB Progress (3): 160 kB | 111/211 kB | 13 kB Progress (3): 160 kB | 115/211 kB | 13 kB Progress (3): 160 kB | 119/211 kB | 13 kB Progress (3): 160 kB | 123/211 kB | 13 kB Progress (3): 160 kB | 127/211 kB | 13 kB Progress (3): 160 kB | 131/211 kB | 13 kB Progress (3): 160 kB | 135/211 kB | 13 kB Progress (3): 160 kB | 139/211 kB | 13 kB Progress (3): 160 kB | 143/211 kB | 13 kB Progress (3): 160 kB | 147/211 kB | 13 kB Progress (3): 160 kB | 152/211 kB | 13 kB Progress (3): 160 kB | 156/211 kB | 13 kB Progress (3): 160 kB | 160/211 kB | 13 kB Progress (3): 160 kB | 164/211 kB | 13 kB Progress (3): 160 kB | 168/211 kB | 13 kB Progress (3): 160 kB | 172/211 kB | 13 kB Progress (3): 160 kB | 176/211 kB | 13 kB Progress (3): 160 kB | 180/211 kB | 13 kB Progress (3): 160 kB | 184/211 kB | 13 kB Progress (3): 160 kB | 188/211 kB | 13 kB Progress (3): 160 kB | 193/211 kB | 13 kB Progress (3): 160 kB | 197/211 kB | 13 kB Progress (3): 160 kB | 201/211 kB | 13 kB Progress (3): 160 kB | 205/211 kB | 13 kB Progress (3): 160 kB | 209/211 kB | 13 kB Progress (3): 160 kB | 211 kB | 13 kB Progress (4): 160 kB | 211 kB | 13 kB | 4.1/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 7.7/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 12/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 16/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 20/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 24/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 28/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 32/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 36/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 41/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 45/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 49/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 53/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 57/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 61/89 kB Progress (4): 160 kB | 211 kB | 13 kB | 65/89 kB Progress (5): 160 kB | 211 kB | 13 kB | 65/89 kB | 4.1/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 65/89 kB | 7.7/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 69/89 kB | 7.7/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 69/89 kB | 12/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 73/89 kB | 12/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 73/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 77/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 16/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 20/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 81/89 kB | 24/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 86/89 kB | 24/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 86/89 kB | 28/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 28/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 32/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 36/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 41/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 45/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 49/49 kB Progress (5): 160 kB | 211 kB | 13 kB | 89 kB | 49 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/2.0.9/maven-core-2.0.9.jar (160 kB at 3.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/2.0.9/maven-plugin-api-2.0.9.jar (13 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/1.5.1/plexus-utils-1.5.1.jar (211 kB at 3.9 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/2.0.9/maven-settings-2.0.9.jar (49 kB at 832 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/2.0.9/maven-artifact-2.0.9.jar (89 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar Progress (1): 4.1/21 kB Progress (1): 7.7/21 kB Progress (1): 12/21 kB Progress (1): 16/21 kB Progress (1): 20/21 kB Progress (1): 21 kB Progress (2): 21 kB | 4.1/35 kB Progress (2): 21 kB | 7.7/35 kB Progress (2): 21 kB | 12/35 kB Progress (2): 21 kB | 16/35 kB Progress (2): 21 kB | 20/35 kB Progress (2): 21 kB | 24/35 kB Progress (2): 21 kB | 28/35 kB Progress (2): 21 kB | 32/35 kB Progress (2): 21 kB | 35 kB Progress (3): 21 kB | 35 kB | 4.1/87 kB Progress (3): 21 kB | 35 kB | 7.7/87 kB Progress (3): 21 kB | 35 kB | 12/87 kB Progress (3): 21 kB | 35 kB | 16/87 kB Progress (3): 21 kB | 35 kB | 20/87 kB Progress (3): 21 kB | 35 kB | 24/87 kB Progress (3): 21 kB | 35 kB | 28/87 kB Progress (3): 21 kB | 35 kB | 32/87 kB Progress (3): 21 kB | 35 kB | 36/87 kB Progress (3): 21 kB | 35 kB | 41/87 kB Progress (3): 21 kB | 35 kB | 45/87 kB Progress (3): 21 kB | 35 kB | 49/87 kB Progress (3): 21 kB | 35 kB | 53/87 kB Progress (3): 21 kB | 35 kB | 57/87 kB Progress (3): 21 kB | 35 kB | 61/87 kB Progress (3): 21 kB | 35 kB | 65/87 kB Progress (3): 21 kB | 35 kB | 69/87 kB Progress (3): 21 kB | 35 kB | 73/87 kB Progress (3): 21 kB | 35 kB | 77/87 kB Progress (3): 21 kB | 35 kB | 81/87 kB Progress (3): 21 kB | 35 kB | 86/87 kB Progress (3): 21 kB | 35 kB | 87 kB Progress (4): 21 kB | 35 kB | 87 kB | 4.1/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 7.7/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 12/14 kB Progress (4): 21 kB | 35 kB | 87 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-profile/2.0.9/maven-profile-2.0.9.jar (35 kB at 384 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar Progress (4): 21 kB | 87 kB | 14 kB | 4.1/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 7.7/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 12/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 16/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 20/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 24/25 kB Progress (4): 21 kB | 87 kB | 14 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-parameter-documenter/2.0.9/maven-plugin-parameter-documenter-2.0.9.jar (21 kB at 215 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/2.0.9/maven-model-2.0.9.jar (87 kB at 801 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar Progress (3): 14 kB | 25 kB | 4.1/122 kB Progress (3): 14 kB | 25 kB | 7.7/122 kB Progress (3): 14 kB | 25 kB | 12/122 kB Progress (3): 14 kB | 25 kB | 16/122 kB Progress (3): 14 kB | 25 kB | 20/122 kB Progress (3): 14 kB | 25 kB | 24/122 kB Progress (3): 14 kB | 25 kB | 28/122 kB Progress (3): 14 kB | 25 kB | 32/122 kB Progress (3): 14 kB | 25 kB | 36/122 kB Progress (3): 14 kB | 25 kB | 41/122 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-error-diagnostics/2.0.9/maven-error-diagnostics-2.0.9.jar (14 kB at 121 kB/s) Progress (2): 25 kB | 45/122 kB Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar Progress (2): 25 kB | 49/122 kB Progress (2): 25 kB | 53/122 kB Progress (2): 25 kB | 57/122 kB Progress (2): 25 kB | 61/122 kB Progress (2): 25 kB | 65/122 kB Progress (2): 25 kB | 69/122 kB Progress (2): 25 kB | 73/122 kB Progress (2): 25 kB | 77/122 kB Progress (2): 25 kB | 81/122 kB Progress (2): 25 kB | 86/122 kB Progress (2): 25 kB | 90/122 kB Progress (2): 25 kB | 94/122 kB Progress (2): 25 kB | 98/122 kB Progress (2): 25 kB | 102/122 kB Progress (2): 25 kB | 106/122 kB Progress (2): 25 kB | 110/122 kB Progress (2): 25 kB | 114/122 kB Progress (2): 25 kB | 118/122 kB Progress (2): 25 kB | 122 kB Progress (3): 25 kB | 122 kB | 4.1/29 kB Progress (3): 25 kB | 122 kB | 7.7/29 kB Progress (3): 25 kB | 122 kB | 12/29 kB Progress (3): 25 kB | 122 kB | 16/29 kB Progress (3): 25 kB | 122 kB | 20/29 kB Progress (3): 25 kB | 122 kB | 24/29 kB Progress (3): 25 kB | 122 kB | 28/29 kB Progress (3): 25 kB | 122 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/2.0.9/maven-repository-metadata-2.0.9.jar (25 kB at 186 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-project/2.0.9/maven-project-2.0.9.jar (122 kB at 909 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar Progress (2): 29 kB | 4.1/37 kB Progress (2): 29 kB | 7.7/37 kB Progress (2): 29 kB | 12/37 kB Progress (2): 29 kB | 16/37 kB Progress (2): 29 kB | 20/37 kB Progress (2): 29 kB | 24/37 kB Progress (2): 29 kB | 28/37 kB Progress (2): 29 kB | 32/37 kB Progress (2): 29 kB | 36/37 kB Progress (2): 29 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-registry/2.0.9/maven-plugin-registry-2.0.9.jar (29 kB at 209 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar Progress (2): 37 kB | 4.1/58 kB Progress (2): 37 kB | 7.7/58 kB Progress (2): 37 kB | 12/58 kB Progress (2): 37 kB | 16/58 kB Progress (2): 37 kB | 20/58 kB Progress (2): 37 kB | 24/58 kB Progress (2): 37 kB | 28/58 kB Progress (2): 37 kB | 32/58 kB Progress (2): 37 kB | 36/58 kB Progress (2): 37 kB | 41/58 kB Progress (2): 37 kB | 45/58 kB Progress (2): 37 kB | 49/58 kB Progress (2): 37 kB | 53/58 kB Progress (2): 37 kB | 57/58 kB Progress (2): 37 kB | 58 kB Progress (3): 37 kB | 58 kB | 4.1/33 kB Progress (3): 37 kB | 58 kB | 7.7/33 kB Progress (3): 37 kB | 58 kB | 12/33 kB Progress (3): 37 kB | 58 kB | 16/33 kB Progress (3): 37 kB | 58 kB | 20/33 kB Progress (3): 37 kB | 58 kB | 24/33 kB Progress (3): 37 kB | 58 kB | 28/33 kB Progress (3): 37 kB | 58 kB | 32/33 kB Progress (3): 37 kB | 58 kB | 33 kB Progress (4): 37 kB | 58 kB | 33 kB | 4.1/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 7.7/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 12/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 16/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 20/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 24/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 28/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 32/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 36/155 kB Progress (4): 37 kB | 58 kB | 33 kB | 41/155 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-descriptor/2.0.9/maven-plugin-descriptor-2.0.9.jar (37 kB at 236 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar Progress (3): 58 kB | 33 kB | 45/155 kB Progress (3): 58 kB | 33 kB | 49/155 kB Progress (3): 58 kB | 33 kB | 53/155 kB Progress (3): 58 kB | 33 kB | 57/155 kB Progress (3): 58 kB | 33 kB | 61/155 kB Progress (3): 58 kB | 33 kB | 65/155 kB Progress (3): 58 kB | 33 kB | 69/155 kB Progress (3): 58 kB | 33 kB | 73/155 kB Progress (3): 58 kB | 33 kB | 77/155 kB Progress (3): 58 kB | 33 kB | 81/155 kB Progress (3): 58 kB | 33 kB | 86/155 kB Progress (4): 58 kB | 33 kB | 86/155 kB | 4.1/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 4.1/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 7.7/10 kB Progress (4): 58 kB | 33 kB | 90/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 94/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 98/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 102/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 106/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 110/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 114/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 118/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 122/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 127/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 131/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 135/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 139/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 143/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 147/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 151/155 kB | 10 kB Progress (4): 58 kB | 33 kB | 155 kB | 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact-manager/2.0.9/maven-artifact-manager-2.0.9.jar (58 kB at 338 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/1.0/maven-toolchain-1.0.jar (33 kB at 188 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/0.1/maven-shared-utils-0.1.jar (155 kB at 844 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar Progress (2): 10 kB | 4.1/32 kB Progress (2): 10 kB | 7.7/32 kB Progress (2): 10 kB | 12/32 kB Progress (2): 10 kB | 16/32 kB Progress (2): 10 kB | 20/32 kB Progress (2): 10 kB | 24/32 kB Progress (2): 10 kB | 28/32 kB Progress (2): 10 kB | 32 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-monitor/2.0.9/maven-monitor-2.0.9.jar (10 kB at 56 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar Progress (2): 32 kB | 4.1/4.2 kB Progress (2): 32 kB | 4.2 kB Progress (3): 32 kB | 4.2 kB | 4.1/14 kB Progress (3): 32 kB | 4.2 kB | 7.7/14 kB Progress (3): 32 kB | 4.2 kB | 12/14 kB Progress (3): 32 kB | 4.2 kB | 14 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 4.1/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 7.7/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 12/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 16/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 20/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 24/25 kB Progress (4): 32 kB | 4.2 kB | 14 kB | 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/2.0.1/jsr305-2.0.1.jar (32 kB at 155 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar Progress (4): 4.2 kB | 14 kB | 25 kB | 4.1/4.6 kB Progress (4): 4.2 kB | 14 kB | 25 kB | 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar (4.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar Progress (4): 14 kB | 25 kB | 4.6 kB | 4.1/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 8.2/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 12/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 16/19 kB Progress (4): 14 kB | 25 kB | 4.6 kB | 19 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-incremental/1.1/maven-shared-incremental-1.1.jar (14 kB at 60 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-api/2.2/plexus-compiler-api-2.2.jar (25 kB at 110 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar Progress (3): 4.6 kB | 19 kB | 4.1/217 kB Progress (3): 4.6 kB | 19 kB | 7.7/217 kB Progress (3): 4.6 kB | 19 kB | 12/217 kB Progress (3): 4.6 kB | 19 kB | 16/217 kB Progress (3): 4.6 kB | 19 kB | 20/217 kB Progress (3): 4.6 kB | 19 kB | 24/217 kB Progress (3): 4.6 kB | 19 kB | 28/217 kB Progress (3): 4.6 kB | 19 kB | 32/217 kB Progress (3): 4.6 kB | 19 kB | 36/217 kB Progress (3): 4.6 kB | 19 kB | 41/217 kB Progress (3): 4.6 kB | 19 kB | 45/217 kB Progress (3): 4.6 kB | 19 kB | 49/217 kB Progress (3): 4.6 kB | 19 kB | 53/217 kB Progress (3): 4.6 kB | 19 kB | 57/217 kB Progress (3): 4.6 kB | 19 kB | 61/217 kB Progress (3): 4.6 kB | 19 kB | 65/217 kB Progress (3): 4.6 kB | 19 kB | 69/217 kB Progress (3): 4.6 kB | 19 kB | 73/217 kB Progress (3): 4.6 kB | 19 kB | 77/217 kB Progress (3): 4.6 kB | 19 kB | 81/217 kB Progress (3): 4.6 kB | 19 kB | 86/217 kB Progress (3): 4.6 kB | 19 kB | 90/217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-manager/2.2/plexus-compiler-manager-2.2.jar (4.6 kB at 20 kB/s) Progress (2): 19 kB | 94/217 kB Downloading from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar Progress (2): 19 kB | 98/217 kB Progress (2): 19 kB | 102/217 kB Progress (2): 19 kB | 106/217 kB Progress (2): 19 kB | 110/217 kB Progress (2): 19 kB | 114/217 kB Progress (2): 19 kB | 118/217 kB Progress (2): 19 kB | 122/217 kB Progress (2): 19 kB | 127/217 kB Progress (2): 19 kB | 131/217 kB Progress (2): 19 kB | 135/217 kB Progress (2): 19 kB | 139/217 kB Progress (2): 19 kB | 143/217 kB Progress (2): 19 kB | 147/217 kB Progress (2): 19 kB | 151/217 kB Progress (2): 19 kB | 155/217 kB Progress (2): 19 kB | 159/217 kB Progress (2): 19 kB | 163/217 kB Progress (2): 19 kB | 167/217 kB Progress (2): 19 kB | 172/217 kB Progress (2): 19 kB | 176/217 kB Progress (2): 19 kB | 180/217 kB Progress (2): 19 kB | 184/217 kB Progress (2): 19 kB | 188/217 kB Progress (2): 19 kB | 192/217 kB Progress (2): 19 kB | 196/217 kB Progress (2): 19 kB | 200/217 kB Progress (2): 19 kB | 204/217 kB Progress (2): 19 kB | 208/217 kB Progress (2): 19 kB | 213/217 kB Progress (2): 19 kB | 217/217 kB Progress (2): 19 kB | 217 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-compiler-javac/2.2/plexus-compiler-javac-2.2.jar (19 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar Progress (2): 217 kB | 4.1/46 kB Progress (2): 217 kB | 7.7/46 kB Progress (2): 217 kB | 12/46 kB Progress (2): 217 kB | 16/46 kB Progress (2): 217 kB | 20/46 kB Progress (2): 217 kB | 24/46 kB Progress (2): 217 kB | 28/46 kB Progress (2): 217 kB | 32/46 kB Progress (2): 217 kB | 36/46 kB Progress (2): 217 kB | 41/46 kB Progress (2): 217 kB | 45/46 kB Progress (2): 217 kB | 46 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.5.5/plexus-container-default-1.5.5.jar (217 kB at 860 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar Progress (2): 46 kB | 4.1/134 kB Progress (2): 46 kB | 7.7/134 kB Progress (2): 46 kB | 12/134 kB Progress (2): 46 kB | 16/134 kB Progress (2): 46 kB | 20/134 kB Progress (2): 46 kB | 24/134 kB Progress (2): 46 kB | 28/134 kB Progress (2): 46 kB | 32/134 kB Progress (2): 46 kB | 36/134 kB Progress (2): 46 kB | 40/134 kB Progress (2): 46 kB | 44/134 kB Progress (2): 46 kB | 48/134 kB Progress (2): 46 kB | 53/134 kB Progress (2): 46 kB | 57/134 kB Progress (2): 46 kB | 61/134 kB Progress (2): 46 kB | 65/134 kB Progress (2): 46 kB | 69/134 kB Progress (2): 46 kB | 73/134 kB Progress (2): 46 kB | 77/134 kB Progress (2): 46 kB | 81/134 kB Progress (2): 46 kB | 85/134 kB Progress (2): 46 kB | 89/134 kB Progress (2): 46 kB | 93/134 kB Progress (2): 46 kB | 98/134 kB Progress (2): 46 kB | 102/134 kB Progress (2): 46 kB | 106/134 kB Progress (2): 46 kB | 110/134 kB Progress (2): 46 kB | 114/134 kB Progress (2): 46 kB | 118/134 kB Progress (2): 46 kB | 122/134 kB Progress (2): 46 kB | 126/134 kB Progress (2): 46 kB | 130/134 kB Progress (2): 46 kB | 134 kB Progress (3): 46 kB | 134 kB | 4.1/358 kB Progress (3): 46 kB | 134 kB | 7.7/358 kB Progress (3): 46 kB | 134 kB | 12/358 kB Progress (3): 46 kB | 134 kB | 16/358 kB Progress (3): 46 kB | 134 kB | 20/358 kB Progress (3): 46 kB | 134 kB | 24/358 kB Progress (3): 46 kB | 134 kB | 28/358 kB Progress (3): 46 kB | 134 kB | 32/358 kB Progress (3): 46 kB | 134 kB | 36/358 kB Progress (3): 46 kB | 134 kB | 41/358 kB Progress (4): 46 kB | 134 kB | 41/358 kB | 4.1/45 kB Progress (4): 46 kB | 134 kB | 41/358 kB | 7.7/45 kB Progress (4): 46 kB | 134 kB | 45/358 kB | 7.7/45 kB Progress (4): 46 kB | 134 kB | 45/358 kB | 12/45 kB Progress (4): 46 kB | 134 kB | 49/358 kB | 12/45 kB Progress (4): 46 kB | 134 kB | 49/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 53/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 16/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 20/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 24/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 28/45 kB Progress (4): 46 kB | 134 kB | 57/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 61/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 65/358 kB | 32/45 kB Progress (4): 46 kB | 134 kB | 65/358 kB | 36/45 kB Progress (4): 46 kB | 134 kB | 69/358 kB | 36/45 kB Progress (4): 46 kB | 134 kB | 69/358 kB | 41/45 kB Progress (4): 46 kB | 134 kB | 73/358 kB | 41/45 kB Progress (4): 46 kB | 134 kB | 73/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 77/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 81/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 86/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 90/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 94/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 98/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 102/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 106/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 110/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 114/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 118/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 122/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 127/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 131/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 135/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 139/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 143/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 147/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 151/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 155/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 159/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 163/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 167/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 172/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 176/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 180/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 184/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 188/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 192/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 196/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 200/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 204/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 208/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 213/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 217/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 221/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 225/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 229/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 233/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 237/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 241/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 245/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 249/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 254/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 258/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 262/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 266/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 270/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 274/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 278/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 282/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 286/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 290/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 294/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 299/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 303/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 307/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 311/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 315/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 319/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 323/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 327/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 331/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 335/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 340/358 kB | 45 kB Progress (4): 46 kB | 134 kB | 344/358 kB | 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.2/plexus-classworlds-2.2.2.jar (46 kB at 169 kB/s) Progress (3): 134 kB | 348/358 kB | 45 kB Downloading from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar Progress (3): 134 kB | 352/358 kB | 45 kB Progress (3): 134 kB | 356/358 kB | 45 kB Progress (3): 134 kB | 358 kB | 45 kB Progress (4): 134 kB | 358 kB | 45 kB | 4.1/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 7.7/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 12/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 16/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 20/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 24/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 28/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 32/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 36/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 41/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 45/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 49/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 53/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 57/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 61/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 65/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 69/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 73/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 77/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 81/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 86/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 90/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 94/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 98/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 102/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 106/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 110/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 114/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 118/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 122/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 127/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 131/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 135/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 139/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 143/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 147/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 151/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 155/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 159/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 163/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 167/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 172/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 176/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 180/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 184/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 188/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 192/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 196/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 200/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 204/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 208/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 213/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 217/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 221/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 225/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 229/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 233/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 237/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 241/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 245/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 249/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 254/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 258/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 262/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 266/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 270/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 274/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 278/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 282/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 286/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 290/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 294/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 299/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 303/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 307/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 311/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 315/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 319/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 323/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 327/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 331/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 335/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 340/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 344/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 348/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 352/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 356/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 360/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 364/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 368/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 372/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 376/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 380/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 385/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 389/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 393/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 397/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 401/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 405/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 409/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 413/640 kB Progress (4): 134 kB | 358 kB | 45 kB | 417/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/xbean/xbean-reflect/3.4/xbean-reflect-3.4.jar (134 kB at 473 kB/s) Progress (3): 358 kB | 45 kB | 421/640 kB Progress (3): 358 kB | 45 kB | 426/640 kB Progress (3): 358 kB | 45 kB | 430/640 kB Progress (3): 358 kB | 45 kB | 434/640 kB Progress (3): 358 kB | 45 kB | 438/640 kB Progress (3): 358 kB | 45 kB | 442/640 kB Progress (3): 358 kB | 45 kB | 446/640 kB Progress (3): 358 kB | 45 kB | 450/640 kB Progress (3): 358 kB | 45 kB | 454/640 kB Progress (3): 358 kB | 45 kB | 458/640 kB Progress (3): 358 kB | 45 kB | 462/640 kB Progress (3): 358 kB | 45 kB | 466/640 kB Progress (3): 358 kB | 45 kB | 471/640 kB Progress (3): 358 kB | 45 kB | 475/640 kB Progress (3): 358 kB | 45 kB | 479/640 kB Progress (3): 358 kB | 45 kB | 481/640 kB Progress (3): 358 kB | 45 kB | 486/640 kB Progress (3): 358 kB | 45 kB | 490/640 kB Progress (3): 358 kB | 45 kB | 494/640 kB Progress (3): 358 kB | 45 kB | 498/640 kB Progress (3): 358 kB | 45 kB | 502/640 kB Progress (3): 358 kB | 45 kB | 506/640 kB Progress (3): 358 kB | 45 kB | 510/640 kB Progress (3): 358 kB | 45 kB | 514/640 kB Progress (3): 358 kB | 45 kB | 518/640 kB Progress (3): 358 kB | 45 kB | 522/640 kB Progress (3): 358 kB | 45 kB | 526/640 kB Progress (3): 358 kB | 45 kB | 531/640 kB Progress (3): 358 kB | 45 kB | 535/640 kB Progress (3): 358 kB | 45 kB | 539/640 kB Progress (3): 358 kB | 45 kB | 543/640 kB Progress (3): 358 kB | 45 kB | 547/640 kB Progress (3): 358 kB | 45 kB | 551/640 kB Progress (3): 358 kB | 45 kB | 555/640 kB Progress (3): 358 kB | 45 kB | 559/640 kB Progress (3): 358 kB | 45 kB | 563/640 kB Progress (3): 358 kB | 45 kB | 567/640 kB Progress (3): 358 kB | 45 kB | 572/640 kB Progress (3): 358 kB | 45 kB | 576/640 kB Progress (3): 358 kB | 45 kB | 580/640 kB Progress (3): 358 kB | 45 kB | 584/640 kB Progress (3): 358 kB | 45 kB | 588/640 kB Progress (3): 358 kB | 45 kB | 592/640 kB Progress (3): 358 kB | 45 kB | 596/640 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-logging/commons-logging-api/1.1/commons-logging-api-1.1.jar (45 kB at 156 kB/s) Progress (2): 358 kB | 600/640 kB Progress (2): 358 kB | 604/640 kB Progress (2): 358 kB | 608/640 kB Progress (2): 358 kB | 612/640 kB Progress (2): 358 kB | 617/640 kB Progress (2): 358 kB | 621/640 kB Progress (2): 358 kB | 625/640 kB Progress (2): 358 kB | 629/640 kB Progress (2): 358 kB | 633/640 kB Progress (2): 358 kB | 637/640 kB Progress (2): 358 kB | 640 kB Downloaded from central: https://repo.maven.apache.org/maven2/log4j/log4j/1.2.12/log4j-1.2.12.jar (358 kB at 1.2 MB/s) Progress (2): 640 kB | 4.1/121 kB Progress (2): 640 kB | 7.7/121 kB Progress (2): 640 kB | 12/121 kB Progress (2): 640 kB | 16/121 kB Progress (2): 640 kB | 20/121 kB Progress (2): 640 kB | 24/121 kB Progress (2): 640 kB | 28/121 kB Progress (2): 640 kB | 32/121 kB Progress (2): 640 kB | 36/121 kB Progress (2): 640 kB | 40/121 kB Progress (2): 640 kB | 44/121 kB Progress (2): 640 kB | 48/121 kB Progress (2): 640 kB | 53/121 kB Progress (2): 640 kB | 57/121 kB Progress (2): 640 kB | 61/121 kB Progress (2): 640 kB | 65/121 kB Progress (2): 640 kB | 69/121 kB Progress (2): 640 kB | 73/121 kB Progress (2): 640 kB | 77/121 kB Progress (2): 640 kB | 81/121 kB Progress (2): 640 kB | 85/121 kB Progress (2): 640 kB | 89/121 kB Progress (2): 640 kB | 94/121 kB Progress (2): 640 kB | 98/121 kB Progress (2): 640 kB | 102/121 kB Progress (2): 640 kB | 106/121 kB Progress (2): 640 kB | 110/121 kB Progress (2): 640 kB | 114/121 kB Progress (2): 640 kB | 118/121 kB Progress (2): 640 kB | 121 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/collections/google-collections/1.0/google-collections-1.0.jar (640 kB at 2.0 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/junit/junit/3.8.2/junit-3.8.2.jar (121 kB at 371 kB/s) [INFO] Changes detected - recompiling the module! [WARNING] File encoding has not been set, using platform encoding UTF-8, i.e. build is platform dependent! [INFO] Compiling 1 source file to /work/target/classes [INFO] [INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ simple-java-project --- [WARNING] Using platform encoding (UTF-8 actually) to copy filtered resources, i.e. build is platform dependent! [INFO] skip non existing resourceDirectory /work/src/test/resources [INFO] [INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ simple-java-project --- [INFO] No sources to compile [INFO] [INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom Progress (1): 3.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.pom (3.0 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.pom (2.5 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.pom (5.5 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom Progress (1): 1.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.pom (1.6 kB at 30 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-tools/3.1/maven-plugin-tools-3.1.pom (16 kB at 311 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom Progress (1): 1.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.pom (1.8 kB at 37 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom Progress (1): 1.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting/2.0.9/maven-reporting-2.0.9.pom (1.5 kB at 33 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom Progress (1): 3.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.pom (3.5 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.pom (17 kB at 315 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 42 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/22/commons-parent-22.pom (42 kB at 699 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/9/apache-9.pom (15 kB at 337 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.pom (3.7 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 9.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/12/maven-shared-components-12.pom (9.3 kB at 173 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/13/maven-parent-13.pom (23 kB at 453 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/6/apache-6.pom (13 kB at 221 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-container-default/1.0-alpha-9/plexus-container-default-1.0-alpha-9.pom (1.2 kB at 20 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar Progress (1): 4.1/263 kB Progress (1): 7.7/263 kB Progress (1): 12/263 kB Progress (1): 16/263 kB Progress (1): 20/263 kB Progress (1): 24/263 kB Progress (1): 28/263 kB Progress (1): 32/263 kB Progress (1): 36/263 kB Progress (1): 41/263 kB Progress (1): 45/263 kB Progress (1): 49/263 kB Progress (1): 53/263 kB Progress (1): 57/263 kB Progress (1): 61/263 kB Progress (1): 65/263 kB Progress (1): 69/263 kB Progress (1): 73/263 kB Progress (1): 77/263 kB Progress (1): 81/263 kB Progress (1): 86/263 kB Progress (1): 90/263 kB Progress (1): 94/263 kB Progress (1): 98/263 kB Progress (1): 102/263 kB Progress (1): 106/263 kB Progress (1): 110/263 kB Progress (1): 114/263 kB Progress (1): 118/263 kB Progress (1): 122/263 kB Progress (1): 127/263 kB Progress (1): 131/263 kB Progress (1): 135/263 kB Progress (1): 139/263 kB Progress (1): 143/263 kB Progress (1): 147/263 kB Progress (1): 151/263 kB Progress (1): 155/263 kB Progress (2): 155/263 kB | 4.1/316 kB Progress (2): 159/263 kB | 4.1/316 kB Progress (2): 163/263 kB | 4.1/316 kB Progress (2): 163/263 kB | 7.7/316 kB Progress (2): 167/263 kB | 7.7/316 kB Progress (2): 167/263 kB | 12/316 kB Progress (2): 172/263 kB | 12/316 kB Progress (2): 176/263 kB | 12/316 kB Progress (2): 176/263 kB | 16/316 kB Progress (2): 180/263 kB | 16/316 kB Progress (2): 180/263 kB | 20/316 kB Progress (2): 184/263 kB | 20/316 kB Progress (2): 184/263 kB | 24/316 kB Progress (2): 188/263 kB | 24/316 kB Progress (2): 188/263 kB | 28/316 kB Progress (2): 192/263 kB | 28/316 kB Progress (2): 196/263 kB | 28/316 kB Progress (2): 200/263 kB | 28/316 kB Progress (2): 204/263 kB | 28/316 kB Progress (2): 204/263 kB | 32/316 kB Progress (2): 208/263 kB | 32/316 kB Progress (2): 208/263 kB | 36/316 kB Progress (2): 213/263 kB | 36/316 kB Progress (2): 213/263 kB | 40/316 kB Progress (2): 213/263 kB | 44/316 kB Progress (2): 217/263 kB | 44/316 kB Progress (2): 217/263 kB | 48/316 kB Progress (2): 221/263 kB | 48/316 kB Progress (2): 221/263 kB | 53/316 kB Progress (2): 225/263 kB | 53/316 kB Progress (2): 225/263 kB | 57/316 kB Progress (2): 229/263 kB | 57/316 kB Progress (2): 229/263 kB | 61/316 kB Progress (2): 233/263 kB | 61/316 kB Progress (2): 237/263 kB | 61/316 kB Progress (2): 241/263 kB | 61/316 kB Progress (2): 245/263 kB | 61/316 kB Progress (2): 249/263 kB | 61/316 kB Progress (2): 254/263 kB | 61/316 kB Progress (2): 258/263 kB | 61/316 kB Progress (2): 262/263 kB | 61/316 kB Progress (2): 263 kB | 61/316 kB Progress (2): 263 kB | 65/316 kB Progress (2): 263 kB | 69/316 kB Progress (2): 263 kB | 73/316 kB Progress (2): 263 kB | 77/316 kB Progress (2): 263 kB | 81/316 kB Progress (2): 263 kB | 85/316 kB Progress (2): 263 kB | 89/316 kB Progress (2): 263 kB | 94/316 kB Progress (2): 263 kB | 98/316 kB Progress (2): 263 kB | 102/316 kB Progress (2): 263 kB | 106/316 kB Progress (2): 263 kB | 110/316 kB Progress (2): 263 kB | 114/316 kB Progress (2): 263 kB | 118/316 kB Progress (2): 263 kB | 122/316 kB Progress (2): 263 kB | 126/316 kB Progress (2): 263 kB | 130/316 kB Progress (2): 263 kB | 134/316 kB Progress (2): 263 kB | 139/316 kB Progress (2): 263 kB | 143/316 kB Progress (3): 263 kB | 143/316 kB | 4.1/35 kB Progress (3): 263 kB | 143/316 kB | 7.7/35 kB Progress (3): 263 kB | 143/316 kB | 12/35 kB Progress (3): 263 kB | 143/316 kB | 16/35 kB Progress (3): 263 kB | 143/316 kB | 20/35 kB Progress (3): 263 kB | 143/316 kB | 24/35 kB Progress (3): 263 kB | 143/316 kB | 28/35 kB Progress (3): 263 kB | 143/316 kB | 32/35 kB Progress (3): 263 kB | 143/316 kB | 35 kB Progress (3): 263 kB | 147/316 kB | 35 kB Progress (3): 263 kB | 151/316 kB | 35 kB Progress (3): 263 kB | 155/316 kB | 35 kB Progress (3): 263 kB | 159/316 kB | 35 kB Progress (3): 263 kB | 163/316 kB | 35 kB Progress (3): 263 kB | 167/316 kB | 35 kB Progress (3): 263 kB | 171/316 kB | 35 kB Progress (3): 263 kB | 175/316 kB | 35 kB Progress (3): 263 kB | 180/316 kB | 35 kB Progress (3): 263 kB | 184/316 kB | 35 kB Progress (3): 263 kB | 188/316 kB | 35 kB Progress (3): 263 kB | 192/316 kB | 35 kB Progress (3): 263 kB | 196/316 kB | 35 kB Progress (3): 263 kB | 200/316 kB | 35 kB Progress (3): 263 kB | 204/316 kB | 35 kB Progress (3): 263 kB | 208/316 kB | 35 kB Progress (3): 263 kB | 212/316 kB | 35 kB Progress (3): 263 kB | 216/316 kB | 35 kB Progress (3): 263 kB | 220/316 kB | 35 kB Progress (3): 263 kB | 225/316 kB | 35 kB Progress (3): 263 kB | 229/316 kB | 35 kB Progress (3): 263 kB | 233/316 kB | 35 kB Progress (3): 263 kB | 237/316 kB | 35 kB Progress (3): 263 kB | 241/316 kB | 35 kB Progress (3): 263 kB | 245/316 kB | 35 kB Progress (3): 263 kB | 249/316 kB | 35 kB Progress (3): 263 kB | 253/316 kB | 35 kB Progress (3): 263 kB | 257/316 kB | 35 kB Progress (3): 263 kB | 261/316 kB | 35 kB Progress (3): 263 kB | 266/316 kB | 35 kB Progress (3): 263 kB | 270/316 kB | 35 kB Progress (3): 263 kB | 274/316 kB | 35 kB Progress (3): 263 kB | 278/316 kB | 35 kB Progress (3): 263 kB | 282/316 kB | 35 kB Progress (3): 263 kB | 286/316 kB | 35 kB Progress (3): 263 kB | 290/316 kB | 35 kB Progress (3): 263 kB | 294/316 kB | 35 kB Progress (3): 263 kB | 298/316 kB | 35 kB Progress (3): 263 kB | 302/316 kB | 35 kB Progress (3): 263 kB | 307/316 kB | 35 kB Progress (3): 263 kB | 311/316 kB | 35 kB Progress (3): 263 kB | 315/316 kB | 35 kB Progress (3): 263 kB | 316 kB | 35 kB Progress (4): 263 kB | 316 kB | 35 kB | 4.1/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 7.7/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 12/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 16/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 20/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 24/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 28/31 kB Progress (4): 263 kB | 316 kB | 35 kB | 31 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 4.1/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 7.7/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 12/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 16/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 20/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 24/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 28/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 32/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 36/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 41/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 45/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 49/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 53/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 57/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 61/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 65/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 69/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 73/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 77/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 81/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 86/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 90/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 94/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 98/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 102/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 106/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 110/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 114/118 kB Progress (5): 263 kB | 316 kB | 35 kB | 31 kB | 118 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/maven-surefire-common/2.12.4/maven-surefire-common-2.12.4.jar (263 kB at 6.7 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar (316 kB at 7.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-booter/2.12.4/surefire-booter-2.12.4.jar (35 kB at 680 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/1.3/maven-common-artifact-filters-1.3.jar (31 kB at 526 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar Progress (2): 118 kB | 4.1/232 kB Progress (2): 118 kB | 7.7/232 kB Progress (2): 118 kB | 12/232 kB Progress (2): 118 kB | 16/232 kB Progress (2): 118 kB | 20/232 kB Progress (2): 118 kB | 24/232 kB Progress (2): 118 kB | 28/232 kB Progress (2): 118 kB | 32/232 kB Progress (2): 118 kB | 36/232 kB Progress (2): 118 kB | 41/232 kB Progress (2): 118 kB | 45/232 kB Progress (2): 118 kB | 49/232 kB Progress (2): 118 kB | 53/232 kB Progress (2): 118 kB | 57/232 kB Progress (2): 118 kB | 61/232 kB Progress (2): 118 kB | 65/232 kB Progress (2): 118 kB | 69/232 kB Progress (2): 118 kB | 73/232 kB Progress (2): 118 kB | 77/232 kB Progress (2): 118 kB | 81/232 kB Progress (2): 118 kB | 86/232 kB Progress (2): 118 kB | 90/232 kB Progress (2): 118 kB | 94/232 kB Progress (2): 118 kB | 98/232 kB Progress (2): 118 kB | 102/232 kB Progress (2): 118 kB | 106/232 kB Progress (2): 118 kB | 110/232 kB Progress (2): 118 kB | 114/232 kB Progress (2): 118 kB | 118/232 kB Progress (2): 118 kB | 122/232 kB Progress (2): 118 kB | 127/232 kB Progress (2): 118 kB | 131/232 kB Progress (2): 118 kB | 135/232 kB Progress (2): 118 kB | 139/232 kB Progress (2): 118 kB | 143/232 kB Progress (2): 118 kB | 147/232 kB Progress (2): 118 kB | 151/232 kB Progress (2): 118 kB | 155/232 kB Progress (2): 118 kB | 159/232 kB Progress (2): 118 kB | 163/232 kB Progress (2): 118 kB | 167/232 kB Progress (2): 118 kB | 172/232 kB Progress (2): 118 kB | 176/232 kB Progress (2): 118 kB | 180/232 kB Progress (2): 118 kB | 184/232 kB Progress (2): 118 kB | 188/232 kB Progress (2): 118 kB | 192/232 kB Progress (2): 118 kB | 196/232 kB Progress (2): 118 kB | 200/232 kB Progress (2): 118 kB | 204/232 kB Progress (2): 118 kB | 208/232 kB Progress (2): 118 kB | 213/232 kB Progress (2): 118 kB | 217/232 kB Progress (2): 118 kB | 221/232 kB Progress (2): 118 kB | 225/232 kB Progress (2): 118 kB | 229/232 kB Progress (2): 118 kB | 232 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/surefire/surefire-api/2.12.4/surefire-api-2.12.4.jar (118 kB at 1.8 MB/s) Progress (2): 232 kB | 4.1/10 kB Progress (2): 232 kB | 7.7/10 kB Progress (2): 232 kB | 10 kB Progress (3): 232 kB | 10 kB | 4.1/38 kB Progress (3): 232 kB | 10 kB | 7.7/38 kB Progress (3): 232 kB | 10 kB | 12/38 kB Progress (3): 232 kB | 10 kB | 16/38 kB Progress (3): 232 kB | 10 kB | 20/38 kB Progress (3): 232 kB | 10 kB | 24/38 kB Progress (3): 232 kB | 10 kB | 28/38 kB Progress (3): 232 kB | 10 kB | 32/38 kB Progress (3): 232 kB | 10 kB | 36/38 kB Progress (3): 232 kB | 10 kB | 38 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.0.8/plexus-utils-3.0.8.jar (232 kB at 2.9 MB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/reporting/maven-reporting-api/2.0.9/maven-reporting-api-2.0.9.jar (10 kB at 110 kB/s) Progress (2): 38 kB | 4.1/14 kB Progress (2): 38 kB | 7.7/14 kB Progress (2): 38 kB | 12/14 kB Progress (2): 38 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-toolchain/2.0.9/maven-toolchain-2.0.9.jar (38 kB at 358 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugin-tools/maven-plugin-annotations/3.1/maven-plugin-annotations-3.1.jar (14 kB at 115 kB/s) [INFO] Tests are skipped. [INFO] [INFO] --- maven-jar-plugin:3.3.0:jar (default-jar) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom Progress (1): 4.1 kB Progress (1): 4.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.pom (4.5 kB at 88 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom Progress (1): 4.1 kB Progress (1): 4.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/36/maven-shared-components-36.pom (4.9 kB at 94 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 45 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/36/maven-parent-36.pom (45 kB at 874 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 21 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/26/apache-26.pom (21 kB at 446 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.pom (2.7 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.36/slf4j-parent-1.7.36.pom (14 kB at 235 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom Progress (1): 4.1 kB Progress (1): 5.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.pom (5.2 kB at 104 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 23 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom (23 kB at 479 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.pom (20 kB at 379 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 70 kB Progress (1): 74 kB Progress (1): 78 kB Progress (1): 79 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/52/commons-parent-52.pom (79 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/junit/junit-bom/5.7.2/junit-bom-5.7.2.pom (5.1 kB at 84 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.pom (3.9 kB at 85 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom Progress (1): 4.1 kB Progress (1): 6.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.pom (6.0 kB at 128 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/10/plexus-10.pom (25 kB at 529 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom Progress (1): 612 B Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.pom (612 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom Progress (1): 4.1 kB Progress (1): 6.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.pom (6.3 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.pom (20 kB at 365 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.pom (15 kB at 309 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.pom (2.0 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.pom (2.7 kB at 65 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 8.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.pom (8.2 kB at 183 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 25 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/8/plexus-8.pom (25 kB at 592 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar Progress (1): 4.1/79 kB Progress (1): 7.7/79 kB Progress (1): 12/79 kB Progress (1): 16/79 kB Progress (1): 20/79 kB Progress (1): 24/79 kB Progress (1): 28/79 kB Progress (1): 32/79 kB Progress (1): 36/79 kB Progress (1): 41/79 kB Progress (1): 45/79 kB Progress (1): 49/79 kB Progress (1): 53/79 kB Progress (1): 57/79 kB Progress (1): 61/79 kB Progress (1): 65/79 kB Progress (1): 69/79 kB Progress (1): 73/79 kB Progress (1): 77/79 kB Progress (1): 79 kB Progress (2): 79 kB | 4.1/327 kB Progress (2): 79 kB | 7.7/327 kB Progress (2): 79 kB | 12/327 kB Progress (2): 79 kB | 16/327 kB Progress (3): 79 kB | 16/327 kB | 4.1/36 kB Progress (3): 79 kB | 20/327 kB | 4.1/36 kB Progress (3): 79 kB | 24/327 kB | 4.1/36 kB Progress (3): 79 kB | 24/327 kB | 7.7/36 kB Progress (3): 79 kB | 28/327 kB | 7.7/36 kB Progress (3): 79 kB | 28/327 kB | 12/36 kB Progress (3): 79 kB | 32/327 kB | 12/36 kB Progress (3): 79 kB | 32/327 kB | 16/36 kB Progress (3): 79 kB | 36/327 kB | 16/36 kB Progress (3): 79 kB | 41/327 kB | 16/36 kB Progress (3): 79 kB | 41/327 kB | 20/36 kB Progress (3): 79 kB | 45/327 kB | 20/36 kB Progress (3): 79 kB | 45/327 kB | 24/36 kB Progress (3): 79 kB | 49/327 kB | 24/36 kB Progress (3): 79 kB | 49/327 kB | 28/36 kB Progress (3): 79 kB | 49/327 kB | 32/36 kB Progress (3): 79 kB | 49/327 kB | 36 kB Progress (3): 79 kB | 53/327 kB | 36 kB Progress (3): 79 kB | 57/327 kB | 36 kB Progress (3): 79 kB | 61/327 kB | 36 kB Progress (3): 79 kB | 65/327 kB | 36 kB Progress (3): 79 kB | 69/327 kB | 36 kB Progress (3): 79 kB | 73/327 kB | 36 kB Progress (3): 79 kB | 77/327 kB | 36 kB Progress (3): 79 kB | 81/327 kB | 36 kB Progress (3): 79 kB | 86/327 kB | 36 kB Progress (3): 79 kB | 90/327 kB | 36 kB Progress (3): 79 kB | 94/327 kB | 36 kB Progress (3): 79 kB | 98/327 kB | 36 kB Progress (3): 79 kB | 102/327 kB | 36 kB Progress (3): 79 kB | 106/327 kB | 36 kB Progress (3): 79 kB | 110/327 kB | 36 kB Progress (3): 79 kB | 114/327 kB | 36 kB Progress (3): 79 kB | 118/327 kB | 36 kB Progress (3): 79 kB | 122/327 kB | 36 kB Progress (3): 79 kB | 127/327 kB | 36 kB Progress (3): 79 kB | 131/327 kB | 36 kB Progress (3): 79 kB | 135/327 kB | 36 kB Progress (3): 79 kB | 139/327 kB | 36 kB Progress (3): 79 kB | 143/327 kB | 36 kB Progress (3): 79 kB | 147/327 kB | 36 kB Progress (3): 79 kB | 151/327 kB | 36 kB Progress (3): 79 kB | 155/327 kB | 36 kB Progress (3): 79 kB | 159/327 kB | 36 kB Progress (3): 79 kB | 163/327 kB | 36 kB Progress (3): 79 kB | 167/327 kB | 36 kB Progress (3): 79 kB | 172/327 kB | 36 kB Progress (3): 79 kB | 176/327 kB | 36 kB Progress (3): 79 kB | 180/327 kB | 36 kB Progress (3): 79 kB | 184/327 kB | 36 kB Progress (3): 79 kB | 188/327 kB | 36 kB Progress (3): 79 kB | 192/327 kB | 36 kB Progress (3): 79 kB | 196/327 kB | 36 kB Progress (3): 79 kB | 200/327 kB | 36 kB Progress (3): 79 kB | 204/327 kB | 36 kB Progress (3): 79 kB | 208/327 kB | 36 kB Progress (3): 79 kB | 213/327 kB | 36 kB Progress (3): 79 kB | 217/327 kB | 36 kB Progress (3): 79 kB | 221/327 kB | 36 kB Progress (3): 79 kB | 225/327 kB | 36 kB Progress (3): 79 kB | 229/327 kB | 36 kB Progress (3): 79 kB | 233/327 kB | 36 kB Progress (3): 79 kB | 237/327 kB | 36 kB Progress (3): 79 kB | 241/327 kB | 36 kB Progress (3): 79 kB | 245/327 kB | 36 kB Progress (3): 79 kB | 249/327 kB | 36 kB Progress (3): 79 kB | 254/327 kB | 36 kB Progress (3): 79 kB | 258/327 kB | 36 kB Progress (3): 79 kB | 262/327 kB | 36 kB Progress (3): 79 kB | 266/327 kB | 36 kB Progress (3): 79 kB | 270/327 kB | 36 kB Progress (3): 79 kB | 274/327 kB | 36 kB Progress (3): 79 kB | 278/327 kB | 36 kB Progress (3): 79 kB | 282/327 kB | 36 kB Progress (3): 79 kB | 286/327 kB | 36 kB Progress (3): 79 kB | 290/327 kB | 36 kB Progress (3): 79 kB | 294/327 kB | 36 kB Progress (3): 79 kB | 299/327 kB | 36 kB Progress (3): 79 kB | 303/327 kB | 36 kB Progress (3): 79 kB | 307/327 kB | 36 kB Progress (3): 79 kB | 311/327 kB | 36 kB Progress (3): 79 kB | 315/327 kB | 36 kB Progress (3): 79 kB | 319/327 kB | 36 kB Progress (3): 79 kB | 323/327 kB | 36 kB Progress (3): 79 kB | 327 kB | 36 kB Progress (4): 79 kB | 327 kB | 36 kB | 4.1/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 7.7/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 12/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 16/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 20/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 24/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 28/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 32/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 36/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41/41 kB Progress (4): 79 kB | 327 kB | 36 kB | 41 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 4.1/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 7.7/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 12/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 16/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 20/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 24/26 kB Progress (5): 79 kB | 327 kB | 36 kB | 41 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-io/3.4.0/plexus-io-3.4.0.jar (79 kB at 2.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/file-management/3.1.0/file-management-3.1.0.jar (36 kB at 790 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.11.0/commons-io-2.11.0.jar (327 kB at 7.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.36/slf4j-api-1.7.36.jar (41 kB at 748 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar Progress (2): 26 kB | 2.5 kB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Progress (3): 26 kB | 2.5 kB | 0.1/1.0 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-archiver/3.6.0/maven-archiver-3.6.0.jar (26 kB at 404 kB/s) Progress (2): 2.5 kB | 0.1/1.0 MB Downloading from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.1/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.2/1.0 MB Progress (2): 2.5 kB | 0.3/1.0 MB Progress (2): 2.5 kB | 0.3/1.0 MB Progress (3): 2.5 kB | 0.3/1.0 MB | 4.1/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 4.1/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 7.7/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 7.7/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 12/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 16/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 16/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 20/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 20/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 24/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 24/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 28/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 28/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 32/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 36/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 36/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 41/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 41/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 45/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 49/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 49/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 53/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 53/211 kB Progress (3): 2.5 kB | 0.3/1.0 MB | 57/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 57/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 61/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 61/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 65/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 69/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 69/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 73/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 73/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 77/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 81/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 81/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 86/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 86/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 90/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 94/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 98/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 98/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 102/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 102/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 106/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 106/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 110/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 110/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 114/211 kB Progress (3): 2.5 kB | 0.4/1.0 MB | 118/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 118/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 122/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 122/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 127/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 127/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 131/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 131/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 135/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 135/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 139/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 139/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 143/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 143/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 147/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 147/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 151/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 151/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 155/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 155/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 159/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 159/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 163/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 163/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 167/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 167/211 kB Progress (3): 2.5 kB | 0.5/1.0 MB | 172/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 172/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 176/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 176/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 180/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 180/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 184/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 188/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 188/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 192/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 192/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 196/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 200/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 200/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 204/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 204/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 208/211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.6/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.7/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.8/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 0.9/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0/1.0 MB | 211 kB Progress (3): 2.5 kB | 1.0 MB | 211 kB Downloaded from central: https://repo.maven.apache.org/maven2/javax/inject/javax.inject/1/javax.inject-1.jar (2.5 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar Progress (3): 1.0 MB | 211 kB | 4.1/58 kB Progress (3): 1.0 MB | 211 kB | 7.7/58 kB Progress (3): 1.0 MB | 211 kB | 12/58 kB Progress (3): 1.0 MB | 211 kB | 16/58 kB Progress (3): 1.0 MB | 211 kB | 20/58 kB Progress (3): 1.0 MB | 211 kB | 24/58 kB Progress (3): 1.0 MB | 211 kB | 28/58 kB Progress (3): 1.0 MB | 211 kB | 32/58 kB Progress (3): 1.0 MB | 211 kB | 36/58 kB Progress (3): 1.0 MB | 211 kB | 41/58 kB Progress (3): 1.0 MB | 211 kB | 45/58 kB Progress (3): 1.0 MB | 211 kB | 49/58 kB Progress (3): 1.0 MB | 211 kB | 53/58 kB Progress (3): 1.0 MB | 211 kB | 57/58 kB Progress (3): 1.0 MB | 211 kB | 58 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-archiver/4.4.0/plexus-archiver-4.4.0.jar (211 kB at 2.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar Progress (3): 1.0 MB | 58 kB | 4.1/116 kB Progress (3): 1.0 MB | 58 kB | 7.7/116 kB Progress (3): 1.0 MB | 58 kB | 12/116 kB Progress (3): 1.0 MB | 58 kB | 16/116 kB Progress (3): 1.0 MB | 58 kB | 20/116 kB Progress (3): 1.0 MB | 58 kB | 24/116 kB Progress (3): 1.0 MB | 58 kB | 28/116 kB Progress (3): 1.0 MB | 58 kB | 32/116 kB Progress (3): 1.0 MB | 58 kB | 36/116 kB Progress (3): 1.0 MB | 58 kB | 41/116 kB Progress (3): 1.0 MB | 58 kB | 45/116 kB Progress (3): 1.0 MB | 58 kB | 49/116 kB Progress (3): 1.0 MB | 58 kB | 53/116 kB Progress (3): 1.0 MB | 58 kB | 57/116 kB Progress (3): 1.0 MB | 58 kB | 61/116 kB Progress (3): 1.0 MB | 58 kB | 65/116 kB Progress (3): 1.0 MB | 58 kB | 69/116 kB Progress (3): 1.0 MB | 58 kB | 73/116 kB Progress (3): 1.0 MB | 58 kB | 77/116 kB Progress (3): 1.0 MB | 58 kB | 81/116 kB Progress (3): 1.0 MB | 58 kB | 86/116 kB Progress (3): 1.0 MB | 58 kB | 90/116 kB Progress (3): 1.0 MB | 58 kB | 94/116 kB Progress (3): 1.0 MB | 58 kB | 98/116 kB Progress (3): 1.0 MB | 58 kB | 102/116 kB Progress (3): 1.0 MB | 58 kB | 106/116 kB Progress (3): 1.0 MB | 58 kB | 110/116 kB Progress (3): 1.0 MB | 58 kB | 114/116 kB Progress (3): 1.0 MB | 58 kB | 116 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/iq80/snappy/snappy/0.4/snappy-0.4.jar (58 kB at 552 kB/s) Progress (3): 1.0 MB | 116 kB | 4.1/85 kB Progress (3): 1.0 MB | 116 kB | 7.7/85 kB Progress (3): 1.0 MB | 116 kB | 12/85 kB Progress (3): 1.0 MB | 116 kB | 16/85 kB Progress (3): 1.0 MB | 116 kB | 20/85 kB Progress (3): 1.0 MB | 116 kB | 24/85 kB Progress (3): 1.0 MB | 116 kB | 28/85 kB Progress (3): 1.0 MB | 116 kB | 32/85 kB Progress (3): 1.0 MB | 116 kB | 36/85 kB Progress (3): 1.0 MB | 116 kB | 41/85 kB Progress (3): 1.0 MB | 116 kB | 45/85 kB Progress (3): 1.0 MB | 116 kB | 49/85 kB Progress (3): 1.0 MB | 116 kB | 53/85 kB Progress (3): 1.0 MB | 116 kB | 57/85 kB Progress (3): 1.0 MB | 116 kB | 61/85 kB Progress (3): 1.0 MB | 116 kB | 65/85 kB Progress (3): 1.0 MB | 116 kB | 69/85 kB Progress (3): 1.0 MB | 116 kB | 73/85 kB Progress (3): 1.0 MB | 116 kB | 77/85 kB Progress (3): 1.0 MB | 116 kB | 81/85 kB Progress (3): 1.0 MB | 116 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-compress/1.21/commons-compress-1.21.jar (1.0 MB at 9.5 MB/s) Progress (3): 116 kB | 85 kB | 4.1/267 kB Progress (3): 116 kB | 85 kB | 7.7/267 kB Progress (3): 116 kB | 85 kB | 12/267 kB Progress (3): 116 kB | 85 kB | 16/267 kB Progress (3): 116 kB | 85 kB | 20/267 kB Progress (3): 116 kB | 85 kB | 24/267 kB Progress (3): 116 kB | 85 kB | 28/267 kB Progress (3): 116 kB | 85 kB | 32/267 kB Progress (3): 116 kB | 85 kB | 36/267 kB Progress (3): 116 kB | 85 kB | 41/267 kB Progress (3): 116 kB | 85 kB | 45/267 kB Progress (3): 116 kB | 85 kB | 49/267 kB Progress (3): 116 kB | 85 kB | 53/267 kB Progress (3): 116 kB | 85 kB | 57/267 kB Progress (3): 116 kB | 85 kB | 61/267 kB Progress (3): 116 kB | 85 kB | 65/267 kB Progress (3): 116 kB | 85 kB | 69/267 kB Progress (3): 116 kB | 85 kB | 73/267 kB Progress (3): 116 kB | 85 kB | 77/267 kB Progress (3): 116 kB | 85 kB | 81/267 kB Progress (3): 116 kB | 85 kB | 86/267 kB Progress (3): 116 kB | 85 kB | 90/267 kB Progress (3): 116 kB | 85 kB | 94/267 kB Progress (3): 116 kB | 85 kB | 98/267 kB Progress (3): 116 kB | 85 kB | 102/267 kB Progress (3): 116 kB | 85 kB | 106/267 kB Progress (3): 116 kB | 85 kB | 110/267 kB Progress (3): 116 kB | 85 kB | 114/267 kB Progress (3): 116 kB | 85 kB | 118/267 kB Progress (3): 116 kB | 85 kB | 122/267 kB Progress (3): 116 kB | 85 kB | 127/267 kB Progress (3): 116 kB | 85 kB | 131/267 kB Progress (3): 116 kB | 85 kB | 135/267 kB Progress (3): 116 kB | 85 kB | 139/267 kB Progress (3): 116 kB | 85 kB | 143/267 kB Progress (3): 116 kB | 85 kB | 147/267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/tukaani/xz/1.9/xz-1.9.jar (116 kB at 928 kB/s) Progress (2): 85 kB | 151/267 kB Progress (2): 85 kB | 155/267 kB Progress (2): 85 kB | 159/267 kB Progress (2): 85 kB | 163/267 kB Progress (2): 85 kB | 167/267 kB Progress (2): 85 kB | 172/267 kB Progress (2): 85 kB | 176/267 kB Progress (2): 85 kB | 180/267 kB Progress (2): 85 kB | 184/267 kB Progress (2): 85 kB | 188/267 kB Progress (2): 85 kB | 192/267 kB Progress (2): 85 kB | 196/267 kB Progress (2): 85 kB | 200/267 kB Progress (2): 85 kB | 204/267 kB Progress (2): 85 kB | 208/267 kB Progress (2): 85 kB | 213/267 kB Progress (2): 85 kB | 217/267 kB Progress (2): 85 kB | 221/267 kB Progress (2): 85 kB | 225/267 kB Progress (2): 85 kB | 229/267 kB Progress (2): 85 kB | 233/267 kB Progress (2): 85 kB | 237/267 kB Progress (2): 85 kB | 241/267 kB Progress (2): 85 kB | 245/267 kB Progress (2): 85 kB | 249/267 kB Progress (2): 85 kB | 254/267 kB Progress (2): 85 kB | 258/267 kB Progress (2): 85 kB | 262/267 kB Progress (2): 85 kB | 266/267 kB Progress (2): 85 kB | 267 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.26/plexus-interpolation-1.26.jar (85 kB at 637 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.4.2/plexus-utils-3.4.2.jar (267 kB at 1.8 MB/s) [INFO] Building jar: /work/target/hacbs-test.jar [INFO] [INFO] --- maven-shade-plugin:3.2.4:shade (default) @ simple-java-project --- Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.pom (2.3 kB at 53 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven/3.0/maven-3.0.pom (22 kB at 456 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 24 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/15/maven-parent-15.pom (24 kB at 572 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom Progress (1): 3.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.pom (3.9 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom Progress (1): 3.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/2.0.4/plexus-utils-2.0.4.pom (3.3 kB at 81 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.pom (1.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.pom (5.4 kB at 101 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-plexus/1.4.2/guice-plexus-1.4.2.pom (3.1 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom Progress (1): 2.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/inject/guice-bean/1.4.2/guice-bean-1.4.2.pom (2.6 kB at 67 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom Progress (1): 1.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject/1.4.2/sisu-inject-1.4.2.pom (1.2 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom Progress (1): 4.1 kB Progress (1): 7.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-parent/1.4.2/sisu-parent-1.4.2.pom (7.8 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/forge/forge-parent/6/forge-parent-6.pom (11 kB at 211 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom Progress (1): 750 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.pom (750 B at 19 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-containers/2.0.0/plexus-containers-2.0.0.pom (4.8 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom Progress (1): 4.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.pom (4.0 kB at 89 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom Progress (1): 4.1 kB Progress (1): 5.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.pom (5.5 kB at 116 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7.pom (11 kB at 263 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.pom (6.6 kB at 147 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.pom (1.9 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.pom (2.2 kB at 47 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom Progress (1): 910 B Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.pom (910 B at 13 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-components/1.1.18/plexus-components-1.1.18.pom (5.4 kB at 114 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom Progress (1): 1.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.pom (1.9 kB at 40 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom Progress (1): 2.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.pom (2.2 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom Progress (1): 2.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.pom (2.5 kB at 54 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.pom (1.7 kB at 31 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom Progress (1): 4.1 kB Progress (1): 7.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-parent/1.7/aether-parent-1.7.pom (7.7 kB at 129 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.pom (2.1 kB at 43 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.pom (3.7 kB at 86 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom Progress (1): 1.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.pom (1.7 kB at 50 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.pom (11 kB at 268 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/33/maven-shared-components-33.pom (5.1 kB at 113 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 44 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/33/maven-parent-33.pom (44 kB at 960 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 17 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/21/apache-21.pom (17 kB at 439 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.pom (4.8 kB at 112 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-components/30/maven-shared-components-30.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 41 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-parent/30/maven-parent-30.pom (41 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/18/apache-18.pom (16 kB at 348 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom Progress (1): 4.1 kB Progress (1): 5.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.pom (5.0 kB at 108 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.5/commons-io-2.5.pom (13 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 62 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/39/commons-parent-39.pom (62 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/apache/16/apache-16.pom (15 kB at 358 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom Progress (1): 4.1 kB Progress (1): 5.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.1.1/plexus-utils-3.1.1.pom (5.1 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 22 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom (22 kB at 566 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.pom (14 kB at 333 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 29 kB Progress (1): 33 kB Progress (1): 37 kB Progress (1): 41 kB Progress (1): 45 kB Progress (1): 49 kB Progress (1): 53 kB Progress (1): 57 kB Progress (1): 61 kB Progress (1): 66 kB Progress (1): 68 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-parent/42/commons-parent-42.pom (68 kB at 1.3 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.pom (2.7 kB at 60 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-parent/1.7.5/slf4j-parent-1.7.5.pom (12 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom Progress (1): 2.9 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.pom (2.9 kB at 74 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/ow2/1.5/ow2-1.5.pom (11 kB at 261 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.pom (3.7 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom Progress (1): 3.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.pom (3.1 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom Progress (1): 3.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.pom (3.2 kB at 83 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom Progress (1): 4.1 kB Progress (1): 4.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.pom (4.6 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom Progress (1): 4.1 kB Progress (1): 7.5 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.pom (7.5 kB at 187 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom Progress (1): 2.0 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.pom (2.0 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether/0.9.0.M2/aether-0.9.0.M2.pom (28 kB at 489 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.pom (14 kB at 324 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 15 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.pom (15 kB at 368 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom Progress (1): 3.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.pom (3.7 kB at 87 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 11 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.pom (11 kB at 295 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/28.2-android/guava-parent-28.2-android.pom (13 kB at 179 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom Progress (1): 2.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.pom (2.4 kB at 42 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 10 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava-parent/26.0-android/guava-parent-26.0-android.pom (10 kB at 170 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom Progress (1): 4.1 kB Progress (1): 6.6 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/9/oss-parent-9.pom (6.6 kB at 149 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom Progress (1): 2.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.pom (2.3 kB at 48 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom Progress (1): 4.1 kB Progress (1): 4.3 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom (4.3 kB at 122 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom Progress (1): 4.1 kB Progress (1): 4.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/oss/oss-parent/7/oss-parent-7.pom (4.8 kB at 77 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom Progress (1): 2.7 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.pom (2.7 kB at 44 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom Progress (1): 2.1 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.pom (2.1 kB at 46 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom Progress (1): 4.1 kB Progress (1): 5.4 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_parent/2.3.4/error_prone_parent-2.3.4.pom (5.4 kB at 123 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom Progress (1): 2.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.pom (2.8 kB at 49 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom Progress (1): 4.1 kB Progress (1): 8.2 kB Progress (1): 12 kB Progress (1): 16 kB Progress (1): 20 kB Progress (1): 25 kB Progress (1): 28 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.pom (28 kB at 656 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar Progress (1): 4.1/153 kB Progress (1): 7.7/153 kB Progress (1): 12/153 kB Progress (1): 16/153 kB Progress (1): 20/153 kB Progress (1): 24/153 kB Progress (1): 28/153 kB Progress (1): 32/153 kB Progress (1): 36/153 kB Progress (1): 41/153 kB Progress (1): 45/153 kB Progress (1): 49/153 kB Progress (1): 53/153 kB Progress (1): 57/153 kB Progress (1): 61/153 kB Progress (2): 61/153 kB | 4.1/202 kB Progress (2): 65/153 kB | 4.1/202 kB Progress (2): 69/153 kB | 4.1/202 kB Progress (2): 69/153 kB | 7.7/202 kB Progress (2): 73/153 kB | 7.7/202 kB Progress (2): 73/153 kB | 12/202 kB Progress (2): 73/153 kB | 16/202 kB Progress (2): 77/153 kB | 16/202 kB Progress (2): 81/153 kB | 16/202 kB Progress (2): 81/153 kB | 20/202 kB Progress (2): 86/153 kB | 20/202 kB Progress (2): 86/153 kB | 24/202 kB Progress (2): 90/153 kB | 24/202 kB Progress (2): 90/153 kB | 28/202 kB Progress (2): 94/153 kB | 28/202 kB Progress (2): 94/153 kB | 32/202 kB Progress (2): 98/153 kB | 32/202 kB Progress (2): 98/153 kB | 36/202 kB Progress (2): 102/153 kB | 36/202 kB Progress (2): 102/153 kB | 41/202 kB Progress (2): 106/153 kB | 41/202 kB Progress (2): 106/153 kB | 45/202 kB Progress (2): 110/153 kB | 45/202 kB Progress (3): 110/153 kB | 45/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 45/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 49/202 kB | 4.1/49 kB Progress (3): 114/153 kB | 49/202 kB | 7.7/49 kB Progress (3): 118/153 kB | 49/202 kB | 7.7/49 kB Progress (3): 118/153 kB | 49/202 kB | 12/49 kB Progress (3): 118/153 kB | 53/202 kB | 12/49 kB Progress (3): 118/153 kB | 53/202 kB | 16/49 kB Progress (3): 122/153 kB | 53/202 kB | 16/49 kB Progress (3): 122/153 kB | 57/202 kB | 16/49 kB Progress (3): 122/153 kB | 57/202 kB | 20/49 kB Progress (3): 127/153 kB | 57/202 kB | 20/49 kB Progress (3): 127/153 kB | 57/202 kB | 24/49 kB Progress (3): 127/153 kB | 61/202 kB | 24/49 kB Progress (3): 127/153 kB | 61/202 kB | 28/49 kB Progress (3): 131/153 kB | 61/202 kB | 28/49 kB Progress (3): 131/153 kB | 61/202 kB | 32/49 kB Progress (3): 131/153 kB | 65/202 kB | 32/49 kB Progress (3): 131/153 kB | 65/202 kB | 36/49 kB Progress (3): 135/153 kB | 65/202 kB | 36/49 kB Progress (3): 135/153 kB | 65/202 kB | 41/49 kB Progress (3): 135/153 kB | 69/202 kB | 41/49 kB Progress (3): 135/153 kB | 73/202 kB | 41/49 kB Progress (3): 135/153 kB | 73/202 kB | 45/49 kB Progress (3): 139/153 kB | 73/202 kB | 45/49 kB Progress (3): 139/153 kB | 73/202 kB | 49/49 kB Progress (3): 139/153 kB | 77/202 kB | 49/49 kB Progress (3): 139/153 kB | 77/202 kB | 49 kB Progress (3): 139/153 kB | 81/202 kB | 49 kB Progress (3): 143/153 kB | 81/202 kB | 49 kB Progress (3): 143/153 kB | 86/202 kB | 49 kB Progress (3): 147/153 kB | 86/202 kB | 49 kB Progress (3): 147/153 kB | 90/202 kB | 49 kB Progress (3): 151/153 kB | 90/202 kB | 49 kB Progress (3): 151/153 kB | 94/202 kB | 49 kB Progress (3): 153 kB | 94/202 kB | 49 kB Progress (3): 153 kB | 98/202 kB | 49 kB Progress (3): 153 kB | 102/202 kB | 49 kB Progress (3): 153 kB | 106/202 kB | 49 kB Progress (3): 153 kB | 110/202 kB | 49 kB Progress (3): 153 kB | 114/202 kB | 49 kB Progress (3): 153 kB | 118/202 kB | 49 kB Progress (3): 153 kB | 122/202 kB | 49 kB Progress (3): 153 kB | 127/202 kB | 49 kB Progress (3): 153 kB | 131/202 kB | 49 kB Progress (3): 153 kB | 135/202 kB | 49 kB Progress (3): 153 kB | 139/202 kB | 49 kB Progress (3): 153 kB | 143/202 kB | 49 kB Progress (3): 153 kB | 147/202 kB | 49 kB Progress (3): 153 kB | 151/202 kB | 49 kB Progress (3): 153 kB | 155/202 kB | 49 kB Progress (3): 153 kB | 159/202 kB | 49 kB Progress (3): 153 kB | 163/202 kB | 49 kB Progress (3): 153 kB | 167/202 kB | 49 kB Progress (3): 153 kB | 172/202 kB | 49 kB Progress (3): 153 kB | 176/202 kB | 49 kB Progress (3): 153 kB | 180/202 kB | 49 kB Progress (3): 153 kB | 184/202 kB | 49 kB Progress (3): 153 kB | 188/202 kB | 49 kB Progress (3): 153 kB | 192/202 kB | 49 kB Progress (3): 153 kB | 196/202 kB | 49 kB Progress (3): 153 kB | 200/202 kB | 49 kB Progress (3): 153 kB | 202 kB | 49 kB Progress (4): 153 kB | 202 kB | 49 kB | 4.1/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 7.7/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 12/472 kB Progress (4): 153 kB | 202 kB | 49 kB | 16/472 kB Progress (5): 153 kB | 202 kB | 49 kB | 16/472 kB | 4.1/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 20/472 kB | 4.1/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 20/472 kB | 7.7/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 24/472 kB | 7.7/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 24/472 kB | 12/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 28/472 kB | 12/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 28/472 kB | 16/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 32/472 kB | 16/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 32/472 kB | 20/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 36/472 kB | 20/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 36/472 kB | 24/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 40/472 kB | 24/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 40/472 kB | 28/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 44/472 kB | 28/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 44/472 kB | 32/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 32/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 36/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 48/472 kB | 41/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 53/472 kB | 41/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 53/472 kB | 45/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 57/472 kB | 45/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 57/472 kB | 49/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 61/472 kB | 49/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 61/472 kB | 53/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 65/472 kB | 53/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 65/472 kB | 57/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 69/472 kB | 57/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 69/472 kB | 61/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 73/472 kB | 61/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 73/472 kB | 65/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 77/472 kB | 65/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 77/472 kB | 69/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 81/472 kB | 69/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 81/472 kB | 73/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 85/472 kB | 73/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 85/472 kB | 77/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 89/472 kB | 77/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 89/472 kB | 81/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 94/472 kB | 81/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 94/472 kB | 86/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 98/472 kB | 86/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 98/472 kB | 90/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 102/472 kB | 90/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 102/472 kB | 94/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 106/472 kB | 94/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 106/472 kB | 98/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 110/472 kB | 98/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 110/472 kB | 102/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 114/472 kB | 102/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 114/472 kB | 106/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 118/472 kB | 106/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 118/472 kB | 110/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 122/472 kB | 110/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 122/472 kB | 114/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 126/472 kB | 114/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 126/472 kB | 118/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 130/472 kB | 118/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 130/472 kB | 122/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 122/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 127/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 131/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 134/472 kB | 135/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 139/472 kB | 135/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 139/472 kB | 139/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 143/472 kB | 139/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 143/472 kB | 143/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 147/472 kB | 143/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 147/472 kB | 147/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 151/472 kB | 147/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 151/472 kB | 151/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 155/472 kB | 151/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 155/472 kB | 155/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 159/472 kB | 155/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 159/472 kB | 159/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 163/472 kB | 159/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 163/472 kB | 163/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 167/472 kB | 163/165 kB Progress (5): 153 kB | 202 kB | 49 kB | 167/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 171/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 175/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 180/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 184/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 188/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 192/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 196/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 200/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 204/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 208/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 212/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 216/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 220/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 225/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 229/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 233/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 237/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 241/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 245/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 249/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 253/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 257/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 261/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 266/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 270/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 274/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 278/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 282/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 286/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 290/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 294/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 298/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 302/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 307/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 311/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 315/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 319/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 323/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 327/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 331/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 335/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 339/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 343/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 347/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 352/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 356/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 360/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 364/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 368/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 372/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 376/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 380/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 384/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 388/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 393/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 397/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 401/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 405/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 409/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 413/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 417/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 421/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 425/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 429/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 433/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 438/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 442/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 446/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 450/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 454/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 458/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 462/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 466/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 470/472 kB | 165 kB Progress (5): 153 kB | 202 kB | 49 kB | 472 kB | 165 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-plugin-api/3.0/maven-plugin-api-3.0.jar (49 kB at 1.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-bean/1.4.2/sisu-inject-bean-1.4.2.jar (153 kB at 3.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-inject-plexus/1.4.2/sisu-inject-plexus-1.4.2.jar (202 kB at 4.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/sisu/sisu-guice/2.1.7/sisu-guice-2.1.7-noaop.jar (472 kB at 9.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model/3.0/maven-model-3.0.jar (165 kB at 3.0 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar Progress (1): 4.1/527 kB Progress (1): 7.7/527 kB Progress (1): 12/527 kB Progress (1): 16/527 kB Progress (1): 20/527 kB Progress (1): 24/527 kB Progress (1): 28/527 kB Progress (1): 32/527 kB Progress (1): 36/527 kB Progress (1): 40/527 kB Progress (1): 44/527 kB Progress (1): 48/527 kB Progress (1): 53/527 kB Progress (1): 57/527 kB Progress (1): 61/527 kB Progress (1): 65/527 kB Progress (1): 69/527 kB Progress (1): 73/527 kB Progress (1): 77/527 kB Progress (1): 81/527 kB Progress (1): 85/527 kB Progress (1): 89/527 kB Progress (1): 94/527 kB Progress (1): 98/527 kB Progress (1): 102/527 kB Progress (1): 106/527 kB Progress (1): 110/527 kB Progress (1): 114/527 kB Progress (1): 118/527 kB Progress (1): 122/527 kB Progress (1): 126/527 kB Progress (1): 130/527 kB Progress (1): 134/527 kB Progress (1): 139/527 kB Progress (1): 143/527 kB Progress (1): 147/527 kB Progress (1): 151/527 kB Progress (1): 155/527 kB Progress (1): 159/527 kB Progress (1): 163/527 kB Progress (1): 167/527 kB Progress (1): 171/527 kB Progress (1): 175/527 kB Progress (1): 180/527 kB Progress (1): 184/527 kB Progress (1): 188/527 kB Progress (1): 192/527 kB Progress (1): 196/527 kB Progress (1): 200/527 kB Progress (1): 204/527 kB Progress (1): 208/527 kB Progress (1): 212/527 kB Progress (1): 216/527 kB Progress (1): 220/527 kB Progress (1): 225/527 kB Progress (1): 229/527 kB Progress (1): 233/527 kB Progress (1): 237/527 kB Progress (1): 241/527 kB Progress (1): 245/527 kB Progress (1): 249/527 kB Progress (1): 253/527 kB Progress (1): 257/527 kB Progress (1): 261/527 kB Progress (1): 266/527 kB Progress (1): 270/527 kB Progress (1): 274/527 kB Progress (1): 278/527 kB Progress (1): 282/527 kB Progress (1): 286/527 kB Progress (1): 290/527 kB Progress (1): 294/527 kB Progress (1): 298/527 kB Progress (1): 302/527 kB Progress (1): 307/527 kB Progress (1): 311/527 kB Progress (1): 315/527 kB Progress (1): 319/527 kB Progress (1): 323/527 kB Progress (1): 327/527 kB Progress (1): 331/527 kB Progress (1): 335/527 kB Progress (1): 339/527 kB Progress (1): 343/527 kB Progress (1): 347/527 kB Progress (1): 352/527 kB Progress (1): 356/527 kB Progress (1): 360/527 kB Progress (1): 364/527 kB Progress (1): 368/527 kB Progress (1): 372/527 kB Progress (1): 376/527 kB Progress (1): 380/527 kB Progress (1): 384/527 kB Progress (1): 388/527 kB Progress (1): 393/527 kB Progress (1): 397/527 kB Progress (1): 401/527 kB Progress (1): 405/527 kB Progress (1): 409/527 kB Progress (1): 413/527 kB Progress (1): 417/527 kB Progress (1): 421/527 kB Progress (1): 425/527 kB Progress (1): 429/527 kB Progress (1): 433/527 kB Progress (1): 438/527 kB Progress (1): 442/527 kB Progress (1): 446/527 kB Progress (1): 450/527 kB Progress (1): 454/527 kB Progress (1): 458/527 kB Progress (1): 462/527 kB Progress (1): 466/527 kB Progress (1): 470/527 kB Progress (1): 474/527 kB Progress (1): 479/527 kB Progress (1): 483/527 kB Progress (1): 487/527 kB Progress (1): 491/527 kB Progress (1): 495/527 kB Progress (1): 499/527 kB Progress (1): 503/527 kB Progress (1): 507/527 kB Progress (1): 511/527 kB Progress (1): 515/527 kB Progress (1): 519/527 kB Progress (1): 524/527 kB Progress (1): 527 kB Progress (2): 527 kB | 4.1/38 kB Progress (2): 527 kB | 7.7/38 kB Progress (2): 527 kB | 12/38 kB Progress (3): 527 kB | 12/38 kB | 4.1/47 kB Progress (3): 527 kB | 16/38 kB | 4.1/47 kB Progress (3): 527 kB | 16/38 kB | 7.7/47 kB Progress (3): 527 kB | 20/38 kB | 7.7/47 kB Progress (3): 527 kB | 20/38 kB | 12/47 kB Progress (3): 527 kB | 24/38 kB | 12/47 kB Progress (3): 527 kB | 24/38 kB | 16/47 kB Progress (3): 527 kB | 28/38 kB | 16/47 kB Progress (3): 527 kB | 32/38 kB | 16/47 kB Progress (3): 527 kB | 32/38 kB | 20/47 kB Progress (3): 527 kB | 36/38 kB | 20/47 kB Progress (3): 527 kB | 36/38 kB | 24/47 kB Progress (3): 527 kB | 38 kB | 24/47 kB Progress (3): 527 kB | 38 kB | 28/47 kB Progress (3): 527 kB | 38 kB | 32/47 kB Progress (3): 527 kB | 38 kB | 36/47 kB Progress (3): 527 kB | 38 kB | 41/47 kB Progress (3): 527 kB | 38 kB | 45/47 kB Progress (3): 527 kB | 38 kB | 47 kB Progress (4): 527 kB | 38 kB | 47 kB | 4.1/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 7.7/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 12/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 16/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 20/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 24/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 28/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 32/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 36/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 40/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 44/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 48/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 53/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 57/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 61/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 65/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 69/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 73/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 77/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 81/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 85/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 89/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 94/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 98/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 102/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 106/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 110/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 114/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 118/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 122/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 126/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 130/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 134/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 139/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 143/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 147/148 kB Progress (4): 527 kB | 38 kB | 47 kB | 148 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 4.1/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 7.7/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 12/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 16/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 20/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 24/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 28/30 kB Progress (5): 527 kB | 38 kB | 47 kB | 148 kB | 30 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-core/3.0/maven-core-3.0.jar (527 kB at 6.1 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings/3.0/maven-settings-3.0.jar (47 kB at 502 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-settings-builder/3.0/maven-settings-builder-3.0.jar (38 kB at 406 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-repository-metadata/3.0/maven-repository-metadata-3.0.jar (30 kB at 301 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar Progress (2): 148 kB | 4.1/51 kB Progress (2): 148 kB | 7.7/51 kB Progress (2): 148 kB | 12/51 kB Progress (2): 148 kB | 16/51 kB Progress (2): 148 kB | 20/51 kB Progress (2): 148 kB | 24/51 kB Progress (2): 148 kB | 28/51 kB Progress (2): 148 kB | 32/51 kB Progress (2): 148 kB | 36/51 kB Progress (2): 148 kB | 41/51 kB Progress (2): 148 kB | 45/51 kB Progress (2): 148 kB | 49/51 kB Progress (2): 148 kB | 51 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-model-builder/3.0/maven-model-builder-3.0.jar (148 kB at 1.4 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar Progress (2): 51 kB | 4.1/106 kB Progress (2): 51 kB | 7.7/106 kB Progress (2): 51 kB | 12/106 kB Progress (2): 51 kB | 16/106 kB Progress (2): 51 kB | 20/106 kB Progress (2): 51 kB | 24/106 kB Progress (2): 51 kB | 28/106 kB Progress (2): 51 kB | 32/106 kB Progress (2): 51 kB | 36/106 kB Progress (2): 51 kB | 40/106 kB Progress (2): 51 kB | 44/106 kB Progress (2): 51 kB | 48/106 kB Progress (2): 51 kB | 53/106 kB Progress (2): 51 kB | 57/106 kB Progress (2): 51 kB | 61/106 kB Progress (2): 51 kB | 65/106 kB Progress (2): 51 kB | 69/106 kB Progress (2): 51 kB | 73/106 kB Progress (2): 51 kB | 77/106 kB Progress (2): 51 kB | 81/106 kB Progress (2): 51 kB | 85/106 kB Progress (2): 51 kB | 89/106 kB Progress (2): 51 kB | 94/106 kB Progress (2): 51 kB | 98/106 kB Progress (2): 51 kB | 102/106 kB Progress (2): 51 kB | 106/106 kB Progress (2): 51 kB | 106 kB Progress (3): 51 kB | 106 kB | 4.1/14 kB Progress (3): 51 kB | 106 kB | 7.7/14 kB Progress (3): 51 kB | 106 kB | 12/14 kB Progress (3): 51 kB | 106 kB | 14 kB Progress (4): 51 kB | 106 kB | 14 kB | 4.1/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 8.2/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 12/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 16/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 20/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 25/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 29/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 33/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 37/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 41/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 45/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 49/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 53/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 57/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 61/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 66/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 70/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 74/74 kB Progress (4): 51 kB | 106 kB | 14 kB | 74 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-aether-provider/3.0/maven-aether-provider-3.0.jar (51 kB at 416 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-impl/1.7/aether-impl-1.7.jar (106 kB at 830 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-spi/1.7/aether-spi-1.7.jar (14 kB at 102 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar Progress (2): 74 kB | 4.1/108 kB Progress (2): 74 kB | 7.7/108 kB Progress (2): 74 kB | 12/108 kB Progress (2): 74 kB | 16/108 kB Progress (2): 74 kB | 20/108 kB Progress (2): 74 kB | 24/108 kB Progress (2): 74 kB | 28/108 kB Progress (2): 74 kB | 32/108 kB Progress (2): 74 kB | 36/108 kB Progress (2): 74 kB | 41/108 kB Progress (2): 74 kB | 45/108 kB Progress (2): 74 kB | 49/108 kB Progress (2): 74 kB | 53/108 kB Progress (2): 74 kB | 57/108 kB Progress (2): 74 kB | 61/108 kB Progress (2): 74 kB | 65/108 kB Progress (2): 74 kB | 69/108 kB Progress (2): 74 kB | 73/108 kB Progress (2): 74 kB | 77/108 kB Progress (2): 74 kB | 81/108 kB Progress (2): 74 kB | 86/108 kB Progress (2): 74 kB | 90/108 kB Progress (2): 74 kB | 94/108 kB Progress (2): 74 kB | 98/108 kB Progress (2): 74 kB | 102/108 kB Progress (2): 74 kB | 106/108 kB Progress (2): 74 kB | 108 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-api/1.7/aether-api-1.7.jar (74 kB at 519 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar Progress (2): 108 kB | 4.1/61 kB Progress (2): 108 kB | 7.7/61 kB Progress (2): 108 kB | 12/61 kB Progress (2): 108 kB | 16/61 kB Progress (2): 108 kB | 20/61 kB Progress (2): 108 kB | 24/61 kB Progress (2): 108 kB | 28/61 kB Progress (2): 108 kB | 32/61 kB Progress (2): 108 kB | 36/61 kB Progress (2): 108 kB | 41/61 kB Progress (2): 108 kB | 45/61 kB Progress (2): 108 kB | 49/61 kB Progress (2): 108 kB | 53/61 kB Progress (2): 108 kB | 57/61 kB Progress (2): 108 kB | 61/61 kB Progress (2): 108 kB | 61 kB Progress (3): 108 kB | 61 kB | 4.1/46 kB Progress (3): 108 kB | 61 kB | 7.7/46 kB Progress (3): 108 kB | 61 kB | 12/46 kB Progress (3): 108 kB | 61 kB | 16/46 kB Progress (3): 108 kB | 61 kB | 20/46 kB Progress (3): 108 kB | 61 kB | 24/46 kB Progress (3): 108 kB | 61 kB | 28/46 kB Progress (3): 108 kB | 61 kB | 32/46 kB Progress (3): 108 kB | 61 kB | 36/46 kB Progress (3): 108 kB | 61 kB | 41/46 kB Progress (3): 108 kB | 61 kB | 45/46 kB Progress (3): 108 kB | 61 kB | 46 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.1/4.2 kB Progress (4): 108 kB | 61 kB | 46 kB | 4.2 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-interpolation/1.14/plexus-interpolation-1.14.jar (61 kB at 366 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/aether/aether-util/1.7/aether-util-1.7.jar (108 kB at 646 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar Progress (3): 46 kB | 4.2 kB | 4.1/29 kB Progress (3): 46 kB | 4.2 kB | 7.7/29 kB Progress (3): 46 kB | 4.2 kB | 12/29 kB Progress (3): 46 kB | 4.2 kB | 16/29 kB Progress (3): 46 kB | 4.2 kB | 20/29 kB Progress (3): 46 kB | 4.2 kB | 24/29 kB Progress (3): 46 kB | 4.2 kB | 28/29 kB Progress (3): 46 kB | 4.2 kB | 29 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-classworlds/2.2.3/plexus-classworlds-2.2.3.jar (46 kB at 274 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-component-annotations/2.0.0/plexus-component-annotations-2.0.0.jar (4.2 kB at 24 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar Progress (2): 29 kB | 4.1/52 kB Progress (2): 29 kB | 7.7/52 kB Progress (2): 29 kB | 12/52 kB Progress (2): 29 kB | 16/52 kB Progress (2): 29 kB | 20/52 kB Progress (2): 29 kB | 24/52 kB Progress (2): 29 kB | 28/52 kB Progress (2): 29 kB | 32/52 kB Progress (2): 29 kB | 36/52 kB Progress (2): 29 kB | 41/52 kB Progress (2): 29 kB | 45/52 kB Progress (2): 29 kB | 49/52 kB Progress (2): 29 kB | 52 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-sec-dispatcher/1.3/plexus-sec-dispatcher-1.3.jar (29 kB at 148 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar Progress (2): 52 kB | 4.1/263 kB Progress (2): 52 kB | 7.7/263 kB Progress (2): 52 kB | 12/263 kB Progress (2): 52 kB | 16/263 kB Progress (2): 52 kB | 20/263 kB Progress (2): 52 kB | 24/263 kB Progress (2): 52 kB | 28/263 kB Progress (2): 52 kB | 32/263 kB Progress (2): 52 kB | 36/263 kB Progress (2): 52 kB | 40/263 kB Progress (2): 52 kB | 44/263 kB Progress (2): 52 kB | 48/263 kB Progress (2): 52 kB | 53/263 kB Progress (2): 52 kB | 57/263 kB Progress (2): 52 kB | 61/263 kB Progress (2): 52 kB | 65/263 kB Progress (2): 52 kB | 69/263 kB Progress (2): 52 kB | 73/263 kB Progress (2): 52 kB | 77/263 kB Progress (2): 52 kB | 81/263 kB Progress (2): 52 kB | 85/263 kB Progress (2): 52 kB | 89/263 kB Progress (2): 52 kB | 94/263 kB Progress (2): 52 kB | 98/263 kB Progress (2): 52 kB | 102/263 kB Progress (2): 52 kB | 106/263 kB Progress (2): 52 kB | 110/263 kB Progress (2): 52 kB | 114/263 kB Progress (2): 52 kB | 118/263 kB Progress (2): 52 kB | 122/263 kB Progress (2): 52 kB | 126/263 kB Progress (2): 52 kB | 130/263 kB Progress (2): 52 kB | 134/263 kB Progress (3): 52 kB | 134/263 kB | 4.1/120 kB Progress (3): 52 kB | 139/263 kB | 4.1/120 kB Progress (3): 52 kB | 143/263 kB | 4.1/120 kB Progress (3): 52 kB | 143/263 kB | 7.7/120 kB Progress (3): 52 kB | 147/263 kB | 7.7/120 kB Progress (3): 52 kB | 147/263 kB | 12/120 kB Progress (3): 52 kB | 151/263 kB | 12/120 kB Progress (3): 52 kB | 151/263 kB | 16/120 kB Progress (3): 52 kB | 155/263 kB | 16/120 kB Progress (3): 52 kB | 159/263 kB | 16/120 kB Progress (3): 52 kB | 163/263 kB | 16/120 kB Progress (3): 52 kB | 163/263 kB | 20/120 kB Progress (3): 52 kB | 167/263 kB | 20/120 kB Progress (4): 52 kB | 167/263 kB | 20/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 20/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 24/120 kB | 4.1/13 kB Progress (4): 52 kB | 171/263 kB | 24/120 kB | 7.7/13 kB Progress (4): 52 kB | 175/263 kB | 24/120 kB | 7.7/13 kB Progress (4): 52 kB | 175/263 kB | 24/120 kB | 12/13 kB Progress (4): 52 kB | 175/263 kB | 28/120 kB | 12/13 kB Progress (4): 52 kB | 175/263 kB | 28/120 kB | 13 kB Progress (4): 52 kB | 180/263 kB | 28/120 kB | 13 kB Progress (4): 52 kB | 180/263 kB | 32/120 kB | 13 kB Progress (4): 52 kB | 184/263 kB | 32/120 kB | 13 kB Progress (4): 52 kB | 184/263 kB | 36/120 kB | 13 kB Progress (4): 52 kB | 188/263 kB | 36/120 kB | 13 kB Progress (4): 52 kB | 188/263 kB | 41/120 kB | 13 kB Progress (4): 52 kB | 192/263 kB | 41/120 kB | 13 kB Progress (4): 52 kB | 192/263 kB | 45/120 kB | 13 kB Progress (4): 52 kB | 196/263 kB | 45/120 kB | 13 kB Progress (4): 52 kB | 196/263 kB | 49/120 kB | 13 kB Progress (4): 52 kB | 200/263 kB | 49/120 kB | 13 kB Progress (4): 52 kB | 200/263 kB | 53/120 kB | 13 kB Progress (4): 52 kB | 204/263 kB | 53/120 kB | 13 kB Progress (4): 52 kB | 204/263 kB | 57/120 kB | 13 kB Progress (4): 52 kB | 208/263 kB | 57/120 kB | 13 kB Progress (4): 52 kB | 208/263 kB | 61/120 kB | 13 kB Progress (4): 52 kB | 212/263 kB | 61/120 kB | 13 kB Progress (4): 52 kB | 212/263 kB | 65/120 kB | 13 kB Progress (4): 52 kB | 216/263 kB | 65/120 kB | 13 kB Progress (4): 52 kB | 216/263 kB | 69/120 kB | 13 kB Progress (4): 52 kB | 220/263 kB | 69/120 kB | 13 kB Progress (4): 52 kB | 220/263 kB | 73/120 kB | 13 kB Progress (4): 52 kB | 225/263 kB | 73/120 kB | 13 kB Progress (4): 52 kB | 225/263 kB | 77/120 kB | 13 kB Progress (4): 52 kB | 229/263 kB | 77/120 kB | 13 kB Progress (4): 52 kB | 229/263 kB | 81/120 kB | 13 kB Progress (4): 52 kB | 233/263 kB | 81/120 kB | 13 kB Progress (4): 52 kB | 233/263 kB | 86/120 kB | 13 kB Progress (4): 52 kB | 237/263 kB | 86/120 kB | 13 kB Progress (4): 52 kB | 237/263 kB | 90/120 kB | 13 kB Progress (4): 52 kB | 241/263 kB | 90/120 kB | 13 kB Progress (4): 52 kB | 241/263 kB | 94/120 kB | 13 kB Progress (4): 52 kB | 245/263 kB | 94/120 kB | 13 kB Progress (4): 52 kB | 245/263 kB | 98/120 kB | 13 kB Progress (4): 52 kB | 249/263 kB | 98/120 kB | 13 kB Progress (4): 52 kB | 249/263 kB | 102/120 kB | 13 kB Progress (4): 52 kB | 253/263 kB | 102/120 kB | 13 kB Progress (4): 52 kB | 253/263 kB | 106/120 kB | 13 kB Progress (4): 52 kB | 257/263 kB | 106/120 kB | 13 kB Progress (4): 52 kB | 257/263 kB | 110/120 kB | 13 kB Progress (4): 52 kB | 261/263 kB | 110/120 kB | 13 kB Progress (4): 52 kB | 261/263 kB | 114/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 114/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 118/120 kB | 13 kB Progress (4): 52 kB | 263 kB | 120 kB | 13 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/maven-artifact/3.0/maven-artifact-3.0.jar (52 kB at 251 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar Progress (4): 263 kB | 120 kB | 13 kB | 4.1/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 7.7/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 12/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 16/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 20/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 24/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 28/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 32/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 36/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 41/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 45/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 49/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 53/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 57/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 61/61 kB Progress (4): 263 kB | 120 kB | 13 kB | 61 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/codehaus/plexus/plexus-utils/3.3.0/plexus-utils-3.3.0.jar (263 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/sonatype/plexus/plexus-cipher/1.4/plexus-cipher-1.4.jar (13 kB at 61 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-artifact-transfer/0.12.0/maven-artifact-transfer-0.12.0.jar (120 kB at 542 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar Progress (2): 61 kB | 4.1/164 kB Progress (2): 61 kB | 7.7/164 kB Progress (2): 61 kB | 12/164 kB Progress (2): 61 kB | 16/164 kB Progress (2): 61 kB | 20/164 kB Progress (2): 61 kB | 24/164 kB Progress (2): 61 kB | 28/164 kB Progress (2): 61 kB | 32/164 kB Progress (2): 61 kB | 36/164 kB Progress (2): 61 kB | 40/164 kB Progress (2): 61 kB | 44/164 kB Progress (2): 61 kB | 48/164 kB Progress (2): 61 kB | 53/164 kB Progress (2): 61 kB | 57/164 kB Progress (2): 61 kB | 61/164 kB Progress (2): 61 kB | 65/164 kB Progress (2): 61 kB | 69/164 kB Progress (2): 61 kB | 73/164 kB Progress (2): 61 kB | 77/164 kB Progress (2): 61 kB | 81/164 kB Progress (2): 61 kB | 85/164 kB Progress (2): 61 kB | 89/164 kB Progress (2): 61 kB | 94/164 kB Progress (2): 61 kB | 98/164 kB Progress (2): 61 kB | 102/164 kB Progress (2): 61 kB | 106/164 kB Progress (2): 61 kB | 110/164 kB Progress (2): 61 kB | 114/164 kB Progress (2): 61 kB | 118/164 kB Progress (2): 61 kB | 122/164 kB Progress (2): 61 kB | 126/164 kB Progress (2): 61 kB | 130/164 kB Progress (2): 61 kB | 134/164 kB Progress (2): 61 kB | 139/164 kB Progress (2): 61 kB | 143/164 kB Progress (2): 61 kB | 147/164 kB Progress (2): 61 kB | 151/164 kB Progress (2): 61 kB | 155/164 kB Progress (2): 61 kB | 159/164 kB Progress (2): 61 kB | 163/164 kB Progress (2): 61 kB | 164 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-common-artifact-filters/3.0.1/maven-common-artifact-filters-3.0.1.jar (61 kB at 267 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar Progress (2): 164 kB | 4.1/26 kB Progress (2): 164 kB | 8.2/26 kB Progress (2): 164 kB | 12/26 kB Progress (2): 164 kB | 16/26 kB Progress (2): 164 kB | 20/26 kB Progress (2): 164 kB | 25/26 kB Progress (2): 164 kB | 26 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-shared-utils/3.1.0/maven-shared-utils-3.1.0.jar (164 kB at 668 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar Progress (2): 26 kB | 4.1/335 kB Progress (2): 26 kB | 7.7/335 kB Progress (2): 26 kB | 12/335 kB Progress (2): 26 kB | 16/335 kB Progress (2): 26 kB | 20/335 kB Progress (2): 26 kB | 24/335 kB Progress (2): 26 kB | 28/335 kB Progress (2): 26 kB | 32/335 kB Progress (2): 26 kB | 36/335 kB Progress (2): 26 kB | 41/335 kB Progress (2): 26 kB | 45/335 kB Progress (2): 26 kB | 49/335 kB Progress (2): 26 kB | 53/335 kB Progress (2): 26 kB | 57/335 kB Progress (2): 26 kB | 61/335 kB Progress (2): 26 kB | 65/335 kB Progress (2): 26 kB | 69/335 kB Progress (2): 26 kB | 73/335 kB Progress (2): 26 kB | 77/335 kB Progress (2): 26 kB | 81/335 kB Progress (2): 26 kB | 86/335 kB Progress (2): 26 kB | 90/335 kB Progress (2): 26 kB | 94/335 kB Progress (2): 26 kB | 98/335 kB Progress (2): 26 kB | 102/335 kB Progress (2): 26 kB | 106/335 kB Progress (2): 26 kB | 110/335 kB Progress (3): 26 kB | 110/335 kB | 3.4/122 kB Progress (3): 26 kB | 114/335 kB | 3.4/122 kB Progress (3): 26 kB | 118/335 kB | 3.4/122 kB Progress (3): 26 kB | 118/335 kB | 7.5/122 kB Progress (3): 26 kB | 122/335 kB | 7.5/122 kB Progress (3): 26 kB | 122/335 kB | 12/122 kB Progress (3): 26 kB | 127/335 kB | 12/122 kB Progress (3): 26 kB | 127/335 kB | 16/122 kB Progress (3): 26 kB | 131/335 kB | 16/122 kB Progress (3): 26 kB | 131/335 kB | 20/122 kB Progress (3): 26 kB | 135/335 kB | 20/122 kB Progress (3): 26 kB | 135/335 kB | 24/122 kB Progress (3): 26 kB | 139/335 kB | 24/122 kB Progress (3): 26 kB | 139/335 kB | 28/122 kB Progress (3): 26 kB | 143/335 kB | 28/122 kB Progress (3): 26 kB | 143/335 kB | 32/122 kB Progress (3): 26 kB | 147/335 kB | 32/122 kB Progress (3): 26 kB | 147/335 kB | 36/122 kB Progress (3): 26 kB | 151/335 kB | 36/122 kB Progress (3): 26 kB | 151/335 kB | 40/122 kB Progress (3): 26 kB | 155/335 kB | 40/122 kB Progress (3): 26 kB | 155/335 kB | 44/122 kB Progress (3): 26 kB | 155/335 kB | 48/122 kB Progress (3): 26 kB | 155/335 kB | 53/122 kB Progress (3): 26 kB | 155/335 kB | 57/122 kB Progress (3): 26 kB | 159/335 kB | 57/122 kB Progress (3): 26 kB | 159/335 kB | 61/122 kB Progress (3): 26 kB | 163/335 kB | 61/122 kB Progress (3): 26 kB | 163/335 kB | 65/122 kB Progress (3): 26 kB | 163/335 kB | 69/122 kB Progress (4): 26 kB | 163/335 kB | 69/122 kB | 4.1/72 kB Progress (4): 26 kB | 163/335 kB | 73/122 kB | 4.1/72 kB Progress (4): 26 kB | 167/335 kB | 73/122 kB | 4.1/72 kB Progress (4): 26 kB | 167/335 kB | 73/122 kB | 7.7/72 kB Progress (4): 26 kB | 167/335 kB | 77/122 kB | 7.7/72 kB Progress (4): 26 kB | 167/335 kB | 77/122 kB | 12/72 kB Progress (4): 26 kB | 172/335 kB | 77/122 kB | 12/72 kB Progress (4): 26 kB | 172/335 kB | 77/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 81/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 85/122 kB | 16/72 kB Progress (4): 26 kB | 172/335 kB | 85/122 kB | 20/72 kB Progress (4): 26 kB | 176/335 kB | 85/122 kB | 20/72 kB Progress (4): 26 kB | 176/335 kB | 85/122 kB | 24/72 kB Progress (4): 26 kB | 180/335 kB | 85/122 kB | 24/72 kB Progress (4): 26 kB | 180/335 kB | 85/122 kB | 28/72 kB Progress (4): 26 kB | 180/335 kB | 89/122 kB | 28/72 kB Progress (4): 26 kB | 180/335 kB | 89/122 kB | 32/72 kB Progress (4): 26 kB | 180/335 kB | 94/122 kB | 32/72 kB Progress (4): 26 kB | 184/335 kB | 94/122 kB | 32/72 kB Progress (4): 26 kB | 184/335 kB | 94/122 kB | 36/72 kB Progress (4): 26 kB | 184/335 kB | 98/122 kB | 36/72 kB Progress (4): 26 kB | 184/335 kB | 98/122 kB | 41/72 kB Progress (4): 26 kB | 188/335 kB | 98/122 kB | 41/72 kB Progress (4): 26 kB | 188/335 kB | 98/122 kB | 45/72 kB Progress (4): 26 kB | 188/335 kB | 102/122 kB | 45/72 kB Progress (4): 26 kB | 188/335 kB | 102/122 kB | 49/72 kB Progress (4): 26 kB | 192/335 kB | 102/122 kB | 49/72 kB Progress (4): 26 kB | 192/335 kB | 102/122 kB | 53/72 kB Progress (4): 26 kB | 192/335 kB | 106/122 kB | 53/72 kB Progress (4): 26 kB | 192/335 kB | 106/122 kB | 57/72 kB Progress (4): 26 kB | 196/335 kB | 106/122 kB | 57/72 kB Progress (4): 26 kB | 196/335 kB | 106/122 kB | 61/72 kB Progress (4): 26 kB | 196/335 kB | 110/122 kB | 61/72 kB Progress (4): 26 kB | 196/335 kB | 110/122 kB | 65/72 kB Progress (4): 26 kB | 196/335 kB | 114/122 kB | 65/72 kB Progress (4): 26 kB | 200/335 kB | 114/122 kB | 65/72 kB Progress (4): 26 kB | 200/335 kB | 118/122 kB | 65/72 kB Progress (4): 26 kB | 204/335 kB | 118/122 kB | 65/72 kB Progress (4): 26 kB | 204/335 kB | 122 kB | 65/72 kB Progress (4): 26 kB | 208/335 kB | 122 kB | 65/72 kB Progress (4): 26 kB | 208/335 kB | 122 kB | 69/72 kB Progress (4): 26 kB | 213/335 kB | 122 kB | 69/72 kB Progress (4): 26 kB | 213/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 217/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 221/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 225/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 229/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 233/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 237/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 241/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 245/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 249/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 254/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 258/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 262/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 266/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 270/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 274/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 278/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 282/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 286/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 290/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 294/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 299/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 303/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 307/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 311/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 315/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 319/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 323/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 327/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 331/335 kB | 122 kB | 72 kB Progress (4): 26 kB | 335 kB | 122 kB | 72 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm/8.0/asm-8.0.jar (122 kB at 456 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar (26 kB at 97 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar Downloaded from central: https://repo.maven.apache.org/maven2/commons-codec/commons-codec/1.11/commons-codec-1.11.jar (335 kB at 1.2 MB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar Progress (2): 72 kB | 4.1/53 kB Progress (2): 72 kB | 7.7/53 kB Progress (2): 72 kB | 12/53 kB Progress (2): 72 kB | 16/53 kB Progress (2): 72 kB | 20/53 kB Progress (2): 72 kB | 24/53 kB Progress (2): 72 kB | 28/53 kB Progress (2): 72 kB | 32/53 kB Progress (2): 72 kB | 36/53 kB Progress (2): 72 kB | 41/53 kB Progress (2): 72 kB | 45/53 kB Progress (2): 72 kB | 49/53 kB Progress (2): 72 kB | 53 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-commons/8.0/asm-commons-8.0.jar (72 kB at 257 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar Progress (2): 53 kB | 4.1/33 kB Progress (2): 53 kB | 7.7/33 kB Progress (2): 53 kB | 12/33 kB Progress (2): 53 kB | 16/33 kB Progress (2): 53 kB | 20/33 kB Progress (2): 53 kB | 24/33 kB Progress (2): 53 kB | 28/33 kB Progress (2): 53 kB | 32/33 kB Progress (2): 53 kB | 33 kB Progress (3): 53 kB | 33 kB | 4.1/37 kB Progress (3): 53 kB | 33 kB | 7.7/37 kB Progress (3): 53 kB | 33 kB | 12/37 kB Progress (3): 53 kB | 33 kB | 16/37 kB Progress (3): 53 kB | 33 kB | 20/37 kB Progress (3): 53 kB | 33 kB | 24/37 kB Progress (3): 53 kB | 33 kB | 28/37 kB Progress (3): 53 kB | 33 kB | 32/37 kB Progress (3): 53 kB | 33 kB | 36/37 kB Progress (3): 53 kB | 33 kB | 37 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-tree/8.0/asm-tree-8.0.jar (53 kB at 176 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar Progress (3): 33 kB | 37 kB | 4.1/134 kB Progress (3): 33 kB | 37 kB | 7.7/134 kB Progress (3): 33 kB | 37 kB | 12/134 kB Progress (3): 33 kB | 37 kB | 16/134 kB Progress (3): 33 kB | 37 kB | 20/134 kB Progress (3): 33 kB | 37 kB | 24/134 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-analysis/8.0/asm-analysis-8.0.jar (33 kB at 109 kB/s) Progress (2): 37 kB | 28/134 kB Downloading from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar Progress (2): 37 kB | 32/134 kB Progress (2): 37 kB | 36/134 kB Progress (2): 37 kB | 41/134 kB Progress (2): 37 kB | 45/134 kB Progress (2): 37 kB | 49/134 kB Progress (2): 37 kB | 53/134 kB Progress (2): 37 kB | 57/134 kB Progress (2): 37 kB | 61/134 kB Progress (2): 37 kB | 65/134 kB Progress (2): 37 kB | 69/134 kB Progress (2): 37 kB | 73/134 kB Progress (2): 37 kB | 77/134 kB Progress (2): 37 kB | 81/134 kB Progress (2): 37 kB | 86/134 kB Progress (2): 37 kB | 90/134 kB Progress (2): 37 kB | 94/134 kB Progress (2): 37 kB | 98/134 kB Progress (2): 37 kB | 102/134 kB Progress (2): 37 kB | 106/134 kB Progress (2): 37 kB | 110/134 kB Progress (2): 37 kB | 114/134 kB Progress (2): 37 kB | 118/134 kB Progress (2): 37 kB | 122/134 kB Progress (2): 37 kB | 127/134 kB Progress (2): 37 kB | 131/134 kB Progress (2): 37 kB | 134 kB Progress (3): 37 kB | 134 kB | 4.1/305 kB Progress (3): 37 kB | 134 kB | 7.7/305 kB Progress (3): 37 kB | 134 kB | 12/305 kB Progress (3): 37 kB | 134 kB | 16/305 kB Progress (3): 37 kB | 134 kB | 20/305 kB Progress (3): 37 kB | 134 kB | 24/305 kB Progress (3): 37 kB | 134 kB | 28/305 kB Progress (3): 37 kB | 134 kB | 32/305 kB Progress (3): 37 kB | 134 kB | 36/305 kB Progress (3): 37 kB | 134 kB | 41/305 kB Progress (3): 37 kB | 134 kB | 45/305 kB Progress (3): 37 kB | 134 kB | 49/305 kB Progress (3): 37 kB | 134 kB | 53/305 kB Progress (3): 37 kB | 134 kB | 57/305 kB Progress (3): 37 kB | 134 kB | 61/305 kB Progress (3): 37 kB | 134 kB | 65/305 kB Progress (3): 37 kB | 134 kB | 69/305 kB Progress (3): 37 kB | 134 kB | 73/305 kB Progress (3): 37 kB | 134 kB | 77/305 kB Progress (3): 37 kB | 134 kB | 81/305 kB Progress (3): 37 kB | 134 kB | 86/305 kB Progress (3): 37 kB | 134 kB | 90/305 kB Progress (3): 37 kB | 134 kB | 94/305 kB Progress (3): 37 kB | 134 kB | 98/305 kB Progress (3): 37 kB | 134 kB | 102/305 kB Progress (3): 37 kB | 134 kB | 106/305 kB Progress (3): 37 kB | 134 kB | 110/305 kB Progress (3): 37 kB | 134 kB | 114/305 kB Progress (3): 37 kB | 134 kB | 118/305 kB Progress (3): 37 kB | 134 kB | 122/305 kB Progress (3): 37 kB | 134 kB | 127/305 kB Progress (3): 37 kB | 134 kB | 131/305 kB Progress (3): 37 kB | 134 kB | 135/305 kB Progress (3): 37 kB | 134 kB | 139/305 kB Progress (3): 37 kB | 134 kB | 143/305 kB Progress (3): 37 kB | 134 kB | 147/305 kB Progress (3): 37 kB | 134 kB | 151/305 kB Progress (3): 37 kB | 134 kB | 155/305 kB Progress (3): 37 kB | 134 kB | 159/305 kB Progress (3): 37 kB | 134 kB | 163/305 kB Progress (3): 37 kB | 134 kB | 167/305 kB Progress (3): 37 kB | 134 kB | 172/305 kB Progress (3): 37 kB | 134 kB | 176/305 kB Progress (3): 37 kB | 134 kB | 180/305 kB Progress (3): 37 kB | 134 kB | 184/305 kB Progress (3): 37 kB | 134 kB | 188/305 kB Progress (3): 37 kB | 134 kB | 192/305 kB Progress (3): 37 kB | 134 kB | 196/305 kB Progress (3): 37 kB | 134 kB | 200/305 kB Progress (3): 37 kB | 134 kB | 204/305 kB Progress (3): 37 kB | 134 kB | 208/305 kB Progress (3): 37 kB | 134 kB | 213/305 kB Progress (3): 37 kB | 134 kB | 217/305 kB Progress (3): 37 kB | 134 kB | 221/305 kB Progress (3): 37 kB | 134 kB | 225/305 kB Progress (3): 37 kB | 134 kB | 229/305 kB Progress (3): 37 kB | 134 kB | 233/305 kB Progress (3): 37 kB | 134 kB | 237/305 kB Progress (3): 37 kB | 134 kB | 241/305 kB Progress (3): 37 kB | 134 kB | 245/305 kB Progress (3): 37 kB | 134 kB | 249/305 kB Progress (3): 37 kB | 134 kB | 254/305 kB Progress (3): 37 kB | 134 kB | 258/305 kB Progress (3): 37 kB | 134 kB | 262/305 kB Progress (3): 37 kB | 134 kB | 266/305 kB Progress (3): 37 kB | 134 kB | 270/305 kB Progress (3): 37 kB | 134 kB | 274/305 kB Progress (3): 37 kB | 134 kB | 278/305 kB Progress (3): 37 kB | 134 kB | 282/305 kB Progress (3): 37 kB | 134 kB | 286/305 kB Progress (3): 37 kB | 134 kB | 290/305 kB Progress (3): 37 kB | 134 kB | 294/305 kB Progress (3): 37 kB | 134 kB | 299/305 kB Progress (3): 37 kB | 134 kB | 303/305 kB Progress (3): 37 kB | 134 kB | 305 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/shared/maven-dependency-tree/3.0.1/maven-dependency-tree-3.0.1.jar (37 kB at 115 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar Progress (3): 134 kB | 305 kB | 4.1/215 kB Progress (3): 134 kB | 305 kB | 7.7/215 kB Progress (3): 134 kB | 305 kB | 12/215 kB Progress (3): 134 kB | 305 kB | 16/215 kB Progress (3): 134 kB | 305 kB | 20/215 kB Progress (3): 134 kB | 305 kB | 24/215 kB Progress (3): 134 kB | 305 kB | 28/215 kB Progress (3): 134 kB | 305 kB | 32/215 kB Progress (3): 134 kB | 305 kB | 36/215 kB Progress (3): 134 kB | 305 kB | 40/215 kB Progress (3): 134 kB | 305 kB | 44/215 kB Progress (3): 134 kB | 305 kB | 48/215 kB Progress (3): 134 kB | 305 kB | 53/215 kB Progress (3): 134 kB | 305 kB | 57/215 kB Progress (3): 134 kB | 305 kB | 61/215 kB Progress (3): 134 kB | 305 kB | 65/215 kB Progress (3): 134 kB | 305 kB | 69/215 kB Progress (3): 134 kB | 305 kB | 73/215 kB Progress (3): 134 kB | 305 kB | 77/215 kB Progress (3): 134 kB | 305 kB | 81/215 kB Progress (3): 134 kB | 305 kB | 85/215 kB Progress (3): 134 kB | 305 kB | 89/215 kB Progress (3): 134 kB | 305 kB | 94/215 kB Progress (3): 134 kB | 305 kB | 98/215 kB Progress (3): 134 kB | 305 kB | 102/215 kB Progress (3): 134 kB | 305 kB | 106/215 kB Progress (3): 134 kB | 305 kB | 110/215 kB Progress (3): 134 kB | 305 kB | 114/215 kB Progress (3): 134 kB | 305 kB | 118/215 kB Progress (3): 134 kB | 305 kB | 122/215 kB Progress (3): 134 kB | 305 kB | 126/215 kB Progress (3): 134 kB | 305 kB | 130/215 kB Progress (3): 134 kB | 305 kB | 134/215 kB Progress (3): 134 kB | 305 kB | 139/215 kB Progress (3): 134 kB | 305 kB | 143/215 kB Progress (3): 134 kB | 305 kB | 147/215 kB Progress (3): 134 kB | 305 kB | 151/215 kB Progress (3): 134 kB | 305 kB | 155/215 kB Progress (3): 134 kB | 305 kB | 159/215 kB Progress (3): 134 kB | 305 kB | 163/215 kB Progress (3): 134 kB | 305 kB | 167/215 kB Progress (3): 134 kB | 305 kB | 171/215 kB Progress (3): 134 kB | 305 kB | 175/215 kB Progress (3): 134 kB | 305 kB | 180/215 kB Progress (3): 134 kB | 305 kB | 184/215 kB Progress (3): 134 kB | 305 kB | 188/215 kB Progress (3): 134 kB | 305 kB | 192/215 kB Progress (3): 134 kB | 305 kB | 196/215 kB Progress (3): 134 kB | 305 kB | 200/215 kB Progress (3): 134 kB | 305 kB | 204/215 kB Progress (3): 134 kB | 305 kB | 208/215 kB Progress (3): 134 kB | 305 kB | 212/215 kB Progress (3): 134 kB | 305 kB | 215 kB Progress (4): 134 kB | 305 kB | 215 kB | 4.1/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 7.7/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 12/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 16/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 20/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 24/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 28/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 32/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 36/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 41/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 45/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 49/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 53/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 57/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 61/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 65/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 69/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 73/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 77/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 81/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 86/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 90/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 94/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 98/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 102/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 106/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 110/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 114/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 118/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 122/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 127/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 131/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 135/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 139/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 143/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 147/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 151/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 155/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 159/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 163/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 167/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 172/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 176/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 180/180 kB Progress (4): 134 kB | 305 kB | 215 kB | 180 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/eclipse/aether/aether-util/0.9.0.M2/aether-util-0.9.0.M2.jar (134 kB at 401 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar Progress (4): 305 kB | 215 kB | 180 kB | 4.1/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 7.7/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 12/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 16/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 20/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 24/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 28/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 32/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 36/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 41/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 45/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 49/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 53/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 57/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 61/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 65/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 69/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 73/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 77/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 81/85 kB Progress (4): 305 kB | 215 kB | 180 kB | 85 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/jdom/jdom2/2.0.6/jdom2-2.0.6.jar (305 kB at 884 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar Downloaded from central: https://repo.maven.apache.org/maven2/org/vafer/jdependency/2.4.0/jdependency-2.4.0.jar (180 kB at 510 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Progress (3): 215 kB | 85 kB | 0.1/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/commons-io/commons-io/2.6/commons-io-2.6.jar (215 kB at 600 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.1/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Progress (2): 85 kB | 0.2/2.6 MB Downloaded from central: https://repo.maven.apache.org/maven2/org/ow2/asm/asm-util/8.0/asm-util-8.0.jar (85 kB at 236 kB/s) Progress (1): 0.2/2.6 MB Downloading from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar Progress (1): 0.2/2.6 MB Progress (1): 0.2/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.3/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.4/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.5/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.6/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.7/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.8/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 0.9/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.0/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.1/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.2/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.3/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.4/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.5/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.6/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.7/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.8/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 1.9/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.0/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.1/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.2/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.3/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.4/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.5/2.6 MB Progress (1): 2.6/2.6 MB Progress (2): 2.6/2.6 MB | 4.1/4.6 kB Progress (2): 2.6/2.6 MB | 4.1/4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6/2.6 MB | 4.6 kB Progress (2): 2.6 MB | 4.6 kB Progress (3): 2.6 MB | 4.6 kB | 2.2 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 4.1/5.9 kB Progress (4): 2.6 MB | 4.6 kB | 2.2 kB | 5.9 kB Progress (5): 2.6 MB | 4.6 kB | 2.2 kB | 5.9 kB | 4.1/20 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/guava/28.2-android/guava-28.2-android.jar (2.6 MB at 6.6 MB/s) Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 7.7/20 kB Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 12/20 kB Downloading from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 16/20 kB Progress (4): 4.6 kB | 2.2 kB | 5.9 kB | 20 kB Downloaded from central: https://repo.maven.apache.org/maven2/org/checkerframework/checker-compat-qual/2.5.5/checker-compat-qual-2.5.5.jar (5.9 kB at 15 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar (4.6 kB at 12 kB/s) Downloading from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar Downloaded from central: https://repo.maven.apache.org/maven2/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar (2.2 kB at 5.5 kB/s) Progress (2): 20 kB | 4.1/14 kB Progress (2): 20 kB | 7.7/14 kB Progress (2): 20 kB | 12/14 kB Progress (2): 20 kB | 14 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar (20 kB at 47 kB/s) Progress (2): 14 kB | 4.1/500 kB Progress (2): 14 kB | 7.7/500 kB Progress (2): 14 kB | 12/500 kB Progress (2): 14 kB | 16/500 kB Progress (2): 14 kB | 20/500 kB Progress (2): 14 kB | 24/500 kB Progress (2): 14 kB | 28/500 kB Progress (2): 14 kB | 32/500 kB Progress (3): 14 kB | 32/500 kB | 4.1/8.8 kB Progress (3): 14 kB | 36/500 kB | 4.1/8.8 kB Progress (3): 14 kB | 36/500 kB | 7.7/8.8 kB Progress (3): 14 kB | 41/500 kB | 7.7/8.8 kB Progress (3): 14 kB | 41/500 kB | 8.8 kB Progress (3): 14 kB | 45/500 kB | 8.8 kB Progress (3): 14 kB | 49/500 kB | 8.8 kB Progress (3): 14 kB | 53/500 kB | 8.8 kB Progress (3): 14 kB | 57/500 kB | 8.8 kB Progress (3): 14 kB | 61/500 kB | 8.8 kB Progress (3): 14 kB | 65/500 kB | 8.8 kB Progress (3): 14 kB | 69/500 kB | 8.8 kB Progress (3): 14 kB | 73/500 kB | 8.8 kB Progress (3): 14 kB | 77/500 kB | 8.8 kB Progress (3): 14 kB | 81/500 kB | 8.8 kB Progress (3): 14 kB | 86/500 kB | 8.8 kB Progress (3): 14 kB | 90/500 kB | 8.8 kB Progress (3): 14 kB | 94/500 kB | 8.8 kB Progress (3): 14 kB | 98/500 kB | 8.8 kB Progress (3): 14 kB | 102/500 kB | 8.8 kB Progress (3): 14 kB | 106/500 kB | 8.8 kB Progress (3): 14 kB | 110/500 kB | 8.8 kB Progress (3): 14 kB | 114/500 kB | 8.8 kB Progress (3): 14 kB | 118/500 kB | 8.8 kB Progress (3): 14 kB | 122/500 kB | 8.8 kB Progress (3): 14 kB | 127/500 kB | 8.8 kB Progress (3): 14 kB | 131/500 kB | 8.8 kB Progress (3): 14 kB | 135/500 kB | 8.8 kB Progress (3): 14 kB | 139/500 kB | 8.8 kB Progress (3): 14 kB | 143/500 kB | 8.8 kB Progress (3): 14 kB | 147/500 kB | 8.8 kB Progress (3): 14 kB | 151/500 kB | 8.8 kB Progress (3): 14 kB | 155/500 kB | 8.8 kB Progress (3): 14 kB | 159/500 kB | 8.8 kB Progress (3): 14 kB | 163/500 kB | 8.8 kB Progress (3): 14 kB | 167/500 kB | 8.8 kB Progress (3): 14 kB | 172/500 kB | 8.8 kB Progress (3): 14 kB | 176/500 kB | 8.8 kB Progress (3): 14 kB | 180/500 kB | 8.8 kB Progress (3): 14 kB | 184/500 kB | 8.8 kB Progress (3): 14 kB | 188/500 kB | 8.8 kB Progress (3): 14 kB | 192/500 kB | 8.8 kB Progress (3): 14 kB | 196/500 kB | 8.8 kB Progress (3): 14 kB | 200/500 kB | 8.8 kB Progress (3): 14 kB | 204/500 kB | 8.8 kB Progress (3): 14 kB | 208/500 kB | 8.8 kB Progress (3): 14 kB | 213/500 kB | 8.8 kB Progress (3): 14 kB | 217/500 kB | 8.8 kB Progress (3): 14 kB | 221/500 kB | 8.8 kB Progress (3): 14 kB | 225/500 kB | 8.8 kB Progress (3): 14 kB | 229/500 kB | 8.8 kB Progress (3): 14 kB | 233/500 kB | 8.8 kB Progress (3): 14 kB | 237/500 kB | 8.8 kB Progress (3): 14 kB | 241/500 kB | 8.8 kB Progress (3): 14 kB | 245/500 kB | 8.8 kB Progress (3): 14 kB | 249/500 kB | 8.8 kB Progress (3): 14 kB | 254/500 kB | 8.8 kB Progress (3): 14 kB | 258/500 kB | 8.8 kB Progress (3): 14 kB | 262/500 kB | 8.8 kB Progress (3): 14 kB | 266/500 kB | 8.8 kB Progress (3): 14 kB | 270/500 kB | 8.8 kB Progress (3): 14 kB | 274/500 kB | 8.8 kB Progress (3): 14 kB | 278/500 kB | 8.8 kB Progress (3): 14 kB | 282/500 kB | 8.8 kB Progress (3): 14 kB | 286/500 kB | 8.8 kB Progress (3): 14 kB | 290/500 kB | 8.8 kB Progress (3): 14 kB | 294/500 kB | 8.8 kB Progress (3): 14 kB | 299/500 kB | 8.8 kB Progress (3): 14 kB | 303/500 kB | 8.8 kB Progress (3): 14 kB | 307/500 kB | 8.8 kB Progress (3): 14 kB | 311/500 kB | 8.8 kB Progress (3): 14 kB | 315/500 kB | 8.8 kB Progress (3): 14 kB | 319/500 kB | 8.8 kB Progress (3): 14 kB | 323/500 kB | 8.8 kB Progress (3): 14 kB | 327/500 kB | 8.8 kB Progress (3): 14 kB | 331/500 kB | 8.8 kB Progress (3): 14 kB | 335/500 kB | 8.8 kB Progress (3): 14 kB | 340/500 kB | 8.8 kB Progress (3): 14 kB | 344/500 kB | 8.8 kB Progress (3): 14 kB | 348/500 kB | 8.8 kB Progress (3): 14 kB | 352/500 kB | 8.8 kB Progress (3): 14 kB | 356/500 kB | 8.8 kB Progress (3): 14 kB | 360/500 kB | 8.8 kB Progress (3): 14 kB | 364/500 kB | 8.8 kB Progress (3): 14 kB | 368/500 kB | 8.8 kB Progress (3): 14 kB | 372/500 kB | 8.8 kB Progress (3): 14 kB | 376/500 kB | 8.8 kB Progress (3): 14 kB | 380/500 kB | 8.8 kB Progress (3): 14 kB | 385/500 kB | 8.8 kB Progress (3): 14 kB | 389/500 kB | 8.8 kB Progress (3): 14 kB | 393/500 kB | 8.8 kB Progress (3): 14 kB | 397/500 kB | 8.8 kB Progress (3): 14 kB | 401/500 kB | 8.8 kB Progress (3): 14 kB | 405/500 kB | 8.8 kB Progress (3): 14 kB | 409/500 kB | 8.8 kB Progress (3): 14 kB | 413/500 kB | 8.8 kB Progress (3): 14 kB | 417/500 kB | 8.8 kB Progress (3): 14 kB | 421/500 kB | 8.8 kB Progress (3): 14 kB | 426/500 kB | 8.8 kB Progress (3): 14 kB | 430/500 kB | 8.8 kB Progress (3): 14 kB | 434/500 kB | 8.8 kB Progress (3): 14 kB | 438/500 kB | 8.8 kB Progress (3): 14 kB | 442/500 kB | 8.8 kB Progress (3): 14 kB | 446/500 kB | 8.8 kB Progress (3): 14 kB | 450/500 kB | 8.8 kB Progress (3): 14 kB | 454/500 kB | 8.8 kB Progress (3): 14 kB | 458/500 kB | 8.8 kB Progress (3): 14 kB | 462/500 kB | 8.8 kB Progress (3): 14 kB | 466/500 kB | 8.8 kB Progress (3): 14 kB | 471/500 kB | 8.8 kB Progress (3): 14 kB | 475/500 kB | 8.8 kB Progress (3): 14 kB | 479/500 kB | 8.8 kB Progress (3): 14 kB | 483/500 kB | 8.8 kB Progress (3): 14 kB | 487/500 kB | 8.8 kB Progress (3): 14 kB | 491/500 kB | 8.8 kB Progress (3): 14 kB | 495/500 kB | 8.8 kB Progress (3): 14 kB | 499/500 kB | 8.8 kB Progress (3): 14 kB | 500 kB | 8.8 kB Downloaded from central: https://repo.maven.apache.org/maven2/com/google/errorprone/error_prone_annotations/2.3.4/error_prone_annotations-2.3.4.jar (14 kB at 31 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/com/google/j2objc/j2objc-annotations/1.3/j2objc-annotations-1.3.jar (8.8 kB at 20 kB/s) Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/commons/commons-lang3/3.7/commons-lang3-3.7.jar (500 kB at 1.1 MB/s) [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17:jar:0.1.2 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11:jar:1.9 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8:jar:1.2.4 in the shaded jar. [INFO] Including io.github.stuartwdouglas.hacbs-test.gradle:hacbs-test-simple-gradle-jdk8:jar:1.1 in the shaded jar. [WARNING] hacbs-test-simple-gradle-jdk8-1.1.jar, hacbs-test.jar, shaded-jdk11-1.9.jar, simple-jdk17-0.1.2.jar, simple-jdk8-1.2.4.jar define 1 overlapping resource: [WARNING] - META-INF/MANIFEST.MF [WARNING] shaded-jdk11-1.9.jar, simple-jdk8-1.2.4.jar define 3 overlapping classes and resources: [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.properties [WARNING] - META-INF/maven/io.github.stuartwdouglas.hacbs-test.simple/simple-jdk8/pom.xml [WARNING] - io.github.stuartwdouglas.hacbstest.simple.simplejdk8.Placeholder [WARNING] maven-shade-plugin has detected that some class files are [WARNING] present in two or more JARs. When this happens, only one [WARNING] single version of the class is copied to the uber jar. [WARNING] Usually this is not harmful and you can skip these warnings, [WARNING] otherwise try to manually exclude artifacts based on [WARNING] mvn dependency:tree -Ddetail=true and the above output. [WARNING] See http://maven.apache.org/plugins/maven-shade-plugin/ [INFO] Replacing original artifact with shaded artifact. [INFO] Replacing /work/target/hacbs-test.jar with /work/target/simple-java-project-1.0-SNAPSHOT-shaded.jar [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 17.044 s [INFO] Finished at: 2026-02-10T22:26:33Z [INFO] ------------------------------------------------------------------------ [2/2] STEP 1/10: FROM registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 [2/2] STEP 2/10: USER 185 [2/2] STEP 3/10: WORKDIR /work/ [2/2] STEP 4/10: COPY --from=builder /work/target/hacbs-test.jar /deployments [2/2] STEP 5/10: EXPOSE 8081 [2/2] STEP 6/10: ENV AB_JOLOKIA_OFF="" [2/2] STEP 7/10: ENV JAVA_APP_JAR="/deployments/hacbs-test.jar" [2/2] STEP 8/10: COPY labels.json /usr/share/buildinfo/labels.json [2/2] STEP 9/10: COPY labels.json /root/buildinfo/labels.json [2/2] STEP 10/10: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" "org.opencontainers.image.revision"="e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo" "build-date"="2026-02-10T22:26:01Z" "org.opencontainers.image.created"="2026-02-10T22:26:01Z" [2/2] COMMIT quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 --> 4a04d4e24954 Successfully tagged quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c [2026-02-10T22:26:34,126121967+00:00] Unsetting proxy [2026-02-10T22:26:34,127332838+00:00] Add metadata Recording base image digests used registry.access.redhat.com/ubi8/openjdk-17:1.23 registry.access.redhat.com/ubi8/openjdk-17:1.23@sha256:b9ef4fb5c68128bf257b7f7a5d6ebf9d2428d01e20368383299c7ffbaae5cdab registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23 registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination [2026-02-10T22:26:36,097811874+00:00] End build pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-push: [2026-02-10T22:26:36,601365120+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2026-02-10T22:26:39,851392476+00:00] Convert image [2026-02-10T22:26:39,852430922+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-wvxrt-build-container [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:konflux-demo-component-tfry-on-push-wvxrt-build-container Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination [2026-02-10T22:26:46,604155827+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 [retry] executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /var/workdir/image-digest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Getting image source signatures Copying blob sha256:bcab1d1b8d1d860e702a85ffefc54e187c9b9f3ab5dfcd18f8ecb9b9a9020108 Copying blob sha256:df402946873fa4f44bfc47e7332afee3acc2a516f43fc37ad5a8f96d846edd57 Copying blob sha256:5044c9e21844909dc298258cb8a238657e444ce1a8c4d71f259e956580c632a6 Copying config sha256:4a04d4e24954c5d68cdbbe383e756e69b04f090b7478d933bf184a328202753c Writing manifest to image destination sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9dquay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 [2026-02-10T22:26:47,464023240+00:00] End push pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-sbom-syft-generate: [2026-02-10T22:26:47,718167696+00:00] Generate SBOM Running syft on the image Running syft on the source code [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) [2026-02-10T22:26:56,153584392+00:00] End sbom-syft-generate pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-prepare-sboms: [2026-02-10T22:26:56,883575195+00:00] Prepare SBOM [2026-02-10T22:26:56,887253701+00:00] Generate SBOM with mobster Skipping SBOM validation 2026-02-10 22:27:08,329 [INFO] mobster.log: Logging level set to 20 2026-02-10 22:27:09,628 [INFO] mobster.oci: Fetching manifest for registry.access.redhat.com/ubi8/openjdk-17-runtime@sha256:d37b5245163e1d52236ce6d294f1bc6aa43d4ee85831b8400d37c1e9f4ee8826 2026-02-10 22:27:13,111 [INFO] mobster.cmd.generate.oci_image.contextual_sbom.contextualize: Contextual mechanism won't be used, there is no parent image SBOM. 2026-02-10 22:27:13,111 [INFO] mobster.cmd.generate.oci_image: Contextual SBOM workflow finished successfully. 2026-02-10 22:27:13,112 [INFO] mobster.log: Contextual workflow completed in 3.68s 2026-02-10 22:27:13,325 [INFO] mobster.main: Exiting with code 0. [2026-02-10T22:27:14,227505671+00:00] End prepare-sboms pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-upload-sbom: [2026-02-10T22:27:14,972454997+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:35167d1ec6dc689459086f2f31a1f964a05e73b5a82b5dcddc967a5d3c9c42d1 [2026-02-10T22:27:25,522474598+00:00] End upload-sbom pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | init container: prepare 2026/02/10 22:27:27 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | init container: place-scripts 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-0-frlqv 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-1-mjm8g 2026/02/10 22:27:28 Decoded script /tekton/scripts/script-2-tdnqq pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-build: [2026-02-10T22:27:32,568458181+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' 573053168e5505db4b414a0ead0415f903504d6398d112f9028d986f4ca882ce Skipping image index generation. Returning results for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-create-sbom: The manifest_data.json file does not exist. Skipping the SBOM creation... pod: konflux-demo-component-tfry-on-push-wvxrt-build-image-index-pod | container step-upload-sbom: [2026-02-10T22:27:34,741661028+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' The index.spdx.json file does not exists. Skipping the SBOM upload... pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-0-wxdtz 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-m2ptb 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-9bv9s 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-3-xfzzx pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2026-02-10T22:27:46Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"}] 2026-02-10T22:27:46Z INF libvuln initialized component=libvuln/New 2026-02-10T22:27:46Z INF registered configured scanners component=libindex/New 2026-02-10T22:27:46Z INF NewLayerScanner: constructing a new layer-scanner component=indexer.NewLayerScanner 2026-02-10T22:27:46Z INF index request start component=libindex/Libindex.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d 2026-02-10T22:27:46Z INF starting scan component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d 2026-02-10T22:27:46Z INF manifest to be scanned component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=CheckManifest 2026-02-10T22:27:46Z INF layers fetch start component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers fetch success component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers fetch done component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=FetchLayers 2026-02-10T22:27:49Z INF layers scan start component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=ScanLayers 2026-02-10T22:27:49Z INF found buildinfo Dockerfile component=rhel/rhcc/scanner.Scan kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d path=root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586 scanner=rhel_containerscanner state=ScanLayers 2026-02-10T22:27:49Z INF skipping jar component=java/Scanner.Scan file=usr/lib/jvm/java-17-openjdk-17.0.18.0.8-1.el8.x86_64/lib/jrt-fs.jar kind=package layer=sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3 manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d reason="jar: unidentified jar: jrt-fs.jar" scanner=java state=ScanLayers version=6 2026-02-10T22:27:50Z INF layers scan done component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=ScanLayers 2026-02-10T22:27:50Z INF starting index manifest component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexManifest 2026-02-10T22:27:50Z INF finishing scan component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexFinished 2026-02-10T22:27:50Z INF manifest successfully scanned component=indexer/controller/Controller.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d state=IndexFinished 2026-02-10T22:27:50Z INF index request done component=libindex/Libindex.Index manifest=sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d { "manifest_hash": "sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d", "packages": { "+XM+s3niWaEk1U5jnR5DpA==": { "id": "+XM+s3niWaEk1U5jnR5DpA==", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "binary", "source": { "id": "", "name": "libyaml", "version": "0.1.7-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+Xr7HyTxXf0c8jLaUyo3xA==": { "id": "+Xr7HyTxXf0c8jLaUyo3xA==", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libidn2", "version": "2.2.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+hvIC0Et/RtHi7EAFCmfEw==": { "id": "+hvIC0Et/RtHi7EAFCmfEw==", "name": "file-libs", "version": "5.33-27.el8_10", "kind": "binary", "source": { "id": "", "name": "file", "version": "5.33-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "+qrxjVH7Im8eBfrz4h4P/w==": { "id": "+qrxjVH7Im8eBfrz4h4P/w==", "name": "shadow-utils", "version": "2:4.6-23.el8_10", "kind": "binary", "source": { "id": "", "name": "shadow-utils", "version": "4.6-23.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "/ji9IJ9FfNcwqVRbMWZshQ==": { "id": "/ji9IJ9FfNcwqVRbMWZshQ==", "name": "nss-softokn-freebl", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "0+9x6aIRcNDCM7R94cpzew==": { "id": "0+9x6aIRcNDCM7R94cpzew==", "name": "java-17-openjdk-headless", "version": "1:17.0.18.0.8-1.el8", "kind": "binary", "source": { "id": "", "name": "java-17-openjdk", "version": "17.0.18.0.8-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1+yTM1fAMLq+dz3TFkyS0A==": { "id": "1+yTM1fAMLq+dz3TFkyS0A==", "name": "libnghttp2", "version": "1.33.0-6.el8_10.1", "kind": "binary", "source": { "id": "", "name": "nghttp2", "version": "1.33.0-6.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "1gormAsAjMuks2JveQRd0Q==": { "id": "1gormAsAjMuks2JveQRd0Q==", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "binary", "source": { "id": "", "name": "gobject-introspection", "version": "1.56.1-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3+d+oaGDGj9g2+1RFZjY5A==": { "id": "3+d+oaGDGj9g2+1RFZjY5A==", "name": "gmp", "version": "1:6.1.2-11.el8", "kind": "binary", "source": { "id": "", "name": "gmp", "version": "6.1.2-11.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3OVNevSm98h4f1fmX4IZwQ==": { "id": "3OVNevSm98h4f1fmX4IZwQ==", "name": "org.example:simple-java-project", "version": "1.0-SNAPSHOT", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "3jI2apoRMNGhHa141Q5dlQ==": { "id": "3jI2apoRMNGhHa141Q5dlQ==", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "binary", "source": { "id": "", "name": "libksba", "version": "1.3.5-9.el8_7", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3nOApXnXeRgrYlPW+0hAFQ==": { "id": "3nOApXnXeRgrYlPW+0hAFQ==", "name": "glibc-common", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "3uSX4NgBxQvC8LEk48QoOQ==": { "id": "3uSX4NgBxQvC8LEk48QoOQ==", "name": "cyrus-sasl-lib", "version": "2.1.27-6.el8_5", "kind": "binary", "source": { "id": "", "name": "cyrus-sasl", "version": "2.1.27-6.el8_5", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "45rvgYmy022Tx6fVWfking==": { "id": "45rvgYmy022Tx6fVWfking==", "name": "publicsuffix-list-dafsa", "version": "20180723-1.el8", "kind": "binary", "source": { "id": "", "name": "publicsuffix-list", "version": "20180723-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "47OMpR7yEmE4lttsyWq3fw==": { "id": "47OMpR7yEmE4lttsyWq3fw==", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "binary", "source": { "id": "", "name": "libusbx", "version": "1.0.23-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4ZgMXaHDWnwPnqKlcJzEIw==": { "id": "4ZgMXaHDWnwPnqKlcJzEIw==", "name": "krb5-libs", "version": "1.18.2-32.el8_10", "kind": "binary", "source": { "id": "", "name": "krb5", "version": "1.18.2-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4sG4bBloak5Sz907ZDRs6Q==": { "id": "4sG4bBloak5Sz907ZDRs6Q==", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "binary", "source": { "id": "", "name": "libnsl2", "version": "1.2.0-2.20180605git4a062cf.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "4uQuJg+li+gGAwnGRDcs+w==": { "id": "4uQuJg+li+gGAwnGRDcs+w==", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "5U8sNbKx0xZsaHcVt4MmxA==": { "id": "5U8sNbKx0xZsaHcVt4MmxA==", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "binary", "source": { "id": "", "name": "chkconfig", "version": "1.19.2-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "64trMyh8WGXpZhV47fwq2Q==": { "id": "64trMyh8WGXpZhV47fwq2Q==", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "67DLnC895xbDFuD3MGhCtQ==": { "id": "67DLnC895xbDFuD3MGhCtQ==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk8", "version": "1.2.4", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "6KnijwRsfeerWmf5Zl8NWw==": { "id": "6KnijwRsfeerWmf5Zl8NWw==", "name": "sed", "version": "4.5-5.el8", "kind": "binary", "source": { "id": "", "name": "sed", "version": "4.5-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "7eg89eCgA75bJ7WhhN/T4Q==": { "id": "7eg89eCgA75bJ7WhhN/T4Q==", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "binary", "source": { "id": "", "name": "libtasn1", "version": "4.13-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "9uhqFNTCJ7/bpzSlc7qCaQ==": { "id": "9uhqFNTCJ7/bpzSlc7qCaQ==", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "binary", "source": { "id": "", "name": "libgcrypt", "version": "1.8.5-7.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AuC6XQzcU/5tB4luIfjLFg==": { "id": "AuC6XQzcU/5tB4luIfjLFg==", "name": "elfutils-libelf", "version": "0.190-2.el8", "kind": "binary", "source": { "id": "", "name": "elfutils", "version": "0.190-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "AziZ1oGI+oDXVPzldKNj+w==": { "id": "AziZ1oGI+oDXVPzldKNj+w==", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "binary", "source": { "id": "", "name": "openldap", "version": "2.4.46-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BPsD0kkdIoK3KQUZ5DpJjw==": { "id": "BPsD0kkdIoK3KQUZ5DpJjw==", "name": "dbus-libs", "version": "1:1.12.8-27.el8_10", "kind": "binary", "source": { "id": "", "name": "dbus", "version": "1.12.8-27.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "BmK1zIjr5KsuOODCYwxRCw==": { "id": "BmK1zIjr5KsuOODCYwxRCw==", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "binary", "source": { "id": "", "name": "libpsl", "version": "0.20.2-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CQOBIgjxWXRaonBtrrzkdA==": { "id": "CQOBIgjxWXRaonBtrrzkdA==", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "CbqHQON08ZsUvPS9XDaTFA==": { "id": "CbqHQON08ZsUvPS9XDaTFA==", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Cklbj7Y2kf3vqxqc0m1GHQ==": { "id": "Cklbj7Y2kf3vqxqc0m1GHQ==", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "binary", "source": { "id": "", "name": "librhsm", "version": "0.0.3-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "D/ASdBsgxLNlG5Q8U7UPsQ==": { "id": "D/ASdBsgxLNlG5Q8U7UPsQ==", "name": "rootfiles", "version": "8.1-22.el8", "kind": "binary", "source": { "id": "", "name": "rootfiles", "version": "8.1-22.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "D9iJYSwBt2n6JCuuNo2fKg==": { "id": "D9iJYSwBt2n6JCuuNo2fKg==", "name": "audit-libs", "version": "3.1.2-1.el8_10.1", "kind": "binary", "source": { "id": "", "name": "audit", "version": "3.1.2-1.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EGfzPeF6a5hj9x4BwoN25A==": { "id": "EGfzPeF6a5hj9x4BwoN25A==", "name": "libcap", "version": "2.48-6.el8_9", "kind": "binary", "source": { "id": "", "name": "libcap", "version": "2.48-6.el8_9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "EiNiLT8ulizCzEWcybhizQ==": { "id": "EiNiLT8ulizCzEWcybhizQ==", "name": "lz4-libs", "version": "1.8.3-5.el8_10", "kind": "binary", "source": { "id": "", "name": "lz4", "version": "1.8.3-5.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "F7AOP7tK5AfUXV1g9iTzFA==": { "id": "F7AOP7tK5AfUXV1g9iTzFA==", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "binary", "source": { "id": "", "name": "mpfr", "version": "3.1.6-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "FS5/DAbDsXWURU9onlACPA==": { "id": "FS5/DAbDsXWURU9onlACPA==", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "binary", "source": { "id": "", "name": "alsa-lib", "version": "1.2.10-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "G+gX+j4AbiCorxKiF1UojA==": { "id": "G+gX+j4AbiCorxKiF1UojA==", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "binary", "source": { "id": "", "name": "libsolv", "version": "0.7.20-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "GLKhGblbPbPbtDKwfpCv5A==": { "id": "GLKhGblbPbPbtDKwfpCv5A==", "name": "filesystem", "version": "3.8-6.el8", "kind": "binary", "source": { "id": "", "name": "filesystem", "version": "3.8-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Gg1Q6hponuT1eSJHwaJ83w==": { "id": "Gg1Q6hponuT1eSJHwaJ83w==", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "binary", "source": { "id": "", "name": "libcap-ng", "version": "0.7.11-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "H/znvON46YQfVvzT/b1oJQ==": { "id": "H/znvON46YQfVvzT/b1oJQ==", "name": "cups-libs", "version": "1:2.2.6-66.el8_10", "kind": "binary", "source": { "id": "", "name": "cups", "version": "2.2.6-66.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HMIoZ/TKrKhxI1rD26qmpw==": { "id": "HMIoZ/TKrKhxI1rD26qmpw==", "name": "json-c", "version": "0.13.1-3.el8", "kind": "binary", "source": { "id": "", "name": "json-c", "version": "0.13.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "HQz7GX8xnNYHI3vgIxIyAQ==": { "id": "HQz7GX8xnNYHI3vgIxIyAQ==", "name": "tzdata-java", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "IzLcxZDtcvtJR5Gwdq9HDg==": { "id": "IzLcxZDtcvtJR5Gwdq9HDg==", "name": "libattr", "version": "2.4.48-3.el8", "kind": "binary", "source": { "id": "", "name": "attr", "version": "2.4.48-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "J34PJ2GThOWZuKVgFIoieA==": { "id": "J34PJ2GThOWZuKVgFIoieA==", "name": "zlib", "version": "1.2.11-25.el8", "kind": "binary", "source": { "id": "", "name": "zlib", "version": "1.2.11-25.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JNDNKhJbFTSevs7EALfE9A==": { "id": "JNDNKhJbFTSevs7EALfE9A==", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "JWP1zeBb3fsabIOohe0zxQ==": { "id": "JWP1zeBb3fsabIOohe0zxQ==", "name": "libcurl", "version": "7.61.1-34.el8_10.9", "kind": "binary", "source": { "id": "", "name": "curl", "version": "7.61.1-34.el8_10.9", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "LXiVkIlXLq/usMYIwCTH8Q==": { "id": "LXiVkIlXLq/usMYIwCTH8Q==", "name": "libsmartcols", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "MVZUXzP9klg5te8qgA9h5w==": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "MqWy2ztZwvwiD3S+M3fOgQ==": { "id": "MqWy2ztZwvwiD3S+M3fOgQ==", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "binary", "source": { "id": "", "name": "gnutls", "version": "3.6.16-8.el8_10.4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N1RbIRo2SyHosQefv+skDw==": { "id": "N1RbIRo2SyHosQefv+skDw==", "name": "gawk", "version": "4.2.1-4.el8", "kind": "binary", "source": { "id": "", "name": "gawk", "version": "4.2.1-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N3ZaMrNJKoumMpaY0smlMQ==": { "id": "N3ZaMrNJKoumMpaY0smlMQ==", "name": "sqlite-libs", "version": "3.26.0-20.el8_10", "kind": "binary", "source": { "id": "", "name": "sqlite", "version": "3.26.0-20.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "N5EuVcX6TPHBo7OPtax5uA==": { "id": "N5EuVcX6TPHBo7OPtax5uA==", "name": "crypto-policies-scripts", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NJbhst8VIOwst++ZzRP6tA==": { "id": "NJbhst8VIOwst++ZzRP6tA==", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "binary", "source": { "id": "", "name": "libpeas", "version": "1.22.0-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "NguWV8S6YQYvQsGQDJm2Rg==": { "id": "NguWV8S6YQYvQsGQDJm2Rg==", "name": "ncurses-base", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "NsvPyDc//39XTuXcn3j2uQ==": { "id": "NsvPyDc//39XTuXcn3j2uQ==", "name": "gdbm", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "P5Se4zJpr8ZUwZNUojfuzA==": { "id": "P5Se4zJpr8ZUwZNUojfuzA==", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "binary", "source": { "id": "", "name": "libxcrypt", "version": "4.1.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "POPH5BJ/Q4Bfen05TT291g==": { "id": "POPH5BJ/Q4Bfen05TT291g==", "name": "nss-util", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "PpyARLP/xBpaE8+NP5fWog==": { "id": "PpyARLP/xBpaE8+NP5fWog==", "name": "platform-python", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Q0uPb/t/3IQ8GEwlv/J3Cw==": { "id": "Q0uPb/t/3IQ8GEwlv/J3Cw==", "name": "libmount", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QC6e3OaV78mjs678tGU2KQ==": { "id": "QC6e3OaV78mjs678tGU2KQ==", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "QXEDMSZisv5SUXtJo7Fs5g==": { "id": "QXEDMSZisv5SUXtJo7Fs5g==", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "binary", "source": { "id": "", "name": "gpgme", "version": "1.13.1-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "RKXYZTbYgViwzC05uqeDSg==": { "id": "RKXYZTbYgViwzC05uqeDSg==", "name": "io.github.stuartwdouglas.hacbs-test.simple:simple-jdk17", "version": "0.1.2", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "RtrzwDgrQgu9S5B72s2sww==": { "id": "RtrzwDgrQgu9S5B72s2sww==", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libunistring", "version": "0.9.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "TARQvmsLVC/S1fQD1jO4Xw==": { "id": "TARQvmsLVC/S1fQD1jO4Xw==", "name": "gdbm-libs", "version": "1:1.18-2.el8", "kind": "binary", "source": { "id": "", "name": "gdbm", "version": "1.18-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "USWNn71p+k059dbiu5HDEA==": { "id": "USWNn71p+k059dbiu5HDEA==", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "binary", "source": { "id": "", "name": "libassuan", "version": "2.5.1-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "UUZyda9G/ffvF6rJ5W1UnQ==": { "id": "UUZyda9G/ffvF6rJ5W1UnQ==", "name": "libstdc++", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "VrCmPwuY69qW5jl9ctxOZg==": { "id": "VrCmPwuY69qW5jl9ctxOZg==", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libtirpc", "version": "1.1.4-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "W66WOQ3v6r7mSn6+o7gaew==": { "id": "W66WOQ3v6r7mSn6+o7gaew==", "name": "popt", "version": "1.18-1.el8", "kind": "binary", "source": { "id": "", "name": "popt", "version": "1.18-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Wq1n4jzKBPdL9z5l5HD99w==": { "id": "Wq1n4jzKBPdL9z5l5HD99w==", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "binary", "source": { "id": "", "name": "libarchive", "version": "3.3.3-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "X+Ae9zKuAx9THOOUSwNTBw==": { "id": "X+Ae9zKuAx9THOOUSwNTBw==", "name": "systemd-libs", "version": "239-82.el8_10.13", "kind": "binary", "source": { "id": "", "name": "systemd", "version": "239-82.el8_10.13", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YjDcGmvP0/z8VqRiUvkhOQ==": { "id": "YjDcGmvP0/z8VqRiUvkhOQ==", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "binary", "source": { "id": "", "name": "gnupg2", "version": "2.2.20-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "YtdL4ZI7QAhSZw75UuDn3w==": { "id": "YtdL4ZI7QAhSZw75UuDn3w==", "name": "python3-libs", "version": "3.6.8-72.el8_10", "kind": "binary", "source": { "id": "", "name": "python3", "version": "3.6.8-72.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "Za0y7YiKRidyIBZNIzq/Ng==": { "id": "Za0y7YiKRidyIBZNIzq/Ng==", "name": "librepo", "version": "1.14.2-5.el8", "kind": "binary", "source": { "id": "", "name": "librepo", "version": "1.14.2-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "auI8KtI6OozP7EAIr9UlQQ==": { "id": "auI8KtI6OozP7EAIr9UlQQ==", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "binary", "source": { "id": "", "name": "pcre2", "version": "10.32-3.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bWUdPEYmtshwdmuX5VapfQ==": { "id": "bWUdPEYmtshwdmuX5VapfQ==", "name": "libblkid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "bmxL3lydQy0yU8g1iBgovg==": { "id": "bmxL3lydQy0yU8g1iBgovg==", "name": "libsepol", "version": "2.9-3.el8", "kind": "binary", "source": { "id": "", "name": "libsepol", "version": "2.9-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cXCMP7NdkMDf1+Rb1IEktQ==": { "id": "cXCMP7NdkMDf1+Rb1IEktQ==", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "binary", "source": { "id": "", "name": "libsemanage", "version": "2.9-12.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "cug9tRnMBJIdiXPtixVsAg==": { "id": "cug9tRnMBJIdiXPtixVsAg==", "name": "tzdata", "version": "2025c-1.el8", "kind": "binary", "source": { "id": "", "name": "tzdata", "version": "2025c-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dOBT1Qffq44NOVuk9chDyg==": { "id": "dOBT1Qffq44NOVuk9chDyg==", "name": "readline", "version": "7.0-10.el8", "kind": "binary", "source": { "id": "", "name": "readline", "version": "7.0-10.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dOwQwVL1NxmF6ouACZklrQ==": { "id": "dOwQwVL1NxmF6ouACZklrQ==", "name": "p11-kit-trust", "version": "0.23.22-2.el8", "kind": "binary", "source": { "id": "", "name": "p11-kit", "version": "0.23.22-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "dSjxsaDISLUiFwRTCSO8Tg==": { "id": "dSjxsaDISLUiFwRTCSO8Tg==", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "binary", "source": { "id": "", "name": "crypto-policies", "version": "20230731-1.git3177e06.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "dtGaxafuhIU1Ppty914fJw==": { "id": "dtGaxafuhIU1Ppty914fJw==", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "binary", "source": { "id": "", "name": "nspr", "version": "4.36.0-2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "eZ7CwFvwDCQu4vzKyuIZgA==": { "id": "eZ7CwFvwDCQu4vzKyuIZgA==", "name": "basesystem", "version": "11-5.el8", "kind": "binary", "source": { "id": "", "name": "basesystem", "version": "11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f/Al/eNlUhjEgKSV0J2z7w==": { "id": "f/Al/eNlUhjEgKSV0J2z7w==", "name": "python3-pip-wheel", "version": "9.0.3-24.el8", "kind": "binary", "source": { "id": "", "name": "python-pip", "version": "9.0.3-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "f1lteJj1IxLDbDb+BI8yjg==": { "id": "f1lteJj1IxLDbDb+BI8yjg==", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "binary", "source": { "id": "", "name": "ca-certificates", "version": "2025.2.80_v9.0.304-80.2.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "g146nKetkX1f4hfH1b5RWA==": { "id": "g146nKetkX1f4hfH1b5RWA==", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gMqsUnRclTj6iuxHCslNRA==": { "id": "gMqsUnRclTj6iuxHCslNRA==", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "binary", "source": { "id": "", "name": "libdnf", "version": "0.63.0-21.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gOaN4treTmKK7tU+N6AZ1w==": { "id": "gOaN4treTmKK7tU+N6AZ1w==", "name": "pcre", "version": "8.42-6.el8", "kind": "binary", "source": { "id": "", "name": "pcre", "version": "8.42-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gtbMsmX05ZWh+bkM1Wprlw==": { "id": "gtbMsmX05ZWh+bkM1Wprlw==", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "binary", "source": { "id": "", "name": "bash", "version": "4.4.20-6.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "gyKx9kaQg8EKW63JGRFYXg==": { "id": "gyKx9kaQg8EKW63JGRFYXg==", "name": "glibc-minimal-langpack", "version": "2.28-251.el8_10.27", "kind": "binary", "source": { "id": "", "name": "glibc", "version": "2.28-251.el8_10.27", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "h53SWWmMQUh4cLyBmYeNvw==": { "id": "h53SWWmMQUh4cLyBmYeNvw==", "name": "avahi-libs", "version": "0.7-27.el8_10.1", "kind": "binary", "source": { "id": "", "name": "avahi", "version": "0.7-27.el8_10.1", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hSTTMcRX1DBcXc+8jKeg3Q==": { "id": "hSTTMcRX1DBcXc+8jKeg3Q==", "name": "libgcc", "version": "8.5.0-28.el8_10", "kind": "binary", "source": { "id": "", "name": "gcc", "version": "8.5.0-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "hcJqCsCpWm+XI9JT6ImS5g==": { "id": "hcJqCsCpWm+XI9JT6ImS5g==", "name": "nettle", "version": "3.4.1-7.el8", "kind": "binary", "source": { "id": "", "name": "nettle", "version": "3.4.1-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "i1z2TLfe0HD5kZCQr/fh/g==": { "id": "i1z2TLfe0HD5kZCQr/fh/g==", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "binary", "source": { "id": "", "name": "libselinux", "version": "2.9-10.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "isPl2YxnCTfcLmUYH6Q0sA==": { "id": "isPl2YxnCTfcLmUYH6Q0sA==", "name": "libuuid", "version": "2.32.1-48.el8_10", "kind": "binary", "source": { "id": "", "name": "util-linux", "version": "2.32.1-48.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "jmNxyfDM4IV/F4mrfNTfyg==": { "id": "jmNxyfDM4IV/F4mrfNTfyg==", "name": "setup", "version": "2.12.2-9.el8", "kind": "binary", "source": { "id": "", "name": "setup", "version": "2.12.2-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "jtdCxL/eH5JTPcKstKunJg==": { "id": "jtdCxL/eH5JTPcKstKunJg==", "name": "grep", "version": "3.1-6.el8", "kind": "binary", "source": { "id": "", "name": "grep", "version": "3.1-6.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k/BpvWmZ5EVfmiPqpZ3pGw==": { "id": "k/BpvWmZ5EVfmiPqpZ3pGw==", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "binary", "source": { "id": "", "name": "expat", "version": "2.5.0-1.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "k4gCNgIfg7MM/e42ThRx2w==": { "id": "k4gCNgIfg7MM/e42ThRx2w==", "name": "libzstd", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "zstd", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "ka4b0+TZOGmroTz/rrRQcg==": { "id": "ka4b0+TZOGmroTz/rrRQcg==", "name": "nss-softokn", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "kwc9NYOQig+qWs5qmBRL/w==": { "id": "kwc9NYOQig+qWs5qmBRL/w==", "name": "ncurses-libs", "version": "6.1-10.20180224.el8", "kind": "binary", "source": { "id": "", "name": "ncurses", "version": "6.1-10.20180224.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lEFbOzBTlWwCqC/ZbjJfgQ==": { "id": "lEFbOzBTlWwCqC/ZbjJfgQ==", "name": "python3-setuptools-wheel", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "lU0MYRg2dg5wynl2dMGsgA==": { "id": "lU0MYRg2dg5wynl2dMGsgA==", "name": "xz-libs", "version": "5.2.4-4.el8_6", "kind": "binary", "source": { "id": "", "name": "xz", "version": "5.2.4-4.el8_6", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "lqQ3rJzPTM4e3pH+ravEcw==": { "id": "lqQ3rJzPTM4e3pH+ravEcw==", "name": "brotli", "version": "1.0.6-3.el8", "kind": "binary", "source": { "id": "", "name": "brotli", "version": "1.0.6-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mAmp7BtGrfzV0HnAKw9sTw==": { "id": "mAmp7BtGrfzV0HnAKw9sTw==", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "binary", "source": { "id": "", "name": "libsigsegv", "version": "2.11-5.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mLwCNKs2wEtLWAiibtR4BQ==": { "id": "mLwCNKs2wEtLWAiibtR4BQ==", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "binary", "source": { "id": "", "name": "microdnf", "version": "3.8.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mThcA5Cjw8Jx10odGCZOkw==": { "id": "mThcA5Cjw8Jx10odGCZOkw==", "name": "coreutils-single", "version": "8.30-16.el8_10", "kind": "binary", "source": { "id": "", "name": "coreutils", "version": "8.30-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mkpeQMTn6iNiF+ShBe+oZg==": { "id": "mkpeQMTn6iNiF+ShBe+oZg==", "name": "libverto", "version": "0.3.2-2.el8", "kind": "binary", "source": { "id": "", "name": "libverto", "version": "0.3.2-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "mtrWxjnWyzrIFOuHVeUG6g==": { "id": "mtrWxjnWyzrIFOuHVeUG6g==", "name": "tar", "version": "2:1.30-11.el8_10", "kind": "binary", "source": { "id": "", "name": "tar", "version": "1.30-11.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "nDtLoMnkuhspYDn7NZEcjw==": { "id": "nDtLoMnkuhspYDn7NZEcjw==", "name": "findutils", "version": "1:4.6.0-24.el8_10", "kind": "binary", "source": { "id": "", "name": "findutils", "version": "4.6.0-24.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "o4v1nyEgxKUJdf78CSzLEg==": { "id": "o4v1nyEgxKUJdf78CSzLEg==", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "binary", "source": { "id": "", "name": "libgpg-error", "version": "1.31-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oPxhGBL0xk+N4XwwxvflAQ==": { "id": "oPxhGBL0xk+N4XwwxvflAQ==", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "binary", "source": { "id": "", "name": "redhat-release", "version": "8.10-0.3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "oSDtB9GflLljTYeOAikyIQ==": { "id": "oSDtB9GflLljTYeOAikyIQ==", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "binary", "source": { "id": "", "name": "glib2", "version": "2.56.4-168.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "p9tXHgTBVU/b3sTnwfubzg==": { "id": "p9tXHgTBVU/b3sTnwfubzg==", "name": "libdb-utils", "version": "5.3.28-42.el8_4", "kind": "binary", "source": { "id": "", "name": "libdb", "version": "5.3.28-42.el8_4", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "pY2NT/GP1UxyOuAl2rKgCw==": { "id": "pY2NT/GP1UxyOuAl2rKgCw==", "name": "npth", "version": "1.5-4.el8", "kind": "binary", "source": { "id": "", "name": "npth", "version": "1.5-4.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "peUaHHW4E9Y6Nd8+gJR5cQ==": { "id": "peUaHHW4E9Y6Nd8+gJR5cQ==", "name": "libssh-config", "version": "0.9.6-16.el8_10", "kind": "binary", "source": { "id": "", "name": "libssh", "version": "0.9.6-16.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "pp9zZ0tBoevZ/s15eFRL8g==": { "id": "pp9zZ0tBoevZ/s15eFRL8g==", "name": "libacl", "version": "2.2.53-3.el8", "kind": "binary", "source": { "id": "", "name": "acl", "version": "2.2.53-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "r23nOnTJvuvXzj0P21ldlw==": { "id": "r23nOnTJvuvXzj0P21ldlw==", "name": "rpm-libs", "version": "4.14.3-32.el8_10", "kind": "binary", "source": { "id": "", "name": "rpm", "version": "4.14.3-32.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "rEDvBZu+g63sUG7lgdch/Q==": { "id": "rEDvBZu+g63sUG7lgdch/Q==", "name": "ubi8/openjdk-17-runtime", "version": "1.23-4.1770204586", "kind": "binary", "source": { "id": "MVZUXzP9klg5te8qgA9h5w==", "name": "openjdk-17-runtime-ubi8-container", "version": "1.23-4.1770204586", "kind": "source", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "normalized_version": "rhctag:1.23.0.0.0.0.0.0.0.0", "arch": "x86_64", "cpe": "" }, "rFsA2fU/SFo3JGOkxRURTQ==": { "id": "rFsA2fU/SFo3JGOkxRURTQ==", "name": "keyutils-libs", "version": "1.5.10-9.el8", "kind": "binary", "source": { "id": "", "name": "keyutils", "version": "1.5.10-9.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sMrsZHOrW8FfprPHZo6Jww==": { "id": "sMrsZHOrW8FfprPHZo6Jww==", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "binary", "source": { "id": "", "name": "libmodulemd", "version": "2.13.0-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "sUhkiUesE2DHTU1IF7t+tw==": { "id": "sUhkiUesE2DHTU1IF7t+tw==", "name": "platform-python-setuptools", "version": "39.2.0-9.el8_10", "kind": "binary", "source": { "id": "", "name": "python-setuptools", "version": "39.2.0-9.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "sY/EIxTXZqd77FJQP7GUhw==": { "id": "sY/EIxTXZqd77FJQP7GUhw==", "name": "openssl-libs", "version": "1:1.1.1k-14.el8_10", "kind": "binary", "source": { "id": "", "name": "openssl", "version": "1.1.1k-14.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "u25cfo+Wn6RpzVY/kgcoGQ==": { "id": "u25cfo+Wn6RpzVY/kgcoGQ==", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "binary", "source": { "id": "", "name": "lksctp-tools", "version": "1.0.18-3.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "uAJuv5cA4XPhcDfjrdFI9w==": { "id": "uAJuv5cA4XPhcDfjrdFI9w==", "name": "javapackages-filesystem", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "binary", "source": { "id": "", "name": "javapackages-tools", "version": "5.3.0-1.module+el8+2447+6f56d9a6", "kind": "source", "normalized_version": "", "module": "javapackages-runtime:201801", "cpe": "" }, "normalized_version": "", "module": "javapackages-runtime:201801", "arch": "noarch", "cpe": "" }, "uCw7c1p0VzVV36rFL2/j4Q==": { "id": "uCw7c1p0VzVV36rFL2/j4Q==", "name": "bzip2-libs", "version": "1.0.6-28.el8_10", "kind": "binary", "source": { "id": "", "name": "bzip2", "version": "1.0.6-28.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "v/KoDsdxOHqLHd7du8yyWQ==": { "id": "v/KoDsdxOHqLHd7du8yyWQ==", "name": "lua-libs", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "wQToP4WURQ4/A8LQU1k5kA==": { "id": "wQToP4WURQ4/A8LQU1k5kA==", "name": "langpacks-en", "version": "1.0-12.el8", "kind": "binary", "source": { "id": "", "name": "langpacks", "version": "1.0-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "wiX2z3C4urSDsP+bIajgNg==": { "id": "wiX2z3C4urSDsP+bIajgNg==", "name": "io.github.stuartwdouglas.hacbs-test.shaded:shaded-jdk11", "version": "1.9", "kind": "binary", "source": { "id": "", "name": "", "version": "", "normalized_version": "", "cpe": "" }, "normalized_version": "", "cpe": "" }, "wpJmhjYJz5TYuh0mbRPs4Q==": { "id": "wpJmhjYJz5TYuh0mbRPs4Q==", "name": "info", "version": "6.5-7.el8", "kind": "binary", "source": { "id": "", "name": "texinfo", "version": "6.5-7.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xDLbw0lNdZ2pSj9R8k9t6A==": { "id": "xDLbw0lNdZ2pSj9R8k9t6A==", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "binary", "source": { "id": "", "name": "copy-jdk-configs", "version": "4.0-2.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "noarch", "cpe": "" }, "xTF9l16G3x26txeCsO9Bug==": { "id": "xTF9l16G3x26txeCsO9Bug==", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "binary", "source": { "id": "", "name": "json-glib", "version": "1.4.4-1.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xY/gcEds28iVWCynxOCw9g==": { "id": "xY/gcEds28iVWCynxOCw9g==", "name": "libcom_err", "version": "1.45.6-7.el8_10", "kind": "binary", "source": { "id": "", "name": "e2fsprogs", "version": "1.45.6-7.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "xvIYCTeML23osZxD1kFItQ==": { "id": "xvIYCTeML23osZxD1kFItQ==", "name": "lua", "version": "5.3.4-12.el8", "kind": "binary", "source": { "id": "", "name": "lua", "version": "5.3.4-12.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "y1KXv1Wa0o6q+5/jJ4FmmA==": { "id": "y1KXv1Wa0o6q+5/jJ4FmmA==", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "binary", "source": { "id": "", "name": "libxml2", "version": "2.9.7-21.el8_10.3", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "yI01txXPQZENPfjF45L+Zw==": { "id": "yI01txXPQZENPfjF45L+Zw==", "name": "nss-sysinit", "version": "3.112.0-4.el8_10", "kind": "binary", "source": { "id": "", "name": "nss", "version": "3.112.0-4.el8_10", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" }, "zAReYdYoHUkp8wr8i3SW2g==": { "id": "zAReYdYoHUkp8wr8i3SW2g==", "name": "libffi", "version": "3.1-24.el8", "kind": "binary", "source": { "id": "", "name": "libffi", "version": "3.1-24.el8", "kind": "source", "normalized_version": "", "cpe": "" }, "normalized_version": "", "arch": "x86_64", "cpe": "" } }, "distributions": { "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9": { "id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "did": "rhel", "name": "Red Hat Enterprise Linux Server", "version": "8", "version_code_name": "", "version_id": "8", "arch": "", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "pretty_name": "Red Hat Enterprise Linux Server 8" } }, "repository": { "56ecf42d-cc44-4802-b194-644020d77c34": { "id": "56ecf42d-cc44-4802-b194-644020d77c34", "name": "maven", "uri": "https://repo1.maven.apache.org/maven2", "cpe": "" }, "684d4c10-a98d-4044-8590-e7b1adf5ab5a": { "id": "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "6dd856e4-b21f-4c79-990b-11a5c90c7833": { "id": "6dd856e4-b21f-4c79-990b-11a5c90c7833", "name": "cpe:/o:redhat:enterprise_linux:8::baseos", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:baseos:*:*:*:*:*" }, "b0970976-e9ca-4758-a4ed-28a5df5d7c3e": { "id": "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "name": "Red Hat Container Catalog", "uri": "https://catalog.redhat.com/software/containers/explore", "cpe": "" }, "d038f06a-bb91-4a15-83db-e348839f87be": { "id": "d038f06a-bb91-4a15-83db-e348839f87be", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" }, "e2d30922-aa3c-4536-8a17-bf815a76ead2": { "id": "e2d30922-aa3c-4536-8a17-bf815a76ead2", "name": "cpe:/a:redhat:enterprise_linux:8::appstream", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:a:redhat:enterprise_linux:8:*:appstream:*:*:*:*:*" } }, "environments": { "+XM+s3niWaEk1U5jnR5DpA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+Xr7HyTxXf0c8jLaUyo3xA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+hvIC0Et/RtHi7EAFCmfEw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "+qrxjVH7Im8eBfrz4h4P/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "0+9x6aIRcNDCM7R94cpzew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "1+yTM1fAMLq+dz3TFkyS0A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "1gormAsAjMuks2JveQRd0Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3+d+oaGDGj9g2+1RFZjY5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3OVNevSm98h4f1fmX4IZwQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "3jI2apoRMNGhHa141Q5dlQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3nOApXnXeRgrYlPW+0hAFQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "3uSX4NgBxQvC8LEk48QoOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "45rvgYmy022Tx6fVWfking==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "47OMpR7yEmE4lttsyWq3fw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4ZgMXaHDWnwPnqKlcJzEIw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "4sG4bBloak5Sz907ZDRs6Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "4uQuJg+li+gGAwnGRDcs+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "5U8sNbKx0xZsaHcVt4MmxA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "64trMyh8WGXpZhV47fwq2Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "67DLnC895xbDFuD3MGhCtQ==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "6KnijwRsfeerWmf5Zl8NWw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "7eg89eCgA75bJ7WhhN/T4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AuC6XQzcU/5tB4luIfjLFg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "AziZ1oGI+oDXVPzldKNj+w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "BmK1zIjr5KsuOODCYwxRCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CQOBIgjxWXRaonBtrrzkdA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "CbqHQON08ZsUvPS9XDaTFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Cklbj7Y2kf3vqxqc0m1GHQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D/ASdBsgxLNlG5Q8U7UPsQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "D9iJYSwBt2n6JCuuNo2fKg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EGfzPeF6a5hj9x4BwoN25A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "EiNiLT8ulizCzEWcybhizQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "F7AOP7tK5AfUXV1g9iTzFA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "FS5/DAbDsXWURU9onlACPA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "G+gX+j4AbiCorxKiF1UojA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "GLKhGblbPbPbtDKwfpCv5A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Gg1Q6hponuT1eSJHwaJ83w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "H/znvON46YQfVvzT/b1oJQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "HMIoZ/TKrKhxI1rD26qmpw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "HQz7GX8xnNYHI3vgIxIyAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "IzLcxZDtcvtJR5Gwdq9HDg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "J34PJ2GThOWZuKVgFIoieA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JNDNKhJbFTSevs7EALfE9A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "JWP1zeBb3fsabIOohe0zxQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "LXiVkIlXLq/usMYIwCTH8Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "MVZUXzP9klg5te8qgA9h5w==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "b0970976-e9ca-4758-a4ed-28a5df5d7c3e" ] } ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N1RbIRo2SyHosQefv+skDw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N3ZaMrNJKoumMpaY0smlMQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "N5EuVcX6TPHBo7OPtax5uA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "NJbhst8VIOwst++ZzRP6tA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NguWV8S6YQYvQsGQDJm2Rg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "NsvPyDc//39XTuXcn3j2uQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "P5Se4zJpr8ZUwZNUojfuzA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "POPH5BJ/Q4Bfen05TT291g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "PpyARLP/xBpaE8+NP5fWog==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Q0uPb/t/3IQ8GEwlv/J3Cw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "QC6e3OaV78mjs678tGU2KQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "QXEDMSZisv5SUXtJo7Fs5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "RKXYZTbYgViwzC05uqeDSg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "RtrzwDgrQgu9S5B72s2sww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "TARQvmsLVC/S1fQD1jO4Xw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "USWNn71p+k059dbiu5HDEA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "VrCmPwuY69qW5jl9ctxOZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "W66WOQ3v6r7mSn6+o7gaew==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "Wq1n4jzKBPdL9z5l5HD99w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "X+Ae9zKuAx9THOOUSwNTBw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "YtdL4ZI7QAhSZw75UuDn3w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "Za0y7YiKRidyIBZNIzq/Ng==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "auI8KtI6OozP7EAIr9UlQQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "bWUdPEYmtshwdmuX5VapfQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "bmxL3lydQy0yU8g1iBgovg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "cXCMP7NdkMDf1+Rb1IEktQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "cug9tRnMBJIdiXPtixVsAg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOBT1Qffq44NOVuk9chDyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dOwQwVL1NxmF6ouACZklrQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dSjxsaDISLUiFwRTCSO8Tg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "dtGaxafuhIU1Ppty914fJw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "eZ7CwFvwDCQu4vzKyuIZgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "f/Al/eNlUhjEgKSV0J2z7w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "f1lteJj1IxLDbDb+BI8yjg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "g146nKetkX1f4hfH1b5RWA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gMqsUnRclTj6iuxHCslNRA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gOaN4treTmKK7tU+N6AZ1w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gtbMsmX05ZWh+bkM1Wprlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "gyKx9kaQg8EKW63JGRFYXg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "h53SWWmMQUh4cLyBmYeNvw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "hcJqCsCpWm+XI9JT6ImS5g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "i1z2TLfe0HD5kZCQr/fh/g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "isPl2YxnCTfcLmUYH6Q0sA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "jmNxyfDM4IV/F4mrfNTfyg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "jtdCxL/eH5JTPcKstKunJg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "k4gCNgIfg7MM/e42ThRx2w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "ka4b0+TZOGmroTz/rrRQcg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "kwc9NYOQig+qWs5qmBRL/w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lEFbOzBTlWwCqC/ZbjJfgQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "lU0MYRg2dg5wynl2dMGsgA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "lqQ3rJzPTM4e3pH+ravEcw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mAmp7BtGrfzV0HnAKw9sTw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mLwCNKs2wEtLWAiibtR4BQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mThcA5Cjw8Jx10odGCZOkw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mkpeQMTn6iNiF+ShBe+oZg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "mtrWxjnWyzrIFOuHVeUG6g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "nDtLoMnkuhspYDn7NZEcjw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "o4v1nyEgxKUJdf78CSzLEg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oPxhGBL0xk+N4XwwxvflAQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "oSDtB9GflLljTYeOAikyIQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "p9tXHgTBVU/b3sTnwfubzg==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pY2NT/GP1UxyOuAl2rKgCw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "pp9zZ0tBoevZ/s15eFRL8g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "r23nOnTJvuvXzj0P21ldlw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "rEDvBZu+g63sUG7lgdch/Q==": [ { "package_db": "root/buildinfo/Dockerfile-ubi8-openjdk-17-runtime-1.23-4.1770204586", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": [ "b0970976-e9ca-4758-a4ed-28a5df5d7c3e", "b0970976-e9ca-4758-a4ed-28a5df5d7c3e" ] } ], "rFsA2fU/SFo3JGOkxRURTQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sMrsZHOrW8FfprPHZo6Jww==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "sUhkiUesE2DHTU1IF7t+tw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "sY/EIxTXZqd77FJQP7GUhw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "u25cfo+Wn6RpzVY/kgcoGQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uAJuv5cA4XPhcDfjrdFI9w==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "uCw7c1p0VzVV36rFL2/j4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "v/KoDsdxOHqLHd7du8yyWQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wQToP4WURQ4/A8LQU1k5kA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "wiX2z3C4urSDsP+bIajgNg==": [ { "package_db": "maven:deployments/hacbs-test.jar", "introduced_in": "sha256:8205ab19726644cb7f9f65edb8b046d18cc3ea8726b44b1ffc3d853188445c71", "distribution_id": "", "repository_ids": [ "56ecf42d-cc44-4802-b194-644020d77c34" ] } ], "wpJmhjYJz5TYuh0mbRPs4Q==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xDLbw0lNdZ2pSj9R8k9t6A==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "xTF9l16G3x26txeCsO9Bug==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xY/gcEds28iVWCynxOCw9g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "xvIYCTeML23osZxD1kFItQ==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ], "yI01txXPQZENPfjF45L+Zw==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "684d4c10-a98d-4044-8590-e7b1adf5ab5a", "d038f06a-bb91-4a15-83db-e348839f87be" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3", "distribution_id": "", "repository_ids": null } ], "zAReYdYoHUkp8wr8i3SW2g==": [ { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "c3c58bf9-edcc-4bdf-88b1-bb84cd41c4f9", "repository_ids": [ "e2d30922-aa3c-4536-8a17-bf815a76ead2", "6dd856e4-b21f-4c79-990b-11a5c90c7833" ] }, { "package_db": "bdb:var/lib/rpm", "introduced_in": "sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f", "distribution_id": "", "repository_ids": null } ] }, "vulnerabilities": { "+aBBge+GaHuGkuNbilZwZQ==": { "id": "+aBBge+GaHuGkuNbilZwZQ==", "updater": "rhel-vex", "name": "CVE-2025-0938", "description": "A flaw was found in Python. The Python standard library functions `urllib.parse.urlsplit` and `urlparse` accept domain names that included square brackets, which isn't valid according to RFC 3986. Square brackets are only meant to be used as delimiters for specifying IPv6 and IPvFuture hosts in URLs. This could result in differential parsing across the Python URL parser and other specification-compliant URL parsers.", "issued": "2025-01-31T17:51:35Z", "links": "https://access.redhat.com/security/cve/CVE-2025-0938 https://bugzilla.redhat.com/show_bug.cgi?id=2343237 https://www.cve.org/CVERecord?id=CVE-2025-0938 https://nvd.nist.gov/vuln/detail/CVE-2025-0938 https://github.com/python/cpython/issues/105704 https://github.com/python/cpython/pull/129418 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-0938.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "+nHq7dak7Hkjcru/xpwzhQ==": { "id": "+nHq7dak7Hkjcru/xpwzhQ==", "updater": "rhel-vex", "name": "CVE-2020-12413", "description": "A flaw was found in Mozilla nss. A raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman(DH) based ciphersuite. In such a case this would result in the attacker being able to eavesdrop on all encrypted communications sent over that TLS connection. The highest threat from this vulnerability is to data confidentiality.", "issued": "2020-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-12413 https://bugzilla.redhat.com/show_bug.cgi?id=1877557 https://www.cve.org/CVERecord?id=CVE-2020-12413 https://nvd.nist.gov/vuln/detail/CVE-2020-12413 https://raccoon-attack.com/RacoonAttack.pdf https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-12413.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "/1CYFiexnJcM7p4YrI/FVg==": { "id": "/1CYFiexnJcM7p4YrI/FVg==", "updater": "rhel-vex", "name": "CVE-2023-4504", "description": "A vulnerability was found in CUPS and libppd, where a failure to validate the length provided in an attacker-crafted PPD PostScript document can lead to a heap-based buffer overflow, causing a denial of service or, in some cases, execute arbitrary code, depending on how the application processes untrusted PPD files.", "issued": "2023-09-20T12:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4504 https://bugzilla.redhat.com/show_bug.cgi?id=2238509 https://www.cve.org/CVERecord?id=CVE-2023-4504 https://nvd.nist.gov/vuln/detail/CVE-2023-4504 https://takeonme.org/cves/CVE-2023-4504.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4504.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "3IgZDz5UYkhu/U1/4kSWKg==": { "id": "3IgZDz5UYkhu/U1/4kSWKg==", "updater": "rhel-vex", "name": "CVE-2021-25317", "description": "It was found that some Linux vendors may assign the ownership of the /var/log/cups directory to the `lp` user. This could allow an attacker with such privileges to create empty files in arbitrary locations, or to force arbitrary files to be opened and closed, using a symlink attack. This has a low impact on the integrity of the system.", "issued": "2021-04-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-25317 https://bugzilla.redhat.com/show_bug.cgi?id=1949119 https://www.cve.org/CVERecord?id=CVE-2021-25317 https://nvd.nist.gov/vuln/detail/CVE-2021-25317 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-25317.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "cups", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4/mftydHpy90Umw3G0mTuQ==": { "id": "4/mftydHpy90Umw3G0mTuQ==", "updater": "rhel-vex", "name": "CVE-2018-1000879", "description": "libarchive version commit 379867ecb330b3a952fb7bfa7bffb7bbd5547205 onwards (release v3.3.0 onwards) contains a CWE-476: NULL Pointer Dereference vulnerability in ACL parser - libarchive/archive_acl.c, archive_acl_from_text_l() that can result in Crash/DoS. This attack appear to be exploitable via the victim must open a specially crafted archive file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000879 https://bugzilla.redhat.com/show_bug.cgi?id=1663890 https://www.cve.org/CVERecord?id=CVE-2018-1000879 https://nvd.nist.gov/vuln/detail/CVE-2018-1000879 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000879.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "4cbsfdCH9eaZyP7cnO4ayw==": { "id": "4cbsfdCH9eaZyP7cnO4ayw==", "updater": "rhel-vex", "name": "CVE-2025-9086", "description": "1. A cookie is set using the `secure` keyword for `https://target`\n2. curl is redirected to or otherwise made to speak with `http://target` (same\n hostname, but using clear text HTTP) using the same cookie set\n3. The same cookie name is set - but with just a slash as path (`path='/'`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "issued": "2025-09-12T05:10:03Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9086 https://bugzilla.redhat.com/show_bug.cgi?id=2394750 https://www.cve.org/CVERecord?id=CVE-2025-9086 https://nvd.nist.gov/vuln/detail/CVE-2025-9086 https://curl.se/docs/CVE-2025-9086.html https://curl.se/docs/CVE-2025-9086.json https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6 https://hackerone.com/reports/3294999 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9086.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5B1tQ2BK8z/YjRkYcvwqag==": { "id": "5B1tQ2BK8z/YjRkYcvwqag==", "updater": "rhel-vex", "name": "CVE-2019-19244", "description": "A flaw was found in the way SQLite handled certain types of SQL queries using DISTINCT, OVER and ORDER BY clauses. A remote attacker could exploit this flaw by providing a malicious SQL query that, when processed by an application linked to SQLite, would crash the application causing a denial of service.", "issued": "2019-11-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-19244 https://bugzilla.redhat.com/show_bug.cgi?id=1777945 https://www.cve.org/CVERecord?id=CVE-2019-19244 https://nvd.nist.gov/vuln/detail/CVE-2019-19244 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-19244.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "5ZHvcDYhgzWjwNpRgF2u1w==": { "id": "5ZHvcDYhgzWjwNpRgF2u1w==", "updater": "rhel-vex", "name": "CVE-2025-1795", "description": "A flaw was found in Python. When a separating comma ends up on a folded line during an address list folding of email headers, the comma is unintentionally unicode encoded. The expected behavior is that the separating comma remains unencoded. This can result in the address header being misinterpreted by some mail servers.", "issued": "2025-02-28T18:59:31Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1795 https://bugzilla.redhat.com/show_bug.cgi?id=2349061 https://www.cve.org/CVERecord?id=CVE-2025-1795 https://nvd.nist.gov/vuln/detail/CVE-2025-1795 https://github.com/python/cpython/commit/09fab93c3d857496c0bd162797fab816c311ee48 https://github.com/python/cpython/commit/70754d21c288535e86070ca7a6e90dcb670b8593 https://github.com/python/cpython/commit/9148b77e0af91cdacaa7fe3dfac09635c3fe9a74 https://github.com/python/cpython/issues/100884 https://github.com/python/cpython/pull/100885 https://github.com/python/cpython/pull/119099 https://mail.python.org/archives/list/security-announce@python.org/thread/MB62IZMEC3UM6SGHP5LET5JX2Y7H4ZUR/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1795.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "673FKazcUiydbfN5c6amaw==": { "id": "673FKazcUiydbfN5c6amaw==", "updater": "rhel-vex", "name": "CVE-2020-19190", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19190 https://bugzilla.redhat.com/show_bug.cgi?id=2234923 https://www.cve.org/CVERecord?id=CVE-2020-19190 https://nvd.nist.gov/vuln/detail/CVE-2020-19190 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19190.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "67wdTiqcWV3p/1jcCq6EHA==": { "id": "67wdTiqcWV3p/1jcCq6EHA==", "updater": "rhel-vex", "name": "CVE-2025-62813", "description": "No description is available for this CVE.", "issued": "2025-10-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-62813 https://bugzilla.redhat.com/show_bug.cgi?id=2405977 https://www.cve.org/CVERecord?id=CVE-2025-62813 https://nvd.nist.gov/vuln/detail/CVE-2025-62813 https://github.com/lz4/lz4/commit/f64efec011c058bd70348576438abac222fe6c82 https://github.com/lz4/lz4/pull/1593 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-62813.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "lz4", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "6FQUI3OxX4C5skWXKgq80Q==": { "id": "6FQUI3OxX4C5skWXKgq80Q==", "updater": "rhel-vex", "name": "CVE-2023-0464", "description": "A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0464 https://bugzilla.redhat.com/show_bug.cgi?id=2181082 https://www.cve.org/CVERecord?id=CVE-2023-0464 https://nvd.nist.gov/vuln/detail/CVE-2023-0464 https://www.openssl.org/news/secadv/20230322.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0464.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "73+OfODwepfBuK+I3748Fg==": { "id": "73+OfODwepfBuK+I3748Fg==", "updater": "rhel-vex", "name": "CVE-2018-19217", "description": "In ncurses, possibly a 6.x version, there is a NULL pointer dereference at the function _nc_name_match that will lead to a denial of service attack. NOTE: the original report stated version 6.1, but the issue did not reproduce for that version according to the maintainer or a reliable third-party", "issued": "2018-11-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19217 https://bugzilla.redhat.com/show_bug.cgi?id=1652606 https://www.cve.org/CVERecord?id=CVE-2018-19217 https://nvd.nist.gov/vuln/detail/CVE-2018-19217 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19217.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "86unVXyTxdffdcXWZTYw5g==": { "id": "86unVXyTxdffdcXWZTYw5g==", "updater": "rhel-vex", "name": "CVE-2023-0465", "description": "A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0465 https://bugzilla.redhat.com/show_bug.cgi?id=2182561 https://www.cve.org/CVERecord?id=CVE-2023-0465 https://nvd.nist.gov/vuln/detail/CVE-2023-0465 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0465.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8I2jFG8JRR+6+eqqYlXhAg==": { "id": "8I2jFG8JRR+6+eqqYlXhAg==", "updater": "rhel-vex", "name": "CVE-2018-20225", "description": "A vulnerability was found in python-pip due to a flaw in the --extra-index-url option, where it installs the version with the highest version number, even if the user intended to obtain a private package from a private index. Exploitation requires that the package does not already exist in the public index, allowing an attacker to place the package there with an arbitrary version number.", "issued": "2020-04-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20225 https://bugzilla.redhat.com/show_bug.cgi?id=1835736 https://www.cve.org/CVERecord?id=CVE-2018-20225 https://nvd.nist.gov/vuln/detail/CVE-2018-20225 https://cowlicks.website/posts/arbitrary-code-execution-from-pips-extra-index-url.html https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20225.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8Sec+JvKiQWGqYCOBdZhjg==": { "id": "8Sec+JvKiQWGqYCOBdZhjg==", "updater": "rhel-vex", "name": "CVE-2025-5918", "description": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5918 https://bugzilla.redhat.com/show_bug.cgi?id=2370877 https://www.cve.org/CVERecord?id=CVE-2025-5918 https://nvd.nist.gov/vuln/detail/CVE-2025-5918 https://github.com/libarchive/libarchive/pull/2584 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5918.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8ZxbhBIT+9Mj99/XbMpLSQ==": { "id": "8ZxbhBIT+9Mj99/XbMpLSQ==", "updater": "rhel-vex", "name": "CVE-2024-0232", "description": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", "issued": "2023-10-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0232 https://bugzilla.redhat.com/show_bug.cgi?id=2243754 https://www.cve.org/CVERecord?id=CVE-2024-0232 https://nvd.nist.gov/vuln/detail/CVE-2024-0232 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0232.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "8rxYDEPu2XxazQ3cBUhX0Q==": { "id": "8rxYDEPu2XxazQ3cBUhX0Q==", "updater": "rhel-vex", "name": "CVE-2019-9923", "description": "pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.", "issued": "2019-01-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9923 https://bugzilla.redhat.com/show_bug.cgi?id=1691764 https://www.cve.org/CVERecord?id=CVE-2019-9923 https://nvd.nist.gov/vuln/detail/CVE-2019-9923 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9923.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "9uK7ZDYgFtqP786n0QunAg==": { "id": "9uK7ZDYgFtqP786n0QunAg==", "updater": "rhel-vex", "name": "CVE-2023-39804", "description": "A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service.", "issued": "2023-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-39804 https://bugzilla.redhat.com/show_bug.cgi?id=2254067 https://www.cve.org/CVERecord?id=CVE-2023-39804 https://nvd.nist.gov/vuln/detail/CVE-2023-39804 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-39804.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "A1D09TCsbOQVpq/+8WoQbg==": { "id": "A1D09TCsbOQVpq/+8WoQbg==", "updater": "rhel-vex", "name": "CVE-2024-52615", "description": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52615 https://bugzilla.redhat.com/show_bug.cgi?id=2326418 https://www.cve.org/CVERecord?id=CVE-2024-52615 https://nvd.nist.gov/vuln/detail/CVE-2024-52615 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52615.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AE8Cp1u8I9t52OYW7oGU4w==": { "id": "AE8Cp1u8I9t52OYW7oGU4w==", "updater": "rhel-vex", "name": "CVE-2024-57970", "description": "A flaw was found in the libarchive library. A specially-crafted tar file may trigger a head-based buffer over-read condition due to incorrect handling of truncation in the middle of a long GNU linkname. This issue can cause an application crash leading to a denial of service.", "issued": "2025-02-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-57970 https://bugzilla.redhat.com/show_bug.cgi?id=2345954 https://www.cve.org/CVERecord?id=CVE-2024-57970 https://nvd.nist.gov/vuln/detail/CVE-2024-57970 https://github.com/libarchive/libarchive/issues/2415 https://github.com/libarchive/libarchive/pull/2422 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-57970.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "AZQ9MHTiNLYiRU7sYZlVGw==": { "id": "AZQ9MHTiNLYiRU7sYZlVGw==", "updater": "rhel-vex", "name": "CVE-2022-4899", "description": "A vulnerability was found in zstd. This flaw allows an attacker to supply an empty string as an argument to the command line tool to cause a buffer overrun.", "issued": "2022-07-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-4899 https://bugzilla.redhat.com/show_bug.cgi?id=2179864 https://www.cve.org/CVERecord?id=CVE-2022-4899 https://nvd.nist.gov/vuln/detail/CVE-2022-4899 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-4899.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "BooDzA4nzaDI1l3E5zAHgg==": { "id": "BooDzA4nzaDI1l3E5zAHgg==", "updater": "rhel-vex", "name": "CVE-2021-3997", "description": "A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.", "issued": "2022-01-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-3997 https://bugzilla.redhat.com/show_bug.cgi?id=2024639 https://www.cve.org/CVERecord?id=CVE-2021-3997 https://nvd.nist.gov/vuln/detail/CVE-2021-3997 https://www.openwall.com/lists/oss-security/2022/01/10/2 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-3997.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "DDWmqlxBSfXi2KJJ5mwTNg==": { "id": "DDWmqlxBSfXi2KJJ5mwTNg==", "updater": "rhel-vex", "name": "CVE-2025-60753", "description": "A vulnerability in apply_substitution() function in libarchive's bsdtar allows crafted -s substitution rules to repeatedly match a zero-length substring and append replacements without advancing the input pointer. When the rule uses the global /g flag (or an explicitly empty pattern), this leads to unbounded output allocation and eventual process OOM (Denial of Service). Upgrade to libarchive 3.8.1 or apply a patch that prevents zero-length match loops or rejects empty patterns.", "issued": "2025-11-05T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-60753 https://bugzilla.redhat.com/show_bug.cgi?id=2412648 https://www.cve.org/CVERecord?id=CVE-2025-60753 https://nvd.nist.gov/vuln/detail/CVE-2025-60753 https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753 https://github.com/libarchive/libarchive/issues/2725 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-60753.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EKs36DFwHVCzU/cF0Be9pQ==": { "id": "EKs36DFwHVCzU/cF0Be9pQ==", "updater": "rhel-vex", "name": "CVE-2023-29499", "description": "A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-29499 https://bugzilla.redhat.com/show_bug.cgi?id=2211828 https://www.cve.org/CVERecord?id=CVE-2023-29499 https://nvd.nist.gov/vuln/detail/CVE-2023-29499 https://gitlab.gnome.org/GNOME/glib/-/issues/2794 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-29499.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EQ4eP3gKo3y8JsWUiWr6+g==": { "id": "EQ4eP3gKo3y8JsWUiWr6+g==", "updater": "rhel-vex", "name": "CVE-2018-1000880", "description": "libarchive version commit 9693801580c0cf7c70e862d305270a16b52826a7 onwards (release v3.2.0 onwards) contains a CWE-20: Improper Input Validation vulnerability in WARC parser - libarchive/archive_read_support_format_warc.c, _warc_read() that can result in DoS - quasi-infinite run time and disk usage from tiny file. This attack appear to be exploitable via the victim must open a specially crafted WARC file.", "issued": "2018-11-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000880 https://bugzilla.redhat.com/show_bug.cgi?id=1663892 https://www.cve.org/CVERecord?id=CVE-2018-1000880 https://nvd.nist.gov/vuln/detail/CVE-2018-1000880 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000880.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiJx6rOT8KoLX+Wu7/N6HQ==": { "id": "EiJx6rOT8KoLX+Wu7/N6HQ==", "updater": "rhel-vex", "name": "CVE-2025-27113", "description": "A flaw was found in libxml2. This vulnerability allows a NULL pointer dereference, leading to a potential crash or denial of service via a crafted XML pattern.", "issued": "2025-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-27113 https://bugzilla.redhat.com/show_bug.cgi?id=2346410 https://www.cve.org/CVERecord?id=CVE-2025-27113 https://nvd.nist.gov/vuln/detail/CVE-2025-27113 https://gitlab.gnome.org/GNOME/libxml2/-/issues/861 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-27113.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "EiL50P2QSOoRA18XAAH6Pg==": { "id": "EiL50P2QSOoRA18XAAH6Pg==", "updater": "rhel-vex", "name": "CVE-2023-32665", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32665 https://bugzilla.redhat.com/show_bug.cgi?id=2211827 https://www.cve.org/CVERecord?id=CVE-2023-32665 https://nvd.nist.gov/vuln/detail/CVE-2023-32665 https://gitlab.gnome.org/GNOME/glib/-/issues/2121 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32665.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "FJHSWZFQM9fVMQc3QtVQPw==": { "id": "FJHSWZFQM9fVMQc3QtVQPw==", "updater": "rhel-vex", "name": "CVE-2021-33294", "description": "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.\n\nA vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-33294 https://bugzilla.redhat.com/show_bug.cgi?id=2223918 https://www.cve.org/CVERecord?id=CVE-2021-33294 https://nvd.nist.gov/vuln/detail/CVE-2021-33294 https://sourceware.org/bugzilla/show_bug.cgi?id=27501 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-33294.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Fp999hDC/lucBsNHwOlp/A==": { "id": "Fp999hDC/lucBsNHwOlp/A==", "updater": "rhel-vex", "name": "CVE-2024-13176", "description": "A timing side-channel vulnerability was found in OpenSSL. This vulnerability allows an attacker to recover the private key. However, measuring the timing would require local access to the signing application or a fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This issue can happen with significant probability only for some of the supported elliptic curves. In particular, the NIST P-521 curve is affected.", "issued": "2025-01-20T13:29:57Z", "links": "https://access.redhat.com/security/cve/CVE-2024-13176 https://bugzilla.redhat.com/show_bug.cgi?id=2338999 https://www.cve.org/CVERecord?id=CVE-2024-13176 https://nvd.nist.gov/vuln/detail/CVE-2024-13176 https://www.oracle.com/security-alerts/cpuapr2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-13176.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "G7IyfoPhe9f8QzIGbOfn7Q==": { "id": "G7IyfoPhe9f8QzIGbOfn7Q==", "updater": "rhel-vex", "name": "CVE-2023-45322", "description": "A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.", "issued": "2023-08-23T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45322 https://bugzilla.redhat.com/show_bug.cgi?id=2242945 https://www.cve.org/CVERecord?id=CVE-2023-45322 https://nvd.nist.gov/vuln/detail/CVE-2023-45322 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45322.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "GdQLWMRLabDlPGuh+LwiMg==": { "id": "GdQLWMRLabDlPGuh+LwiMg==", "updater": "rhel-vex", "name": "CVE-2025-9230", "description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "issued": "2025-09-30T23:59:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9230 https://bugzilla.redhat.com/show_bug.cgi?id=2396054 https://www.cve.org/CVERecord?id=CVE-2025-9230 https://nvd.nist.gov/vuln/detail/CVE-2025-9230 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9230.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "H2CablNBrQ/I5AsUjk5xyw==": { "id": "H2CablNBrQ/I5AsUjk5xyw==", "updater": "rhel-vex", "name": "CVE-2018-20839", "description": "systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.", "issued": "2019-05-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20839 https://bugzilla.redhat.com/show_bug.cgi?id=1716955 https://www.cve.org/CVERecord?id=CVE-2018-20839 https://nvd.nist.gov/vuln/detail/CVE-2018-20839 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20839.json", "severity": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HKrLnQyTw1292mNt3MQ0aQ==": { "id": "HKrLnQyTw1292mNt3MQ0aQ==", "updater": "rhel-vex", "name": "CVE-2024-7592", "description": "A flaw was found in the `http.cookies` module in the Python package. When parsing cookies that contain backslashes, under certain circumstances, the module uses an algorithm with quadratic complexity, leading to excessive CPU consumption.", "issued": "2024-08-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7592 https://bugzilla.redhat.com/show_bug.cgi?id=2305879 https://www.cve.org/CVERecord?id=CVE-2024-7592 https://nvd.nist.gov/vuln/detail/CVE-2024-7592 https://github.com/python/cpython/issues/123067 https://github.com/python/cpython/pull/123075 https://mail.python.org/archives/list/security-announce@python.org/thread/HXJAAAALNUNGCQUS2W7WR6GFIZIHFOOK/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7592.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HTk+AAyRWNCrZTtBLx34Aw==": { "id": "HTk+AAyRWNCrZTtBLx34Aw==", "updater": "rhel-vex", "name": "CVE-2024-25260", "description": "A NULL pointer dereference vulnerability in the elfutils library has been discovered. This vulnerability occurs within the handle_verdef() function in the readelf.c source file. A NULL pointer dereference typically happens when a program attempts to access memory using a pointer that is not pointing anywhere (i.e., it's NULL), leading to a crash or potentially exploitable behavior.", "issued": "2024-02-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-25260 https://bugzilla.redhat.com/show_bug.cgi?id=2265194 https://www.cve.org/CVERecord?id=CVE-2024-25260 https://nvd.nist.gov/vuln/detail/CVE-2024-25260 https://github.com/schsiung/fuzzer_issues/issues/1 https://sourceware.org/bugzilla/show_bug.cgi?id=31058 https://sourceware.org/elfutils/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-25260.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "elfutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuLJLN6ajygY/CpLyzV5lw==": { "id": "HuLJLN6ajygY/CpLyzV5lw==", "updater": "rhel-vex", "name": "CVE-2023-45803", "description": "A flaw was found in urllib3, an HTTP client library for Python. urllib3 doesn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303, after changing the method in a request from one that could accept a request body such as `POST` to `GET`, as is required by HTTP RFCs. This issue requires a previously trusted service to become compromised in order to have an impact on confidentiality, therefore, the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies; if this is the case, this vulnerability isn't exploitable.", "issued": "2023-10-13T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-45803 https://bugzilla.redhat.com/show_bug.cgi?id=2246840 https://www.cve.org/CVERecord?id=CVE-2023-45803 https://nvd.nist.gov/vuln/detail/CVE-2023-45803 https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9 https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4 https://www.rfc-editor.org/rfc/rfc9110.html#name-get https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-45803.json", "severity": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "HuOxI+pWjgGV0XsBvltzlg==": { "id": "HuOxI+pWjgGV0XsBvltzlg==", "updater": "rhel-vex", "name": "CVE-2020-19187", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19187 https://bugzilla.redhat.com/show_bug.cgi?id=2234911 https://www.cve.org/CVERecord?id=CVE-2020-19187 https://nvd.nist.gov/vuln/detail/CVE-2020-19187 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19187.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "JXwHXBfASq3ms2TjI7rMDg==": { "id": "JXwHXBfASq3ms2TjI7rMDg==", "updater": "rhel-vex", "name": "CVE-2025-8291", "description": "The 'zipfile' module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the 'zipfile' module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.", "issued": "2025-10-07T18:10:05Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8291 https://bugzilla.redhat.com/show_bug.cgi?id=2402342 https://www.cve.org/CVERecord?id=CVE-2025-8291 https://nvd.nist.gov/vuln/detail/CVE-2025-8291 https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267 https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6 https://github.com/python/cpython/issues/139700 https://github.com/python/cpython/pull/139702 https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8291.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Jp8I3sPTlXeHXHgAreqqhQ==": { "id": "Jp8I3sPTlXeHXHgAreqqhQ==", "updater": "rhel-vex", "name": "CVE-2024-28757", "description": "An XML Entity Expansion flaw was found in libexpat. This flaw allows an attacker to cause a denial of service when there is an isolated use of external parsers.", "issued": "2024-03-10T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-28757 https://bugzilla.redhat.com/show_bug.cgi?id=2268766 https://www.cve.org/CVERecord?id=CVE-2024-28757 https://nvd.nist.gov/vuln/detail/CVE-2024-28757 https://github.com/libexpat/libexpat/issues/839 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-28757.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "expat", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KGXy4/PIqmqxgmdGe+CSOw==": { "id": "KGXy4/PIqmqxgmdGe+CSOw==", "updater": "rhel-vex", "name": "CVE-2025-6170", "description": "A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.", "issued": "2025-06-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6170 https://bugzilla.redhat.com/show_bug.cgi?id=2372952 https://www.cve.org/CVERecord?id=CVE-2025-6170 https://nvd.nist.gov/vuln/detail/CVE-2025-6170 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6170.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "KaROgE0QmtiOixMG9Wi1RA==": { "id": "KaROgE0QmtiOixMG9Wi1RA==", "updater": "rhel-vex", "name": "CVE-2023-32636", "description": "A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32636 https://bugzilla.redhat.com/show_bug.cgi?id=2211833 https://www.cve.org/CVERecord?id=CVE-2023-32636 https://nvd.nist.gov/vuln/detail/CVE-2023-32636 https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835 https://gitlab.gnome.org/GNOME/glib/-/issues/2841 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32636.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "L7QbkTbsy8v3tMfOqNsVKQ==": { "id": "L7QbkTbsy8v3tMfOqNsVKQ==", "updater": "rhel-vex", "name": "CVE-2024-7531", "description": "The Mozilla Foundation Security Advisory describes this flaw as:\n\nCalling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on Intel Sandy Bridge and later processors. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.", "issued": "2024-08-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7531 https://bugzilla.redhat.com/show_bug.cgi?id=2303148 https://www.cve.org/CVERecord?id=CVE-2024-7531 https://nvd.nist.gov/vuln/detail/CVE-2024-7531 https://www.mozilla.org/en-US/security/advisories/mfsa2024-34/#CVE-2024-7531 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7531.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "nss", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Lr7APYpoHx1Gcopp0lkBGQ==": { "id": "Lr7APYpoHx1Gcopp0lkBGQ==", "updater": "rhel-vex", "name": "CVE-2019-14250", "description": "An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow.", "issued": "2019-08-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-14250 https://bugzilla.redhat.com/show_bug.cgi?id=1739490 https://www.cve.org/CVERecord?id=CVE-2019-14250 https://nvd.nist.gov/vuln/detail/CVE-2019-14250 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-14250.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MFbUtT0neIad8NIiyrLiIQ==": { "id": "MFbUtT0neIad8NIiyrLiIQ==", "updater": "rhel-vex", "name": "CVE-2025-5987", "description": "A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.", "issued": "2025-04-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5987 https://bugzilla.redhat.com/show_bug.cgi?id=2376219 https://www.cve.org/CVERecord?id=CVE-2025-5987 https://nvd.nist.gov/vuln/detail/CVE-2025-5987 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5987.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "MRnBR1NwPejsF0F/Po53Ew==": { "id": "MRnBR1NwPejsF0F/Po53Ew==", "updater": "rhel-vex", "name": "CVE-2019-8905", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has a stack-based buffer over-read, related to file_printable, a different vulnerability than CVE-2018-10360.", "issued": "2019-02-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8905 https://bugzilla.redhat.com/show_bug.cgi?id=1679181 https://www.cve.org/CVERecord?id=CVE-2019-8905 https://nvd.nist.gov/vuln/detail/CVE-2019-8905 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8905.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "O6eQrDqYe8zCvECWFMIzFQ==": { "id": "O6eQrDqYe8zCvECWFMIzFQ==", "updater": "rhel-vex", "name": "CVE-2019-8906", "description": "do_core_note in readelf.c in libmagic.a in file 5.35 has an out-of-bounds read because memcpy is misused.", "issued": "2019-01-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-8906 https://bugzilla.redhat.com/show_bug.cgi?id=1679175 https://www.cve.org/CVERecord?id=CVE-2019-8906 https://nvd.nist.gov/vuln/detail/CVE-2019-8906 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-8906.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "file", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "PcNbuWOo0ahqjfbOQhXvvQ==": { "id": "PcNbuWOo0ahqjfbOQhXvvQ==", "updater": "rhel-vex", "name": "CVE-2024-41996", "description": "A vulnerability was found in the Diffie-Hellman Ephemeral (DHE) Key Agreement Protocol, where a malicious client can exploit the server's public key validation process. By forcing the server to use DHE and validating the order of public keys, the client can trigger expensive server-side modular exponentiation calculations. This issue results in asymmetric resource consumption, potentially leading to a denial of service (DoS) attack by overwhelming the server with computationally intensive operations.", "issued": "2024-08-26T06:15:04Z", "links": "https://access.redhat.com/security/cve/CVE-2024-41996 https://bugzilla.redhat.com/show_bug.cgi?id=2307826 https://www.cve.org/CVERecord?id=CVE-2024-41996 https://nvd.nist.gov/vuln/detail/CVE-2024-41996 https://dheatattack.gitlab.io/details/ https://dheatattack.gitlab.io/faq/ https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1 https://github.com/openssl/openssl/issues/17374 https://openssl-library.org/post/2022-10-21-tls-groups-configuration/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-41996.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Q56kx76uLWIhLRNIyon0jg==": { "id": "Q56kx76uLWIhLRNIyon0jg==", "updater": "rhel-vex", "name": "CVE-2025-1632", "description": "A flaw was found in the bsdunzip utility of libarchive. In affected versions, a specially crafted file may trigger a null pointer dereference. This issue can lead to an application crash or other unexpected behavior.", "issued": "2025-02-24T13:31:08Z", "links": "https://access.redhat.com/security/cve/CVE-2025-1632 https://bugzilla.redhat.com/show_bug.cgi?id=2347309 https://www.cve.org/CVERecord?id=CVE-2025-1632 https://nvd.nist.gov/vuln/detail/CVE-2025-1632 https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc https://vuldb.com/?ctiid.296619 https://vuldb.com/?id.296619 https://vuldb.com/?submit.496460 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-1632.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QSNBg/XspHcBwSxBTMU4rg==": { "id": "QSNBg/XspHcBwSxBTMU4rg==", "updater": "rhel-vex", "name": "CVE-2025-50181", "description": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.", "issued": "2025-06-19T01:08:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50181 https://bugzilla.redhat.com/show_bug.cgi?id=2373799 https://www.cve.org/CVERecord?id=CVE-2025-50181 https://nvd.nist.gov/vuln/detail/CVE-2025-50181 https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50181.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QUtTYJuHdkAOgtveagWUfA==": { "id": "QUtTYJuHdkAOgtveagWUfA==", "updater": "rhel-vex", "name": "CVE-2023-0466", "description": "A flaw was found in OpenSSL. The X509_VERIFY_PARAM_add0_policy() function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass the certificate verification. Suddenly enabling the policy check could break existing deployments, so it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. The applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.", "issued": "2023-03-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-0466 https://bugzilla.redhat.com/show_bug.cgi?id=2182565 https://www.cve.org/CVERecord?id=CVE-2023-0466 https://nvd.nist.gov/vuln/detail/CVE-2023-0466 https://www.openssl.org/news/secadv/20230328.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-0466.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "QcOTYeOedG0AUhPSakMpIA==": { "id": "QcOTYeOedG0AUhPSakMpIA==", "updater": "rhel-vex", "name": "CVE-2024-4741", "description": "A use-after-free vulnerability was found in OpenSSL. Calling the OpenSSL API SSL_free_buffers function may cause memory to be accessed that was previously freed in some situations.", "issued": "2024-05-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-4741 https://bugzilla.redhat.com/show_bug.cgi?id=2283757 https://www.cve.org/CVERecord?id=CVE-2024-4741 https://nvd.nist.gov/vuln/detail/CVE-2024-4741 https://www.openssl.org/news/secadv/20240528.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4741.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "RVCidRUm4D1IKoPhoUi2AA==": { "id": "RVCidRUm4D1IKoPhoUi2AA==", "updater": "rhel-vex", "name": "CVE-2019-9674", "description": "A ZIP bomb attack was found in the Python zipfile module. A remote attacker could abuse this flaw by providing a specially crafted ZIP file that, when decompressed by zipfile, would exhaust system resources resulting in a denial of service.", "issued": "2019-03-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9674 https://bugzilla.redhat.com/show_bug.cgi?id=1800749 https://www.cve.org/CVERecord?id=CVE-2019-9674 https://nvd.nist.gov/vuln/detail/CVE-2019-9674 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9674.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "S7qx7a03HASsJhyQafvXjg==": { "id": "S7qx7a03HASsJhyQafvXjg==", "updater": "rhel-vex", "name": "CVE-2018-19211", "description": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection.", "issued": "2018-10-28T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-19211 https://bugzilla.redhat.com/show_bug.cgi?id=1652600 https://www.cve.org/CVERecord?id=CVE-2018-19211 https://nvd.nist.gov/vuln/detail/CVE-2018-19211 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-19211.json", "severity": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "SHxE0qXbBmDEp/LL1ieJeA==": { "id": "SHxE0qXbBmDEp/LL1ieJeA==", "updater": "rhel-vex", "name": "CVE-2020-19189", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19189 https://bugzilla.redhat.com/show_bug.cgi?id=2234926 https://www.cve.org/CVERecord?id=CVE-2020-19189 https://nvd.nist.gov/vuln/detail/CVE-2020-19189 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19189.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "TLOrmSYL76Du+GI4WD9gMQ==": { "id": "TLOrmSYL76Du+GI4WD9gMQ==", "updater": "rhel-vex", "name": "CVE-2024-34459", "description": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.", "issued": "2024-05-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-34459 https://bugzilla.redhat.com/show_bug.cgi?id=2280532 https://www.cve.org/CVERecord?id=CVE-2024-34459 https://nvd.nist.gov/vuln/detail/CVE-2024-34459 https://gitlab.gnome.org/GNOME/libxml2/-/issues/720 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-34459.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UMD4nV1Ky5C5eKUMgtnKzw==": { "id": "UMD4nV1Ky5C5eKUMgtnKzw==", "updater": "rhel-vex", "name": "CVE-2021-20193", "description": "A flaw was found in the src/list.c of tar. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.", "issued": "2021-01-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-20193 https://bugzilla.redhat.com/show_bug.cgi?id=1917565 https://www.cve.org/CVERecord?id=CVE-2021-20193 https://nvd.nist.gov/vuln/detail/CVE-2021-20193 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-20193.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UPzTyNn8ZLXlb+bwRFPPTA==": { "id": "UPzTyNn8ZLXlb+bwRFPPTA==", "updater": "rhel-vex", "name": "CVE-2023-2650", "description": "A flaw was found in OpenSSL resulting in a possible denial of service while translating ASN.1 object identifiers. Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience long delays when processing messages, which may lead to a denial of service.", "issued": "2023-05-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-2650 https://bugzilla.redhat.com/show_bug.cgi?id=2207947 https://www.cve.org/CVERecord?id=CVE-2023-2650 https://nvd.nist.gov/vuln/detail/CVE-2023-2650 https://www.openssl.org/news/secadv/20230530.txt https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-2650.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UbmdE2pHXRFccv8l1e02Jw==": { "id": "UbmdE2pHXRFccv8l1e02Jw==", "updater": "rhel-vex", "name": "CVE-2023-4156", "description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "issued": "2023-06-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-4156 https://bugzilla.redhat.com/show_bug.cgi?id=2215930 https://www.cve.org/CVERecord?id=CVE-2023-4156 https://nvd.nist.gov/vuln/detail/CVE-2023-4156 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-4156.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gawk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "UoEFDYM+Gqf2mdRJh5HUFw==": { "id": "UoEFDYM+Gqf2mdRJh5HUFw==", "updater": "rhel-vex", "name": "CVE-2025-45582", "description": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.", "issued": "2025-07-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-45582 https://bugzilla.redhat.com/show_bug.cgi?id=2379592 https://www.cve.org/CVERecord?id=CVE-2025-45582 https://nvd.nist.gov/vuln/detail/CVE-2025-45582 https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md https://www.gnu.org/software/tar/ https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-45582.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "tar", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "V3pl8W8hmQWZZasRgG5a8w==": { "id": "V3pl8W8hmQWZZasRgG5a8w==", "updater": "rhel-vex", "name": "CVE-2025-5916", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5916 https://bugzilla.redhat.com/show_bug.cgi?id=2370872 https://www.cve.org/CVERecord?id=CVE-2025-5916 https://nvd.nist.gov/vuln/detail/CVE-2025-5916 https://github.com/libarchive/libarchive/pull/2568 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5916.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "VsocCwaFpF6PzdX5PxR+sQ==": { "id": "VsocCwaFpF6PzdX5PxR+sQ==", "updater": "rhel-vex", "name": "CVE-2020-19185", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a heap-based buffer overflow, resulting in an application crash, causing denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19185 https://bugzilla.redhat.com/show_bug.cgi?id=2234924 https://www.cve.org/CVERecord?id=CVE-2020-19185 https://nvd.nist.gov/vuln/detail/CVE-2020-19185 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19185.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "W/d4trZ7jb2yxjrq4cNOWA==": { "id": "W/d4trZ7jb2yxjrq4cNOWA==", "updater": "rhel-vex", "name": "CVE-2022-3219", "description": "A vulnerability was found in GnuPG. GnuPG can spin on a relatively small input by crafting a public key with thousands of signatures attached and compressed down to a few kilobytes. This issue can potentially cause a denial of service.", "issued": "2022-09-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3219 https://bugzilla.redhat.com/show_bug.cgi?id=2127010 https://www.cve.org/CVERecord?id=CVE-2022-3219 https://nvd.nist.gov/vuln/detail/CVE-2022-3219 https://dev.gnupg.org/D556 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3219.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YiJlkUTKf0/7+ORZMmQ2cw==": { "id": "YiJlkUTKf0/7+ORZMmQ2cw==", "updater": "rhel-vex", "name": "CVE-2025-25724", "description": "A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.", "issued": "2025-03-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-25724 https://bugzilla.redhat.com/show_bug.cgi?id=2349221 https://www.cve.org/CVERecord?id=CVE-2025-25724 https://nvd.nist.gov/vuln/detail/CVE-2025-25724 https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92 https://github.com/Ekkosun/pocs/blob/main/bsdtarbug https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-25724.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "YxArgGZ2k3AOfJkjsHVAEg==": { "id": "YxArgGZ2k3AOfJkjsHVAEg==", "updater": "rhel-vex", "name": "CVE-2019-9937", "description": "In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9937 https://bugzilla.redhat.com/show_bug.cgi?id=1692357 https://www.cve.org/CVERecord?id=CVE-2019-9937 https://nvd.nist.gov/vuln/detail/CVE-2019-9937 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9937.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZSIgoENQ6JuxP4rnSyyi7Q==": { "id": "ZSIgoENQ6JuxP4rnSyyi7Q==", "updater": "rhel-vex", "name": "CVE-2018-20657", "description": "The demangle_template function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31.1, has a memory leak via a crafted string, leading to a denial of service (memory consumption), as demonstrated by cxxfilt, a related issue to CVE-2018-12698.", "issued": "2018-12-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-20657 https://bugzilla.redhat.com/show_bug.cgi?id=1664708 https://www.cve.org/CVERecord?id=CVE-2018-20657 https://nvd.nist.gov/vuln/detail/CVE-2018-20657 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-20657.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZTGiJlkqcqrCLJSY/Sq8lA==": { "id": "ZTGiJlkqcqrCLJSY/Sq8lA==", "updater": "rhel-vex", "name": "CVE-2020-19186", "description": "A flaw has been identified in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a buffer over-read, resulting in an application crash.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19186 https://bugzilla.redhat.com/show_bug.cgi?id=2234908 https://www.cve.org/CVERecord?id=CVE-2020-19186 https://nvd.nist.gov/vuln/detail/CVE-2020-19186 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19186.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "Zp9+pixFuNBueE2yO610gQ==": { "id": "Zp9+pixFuNBueE2yO610gQ==", "updater": "rhel-vex", "name": "CVE-2024-56433", "description": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.", "issued": "2024-12-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-56433 https://bugzilla.redhat.com/show_bug.cgi?id=2334165 https://www.cve.org/CVERecord?id=CVE-2024-56433 https://nvd.nist.gov/vuln/detail/CVE-2024-56433 https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241 https://github.com/shadow-maint/shadow/issues/1157 https://github.com/shadow-maint/shadow/releases/tag/4.4 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-56433.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "shadow-utils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "ZvX4VR3jvMBd1Wq+RxNTgg==": { "id": "ZvX4VR3jvMBd1Wq+RxNTgg==", "updater": "rhel-vex", "name": "CVE-2020-35512", "description": "A use-after-free flaw was found in D-Bus when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors.", "issued": "2020-06-30T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-35512 https://bugzilla.redhat.com/show_bug.cgi?id=1909101 https://www.cve.org/CVERecord?id=CVE-2020-35512 https://nvd.nist.gov/vuln/detail/CVE-2020-35512 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-35512.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "dbus", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "a067YUjLHWzR99JNl/RtGQ==": { "id": "a067YUjLHWzR99JNl/RtGQ==", "updater": "rhel-vex", "name": "CVE-2025-4598", "description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process.\n\nA SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "issued": "2025-05-29T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4598 https://bugzilla.redhat.com/show_bug.cgi?id=2369242 https://www.cve.org/CVERecord?id=CVE-2025-4598 https://nvd.nist.gov/vuln/detail/CVE-2025-4598 https://www.openwall.com/lists/oss-security/2025/05/29/3 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4598.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "systemd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aGI+dBVVZI6cMSLcmzGSwQ==": { "id": "aGI+dBVVZI6cMSLcmzGSwQ==", "updater": "rhel-vex", "name": "CVE-2025-52099", "description": "Integer Overflow vulnerability in SQLite SQLite3 v.3.50.0 allows a remote attacker to cause a denial of service via the setupLookaside function", "issued": "2025-10-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-52099 https://bugzilla.redhat.com/show_bug.cgi?id=2406257 https://www.cve.org/CVERecord?id=CVE-2025-52099 https://nvd.nist.gov/vuln/detail/CVE-2025-52099 http://sqlite3.com https://github.com/SCREAMBBY/CVE-2025-52099 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-52099.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "aW0iaUuIHg86jDWhWtL7pQ==": { "id": "aW0iaUuIHg86jDWhWtL7pQ==", "updater": "rhel-vex", "name": "CVE-2025-5915", "description": "A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5915 https://bugzilla.redhat.com/show_bug.cgi?id=2370865 https://www.cve.org/CVERecord?id=CVE-2025-5915 https://nvd.nist.gov/vuln/detail/CVE-2025-5915 https://github.com/libarchive/libarchive/pull/2599 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5915.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "auP5eLXo1pVa571Rdrqy8A==": { "id": "auP5eLXo1pVa571Rdrqy8A==", "updater": "rhel-vex", "name": "CVE-2025-5351", "description": "A flaw was found in the key export functionality of libssh. The issue occurs in the internal function responsible for converting cryptographic keys into serialized formats. During error handling, a memory structure is freed but not cleared, leading to a potential double free issue if an additional failure occurs later in the function. This condition may result in heap corruption or application instability in low-memory scenarios, posing a risk to system reliability where key export operations are performed.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5351 https://bugzilla.redhat.com/show_bug.cgi?id=2369367 https://www.cve.org/CVERecord?id=CVE-2025-5351 https://nvd.nist.gov/vuln/detail/CVE-2025-5351 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5351.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "cCowLuOsLfTMmPFOoqUVww==": { "id": "cCowLuOsLfTMmPFOoqUVww==", "updater": "rhel-vex", "name": "CVE-2024-0397", "description": "A vulnerability was found in Python. A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time that certificates are loaded into the SSLContext, such as during the TLS handshake with a configured certificate directory.", "issued": "2024-06-17T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0397 https://bugzilla.redhat.com/show_bug.cgi?id=2301891 https://www.cve.org/CVERecord?id=CVE-2024-0397 https://nvd.nist.gov/vuln/detail/CVE-2024-0397 https://mail.python.org/archives/list/security-announce@python.org/thread/BMAK5BCGKYWNJOACVUSLUF6SFGBIM4VP/ https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0397.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "dUct0H4Fen89ZeNxqRrDMg==": { "id": "dUct0H4Fen89ZeNxqRrDMg==", "updater": "rhel-vex", "name": "CVE-2025-5917", "description": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation.", "issued": "2025-05-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5917 https://bugzilla.redhat.com/show_bug.cgi?id=2370874 https://www.cve.org/CVERecord?id=CVE-2025-5917 https://nvd.nist.gov/vuln/detail/CVE-2025-5917 https://github.com/libarchive/libarchive/pull/2588 https://github.com/libarchive/libarchive/releases/tag/v3.8.0 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5917.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libarchive", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eohUFw28jV3sGLZE2CBPXA==": { "id": "eohUFw28jV3sGLZE2CBPXA==", "updater": "rhel-vex", "name": "CVE-2025-4878", "description": "A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption.", "issued": "2025-06-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4878 https://bugzilla.redhat.com/show_bug.cgi?id=2376184 https://www.cve.org/CVERecord?id=CVE-2025-4878 https://nvd.nist.gov/vuln/detail/CVE-2025-4878 https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1 https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4878.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "eqoqeJN8gMUINJLH2PXP7g==": { "id": "eqoqeJN8gMUINJLH2PXP7g==", "updater": "rhel-vex", "name": "CVE-2018-1000654", "description": "GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.", "issued": "2018-08-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2018-1000654 https://bugzilla.redhat.com/show_bug.cgi?id=1621972 https://www.cve.org/CVERecord?id=CVE-2018-1000654 https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000654.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libtasn1", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fXpWtuXNPi3tb2edhk37bw==": { "id": "fXpWtuXNPi3tb2edhk37bw==", "updater": "rhel-vex", "name": "CVE-2024-2236", "description": "A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.", "issued": "2024-03-06T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2236 https://bugzilla.redhat.com/show_bug.cgi?id=2245218 https://www.cve.org/CVERecord?id=CVE-2024-2236 https://nvd.nist.gov/vuln/detail/CVE-2024-2236 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2236.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fayrPya6DVXP9weWvA6obQ==": { "id": "fayrPya6DVXP9weWvA6obQ==", "updater": "rhel-vex", "name": "CVE-2024-7264", "description": "A flaw was found in libcurl, where libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If a syntactically incorrect field is given, the parser can use -1 for the length of the *time fraction*, leading to a `strlen()` performed on a pointer to a heap buffer area that is not purposely NULL terminated.", "issued": "2024-07-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-7264 https://bugzilla.redhat.com/show_bug.cgi?id=2301888 https://www.cve.org/CVERecord?id=CVE-2024-7264 https://nvd.nist.gov/vuln/detail/CVE-2024-7264 https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-7264.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "fvGjL9hw9hDQockMTb7lrA==": { "id": "fvGjL9hw9hDQockMTb7lrA==", "updater": "rhel-vex", "name": "CVE-2021-4209", "description": "A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.", "issued": "2021-12-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-4209 https://bugzilla.redhat.com/show_bug.cgi?id=2044156 https://www.cve.org/CVERecord?id=CVE-2021-4209 https://nvd.nist.gov/vuln/detail/CVE-2021-4209 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-4209.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gnutls", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gaFOKxy9D9KR/Iyd+kDZoA==": { "id": "gaFOKxy9D9KR/Iyd+kDZoA==", "updater": "rhel-vex", "name": "CVE-2025-50182", "description": "A flaw was found in urllib3. The library fails to properly validate redirect URLs, allowing an attacker to manipulate redirect chains when used in environments like Pyodide utilizing the JavaScript Fetch API. This lack of validation can enable a remote attacker to control the redirect destination, leading to arbitrary URL redirection. Consequently, an attacker can redirect users to malicious websites. This \nvulnerability stems from a failure to constrain the redirect target.", "issued": "2025-06-19T01:42:44Z", "links": "https://access.redhat.com/security/cve/CVE-2025-50182 https://bugzilla.redhat.com/show_bug.cgi?id=2373800 https://www.cve.org/CVERecord?id=CVE-2025-50182 https://nvd.nist.gov/vuln/detail/CVE-2025-50182 https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-50182.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "python-pip", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "gagftKXuSuh9pi4dRu9yPQ==": { "id": "gagftKXuSuh9pi4dRu9yPQ==", "updater": "rhel-vex", "name": "CVE-2024-2511", "description": "A flaw was found in OpenSSL. A malicious client can trigger an uncontrolled memory consumption, resulting in a Denial of Service. This issue occurs due to OpenSSL's TLSv1.3 session cache going into an incorrect state, leading to it failing to flush properly as it fills. OpenSSL must be configured with the non-default SSL_OP_NO_TICKET option enabled to be vulnerable. This issue only affects TLSv1.3 servers, while TLS clients are not affected.", "issued": "2024-04-08T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-2511 https://bugzilla.redhat.com/show_bug.cgi?id=2274020 https://www.cve.org/CVERecord?id=CVE-2024-2511 https://nvd.nist.gov/vuln/detail/CVE-2024-2511 https://www.openssl.org/news/vulnerabilities.html https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-2511.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "icj6a8bc4dYK/DJNvkU0+A==": { "id": "icj6a8bc4dYK/DJNvkU0+A==", "updater": "rhel-vex", "name": "CVE-2022-41409", "description": "A flaw was found in PCRE2, where it is susceptible to an integer overflow vulnerability triggered by a negative repeat value in the pcre2test subject line that causes infinite looping. This flaw allows a remote attacker to pass specially crafted data to the application, initiating an integer overflow and executing a denial of service (DoS) attack.", "issued": "2023-07-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-41409 https://bugzilla.redhat.com/show_bug.cgi?id=2260814 https://www.cve.org/CVERecord?id=CVE-2022-41409 https://nvd.nist.gov/vuln/detail/CVE-2022-41409 https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 https://github.com/PCRE2Project/pcre2/issues/141 https://github.com/advisories/GHSA-4qfx-v7wh-3q4j https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-41409.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "pcre2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "j1KIfSLRyAo+5FqbDzJbtg==": { "id": "j1KIfSLRyAo+5FqbDzJbtg==", "updater": "rhel-vex", "name": "CVE-2025-5278", "description": "A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.", "issued": "2025-05-27T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-5278 https://bugzilla.redhat.com/show_bug.cgi?id=2368764 https://www.cve.org/CVERecord?id=CVE-2025-5278 https://nvd.nist.gov/vuln/detail/CVE-2025-5278 https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-5278.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "coreutils", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jguV9kU5iHC5V/cF3+b/tg==": { "id": "jguV9kU5iHC5V/cF3+b/tg==", "updater": "rhel-vex", "name": "CVE-2025-3360", "description": "A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.", "issued": "2025-04-07T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-3360 https://bugzilla.redhat.com/show_bug.cgi?id=2357754 https://www.cve.org/CVERecord?id=CVE-2025-3360 https://nvd.nist.gov/vuln/detail/CVE-2025-3360 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-3360.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "jw1ZiDut5Ot+DyVFjCrixg==": { "id": "jw1ZiDut5Ot+DyVFjCrixg==", "updater": "rhel-vex", "name": "CVE-2020-19188", "description": "A flaw was found in the ncurses library. This issue occurs when processing a crafted terminfo database, causing a stack-based buffer overflow, resulting in an application crash, leading to a denial of service.", "issued": "2019-05-03T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2020-19188 https://bugzilla.redhat.com/show_bug.cgi?id=2234913 https://www.cve.org/CVERecord?id=CVE-2020-19188 https://nvd.nist.gov/vuln/detail/CVE-2020-19188 https://security.access.redhat.com/data/csaf/v2/vex/2020/cve-2020-19188.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kYYDrncBncmKkmFnSd5t3w==": { "id": "kYYDrncBncmKkmFnSd5t3w==", "updater": "rhel-vex", "name": "CVE-2017-6519", "description": "avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.", "issued": "2015-03-31T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2017-6519 https://bugzilla.redhat.com/show_bug.cgi?id=1426712 https://www.cve.org/CVERecord?id=CVE-2017-6519 https://nvd.nist.gov/vuln/detail/CVE-2017-6519 https://www.kb.cert.org/vuls/id/550620 https://security.access.redhat.com/data/csaf/v2/vex/2017/cve-2017-6519.json", "severity": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "kygc+dqbn+y+s1PQXT5WYQ==": { "id": "kygc+dqbn+y+s1PQXT5WYQ==", "updater": "rhel-vex", "name": "CVE-2025-10966", "description": "curl's code for managing SSH connections when SFTP was done using the wolfSSH\npowered backend was flawed and missed host verification mechanisms.\n\nThis prevents curl from detecting MITM attackers and more.", "issued": "2025-11-07T07:26:30Z", "links": "https://access.redhat.com/security/cve/CVE-2025-10966 https://bugzilla.redhat.com/show_bug.cgi?id=2413308 https://www.cve.org/CVERecord?id=CVE-2025-10966 https://nvd.nist.gov/vuln/detail/CVE-2025-10966 http://www.openwall.com/lists/oss-security/2025/11/05/2 https://curl.se/docs/CVE-2025-10966.html https://curl.se/docs/CVE-2025-10966.json https://github.com/curl/curl/commit/b011e3fcfb06d6c027859 https://hackerone.com/reports/3355218 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-10966.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "m8ueKfgkaYIYTU+xtIQcwA==": { "id": "m8ueKfgkaYIYTU+xtIQcwA==", "updater": "rhel-vex", "name": "CVE-2022-3857", "description": "[REJECTED CVE] A issue has been identified with libpng in png_setup_paeth_row() function. A crafted PNG image from a n attacker can lead to a segmentation fault and Denial of service.", "issued": "2022-11-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-3857 https://bugzilla.redhat.com/show_bug.cgi?id=2142600 https://www.cve.org/CVERecord?id=CVE-2022-3857 https://nvd.nist.gov/vuln/detail/CVE-2022-3857 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-3857.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "java-17-openjdk", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "mRazAXjBcgFrTolNDZHDsA==": { "id": "mRazAXjBcgFrTolNDZHDsA==", "updater": "rhel-vex", "name": "CVE-2025-6069", "description": "A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.", "issued": "2025-06-17T13:39:46Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6069 https://bugzilla.redhat.com/show_bug.cgi?id=2373234 https://www.cve.org/CVERecord?id=CVE-2025-6069 https://nvd.nist.gov/vuln/detail/CVE-2025-6069 https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949 https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41 https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b https://github.com/python/cpython/issues/135462 https://github.com/python/cpython/pull/135464 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6069.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "n83jaRl/T6kiaoMyWtX8xw==": { "id": "n83jaRl/T6kiaoMyWtX8xw==", "updater": "rhel-vex", "name": "CVE-2021-24032", "description": "A flaw was found in zstd. While the final file mode is reflective of the input file, when compressing or uncompressing, the file can temporarily gain greater permissions than the input and potentially leading to security issues (especially if large files are being handled).", "issued": "2021-02-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-24032 https://bugzilla.redhat.com/show_bug.cgi?id=1928090 https://www.cve.org/CVERecord?id=CVE-2021-24032 https://nvd.nist.gov/vuln/detail/CVE-2021-24032 https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-24032.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "zstd", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "nYtstWEUOCTbjAlmYOKURA==": { "id": "nYtstWEUOCTbjAlmYOKURA==", "updater": "rhel-vex", "name": "CVE-2025-4516", "description": "A vulnerability has been identified in CPython's bytes.decode() function when used with the \"unicode_escape\" encoding and the \"ignore\" or \"replace\" error handling modes. This flaw can result in the incorrect decoding of byte strings. While this may not directly lead to traditional security breaches like data exfiltration, the resulting unexpected program behavior could introduce instability, logic errors, or unintended side effects within applications that rely on this specific decoding functionality.", "issued": "2025-05-15T13:29:20Z", "links": "https://access.redhat.com/security/cve/CVE-2025-4516 https://bugzilla.redhat.com/show_bug.cgi?id=2366509 https://www.cve.org/CVERecord?id=CVE-2025-4516 https://nvd.nist.gov/vuln/detail/CVE-2025-4516 https://github.com/python/cpython/commit/69b4387f78f413e8c47572a85b3478c47eba8142 https://github.com/python/cpython/commit/9f69a58623bd01349a18ba0c7a9cb1dad6a51e8e https://github.com/python/cpython/issues/133767 https://github.com/python/cpython/pull/129648 https://mail.python.org/archives/list/security-announce@python.org/thread/L75IPBBTSCYEF56I2M4KIW353BB3AY74/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-4516.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "npQpPXYG8xMJ1LRSVSnKGA==": { "id": "npQpPXYG8xMJ1LRSVSnKGA==", "updater": "rhel-vex", "name": "CVE-2025-8114", "description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "issued": "2025-07-24T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8114 https://bugzilla.redhat.com/show_bug.cgi?id=2383220 https://www.cve.org/CVERecord?id=CVE-2025-8114 https://nvd.nist.gov/vuln/detail/CVE-2025-8114 https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d https://git.libssh.org/projects/libssh.git/commit/?id=65f363c9 https://www.libssh.org/security/advisories/CVE-2025-8114.txt https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8114.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "pjb5LKdJAfqIzj4N6YBwUQ==": { "id": "pjb5LKdJAfqIzj4N6YBwUQ==", "updater": "rhel-vex", "name": "CVE-2024-11053", "description": "A flaw was found in curl. A logic error when processing credentials from the .netrc file while performing redirects allows the transfer of credentials from the original host to the followed-to host under certain circumstances, leaking the credentials to the followed-to host.", "issued": "2024-12-11T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-11053 https://bugzilla.redhat.com/show_bug.cgi?id=2331191 https://www.cve.org/CVERecord?id=CVE-2024-11053 https://nvd.nist.gov/vuln/detail/CVE-2024-11053 https://www.oracle.com/security-alerts/cpujan2025.html#AppendixMSQL https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-11053.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "qXNASosSuCsudML1MqXPjw==": { "id": "qXNASosSuCsudML1MqXPjw==", "updater": "rhel-vex", "name": "CVE-2023-27534", "description": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "issued": "2023-03-20T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-27534 https://bugzilla.redhat.com/show_bug.cgi?id=2179069 https://www.cve.org/CVERecord?id=CVE-2023-27534 https://nvd.nist.gov/vuln/detail/CVE-2023-27534 https://curl.se/docs/CVE-2023-27534.html https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-27534.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "curl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "rVgBV65FWtFg3jitEqotFA==": { "id": "rVgBV65FWtFg3jitEqotFA==", "updater": "rhel-vex", "name": "CVE-2024-0727", "description": "A flaw was found in OpenSSL. The optional ContentInfo fields can be set to null, even if the \"type\" is a valid value, which can lead to a null dereference error that may cause a denial of service.", "issued": "2024-01-22T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-0727 https://bugzilla.redhat.com/show_bug.cgi?id=2259944 https://www.cve.org/CVERecord?id=CVE-2024-0727 https://nvd.nist.gov/vuln/detail/CVE-2024-0727 https://github.com/openssl/openssl/pull/23362 https://www.openssl.org/news/secadv/20240125.txt https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-0727.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "openssl", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sGwL9v57mGx7f18qBkIacA==": { "id": "sGwL9v57mGx7f18qBkIacA==", "updater": "rhel-vex", "name": "CVE-2025-6075", "description": "A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.", "issued": "2025-10-31T16:41:34Z", "links": "https://access.redhat.com/security/cve/CVE-2025-6075 https://bugzilla.redhat.com/show_bug.cgi?id=2408891 https://www.cve.org/CVERecord?id=CVE-2025-6075 https://nvd.nist.gov/vuln/detail/CVE-2025-6075 https://github.com/python/cpython/issues/136065 https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/ https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-6075.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "python3", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "sRVcQFAdq4Ll42smqacaCw==": { "id": "sRVcQFAdq4Ll42smqacaCw==", "updater": "rhel-vex", "name": "CVE-2022-27943", "description": "A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangle_const() function in libiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a victim to open a specially-crafted file, an attacker could cause a denial of service.", "issued": "2022-03-26T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2022-27943 https://bugzilla.redhat.com/show_bug.cgi?id=2071728 https://www.cve.org/CVERecord?id=CVE-2022-27943 https://nvd.nist.gov/vuln/detail/CVE-2022-27943 https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27943.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "gcc", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "slNZdfOtsG1OvFYuq1BzQw==": { "id": "slNZdfOtsG1OvFYuq1BzQw==", "updater": "rhel-vex", "name": "CVE-2023-50495", "description": "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", "issued": "2023-12-12T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-50495 https://bugzilla.redhat.com/show_bug.cgi?id=2254244 https://www.cve.org/CVERecord?id=CVE-2023-50495 https://nvd.nist.gov/vuln/detail/CVE-2023-50495 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-50495.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "t4oe6DBPNf5Ikk93RfTdig==": { "id": "t4oe6DBPNf5Ikk93RfTdig==", "updater": "rhel-vex", "name": "CVE-2019-12904", "description": "[Disputed] A vulnerability has been identified in Libgcrypt due to a flaw in its C implementation of AES. This vulnerability enables a remote attacker to perform a flush-and-reload side-channel attack, potentially accessing sensitive information. The vulnerability arises from the availability of physical addresses to other processes, particularly on platforms lacking an assembly-language implementation.", "issued": "2019-07-16T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-12904 https://bugzilla.redhat.com/show_bug.cgi?id=1730320 https://www.cve.org/CVERecord?id=CVE-2019-12904 https://nvd.nist.gov/vuln/detail/CVE-2019-12904 https://dev.gnupg.org/T4541 https://lists.gnupg.org/pipermail/gcrypt-devel/2019-July/004760.html https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-12904.html https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-12904.json", "severity": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "libgcrypt", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "uxd8tIEkk+r2hWTEgvyv8w==": { "id": "uxd8tIEkk+r2hWTEgvyv8w==", "updater": "rhel-vex", "name": "CVE-2019-9936", "description": "In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.", "issued": "2019-03-18T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2019-9936 https://bugzilla.redhat.com/show_bug.cgi?id=1692365 https://www.cve.org/CVERecord?id=CVE-2019-9936 https://nvd.nist.gov/vuln/detail/CVE-2019-9936 https://security.access.redhat.com/data/csaf/v2/vex/2019/cve-2019-9936.json", "severity": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "normalized_severity": "Low", "package": { "id": "", "name": "sqlite", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xCUiEQAH1lfhrKtUxQDIYA==": { "id": "xCUiEQAH1lfhrKtUxQDIYA==", "updater": "rhel-vex", "name": "CVE-2021-39537", "description": "A heap overflow vulnerability has been identified in the ncurses package, particularly in the \"tic\". This flaw results from a lack of proper bounds checking during input processing. By exploiting this boundary error, an attacker can create a malicious file, deceive the victim into opening it using the affected software, and initiate an out-of-bounds write, potentially impacting system availability.", "issued": "2020-08-04T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2021-39537 https://bugzilla.redhat.com/show_bug.cgi?id=2006978 https://www.cve.org/CVERecord?id=CVE-2021-39537 https://nvd.nist.gov/vuln/detail/CVE-2021-39537 https://lists.gnu.org/archive/html/bug-ncurses/2020-08/msg00006.html https://security.access.redhat.com/data/csaf/v2/vex/2021/cve-2021-39537.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "ncurses", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "xLIujTim86EomaRofe4tDg==": { "id": "xLIujTim86EomaRofe4tDg==", "updater": "rhel-vex", "name": "CVE-2023-32611", "description": "A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.", "issued": "2022-12-14T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2023-32611 https://bugzilla.redhat.com/show_bug.cgi?id=2211829 https://www.cve.org/CVERecord?id=CVE-2023-32611 https://nvd.nist.gov/vuln/detail/CVE-2023-32611 https://gitlab.gnome.org/GNOME/glib/-/issues/2797 https://security.access.redhat.com/data/csaf/v2/vex/2023/cve-2023-32611.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "normalized_severity": "Low", "package": { "id": "", "name": "glib2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yePhQ2wYSrZV2+z+gEbpRg==": { "id": "yePhQ2wYSrZV2+z+gEbpRg==", "updater": "rhel-vex", "name": "CVE-2025-9714", "description": "A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.", "issued": "2025-09-02T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-9714 https://bugzilla.redhat.com/show_bug.cgi?id=2392605 https://www.cve.org/CVERecord?id=CVE-2025-9714 https://nvd.nist.gov/vuln/detail/CVE-2025-9714 https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21 https://gitlab.gnome.org/GNOME/libxslt/-/issues/148 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-9714.json", "severity": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "normalized_severity": "Medium", "package": { "id": "", "name": "libxml2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "yuFlxOGqQlDuMCywIIELNw==": { "id": "yuFlxOGqQlDuMCywIIELNw==", "updater": "rhel-vex", "name": "CVE-2025-30258", "description": "A flaw was found in GnuPG. In affected versions, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, leading to a verification denial of service.", "issued": "2025-03-19T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-30258 https://bugzilla.redhat.com/show_bug.cgi?id=2353427 https://www.cve.org/CVERecord?id=CVE-2025-30258 https://nvd.nist.gov/vuln/detail/CVE-2025-30258 https://dev.gnupg.org/T7527 https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158 https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-30258.json", "severity": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "gnupg2", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zMNYUY09QO2aCVD23XG4dw==": { "id": "zMNYUY09QO2aCVD23XG4dw==", "updater": "rhel-vex", "name": "CVE-2025-8277", "description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "issued": "2025-09-09T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2025-8277 https://bugzilla.redhat.com/show_bug.cgi?id=2383888 https://www.cve.org/CVERecord?id=CVE-2025-8277 https://nvd.nist.gov/vuln/detail/CVE-2025-8277 https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8277.json", "severity": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", "normalized_severity": "Low", "package": { "id": "", "name": "libssh", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" }, "zm9S9CFdip1s25g9TUWF5w==": { "id": "zm9S9CFdip1s25g9TUWF5w==", "updater": "rhel-vex", "name": "CVE-2024-52616", "description": "A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.", "issued": "2024-11-15T00:00:00Z", "links": "https://access.redhat.com/security/cve/CVE-2024-52616 https://bugzilla.redhat.com/show_bug.cgi?id=2326429 https://www.cve.org/CVERecord?id=CVE-2024-52616 https://nvd.nist.gov/vuln/detail/CVE-2024-52616 https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-52616.json", "severity": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "normalized_severity": "Medium", "package": { "id": "", "name": "avahi", "version": "", "kind": "source", "normalized_version": "", "cpe": "" }, "distribution": { "id": "", "did": "", "name": "", "version": "", "version_code_name": "", "version_id": "", "arch": "", "cpe": "", "pretty_name": "" }, "repository": { "name": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "key": "rhel-cpe-repository", "cpe": "cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*" }, "fixed_in_version": "" } }, "package_vulnerabilities": { "+hvIC0Et/RtHi7EAFCmfEw==": [ "O6eQrDqYe8zCvECWFMIzFQ==", "MRnBR1NwPejsF0F/Po53Ew==" ], "+qrxjVH7Im8eBfrz4h4P/w==": [ "Zp9+pixFuNBueE2yO610gQ==" ], "/ji9IJ9FfNcwqVRbMWZshQ==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "0+9x6aIRcNDCM7R94cpzew==": [ "m8ueKfgkaYIYTU+xtIQcwA==" ], "4uQuJg+li+gGAwnGRDcs+w==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "64trMyh8WGXpZhV47fwq2Q==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "7eg89eCgA75bJ7WhhN/T4Q==": [ "eqoqeJN8gMUINJLH2PXP7g==" ], "9uhqFNTCJ7/bpzSlc7qCaQ==": [ "t4oe6DBPNf5Ikk93RfTdig==", "fXpWtuXNPi3tb2edhk37bw==" ], "AuC6XQzcU/5tB4luIfjLFg==": [ "HTk+AAyRWNCrZTtBLx34Aw==", "FJHSWZFQM9fVMQc3QtVQPw==" ], "BPsD0kkdIoK3KQUZ5DpJjw==": [ "ZvX4VR3jvMBd1Wq+RxNTgg==" ], "EiNiLT8ulizCzEWcybhizQ==": [ "67wdTiqcWV3p/1jcCq6EHA==" ], "H/znvON46YQfVvzT/b1oJQ==": [ "/1CYFiexnJcM7p4YrI/FVg==", "3IgZDz5UYkhu/U1/4kSWKg==" ], "JWP1zeBb3fsabIOohe0zxQ==": [ "pjb5LKdJAfqIzj4N6YBwUQ==", "qXNASosSuCsudML1MqXPjw==", "4cbsfdCH9eaZyP7cnO4ayw==", "fayrPya6DVXP9weWvA6obQ==", "kygc+dqbn+y+s1PQXT5WYQ==" ], "MqWy2ztZwvwiD3S+M3fOgQ==": [ "fvGjL9hw9hDQockMTb7lrA==" ], "N1RbIRo2SyHosQefv+skDw==": [ "UbmdE2pHXRFccv8l1e02Jw==" ], "N3ZaMrNJKoumMpaY0smlMQ==": [ "5B1tQ2BK8z/YjRkYcvwqag==", "YxArgGZ2k3AOfJkjsHVAEg==", "aGI+dBVVZI6cMSLcmzGSwQ==", "8ZxbhBIT+9Mj99/XbMpLSQ==", "uxd8tIEkk+r2hWTEgvyv8w==" ], "NguWV8S6YQYvQsGQDJm2Rg==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "POPH5BJ/Q4Bfen05TT291g==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "PpyARLP/xBpaE8+NP5fWog==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "QC6e3OaV78mjs678tGU2KQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "UUZyda9G/ffvF6rJ5W1UnQ==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "Wq1n4jzKBPdL9z5l5HD99w==": [ "Q56kx76uLWIhLRNIyon0jg==", "AE8Cp1u8I9t52OYW7oGU4w==", "EQ4eP3gKo3y8JsWUiWr6+g==", "dUct0H4Fen89ZeNxqRrDMg==", "aW0iaUuIHg86jDWhWtL7pQ==", "YiJlkUTKf0/7+ORZMmQ2cw==", "8Sec+JvKiQWGqYCOBdZhjg==", "4/mftydHpy90Umw3G0mTuQ==", "V3pl8W8hmQWZZasRgG5a8w==", "DDWmqlxBSfXi2KJJ5mwTNg==" ], "X+Ae9zKuAx9THOOUSwNTBw==": [ "BooDzA4nzaDI1l3E5zAHgg==", "H2CablNBrQ/I5AsUjk5xyw==", "a067YUjLHWzR99JNl/RtGQ==" ], "YjDcGmvP0/z8VqRiUvkhOQ==": [ "yuFlxOGqQlDuMCywIIELNw==", "W/d4trZ7jb2yxjrq4cNOWA==" ], "YtdL4ZI7QAhSZw75UuDn3w==": [ "mRazAXjBcgFrTolNDZHDsA==", "cCowLuOsLfTMmPFOoqUVww==", "RVCidRUm4D1IKoPhoUi2AA==", "+aBBge+GaHuGkuNbilZwZQ==", "nYtstWEUOCTbjAlmYOKURA==", "HKrLnQyTw1292mNt3MQ0aQ==", "5ZHvcDYhgzWjwNpRgF2u1w==", "JXwHXBfASq3ms2TjI7rMDg==", "sGwL9v57mGx7f18qBkIacA==" ], "auI8KtI6OozP7EAIr9UlQQ==": [ "icj6a8bc4dYK/DJNvkU0+A==" ], "f/Al/eNlUhjEgKSV0J2z7w==": [ "HuLJLN6ajygY/CpLyzV5lw==", "8I2jFG8JRR+6+eqqYlXhAg==", "gaFOKxy9D9KR/Iyd+kDZoA==", "QSNBg/XspHcBwSxBTMU4rg==" ], "h53SWWmMQUh4cLyBmYeNvw==": [ "zm9S9CFdip1s25g9TUWF5w==", "A1D09TCsbOQVpq/+8WoQbg==", "kYYDrncBncmKkmFnSd5t3w==" ], "hSTTMcRX1DBcXc+8jKeg3Q==": [ "Lr7APYpoHx1Gcopp0lkBGQ==", "ZSIgoENQ6JuxP4rnSyyi7Q==", "sRVcQFAdq4Ll42smqacaCw==" ], "k/BpvWmZ5EVfmiPqpZ3pGw==": [ "Jp8I3sPTlXeHXHgAreqqhQ==" ], "k4gCNgIfg7MM/e42ThRx2w==": [ "n83jaRl/T6kiaoMyWtX8xw==", "AZQ9MHTiNLYiRU7sYZlVGw==" ], "ka4b0+TZOGmroTz/rrRQcg==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ], "kwc9NYOQig+qWs5qmBRL/w==": [ "S7qx7a03HASsJhyQafvXjg==", "VsocCwaFpF6PzdX5PxR+sQ==", "HuOxI+pWjgGV0XsBvltzlg==", "73+OfODwepfBuK+I3748Fg==", "slNZdfOtsG1OvFYuq1BzQw==", "xCUiEQAH1lfhrKtUxQDIYA==", "SHxE0qXbBmDEp/LL1ieJeA==", "ZTGiJlkqcqrCLJSY/Sq8lA==", "673FKazcUiydbfN5c6amaw==", "jw1ZiDut5Ot+DyVFjCrixg==" ], "mThcA5Cjw8Jx10odGCZOkw==": [ "j1KIfSLRyAo+5FqbDzJbtg==" ], "mtrWxjnWyzrIFOuHVeUG6g==": [ "9uK7ZDYgFtqP786n0QunAg==", "UMD4nV1Ky5C5eKUMgtnKzw==", "UoEFDYM+Gqf2mdRJh5HUFw==", "8rxYDEPu2XxazQ3cBUhX0Q==" ], "oSDtB9GflLljTYeOAikyIQ==": [ "KaROgE0QmtiOixMG9Wi1RA==", "EiL50P2QSOoRA18XAAH6Pg==", "xLIujTim86EomaRofe4tDg==", "EKs36DFwHVCzU/cF0Be9pQ==", "jguV9kU5iHC5V/cF3+b/tg==" ], "peUaHHW4E9Y6Nd8+gJR5cQ==": [ "npQpPXYG8xMJ1LRSVSnKGA==", "auP5eLXo1pVa571Rdrqy8A==", "eohUFw28jV3sGLZE2CBPXA==", "zMNYUY09QO2aCVD23XG4dw==", "MFbUtT0neIad8NIiyrLiIQ==" ], "sY/EIxTXZqd77FJQP7GUhw==": [ "QcOTYeOedG0AUhPSakMpIA==", "gagftKXuSuh9pi4dRu9yPQ==", "PcNbuWOo0ahqjfbOQhXvvQ==", "86unVXyTxdffdcXWZTYw5g==", "Fp999hDC/lucBsNHwOlp/A==", "GdQLWMRLabDlPGuh+LwiMg==", "6FQUI3OxX4C5skWXKgq80Q==", "UPzTyNn8ZLXlb+bwRFPPTA==", "QUtTYJuHdkAOgtveagWUfA==", "rVgBV65FWtFg3jitEqotFA==" ], "y1KXv1Wa0o6q+5/jJ4FmmA==": [ "TLOrmSYL76Du+GI4WD9gMQ==", "EiJx6rOT8KoLX+Wu7/N6HQ==", "KGXy4/PIqmqxgmdGe+CSOw==", "yePhQ2wYSrZV2+z+gEbpRg==", "G7IyfoPhe9f8QzIGbOfn7Q==" ], "yI01txXPQZENPfjF45L+Zw==": [ "+nHq7dak7Hkjcru/xpwzhQ==", "L7QbkTbsy8v3tMfOqNsVKQ==" ] }, "enrichments": {} } pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-oci-attach-report: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: konflux-demo-component-tfry-on-push-wvxrt-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 8, "warnings": [ { "msg": "Found packages with unpatched medium vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: cups-libs-1:2.2.6-66.el8_10 (CVE-2023-4504), elfutils-libelf-0.190-2.el8 (CVE-2021-33294), file-libs-5.33-27.el8_10 (CVE-2019-8905), libssh-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0466, CVE-2025-9230), systemd-libs-239-82.el8_10.13 (CVE-2018-20839, CVE-2025-4598), sqlite-libs-3.26.0-20.el8_10 (CVE-2025-52099), libarchive-3.3.3-6.el8_10 (CVE-2024-57970, CVE-2025-25724, CVE-2025-60753), expat-2.5.0-1.el8_10 (CVE-2024-28757), curl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libxml2-2.9.7-21.el8_10.3 (CVE-2025-9714), platform-python-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), tar-2:1.30-11.el8_10 (CVE-2025-45582), libcurl-7.61.1-34.el8_10.9 (CVE-2025-10966, CVE-2025-9086), libzstd-1.4.4-1.el8 (CVE-2022-4899), coreutils-single-8.30-16.el8_10 (CVE-2025-5278), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19217), libssh-config-0.9.6-16.el8_10 (CVE-2025-5351, CVE-2025-5987, CVE-2025-8114), avahi-libs-0.7-27.el8_10.1 (CVE-2024-52615, CVE-2024-52616), python3-libs-3.6.8-72.el8_10 (CVE-2025-0938, CVE-2025-4516, CVE-2025-6069, CVE-2025-8291), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19217), libgcrypt-1.8.5-7.el8_6 (CVE-2019-12904, CVE-2024-2236), lz4-libs-1.8.3-5.el8_10 (CVE-2025-62813), python3-pip-wheel-9.0.3-24.el8 (CVE-2023-45803, CVE-2025-50181, CVE-2025-50182)", "name": "clair_unpatched_medium_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 44 } }, { "msg": "Found packages with unpatched low/negligible vulnerabilities. These vulnerabilities don't have a known fix at this time.", "metadata": { "details": { "description": "Vulnerabilities found: cups-libs-1:2.2.6-66.el8_10 (CVE-2021-25317), elfutils-libelf-0.190-2.el8 (CVE-2024-25260), gawk-4.2.1-4.el8 (CVE-2023-4156), nss-util-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), file-libs-5.33-27.el8_10 (CVE-2019-8906), libssh-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), gnupg2-2.2.20-4.el8_10 (CVE-2022-3219, CVE-2025-30258), openssl-libs-1:1.1.1k-14.el8_10 (CVE-2023-0464, CVE-2023-0465, CVE-2023-2650, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511, CVE-2024-41996, CVE-2024-4741), systemd-libs-239-82.el8_10.13 (CVE-2021-3997), java-17-openjdk-headless-1:17.0.18.0.8-1.el8 (CVE-2022-3857), libgcc-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), sqlite-libs-3.26.0-20.el8_10 (CVE-2019-19244, CVE-2019-9936, CVE-2019-9937, CVE-2024-0232), dbus-libs-1:1.12.8-27.el8_10 (CVE-2020-35512), libarchive-3.3.3-6.el8_10 (CVE-2018-1000879, CVE-2018-1000880, CVE-2025-1632, CVE-2025-5915, CVE-2025-5916, CVE-2025-5917, CVE-2025-5918), gnutls-3.6.16-8.el8_10.4 (CVE-2021-4209), curl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libstdc++-8.5.0-28.el8_10 (CVE-2018-20657, CVE-2019-14250, CVE-2022-27943), libxml2-2.9.7-21.el8_10.3 (CVE-2023-45322, CVE-2024-34459, CVE-2025-27113, CVE-2025-6170), platform-python-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), tar-2:1.30-11.el8_10 (CVE-2019-9923, CVE-2021-20193, CVE-2023-39804), libcurl-7.61.1-34.el8_10.9 (CVE-2023-27534, CVE-2024-11053, CVE-2024-7264), libzstd-1.4.4-1.el8 (CVE-2021-24032), nss-sysinit-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-base-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), glib2-2.56.4-168.el8_10 (CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32665, CVE-2025-3360), libssh-config-0.9.6-16.el8_10 (CVE-2025-4878, CVE-2025-8277), pcre2-10.32-3.el8_6 (CVE-2022-41409), avahi-libs-0.7-27.el8_10.1 (CVE-2017-6519), libtasn1-4.13-5.el8_10 (CVE-2018-1000654), python3-libs-3.6.8-72.el8_10 (CVE-2019-9674, CVE-2024-0397, CVE-2024-7592, CVE-2025-1795, CVE-2025-6075), nss-softokn-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), nss-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), ncurses-libs-6.1-10.20180224.el8 (CVE-2018-19211, CVE-2020-19185, CVE-2020-19186, CVE-2020-19187, CVE-2020-19188, CVE-2020-19189, CVE-2020-19190, CVE-2021-39537, CVE-2023-50495), nss-softokn-freebl-3.112.0-4.el8_10 (CVE-2020-12413, CVE-2024-7531), shadow-utils-2:4.6-23.el8_10 (CVE-2024-56433), python3-pip-wheel-9.0.3-24.el8 (CVE-2018-20225)", "name": "clair_unpatched_low_vulnerabilities", "url": "https://access.redhat.com/articles/red_hat_vulnerability_tutorial" }, "vulnerabilities_number": 101 } } ] } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":44,"low":101,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "digests": ["sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d"]}} {"result":"SUCCESS","timestamp":"2026-02-10T22:28:05+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | init container: place-scripts 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-0-tm4n8 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-1-57fvp pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Detecting artifact type for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d. Detected container image. Processing image manifests. Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 18.250 sec (0 m 18 s) Start Date: 2026:02:10 22:27:55 End Date: 2026:02:10 22:28:13 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27907/Mon Feb 9 07:25:09 2026 Database version: 27907 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1770762493","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "digests": ["sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d"]}} pod: konflux-demo-component-tfry-on-push-wvxrt-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 4a7a758d91a7 clamscan-ec-test-amd64.json Uploading af950738c01d clamscan-result-amd64.log Uploaded af950738c01d clamscan-result-amd64.log Uploaded 4a7a758d91a7 clamscan-ec-test-amd64.json Uploading b383f3437e01 application/vnd.oci.image.manifest.v1+json Uploaded b383f3437e01 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:b383f3437e01c6beab68a8518834005e0e61a57ff635470af3d8786188c119a2 pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | init container: prepare 2026/02/10 22:25:37 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | init container: place-scripts 2026/02/10 22:25:38 Decoded script /tekton/scripts/script-0-xzrdp 2026/02/10 22:25:38 Decoded script /tekton/scripts/script-1-kvhcv pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1770762342.2574856,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762342.4401124,"caller":"git/git.go:223","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/hacbs-test-project-konflux-demo @ e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 (grafted, HEAD) in path /var/workdir/source"} {"level":"info","ts":1770762342.440163,"caller":"git/git.go:394","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1770762342.4639735,"caller":"git/git.go:277","msg":"Successfully initialized and updated submodules in path /var/workdir/source"} Merge option disabled. Using checked-out revision e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 directly. pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-symlink-check: Running symlink check pod: konflux-demo-component-tfry-on-push-wvxrt-clone-repository-pod | container step-create-trusted-artifact: Prepared artifact from /var/workdir/source (sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e) Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras push --registry-config /tmp/create-oci.sh.dzvm6W/auth-okbCKs.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637.git SOURCE_ARTIFACT Uploading e29222012231 SOURCE_ARTIFACT Uploaded e29222012231 SOURCE_ARTIFACT Pushed [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637.git ArtifactType: application/vnd.unknown.artifact.v1 Digest: sha256:39626e614b4eb60339cb6d3b2e3f4019abdd200918498b145e0ec80b0c1bc303 Artifacts created pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | init container: prepare 2026/02/10 22:25:29 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | init container: place-scripts 2026/02/10 22:25:30 Decoded script /tekton/scripts/script-0-869mq pod: konflux-demo-component-tfry-on-push-wvxrt-init-pod | container step-init: Fetching cluster-config from konflux-info namespace... Warning: Failed to fetch cluster-config ConfigMap. Proceeding with defaults. Cache proxy disabled (cluster-enabled: true, task-enable: false) Setting HTTP_PROXY to Setting NO_PROXY to pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-kttxs pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.TFexH6/auth-Jjw8S4.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source pod: konflux-demo-component-tfry-on-push-wvxrt-push-dockerfile-pod | container step-push: [2026-02-10T22:27:43,826027760+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.5YnCL8SPdv --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:sha256-c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d.dockerfile Dockerfile pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-f29ht 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-js7qk pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.4hZesI/auth-ez8dIr.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/var/workdir/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/var/workdir/source/. ++ realpath -m /var/workdir/source/. + resolved_path=/var/workdir/source + [[ /var/workdir/source == \/\v\a\r\/\w\o\r\k\d\i\r\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /var/workdir/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/var/workdir/source /var/workdir/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/var/workdir/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-108.json ./shellcheck-results/sc-114.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-129.json ./shellcheck-results/sc-75.json ./shellcheck-results/sc-78.json ./shellcheck-results/sc-79.json ./shellcheck-results/sc-80.json ./shellcheck-results/sc-83.json ./shellcheck-results/sc-87.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check-oci-ta completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check-oci-ta completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check-oci-ta completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:27:44+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check-oci-ta completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-shell-check-oci-ta completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry-on-push-wvxrt-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading c7b1bdd4ee1c application/vnd.oci.image.manifest.v1+json Uploaded c7b1bdd4ee1c application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:c7b1bdd4ee1cc8f2a4174f967f7b42b217d3f8b52e1a7f209d4b91328ead9929 No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-jphtj 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-rzwbx pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.IrYrhJ/auth-DDPhlK.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: konflux-demo-component-tfry INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-snyk-check-oci-ta skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: konflux-demo-component-tfry-on-push-wvxrt-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | init container: place-scripts 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-1-ffmbt 2026/02/10 22:27:39 Decoded script /tekton/scripts/script-2-7g6nq pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-use-trusted-artifact: Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Executing: oras blob fetch --registry-config /tmp/use-oci.sh.rXZiJH/auth-R3Y6S5.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output - Restored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source WARN: artifact URI not provided, (given: =/var/workdir/cachi2) pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-sast-unicode-check: + . /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=konflux-demo-component-tfry + echo 'INFO: The PROJECT_NAME used is: konflux-demo-component-tfry' INFO: The PROJECT_NAME used is: konflux-demo-component-tfry + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust + SCAN_PROP=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 + FUC_EXIT_CODE=0 + LANG=en_US.utf8 + find_unicode_control.py -p bidi -v -d -t /var/workdir/source + [[ 0 -ne 0 ]] + sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\1: warning:\2|' -e 's|^|Error: UNICONTROL_WARNING:\n|' + CSGERP_OPTS=(--mode=json --remove-duplicates --embed-context=3 --set-scan-prop="${SCAN_PROP}" --strip-path-prefix="${SOURCE_CODE_DIR}"/source/) + csgrep --mode=json --remove-duplicates --embed-context=3 --set-scan-prop=https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58 --strip-path-prefix=/var/workdir/source/ raw_sast_unicode_check_out.txt + csgrep --mode=evtstat processed_sast_unicode_check_out.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + mv processed_sast_unicode_check_out.json sast_unicode_check_out.json + csgrep --mode=sarif sast_unicode_check_out.json + [[ 0 -eq 0 ]] + note='Task sast-unicode-check-oci-ta success: No finding was detected' ++ make_result_json -r SUCCESS -t 'Task sast-unicode-check-oci-ta success: No finding was detected' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-unicode-check-oci-ta success: No finding was detected' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2026-02-10T22:27:44+00:00 --arg result SUCCESS --arg note 'Task sast-unicode-check-oci-ta success: No finding was detected' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + ERROR_OUTPUT='{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2026-02-10T22:27:44+00:00","note":"Task sast-unicode-check-oci-ta success: No finding was detected","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: konflux-demo-component-tfry49ab7d4bdce9a02c8f919bd0e63f69c4-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Attaching to quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d sast_unicode_check_out.sarif:application/sarif+json Preparing sast_unicode_check_out.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 1da9b99b8b41 sast_unicode_check_out.sarif Uploading 87fa7513c1ac application/vnd.oci.image.manifest.v1+json Uploaded 87fa7513c1ac application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637@sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d Digest: sha256:87fa7513c1acb8951910f4b0d0c0248ba7056a7b7698fcf181bf451a305d040d No excluded-findings.json exists. Skipping upload. pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | init container: prepare 2026/02/10 22:25:46 Entrypoint initialization pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | init container: place-scripts 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-0-l6kkp 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-2-ctgsw 2026/02/10 22:25:47 Decoded script /tekton/scripts/script-3-f6cpx pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-skip-ta: pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-use-trusted-artifact: WARN: found skip file in /var/workdir/source pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-sanitize-config-file-with-yq: pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-prefetch-dependencies: No prefetch will be performed because no input was provided pod: konflux-demo-component-tfryee528ac4a8a123e3c259536593b894c3-pod | container step-create-trusted-artifact: WARN: found skip file in /var/workdir/source WARN: found skip file in /var/workdir/cachi2 pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | init container: prepare 2026/02/10 22:27:38 Entrypoint initialization pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | init container: place-scripts 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-0-m2j7z 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-1-wrjhf 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-2-26l5z 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-3-x9gjz 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-4-7w75n 2026/02/10 22:27:38 Decoded script /tekton/scripts/script-5-nvbfz pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 Using token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry Auth json written to "/auth/auth.json". pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-set-skip-for-bundles: 2026/02/10 22:27:43 INFO Step was skipped due to when expressions were evaluated to false. pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-app-check: time="2026-02-10T22:27:43Z" level=info msg="certification library version" version="1.16.0 " time="2026-02-10T22:27:43Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 for platform amd64" time="2026-02-10T22:27:43Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637" time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasLicense result=FAILED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasNoProhibitedPackages result=PASSED time="2026-02-10T22:27:51Z" level=info msg="check completed" check=HasRequiredLabel result=PASSED time="2026-02-10T22:27:51Z" level=info msg="USER 185 specified that is non-root" check=RunAsNonRoot time="2026-02-10T22:27:51Z" level=info msg="check completed" check=RunAsNonRoot result=PASSED time="2026-02-10T22:28:00Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2026-02-10T22:28:00Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2026-02-10T22:28:00Z" level=info msg="This image's tag e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 will be paired with digest sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", "version": "1.16.0", "commit": "b4a231cf9d50c5471eed598b3b48906eb5b9f3f7" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasNoProhibitedPackages", "elapsed_time": 35, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages." }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication" }, { "name": "HasModifiedFiles", "elapsed_time": 8470, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 185, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [] } } time="2026-02-10T22:28:00Z" level=info msg="Preflight result: FAILED" pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-app-set-outcome: {"result":"FAILURE","timestamp":"1770762481","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0}Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637 pod: konflux-demo-component-tfryfb9dd5d24af02a9e80a5fba15825e068-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"FAILURE","timestamp":"1770762481","note":"Task preflight is a FAILURE: Refer to Tekton task logs for more information","successes":7,"failures":1,"warnings":0} { s: "\n pod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | init container: prepare\n2026/02/10 22:27:38 Entrypoint initialization\n\npod: konflux-demo-component-tfry-on-push-wvxrt-apply-tags-pod | container step-apply-additional-tags: \ntime=\"2026-02-10T22:27:40Z\" level=info msg=\"[param] Image URL: quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry:e903b65d91bf9bdb4b8a951b0ad1c1602b81c637\"\ntime=\"2026-02-10T22:27:40Z\" level=info msg=\"[param] Image digest: sha256:c73e766d7ea94277a06ba07c4f5d04bc6f472460d70fd7beb2bf7d7ff8aa2f9d\"\ntime=\"2026-02-10T22:27:40Z\" level=info msg=\"[param] image label: konflux.additional-tags\"\ntime=\"2026-02-10T22:27:41Z\" level=warning msg=\"No tags given in 'konflux.additional-tags' image label\"\n{\"tags\":[]}\n pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: prepare\n2026/02/10 22:25:53 Entrypoint initialization\n\n pod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | init container: place-scripts\n2026/02/10 22:25:54 Decoded script /tekton/scripts/script-1-j9qbd\n2026/02/10 22:25:54 Decoded script /tekton/scripts/script-2-94hmj\n2026/02/10 22:25:54 Decoded script /tekton/scripts/script-3-p8tql\n2026/02/10 22:25:54 Decoded script /tekton/scripts/script-4-vkd4v\n2026/02/10 22:25:54 Decoded script /tekton/scripts/script-5-vh2x5\n\npod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-use-trusted-artifact: \nUsing token for quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry\nExecuting: oras blob fetch --registry-config /tmp/use-oci.sh.nFhA08/auth-lpIkpa.json quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e --output -\nRestored artifact quay.io/redhat-appstudio-qe/konflux-dbua/konflux-demo-component-tfry@sha256:e292220122314dd08c4692ef4ed501e295a4dac07f5f08e26dafff9e1880e23e to /var/workdir/source\nWARN: artifact URI not provided, (given: =/var/workdir/cachi2)\n\n\npod: konflux-demo-component-tfry-on-push-wvxrt-build-container-pod | container step-build: \n[2026-02-10T22:25:59,442179789+00:00] Validate context path\n[2026-02-10T22:25:59,445530460+00:00] Update CA trust\n[2026-02-10T22:25:59,446584915+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt\n'/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt'\n[2026-02-10T22:26:01,395002767+00:00] Prepare Dockerfile\nChecking if /var/workdir/cachi2/output/bom.json exists.\nCould not find prefetched sbom. No content_sets found for ICM\n[2026-02-10T22:26:01,400706034+00:00] Prepare system (architecture: x86_64)\n[2026-02-10T22:26:01,506209053+00:00] Setup prefetched\nTrying to pull registry.access.redhat.com/ubi8/openjdk-17-runtime:1.23...\nGetting image source signatures\nChecking if image destination supports signatures\nCopying blob sha256:57869f361363c24abac77d743a531f86608cca96bd894e6b1b042671f5a241e3\nCopying blob sha256:1cb08e89c6d60d0f2666bcadce159f7f2e579305542c05a34ca9246bbf3be66f\nCopying config sha256:0482be2e830a4922f5c0269d3a0ce4583bf67277a6e4fc45e93e669a2f7ecb61\nWriting manifest to image destination\nStoring signatures\n[2026-02-10T22:26:10,113420562+00:00] Unsetting proxy\n{\n \"architecture\": \"x86_64\",\n \"build-date\": \"2026-02-10T22:26:01Z\",\n \"com.redhat.component\": \"openjdk-17-runtime-ubi8-container\",\n \"com.redhat.license_terms\": \"https://www.redhat.com/en/about/red-hat-end-user-license-agreements#UBI\",\n \"cpe\": \"cpe:/a:redhat:enterprise_linux:8::appstream\",\n \"description\": \"Image for Red Hat OpenShift providing OpenJDK 17 runtime\",\n \"distribution-scope\": \"public\",\n \"io.buildah.version\": \"1.42.2\",\n \"io.cekit.version\": \"4.13.0.dev0\",\n \"io.k8s.description\": \"Platform for running plain Java applications (fat-jar and flat classpath)\",\n \"io.k8s.display-name\": \"Java Applications\",\n \"io.openshift.expose-... Gomega truncated this representation as it exceeds 'format.MaxLength'. Consider having the object provide a custom 'GomegaStringer' representation or adjust the parameters in Gomega's 'format' package. Learn more here: https://onsi.github.io/gomega/#adjusting-output In [It] at: /tmp/tmp.EaIZ2fdreL/tests/konflux-demo/konflux-demo.go:282 @ 02/10/26 22:28:25.147 ------------------------------ SSSSSSSSSSSS Summarizing 7 Failures: [PANICKED!] [upgrade-suite Create users and check their state] [It] Verify AppStudioProvisionedUser [upgrade-verify] /opt/app-root/src/go/pkg/mod/k8s.io/apimachinery@v0.34.2/pkg/util/runtime/runtime.go:114 [FAIL] [integration-service-suite Status Reporting of Integration tests] with status reporting of Integration tests in CheckRuns when a new Component with specified custom branch is created [It] should lead to build PipelineRun finishing successfully [integration-service, github-status-reporting, custom-branch] /tmp/tmp.EaIZ2fdreL/tests/integration-service/status-reporting-to-pullrequest.go:144 [FAIL] [build-service-suite Build templates E2E test] HACBS pipelines scenario sample-python-basic-oci [It] should eventually finish successfully for component with Git source URL https://github.com/redhat-appstudio-qe/devfile-sample-python-basic and Pipeline docker-build [build, build-templates, HACBS, pipeline-service, pipeline, build-templates-e2e, source-build-e2e] /tmp/tmp.EaIZ2fdreL/tests/build/build_templates.go:354 [FAIL] [integration-service-suite Integration Service E2E tests] with happy path for general flow of Integration service when a new Component is created [It] waits for build PipelineRun to succeed [integration-service] /tmp/tmp.EaIZ2fdreL/tests/integration-service/integration.go:104 [FAIL] [integration-service-suite Creation of group snapshots for monorepo and multiple repos] with status reporting of Integration tests in CheckRuns when we start creation of a new Component A [It] should lead to build PipelineRunA finishing successfully [integration-service, group-snapshot-creation] /tmp/tmp.EaIZ2fdreL/tests/integration-service/group-snapshots-tests.go:161 [FAIL] [konflux-demo-suite] Maven project - Default build when Build PipelineRun is created [It] should eventually complete successfully [konflux, upstream-konflux] /tmp/tmp.EaIZ2fdreL/tests/konflux-demo/konflux-demo.go:282 [FAIL] [integration-service-suite Gitlab Status Reporting of Integration tests] Gitlab with status reporting of Integration tests in the assosiated merge request [BeforeAll] when a new Component with specified custom branch is created triggers a Build PipelineRun [integration-service, gitlab-status-reporting, custom-branch] /tmp/tmp.EaIZ2fdreL/tests/integration-service/gitlab-integration-reporting.go:62 Ran 59 of 275 Specs in 1531.515 seconds FAIL! -- 52 Passed | 7 Failed | 74 Pending | 142 Skipped Ginkgo ran 1 suite in 27m37.693631542s Test Suite Failed Error: running "ginkgo --seed=1770760256 --timeout=1h30m0s --grace-period=30s --output-interceptor-mode=none --no-color --json-report=e2e-report.json --junit-report=e2e-report.xml --procs=20 --nodes=20 --p --output-dir=/workspace/artifact-dir ./cmd --" failed with exit code 1 make: *** [Makefile:25: ci/test/e2e] Error 1